Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

20241002 release from develop #327

Merged
merged 7 commits into from
Oct 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 83 additions & 1 deletion lma/base/resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -748,7 +748,7 @@ spec:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: lma-addons
version: 1.8.7
version: 1.9.0
origin: https://openinfradev.github.io/helm-repo
releaseName: addons
targetNamespace: lma
Expand All @@ -762,6 +762,9 @@ spec:
loki:
enabled: true
url: "loki-loki-distributed-gateway.lma"
lokiuser:
enabled: true
url: "loki-user-loki-distributed-gateway.lma"
grafanaDashboard:
include:
- kubernetes
Expand Down Expand Up @@ -1225,6 +1228,85 @@ spec:
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: loki-user
name: loki-user
spec:
helmVersion: v3
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: loki-distributed
version: 0.58.0
origin: https://grafana.github.io/helm-charts
releaseName: loki-user
targetNamespace: lma
values:
global:
clusterDomain: cluster.local # TO_BE_FIXED
dnsService: coredns
loki:
image:
registry: harbor.taco-cat.xyz
repository: tks/loki
tag: null
schemaConfig:
configs:
- from: "2020-09-07"
store: boltdb-shipper
object_store: s3
schema: v11
index:
prefix: loki_index_
period: 24h
storageConfig:
boltdb_shipper:
active_index_directory: /var/loki/index
cache_location: /var/loki/cache
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
shared_store: s3
aws:
s3: TO_BE_FIXED
bucketnames: tks-loki-user
s3forcepathstyle: true
structuredConfig:
limits_config:
ingestion_rate_mb: 25
ingestion_burst_size_mb: 50
max_streams_per_user: 0
max_global_streams_per_user: 0
table_manager:
retention_deletes_enabled: true
retention_period: TO_BE_FIXED
serviceMonitor.enabled: true
prometheusRule.enabled: true
ingester:
resources:
limits:
cpu: '4'
memory: 4Gi
requests:
cpu: 100m
memory: 250Mi
persistence:
enabled: true
inMemory: false
size: 100Gi
memcachedExporter.enabled: true
gateway:
image:
registry: harbor.taco-cat.xyz
repository: tks/nginx-unprivileged

nginxConfig:
httpSnippet: |-
client_max_body_size 50M;
serverSnippet: |-
client_max_body_size 50M;
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: lma-bucket
Expand Down
16 changes: 16 additions & 0 deletions lma/base/site-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ global:

lokiHost: loki-loki-distributed-gateway
lokiPort: 80
lokiuserHost: loki-user-loki-distributed-gateway
lokiuserPort: 80
grafanaDatasourceMetric: lma-prometheus.lma:9090

charts:
Expand Down Expand Up @@ -147,6 +149,7 @@ charts:
grafanaDatasource.prometheus.url: $(grafanaDatasourceMetric)
# grafanaDatasource.prometheus.url: "thanos-query.lma:9090"
grafanaDatasource.loki.url: $(lokiHost):$(lokiPort)
grafanaDatasource.lokiuser.url: $(lokiuserHost):$(lokiuserPort)

- name: prometheus-adapter
override:
Expand All @@ -173,11 +176,18 @@ charts:
purge: false
versioning: true
objectlocking: false
- name: loki-user
policy: public
purge: false
versioning: true
objectlocking: false
customCommands:
- command: ilm rule add --expire-days 90 myminio/tks-thanos
- command: ilm rule add --expire-days 15 myminio/tks-loki
- command: ilm rule add --expire-days 15 myminio/tks-loki-user
- command: ilm ls myminio/tks-thanos
- command: ilm ls myminio/tks-loki
- command: ilm ls myminio/tks-loki-user
persistence.storageClass: $(storageClassName)
persistence.accessMode: ReadWriteOnce
persistence.size: 20Gi
Expand Down Expand Up @@ -260,10 +270,16 @@ charts:
loki.storageConfig.aws.s3: http://$(defaultUser):$(defaultPassword)@minio.lma.svc:9000/minio
loki.structuredConfig.table_manager.retention_period: 672h # delete logs after 672h = 28 days

- name: loki-user
override:
loki.storageConfig.aws.s3: http://$(defaultUser):$(defaultPassword)@minio.lma.svc:9000/minio
loki.structuredConfig.table_manager.retention_period: 72h # delete logs after 72h = 3 days

- name: lma-bucket
override:
s3.enabled: true
s3.buckets:
- name: $(clusterName)-tks-thanos
- name: $(clusterName)-tks-loki
- name: $(clusterName)-tks-loki-user
# tks.iamRoles: arn:aws:iam::12345678:role/control-plane.cluster-api-provider-aws.sigs.k8s.io
30 changes: 29 additions & 1 deletion policy/base/resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,32 @@ spec:
helmVersion: v3
releaseName: policy-resources
targetNamespace: gatekeeper-system
values: {}
values: {}
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: ratify
name: ratify
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: ratify
version: 1.13.0
origin: https://github.com/ratify-project/ratify/tree/v1.2.0/charts/ratify
helmVersion: v3
releaseName: ratify
targetNamespace: gatekeeper-system
values:
oras:
useHttp: true
provider:
tls:
skipVerify: true
featureFlags:
RATIFY_CERT_ROTATION: true
sbom:
enabled: true
---
33 changes: 33 additions & 0 deletions policy/base/site-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,36 @@ charts:
enableDeleteOperations: true

- name: policy-resources

- name: ratify
override:
sbom:
disallowedLicenses:
- "GPL-2.0-only"
- "MPL"
disallowedPackages:
- name: "busybox"
version: "1.36.1-r28"
notationCerts:
# https://github.com/ratify-project/ratify/blob/dev/test/testdata/notation.crt
- |-
-----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgIUDxHQ9JxxmnrLWTA5rAtIZCzY8mMwDQYJKoZIhvcNAQEL
BQAwKTEPMA0GA1UECgwGUmF0aWZ5MRYwFAYDVQQDDA1SYXRpZnkgU2FtcGxlMB4X
DTIzMDYyOTA1MjgzMloXDTMzMDYyNjA1MjgzMlowKTEPMA0GA1UECgwGUmF0aWZ5
MRYwFAYDVQQDDA1SYXRpZnkgU2FtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAshmsL2VM9ojhgTVUUuEsZro9jfI27VKZJ4naWSHJihmOki7IoZS8
3/3ATpkE1lGbduJ77M9UxQbEW1PnESB0bWtMQtjIbser3mFCn15yz4nBXiTIu/K4
FYv6HVdc6/cds3jgfEFNw/8RVMBUGNUiSEWa1lV1zDM2v/8GekUr6SNvMyqtY8oo
ItwxfUvlhgMNlLgd96mVnnPVLmPkCmXFN9iBMhSce6sn6P9oDIB+pr1ZpE4F5bwa
gRBg2tWN3Tz9H/z2a51Xbn7hCT5OLBRlkorHJl2HKKRoXz1hBgR8xOL+zRySH9Qo
3yx6WvluYDNfVbCREzKJf9fFiQeVe0EJOwIDAQABo2MwYTAdBgNVHQ4EFgQUKzci
EKCDwPBn4I1YZ+sDdnxEir4wHwYDVR0jBBgwFoAUKzciEKCDwPBn4I1YZ+sDdnxE
ir4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQEL
BQADggEBAGh6duwc1MvV+PUYvIkDfgj158KtYX+bv4PmcV/aemQUoArqM1ECYFjt
BlBVmTRJA0lijU5I0oZje80zW7P8M8pra0BM6x3cPnh/oZGrsuMizd4h5b5TnwuJ
hRvKFFUVeHn9kORbyQwRQ5SpL8cRGyYp+T6ncEmo0jdIOM5dgfdhwHgb+i3TejcF
90sUs65zovUjv1wa11SqOdu12cCj/MYp+H8j2lpaLL2t0cbFJlBY6DNJgxr5qync
cz8gbXrZmNbzC7W5QK5J7fcx6tlffOpt5cm427f9NiK2tira50HU7gC3HJkbiSTp
Xw10iXXMZzSbQ0/Hj2BF4B40WfAkgRg=
-----END CERTIFICATE-----
4 changes: 2 additions & 2 deletions tks-cluster/infra/aws/resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ spec:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: cluster-api-aws
version: 0.11.1
version: 0.11.2
releaseName: cluster-api-aws
targetNamespace: argo
values:
sshKeyName: TO_BE_FIXED
cluster:
name: TO_BE_FIXED
region: TO_BE_FIXED
kubernetesVersion: v1.25.9
kubernetesVersion: v1.28.3
podCidrBlocks:
- 192.168.0.0/16
bastion:
Expand Down
Loading