diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index bdeaf3322dc469d032b81817d31fafcd2cb89380..b18377187bacb2358695c82dd7d7e609c1ff3178 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -126,6 +126,12 @@ PLATFORM ONE LOGGING WARNING:
{{- end }}
{{- end }}
+{{- if and (or $.Values.promtail.enabled $.Values.loki.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
+PLATFORM ONE LOGGING WARNING:
+ You have enabled both promtail/loki and efk logging. This is permitted during beta testing of promtail/loki.
+ After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack.
+{{- end }}
+
{{- if $.Values.addons.mattermost.enabled }}
Mattermost is enabled.
{{- with .Values.addons.mattermost.database }}
diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index 4c06e14d629836a500e1c2b003bc87e54d9fdc90..197f5d9f9bac7051d60e4d2060d0db2ebb079966 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -29,7 +29,7 @@ violations: # Try to keep this in alpha order to make it easier to find keys
- registry1.dso.mil
- registry.dso.mil
- {{- if or .Values.monitoring.enabled (or .Values.fluentbit.enabled .Values.twistlock.enabled) }}
+ {{- if or .Values.monitoring.enabled .Values.fluentbit.enabled .Values.twistlock.enabled .Values.promtail.enabled }}
allowedHostFilesystem:
parameters:
excludedResources:
@@ -44,6 +44,11 @@ violations: # Try to keep this in alpha order to make it easier to find keys
{{- if .Values.twistlock.enabled }}
- twistlock/twistlock-defender-ds-.*
{{- end }}
+ {{- if .Values.promtail.enabled }}
+ # promtail requires hostpath volume mounts
+ # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+ - logging/logging-promtail-.*
+ {{- end }}
{{- end }}
{{- if .Values.twistlock.enabled }}
@@ -110,7 +115,7 @@ violations: # Try to keep this in alpha order to make it easier to find keys
{{- end }}
{{- end }}
- {{- if or .Values.fluentbit.enabled (or .Values.twistlock.enabled .Values.monitoring.enabled) }}
+ {{- if or .Values.fluentbit.enabled .Values.twistlock.enabled .Values.monitoring.enabled .Values.promtail.enabled }}
volumeTypes:
parameters:
excludedResources:
@@ -129,6 +134,11 @@ violations: # Try to keep this in alpha order to make it easier to find keys
# https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/templates/daemonset.yaml#L150
- monitoring/monitoring-monitoring-prometheus-node-exporter-.*
{{- end }}
+ {{- if .Values.promtail.enabled }}
+ # Promtail requires hostpath volume types
+ # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+ - logging/logging-promtail-.*
+ {{- end }}
{{- end }}
{{- end -}}
diff --git a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
index cd2629e8cb0b5f6eefb06a119f360c1ce0b362b7..bdcc8768b6a644ec81d0c0e6aca57decd2dd2f3e 100644
--- a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
{{- if ( include "imagePullSecret" . ) }}
apiVersion: v1
kind: Secret
diff --git a/chart/templates/logging/elasticsearch-kibana/namespace.yaml b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
index 217eaa43dfba201c991636b52a18013923fefc7b..a02ee8af1ceddab43a668990bedb151ef5112aa6 100644
--- a/chart/templates/logging/elasticsearch-kibana/namespace.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
{{- /* Default to istio being turned on, but disable if user sets istio to disable in the custom passthrough values.
We have to do it this way because ownership of "istio.enabled" is owned by the chart but also BigBang. Sourcing values from the passthrough values also means
we get to simplify the api space of BigBang just a little bit more.
diff --git a/chart/templates/logging/loki/gitrepository.yaml b/chart/templates/logging/loki/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b509a447105d86a5b57dd9c3b07a23db609d9d6a
--- /dev/null
+++ b/chart/templates/logging/loki/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) (or .Values.loki.enabled .Values.promtail.enabled) }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: loki
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.loki.git.repo }}
+ ref:
+ {{- include "validRef" .Values.loki.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/logging/loki/imagepullsecret.yaml b/chart/templates/logging/loki/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee27a6926a85b870a06272392918cdffde03a11b
--- /dev/null
+++ b/chart/templates/logging/loki/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: logging
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/logging/loki/loki-helmrelease.yaml b/chart/templates/logging/loki/loki-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6f9c2bfc1b1ae589910d365402df6ca85377312e
--- /dev/null
+++ b/chart/templates/logging/loki/loki-helmrelease.yaml
@@ -0,0 +1,56 @@
+{{- $fluxSettingsLoki := merge .Values.loki.flux .Values.flux -}}
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: loki
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: logging
+ chart:
+ spec:
+ chart: {{ .Values.loki.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: loki
+ namespace: {{ .Release.Namespace }}
+
+ {{- toYaml $fluxSettingsLoki | nindent 2 }}
+
+ {{- if .Values.loki.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.loki.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "overlays"
+ {{- if or .Values.monitoring.enabled .Values.gatekeeper.enabled .Values.istio.enabled }}
+ dependsOn:
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/loki/namespace.yaml b/chart/templates/logging/loki/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7b2d7e3d2dbc7e3fa1cd5fd0518d4bb3fadcb809
--- /dev/null
+++ b/chart/templates/logging/loki/namespace.yaml
@@ -0,0 +1,11 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: logging
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ istio-injection: enabled
+{{- end }}
diff --git a/chart/templates/logging/loki/values.yaml b/chart/templates/logging/loki/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a02b130a2a896cbeedbdcb5b20ebf9738f9e8f93
--- /dev/null
+++ b/chart/templates/logging/loki/values.yaml
@@ -0,0 +1,21 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.loki "name" "loki" "defaults" (include "bigbang.defaults.loki" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.loki" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+ - name: private-registry
+
+networkPolicies:
+ enabled: {{ .Values.networkPolicies.enabled }}
+
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+{{- end -}}
diff --git a/chart/templates/logging/promtail/gitrepository.yaml b/chart/templates/logging/promtail/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3b799adf09da84390a8c42f0e3516e2200fd4ce0
--- /dev/null
+++ b/chart/templates/logging/promtail/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) .Values.promtail.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.promtail.git.repo }}
+ ref:
+ {{- include "validRef" .Values.promtail.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/logging/promtail/promtail-helmrelease.yaml b/chart/templates/logging/promtail/promtail-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e7f38ffdc4ede2e8314472f308b05b85c9ae5110
--- /dev/null
+++ b/chart/templates/logging/promtail/promtail-helmrelease.yaml
@@ -0,0 +1,54 @@
+{{- $fluxSettingsPromtail := merge .Values.promtail.flux .Values.flux -}}
+{{- if .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: logging
+ chart:
+ spec:
+ chart: {{ .Values.promtail.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+
+ {{- toYaml $fluxSettingsPromtail | nindent 2 }}
+
+ {{- if .Values.promtail.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.promtail.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "overlays"
+
+{{/* promtail _always_ depend on .Values.loki being enabled, so can assume they exist here */}}
+ dependsOn:
+ - name: loki
+ namespace: {{ .Release.Namespace }}
+
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/logging/promtail/values.yaml b/chart/templates/logging/promtail/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..076e2945d357080281e49076f70d6bcd2bc7d2ea
--- /dev/null
+++ b/chart/templates/logging/promtail/values.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.promtail "name" "promtail" "defaults" (include "bigbang.defaults.promtail" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.promtail" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+ - name: private-registry
+
+{{- if .Values.loki.enabled }}
+config:
+ lokiAddress: http://logging-loki.logging.svc.cluster.local:3100/loki/api/v1/push
+{{- end }}
+{{- end -}}
diff --git a/chart/templates/monitoring/values.yaml b/chart/templates/monitoring/values.yaml
index f6c3a351b9e3b421afbc294be5795324aa7dfe66..f9dc7504a79e6dd88ed6be8ea0b216eda58f7268 100644
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -71,6 +71,9 @@ anchore:
kiali:
enabled: {{ .Values.kiali.enabled }}
+loki:
+ enabled: {{ .Values.loki.enabled }}
+
global:
imagePullSecrets:
- name: private-registry
@@ -83,6 +86,14 @@ grafana:
pullSecrets:
- private-registry
+ {{- if .Values.loki.enabled }}
+ additionalDataSources:
+ - name: Loki
+ type: loki
+ url: http://logging-loki.logging.svc.cluster.local:3100
+ access: proxy
+ {{- end }}
+
grafana.ini:
{{- if .Values.istio.enabled }}
server:
@@ -109,6 +120,11 @@ grafana:
{{- list "tls_client_cert" .tls_client_cert | include "bigbang.addValueIfSet" | indent 6 }}
{{- list "tls_client_key" .tls_client_key | include "bigbang.addValueIfSet" | indent 6 }}
{{- end }}
+
+ {{- if .Values.loki.enabled }}
+ plugins:
+ - grafana-piechart-panel
+ {{- end }}
prometheus-node-exporter:
serviceAccount:
diff --git a/chart/values.yaml b/chart/values.yaml
index ee4e0d89a0ea885c1f69de7fdb7d883b551b81ea..633943551361155173526b01bc8b5c17d6c6a638 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -392,6 +392,41 @@ fluentbit:
# -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
values: {}
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
+# -- BETA support of promtail/loki logging stack
+promtail:
+ # -- Toggle deployment of Promtail.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git
+ path: "./chart"
+ tag: "3.8.1-bb.1"
+
+ # -- Flux reconciliation overrides specifically for the Promtail Package
+ flux: {}
+
+ # -- Values to passthrough to the promtail chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
+ values: {}
+
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
+loki:
+ # -- Toggle deployment of Loki.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+ path: "./chart"
+ tag: "2.5.1-bb.2"
+
+ # -- Flux reconciliation overrides specifically for the Loki Package
+ flux: {}
+
+ # -- Values to passthrough to the Loki chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+ values: {}
+
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
@@ -405,7 +440,7 @@ monitoring:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
path: "./chart"
- tag: "14.0.0-bb.17"
+ tag: "14.0.0-bb.18"
# -- Flux reconciliation overrides specifically for the Monitoring Package
flux: