SKIP UPGRADE: PLG stack

d5bc3eba · riley.odonnell · Micah Nagel · ee26d961 · d5bc3eba · d5bc3eba
Commit d5bc3eba authored 3 years ago by riley.odonnell Committed by Micah Nagel 3 years ago
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -126,6 +126,12 @@ PLATFORM ONE LOGGING WARNING:
  {{- end }}
 {{- end }}

+{{- if and (or $.Values.promtail.enabled $.Values.loki.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
+PLATFORM ONE LOGGING WARNING:
+  You have enabled both promtail/loki and efk logging.  This is permitted during beta testing of promtail/loki.
+  After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack. 
+{{- end }}  
+
 {{- if $.Values.addons.mattermost.enabled }}
 Mattermost is enabled.
 {{- with .Values.addons.mattermost.database }}

--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -29,7 +29,7 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
        - registry1.dso.mil
        - registry.dso.mil

-  {{- if or .Values.monitoring.enabled (or .Values.fluentbit.enabled .Values.twistlock.enabled) }}
+  {{- if or .Values.monitoring.enabled .Values.fluentbit.enabled .Values.twistlock.enabled .Values.promtail.enabled }}
  allowedHostFilesystem:
    parameters:
      excludedResources:
@@ -44,6 +44,11 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
      {{- if .Values.twistlock.enabled }}
      - twistlock/twistlock-defender-ds-.*
      {{- end }}
+      {{- if .Values.promtail.enabled }}
+      # promtail requires hostpath volume mounts
+      # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+      - logging/logging-promtail-.*
+      {{- end }}
  {{- end }}

  {{- if .Values.twistlock.enabled }}
@@ -110,7 +115,7 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
      {{- end }}
  {{- end }}

-  {{- if or .Values.fluentbit.enabled (or .Values.twistlock.enabled .Values.monitoring.enabled) }}
+  {{- if or .Values.fluentbit.enabled .Values.twistlock.enabled .Values.monitoring.enabled .Values.promtail.enabled }}
  volumeTypes:
    parameters:
      excludedResources:
@@ -129,6 +134,11 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
        # https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/templates/daemonset.yaml#L150
        - monitoring/monitoring-monitoring-prometheus-node-exporter-.*
       {{- end }}
+       {{- if .Values.promtail.enabled }}
+        # Promtail requires hostpath volume types
+        # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+        - logging/logging-promtail-.*
+       {{- end }}
  {{- end }}
 {{- end -}}


--- a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
 {{- if ( include "imagePullSecret" . ) }}
 apiVersion: v1
 kind: Secret

--- a/chart/templates/logging/elasticsearch-kibana/namespace.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
 {{- /* Default to istio being turned on, but disable if user sets istio to disable in the custom passthrough values.
 We have to do it this way because ownership of "istio.enabled" is owned by the chart but also BigBang.  Sourcing values from the passthrough values also means
  we get to simplify the api space of BigBang just a little bit more.

