From d5bc3ebad0991d7cca20f3b7120fe629c9f7bcfc Mon Sep 17 00:00:00 2001
From: "riley.odonnell" <riley.odonnell@rancherfederal.com>
Date: Mon, 29 Nov 2021 22:37:04 +0000
Subject: [PATCH] SKIP UPGRADE: PLG stack
---
chart/templates/NOTES.txt | 6 ++
chart/templates/gatekeeper/values.yaml | 14 ++++-
.../elasticsearch-kibana/imagepullsecret.yaml | 2 +-
.../elasticsearch-kibana/namespace.yaml | 2 +-
.../templates/logging/loki/gitrepository.yaml | 18 ++++++
.../logging/loki/imagepullsecret.yaml | 16 ++++++
.../logging/loki/loki-helmrelease.yaml | 56 +++++++++++++++++++
chart/templates/logging/loki/namespace.yaml | 11 ++++
chart/templates/logging/loki/values.yaml | 21 +++++++
.../logging/promtail/gitrepository.yaml | 18 ++++++
.../promtail/promtail-helmrelease.yaml | 54 ++++++++++++++++++
chart/templates/logging/promtail/values.yaml | 20 +++++++
chart/templates/monitoring/values.yaml | 16 ++++++
chart/values.yaml | 37 +++++++++++-
14 files changed, 286 insertions(+), 5 deletions(-)
create mode 100644 chart/templates/logging/loki/gitrepository.yaml
create mode 100644 chart/templates/logging/loki/imagepullsecret.yaml
create mode 100644 chart/templates/logging/loki/loki-helmrelease.yaml
create mode 100644 chart/templates/logging/loki/namespace.yaml
create mode 100644 chart/templates/logging/loki/values.yaml
create mode 100644 chart/templates/logging/promtail/gitrepository.yaml
create mode 100644 chart/templates/logging/promtail/promtail-helmrelease.yaml
create mode 100644 chart/templates/logging/promtail/values.yaml
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index bdeaf3322d..b18377187b 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -126,6 +126,12 @@ PLATFORM ONE LOGGING WARNING:
{{- end }}
{{- end }}
+{{- if and (or $.Values.promtail.enabled $.Values.loki.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
+PLATFORM ONE LOGGING WARNING:
+ You have enabled both promtail/loki and efk logging. This is permitted during beta testing of promtail/loki.
+ After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack.
+{{- end }}
+
{{- if $.Values.addons.mattermost.enabled }}
Mattermost is enabled.
{{- with .Values.addons.mattermost.database }}
diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index 4c06e14d62..197f5d9f9b 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -29,7 +29,7 @@ violations: # Try to keep this in alpha order to make it easier to find keys
- registry1.dso.mil
- registry.dso.mil
- {{- if or .Values.monitoring.enabled (or .Values.fluentbit.enabled .Values.twistlock.enabled) }}
+ {{- if or .Values.monitoring.enabled .Values.fluentbit.enabled .Values.twistlock.enabled .Values.promtail.enabled }}
allowedHostFilesystem:
parameters:
excludedResources:
@@ -44,6 +44,11 @@ violations: # Try to keep this in alpha order to make it easier to find keys
{{- if .Values.twistlock.enabled }}
- twistlock/twistlock-defender-ds-.*
{{- end }}
+ {{- if .Values.promtail.enabled }}
+ # promtail requires hostpath volume mounts
+ # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+ - logging/logging-promtail-.*
+ {{- end }}
{{- end }}
{{- if .Values.twistlock.enabled }}
@@ -110,7 +115,7 @@ violations: # Try to keep this in alpha order to make it easier to find keys
{{- end }}
{{- end }}
- {{- if or .Values.fluentbit.enabled (or .Values.twistlock.enabled .Values.monitoring.enabled) }}
+ {{- if or .Values.fluentbit.enabled .Values.twistlock.enabled .Values.monitoring.enabled .Values.promtail.enabled }}
volumeTypes:
parameters:
excludedResources:
@@ -129,6 +134,11 @@ violations: # Try to keep this in alpha order to make it easier to find keys
# https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/templates/daemonset.yaml#L150
- monitoring/monitoring-monitoring-prometheus-node-exporter-.*
{{- end }}
+ {{- if .Values.promtail.enabled }}
+ # Promtail requires hostpath volume types
+ # https://github.com/grafana/helm-charts/blob/main/charts/promtail/templates/daemonset.yaml#L120
+ - logging/logging-promtail-.*
+ {{- end }}
{{- end }}
{{- end -}}
diff --git a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
index cd2629e8cb..bdcc8768b6 100644
--- a/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/imagepullsecret.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
{{- if ( include "imagePullSecret" . ) }}
apiVersion: v1
kind: Secret
diff --git a/chart/templates/logging/elasticsearch-kibana/namespace.yaml b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
index 217eaa43df..a02ee8af1c 100644
--- a/chart/templates/logging/elasticsearch-kibana/namespace.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/namespace.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- if and (not .Values.loki.enabled) (not .Values.promtail.enabled) (or .Values.logging.enabled .Values.clusterAuditor.enabled) }}
{{- /* Default to istio being turned on, but disable if user sets istio to disable in the custom passthrough values.
We have to do it this way because ownership of "istio.enabled" is owned by the chart but also BigBang. Sourcing values from the passthrough values also means
we get to simplify the api space of BigBang just a little bit more.
diff --git a/chart/templates/logging/loki/gitrepository.yaml b/chart/templates/logging/loki/gitrepository.yaml
new file mode 100644
index 0000000000..b509a44710
--- /dev/null
+++ b/chart/templates/logging/loki/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) (or .Values.loki.enabled .Values.promtail.enabled) }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: loki
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.loki.git.repo }}
+ ref:
+ {{- include "validRef" .Values.loki.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/logging/loki/imagepullsecret.yaml b/chart/templates/logging/loki/imagepullsecret.yaml
new file mode 100644
index 0000000000..ee27a6926a
--- /dev/null
+++ b/chart/templates/logging/loki/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: logging
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/logging/loki/loki-helmrelease.yaml b/chart/templates/logging/loki/loki-helmrelease.yaml
new file mode 100644
index 0000000000..6f9c2bfc1b
--- /dev/null
+++ b/chart/templates/logging/loki/loki-helmrelease.yaml
@@ -0,0 +1,56 @@
+{{- $fluxSettingsLoki := merge .Values.loki.flux .Values.flux -}}
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: loki
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: logging
+ chart:
+ spec:
+ chart: {{ .Values.loki.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: loki
+ namespace: {{ .Release.Namespace }}
+
+ {{- toYaml $fluxSettingsLoki | nindent 2 }}
+
+ {{- if .Values.loki.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.loki.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-loki-values
+ kind: Secret
+ valuesKey: "overlays"
+ {{- if or .Values.monitoring.enabled .Values.gatekeeper.enabled .Values.istio.enabled }}
+ dependsOn:
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/logging/loki/namespace.yaml b/chart/templates/logging/loki/namespace.yaml
new file mode 100644
index 0000000000..7b2d7e3d2d
--- /dev/null
+++ b/chart/templates/logging/loki/namespace.yaml
@@ -0,0 +1,11 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: logging
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ istio-injection: enabled
+{{- end }}
diff --git a/chart/templates/logging/loki/values.yaml b/chart/templates/logging/loki/values.yaml
new file mode 100644
index 0000000000..a02b130a2a
--- /dev/null
+++ b/chart/templates/logging/loki/values.yaml
@@ -0,0 +1,21 @@
+{{- if or .Values.loki.enabled .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.loki "name" "loki" "defaults" (include "bigbang.defaults.loki" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.loki" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+ - name: private-registry
+
+networkPolicies:
+ enabled: {{ .Values.networkPolicies.enabled }}
+
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+{{- end -}}
diff --git a/chart/templates/logging/promtail/gitrepository.yaml b/chart/templates/logging/promtail/gitrepository.yaml
new file mode 100644
index 0000000000..3b799adf09
--- /dev/null
+++ b/chart/templates/logging/promtail/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) .Values.promtail.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.promtail.git.repo }}
+ ref:
+ {{- include "validRef" .Values.promtail.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/logging/promtail/promtail-helmrelease.yaml b/chart/templates/logging/promtail/promtail-helmrelease.yaml
new file mode 100644
index 0000000000..e7f38ffdc4
--- /dev/null
+++ b/chart/templates/logging/promtail/promtail-helmrelease.yaml
@@ -0,0 +1,54 @@
+{{- $fluxSettingsPromtail := merge .Values.promtail.flux .Values.flux -}}
+{{- if .Values.promtail.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: logging
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: logging
+ chart:
+ spec:
+ chart: {{ .Values.promtail.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: promtail
+ namespace: {{ .Release.Namespace }}
+
+ {{- toYaml $fluxSettingsPromtail | nindent 2 }}
+
+ {{- if .Values.promtail.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.promtail.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-promtail-values
+ kind: Secret
+ valuesKey: "overlays"
+
+{{/* promtail _always_ depend on .Values.loki being enabled, so can assume they exist here */}}
+ dependsOn:
+ - name: loki
+ namespace: {{ .Release.Namespace }}
+
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/logging/promtail/values.yaml b/chart/templates/logging/promtail/values.yaml
new file mode 100644
index 0000000000..076e2945d3
--- /dev/null
+++ b/chart/templates/logging/promtail/values.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.promtail.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.promtail "name" "promtail" "defaults" (include "bigbang.defaults.promtail" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.promtail" -}}
+hostname: {{ .Values.hostname }}
+
+openshift: {{ .Values.openshift }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+
+imagePullSecrets:
+ - name: private-registry
+
+{{- if .Values.loki.enabled }}
+config:
+ lokiAddress: http://logging-loki.logging.svc.cluster.local:3100/loki/api/v1/push
+{{- end }}
+{{- end -}}
diff --git a/chart/templates/monitoring/values.yaml b/chart/templates/monitoring/values.yaml
index f6c3a351b9..f9dc7504a7 100644
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -71,6 +71,9 @@ anchore:
kiali:
enabled: {{ .Values.kiali.enabled }}
+loki:
+ enabled: {{ .Values.loki.enabled }}
+
global:
imagePullSecrets:
- name: private-registry
@@ -83,6 +86,14 @@ grafana:
pullSecrets:
- private-registry
+ {{- if .Values.loki.enabled }}
+ additionalDataSources:
+ - name: Loki
+ type: loki
+ url: http://logging-loki.logging.svc.cluster.local:3100
+ access: proxy
+ {{- end }}
+
grafana.ini:
{{- if .Values.istio.enabled }}
server:
@@ -109,6 +120,11 @@ grafana:
{{- list "tls_client_cert" .tls_client_cert | include "bigbang.addValueIfSet" | indent 6 }}
{{- list "tls_client_key" .tls_client_key | include "bigbang.addValueIfSet" | indent 6 }}
{{- end }}
+
+ {{- if .Values.loki.enabled }}
+ plugins:
+ - grafana-piechart-panel
+ {{- end }}
prometheus-node-exporter:
serviceAccount:
diff --git a/chart/values.yaml b/chart/values.yaml
index ee4e0d89a0..6339435513 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -392,6 +392,41 @@ fluentbit:
# -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
values: {}
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
+# -- BETA support of promtail/loki logging stack
+promtail:
+ # -- Toggle deployment of Promtail.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git
+ path: "./chart"
+ tag: "3.8.1-bb.1"
+
+ # -- Flux reconciliation overrides specifically for the Promtail Package
+ flux: {}
+
+ # -- Values to passthrough to the promtail chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
+ values: {}
+
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
+loki:
+ # -- Toggle deployment of Loki.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+ path: "./chart"
+ tag: "2.5.1-bb.2"
+
+ # -- Flux reconciliation overrides specifically for the Loki Package
+ flux: {}
+
+ # -- Values to passthrough to the Loki chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
+ values: {}
+
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
@@ -405,7 +440,7 @@ monitoring:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
path: "./chart"
- tag: "14.0.0-bb.17"
+ tag: "14.0.0-bb.18"
# -- Flux reconciliation overrides specifically for the Monitoring Package
flux:
--
GitLab