Skip to content

Commit

Permalink
✨s/elasticsearch/loki/g✨ (#171)
Browse files Browse the repository at this point in the history 
* s/elasticsearch/loki/g

* ✨s3 endpoint updated

* 🫡rbac for logging added🫡

* 🥁point to stackrox v4 chart🏡

* 🎈logging console plugin enable job added🎈

* 🎈logging console plugin enable job added🎈
  • Loading branch information
@ckavili
ckavili authored Jul 16, 2024
1 parent 2a1d173 commit 689113d
Show file tree
Hide file tree
Showing 18 changed files with 410 additions and 209 deletions.
2 changes: 1 addition & 1 deletion tooling/charts/tl500-base/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ dependencies:
repository: https://bitnami-labs.github.io/sealed-secrets
condition: sealed-secrets.enabled
- name: stackrox-chart
version: "0.0.8"
version: "0.0.9"
repository: https://redhat-cop.github.io/helm-charts
condition: stackrox-chart.enabled
- name: gitops-operator
Expand Down
65 changes: 65 additions & 0 deletions tooling/charts/tl500-base/templates/minio/create-bucket-job.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{{- if not .Values.ignoreHelmHooks }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: create-bucket-cr
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: create-bucket-crb
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: create-bucket-cr
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Values.minio.namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: create-bucket
namespace: {{ .Values.minio.namespace }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
spec:
restartPolicy: Never
serviceAccount: default
serviceAccountName: default
containers:
- name: job
image: "quay.io/openshift/origin-cli:latest"
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- | # create bucket
oc -n {{ .Values.minio.namespace }} wait pod --for=condition=Ready -l app=minio
curl -o /tmp/mc https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x /tmp/mc
/tmp/mc --config-dir /tmp/ alias set myminio http://minio-service.{{ .Values.minio.namespace }}.svc.cluster.local:9000 minio IJrixDGbADAkgey5
/tmp/mc --config-dir /tmp/ mb myminio/loki
{{- end }}
119 changes: 119 additions & 0 deletions tooling/charts/tl500-base/templates/minio/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: minio
namespace: "{{ .Values.minio.namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: minio-pvc
containers:
- resources:
limits:
cpu: 250m
memory: 1Gi
requests:
cpu: 20m
memory: 100Mi
readinessProbe:
tcpSocket:
port: 9000
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
name: minio
livenessProbe:
tcpSocket:
port: 9000
initialDelaySeconds: 30
timeoutSeconds: 1
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secret
key: minio_root_user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secret
key: minio_root_password
ports:
- containerPort: 9000
protocol: TCP
- containerPort: 9090
protocol: TCP
imagePullPolicy: IfNotPresent
volumeMounts:
- name: data
mountPath: /data
subPath: minio
terminationMessagePolicy: File
image: >-
quay.io/minio/minio:RELEASE.2024-06-29T01-20-47Z
args:
- server
- /data
- --console-address
- :9090
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
strategy:
type: Recreate
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: minio-ui
namespace: "{{ .Values.minio.namespace }}"
spec:
to:
kind: Service
name: minio-service
weight: 100
port:
targetPort: ui
wildcardPolicy: None
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
# ---
# kind: Route
# apiVersion: route.openshift.io/v1
# metadata:
# name: minio-api
# namespace: "{{ .Values.minio.namespace }}"
# spec:
# to:
# kind: Service
# name: minio-service
# weight: 100
# port:
# targetPort: api
# wildcardPolicy: None
# tls:
# termination: edge
# insecureEdgeTerminationPolicy: Redirect

13 changes: 13 additions & 0 deletions tooling/charts/tl500-base/templates/minio/pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: minio-pvc
namespace: "{{ .Values.minio.namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
9 changes: 9 additions & 0 deletions tooling/charts/tl500-base/templates/minio/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
kind: Secret
apiVersion: v1
metadata:
name: minio-secret
namespace: "{{ .Values.minio.namespace }}"
stringData:
minio_root_user: minio
minio_root_password: IJrixDGbADAkgey5
24 changes: 24 additions & 0 deletions tooling/charts/tl500-base/templates/minio/service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
kind: Service
apiVersion: v1
metadata:
name: minio-service
namespace: "{{ .Values.minio.namespace }}"
spec:
ipFamilies:
- IPv4
ports:
- name: api
protocol: TCP
port: 9000
targetPort: 9000
- name: ui
protocol: TCP
port: 9090
targetPort: 9090
internalTrafficPolicy: Cluster
type: ClusterIP
ipFamilyPolicy: SingleStack
sessionAffinity: None
selector:
app: minio
3 changes: 3 additions & 0 deletions tooling/charts/tl500-base/templates/operators/operatorgroup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@ metadata:
name: {{ $key | default "tl500-operator-group" | quote }}
namespace: {{ $value.namespace | quote }}
spec:
upgradeStrategy: Default
{{- if (ne $value.operatorgroup.targetNamespace "AllNamespaces") }}
targetNamespaces:
- {{ $value.namespace }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
14 changes: 14 additions & 0 deletions tooling/charts/tl500-base/templates/tl500-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,20 @@ subjects:
kind: Group
name: {{ .Values.group_name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: view-application-logs
namespace:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-logging-application-view
subjects:
- kind: Group
name: {{ .Values.group_name }}
apiGroup: rbac.authorization.k8s.io
---
# so stackrox can pull images from all namespaces
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
40 changes: 0 additions & 40 deletions tooling/charts/tl500-base/values-v4.11+.yaml
View file

This file was deleted.

Loading

0 comments on commit 689113d

Please sign in to comment.