--- a/chart/templates/logging/loki/gitrepository.yaml
+++ b/chart/templates/logging/loki/gitrepository.yaml
+{{- if and (not .Values.offline) (or .Values.loki.enabled .Values.promtail.enabled) }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: loki
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.loki.git.repo }}
+  ref:
+    {{- include "validRef" .Values.loki.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
--- a/chart/templates/logging/loki/imagepullsecret.yaml
+++ b/chart/templates/logging/loki/imagepullsecret.yaml
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: logging
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
--- a/chart/templates/logging/loki/loki-helmrelease.yaml
+++ b/chart/templates/logging/loki/loki-helmrelease.yaml
+{{- $fluxSettingsLoki := merge .Values.loki.flux .Values.flux -}}
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: loki
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: logging
+  chart:
+    spec:
+      chart: {{ .Values.loki.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: loki
+        namespace: {{ .Release.Namespace }}
+
+  {{- toYaml $fluxSettingsLoki | nindent 2 }}
+
+  {{- if .Values.loki.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.loki.postRenderers | nindent 4 }}
+  {{- end }}
+  valuesFrom:
+    - name: {{ .Release.Name }}-loki-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-loki-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-loki-values
+      kind: Secret
+      valuesKey: "overlays"
+  {{- if or .Values.monitoring.enabled .Values.gatekeeper.enabled .Values.istio.enabled }}
+  dependsOn:
+    {{- if  .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+
+    {{- if  .Values.gatekeeper.enabled }}
+    - name: gatekeeper
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+
+    {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+  {{- end }}
+{{- end }}
\ No newline at end of file
--- a/chart/templates/logging/loki/namespace.yaml
+++ b/chart/templates/logging/loki/namespace.yaml
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: logging
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+    istio-injection: enabled
+{{- end }}
--- a/chart/templates/logging/loki/values.yaml
+++ b/chart/templates/logging/loki/values.yaml
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.loki "name" "loki" "defaults" (include "bigbang.defaults.loki" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.loki" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+  enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+  - name: private-registry
+  
+networkPolicies:
+  enabled: {{ .Values.networkPolicies.enabled }}  
+  
+monitoring:
+  enabled: {{ .Values.monitoring.enabled }}   
+{{- end -}}
--- a/chart/templates/logging/promtail/gitrepository.yaml
+++ b/chart/templates/logging/promtail/gitrepository.yaml
+{{- if and (not .Values.offline) .Values.promtail.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: promtail
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.promtail.git.repo }}
+  ref:
+    {{- include "validRef" .Values.promtail.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
--- a/chart/templates/logging/promtail/promtail-helmrelease.yaml
+++ b/chart/templates/logging/promtail/promtail-helmrelease.yaml
+{{- $fluxSettingsPromtail := merge .Values.promtail.flux .Values.flux -}}
+{{- if .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: promtail
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: logging
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: logging
+  chart:
+    spec:
+      chart: {{ .Values.promtail.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: promtail
+        namespace: {{ .Release.Namespace }}
+
+  {{- toYaml $fluxSettingsPromtail | nindent 2 }}
+
+  {{- if .Values.promtail.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.promtail.postRenderers | nindent 4 }}
+  {{- end }}
+  valuesFrom:
+    - name: {{ .Release.Name }}-promtail-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-promtail-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-promtail-values
+      kind: Secret
+      valuesKey: "overlays"
+
+{{/* promtail _always_ depend on .Values.loki being enabled, so can assume they exist here */}}
+  dependsOn:
+    - name: loki
+      namespace: {{ .Release.Namespace }}
+
+    {{- if  .Values.gatekeeper.enabled }}
+    - name: gatekeeper
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+
+    {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+{{- end }}
--- a/chart/templates/logging/promtail/values.yaml
+++ b/chart/templates/logging/promtail/values.yaml
+{{- if .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.promtail "name" "promtail" "defaults" (include "bigbang.defaults.promtail" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.promtail" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+  enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+  - name: private-registry
+
+{{- if .Values.loki.enabled }}
+config:
+  lokiAddress: http://logging-loki.logging.svc.cluster.local:3100/loki/api/v1/push
+{{- end }}
+{{- end -}}
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -71,6 +71,9 @@ anchore:
 kiali:
  enabled: {{ .Values.kiali.enabled }}

+loki:
+  enabled: {{ .Values.loki.enabled }}
+
 global:
  imagePullSecrets:
  - name: private-registry
@@ -83,6 +86,14 @@ grafana:
    pullSecrets:
    - private-registry

+  {{- if .Values.loki.enabled }}
+  additionalDataSources:
+  - name: Loki
+    type: loki
+    url: http://logging-loki.logging.svc.cluster.local:3100
+    access: proxy
+  {{- end }}
+
  grafana.ini:
    {{- if .Values.istio.enabled }}
    server:
@@ -109,6 +120,11 @@ grafana:
      {{- list "tls_client_cert" .tls_client_cert | include "bigbang.addValueIfSet" | indent 6 }}
      {{- list "tls_client_key" .tls_client_key | include "bigbang.addValueIfSet" | indent 6 }}
    {{- end }}
+    
+  {{- if .Values.loki.enabled }}
+  plugins:
+    - grafana-piechart-panel
+  {{- end }}

 prometheus-node-exporter:
  serviceAccount:

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -392,6 +392,41 @@ fluentbit:
  # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
  values: {}

+  # -- Post Renderers.  See docs/postrenders.md
+  postRenderers: []
+
+# -- BETA support of promtail/loki logging stack
+promtail:
+  # -- Toggle deployment of Promtail.
+  enabled: false
+  git:
+    repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git
+    path: "./chart"
+    tag: "3.8.1-bb.1"
+
+  # -- Flux reconciliation overrides specifically for the Promtail Package
+  flux: {}
+
+  # -- Values to passthrough to the promtail chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
+  values: {}
+
+  # -- Post Renderers.  See docs/postrenders.md
+  postRenderers: []
+
+loki:
+  # -- Toggle deployment of Loki.
+  enabled: false
+  git:
+    repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+    path: "./chart"
+    tag: "2.5.1-bb.2"
+
+  # -- Flux reconciliation overrides specifically for the Loki Package
+  flux: {}
+
+  # -- Values to passthrough to the Loki chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+  values: {}
+
  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
 # ----------------------------------------------------------------------------------------------------------------------
@@ -405,7 +440,7 @@ monitoring:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
    path: "./chart"
-    tag: "14.0.0-bb.17"
+    tag: "14.0.0-bb.18"

  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux: