Skip to content

Commit

Permalink
Merge pull request grafana#273 from periklis/backport-operator-smon-p…
Browse files Browse the repository at this point in the history 
…rs-5.8

[release-5.8] Backport PR grafana#12164 and grafana#12216
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Mar 15, 2024
2 parents 62b51ec + 9c27738 commit 481947f
Show file tree
Hide file tree
Showing 31 changed files with 212 additions and 22 deletions.
2 changes: 2 additions & 0 deletions operator/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

## Release 5.8.5

- [12164](https://github.com/grafana/loki/pull/12164) **periklis**: Use safe bearer token authentication to scrape operator metrics
- [12216](https://github.com/grafana/loki/pull/12216) **xperimental**: Fix duplicate operator metrics due to ServiceMonitor selector
- [11968](https://github.com/grafana/loki/pull/11968) **xperimental**: Extend status to show difference between running and ready

## Release 5.8.4
Expand Down
11 changes: 11 additions & 0 deletions ...penshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: loki-operator
app.kubernetes.io/version: 0.4.0
name: loki-operator-controller-manager-metrics-reader
1 change: 1 addition & 0 deletions ...nity-openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ metadata:
service.beta.openshift.io/serving-cert-secret-name: loki-operator-metrics
creationTimestamp: null
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
Expand Down
13 changes: 13 additions & 0 deletions ...mmunity-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
labels:
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: loki-operator
app.kubernetes.io/version: 0.4.0
name: loki-operator-controller-manager-metrics-token
type: kubernetes.io/service-account-token
19 changes: 19 additions & 0 deletions ...ator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: loki-operator
app.kubernetes.io/version: 0.4.0
name: loki-operator-controller-manager-read-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loki-operator-metrics-reader
subjects:
- kind: ServiceAccount
name: loki-operator-controller-manager-metrics-reader
namespace: kubernetes-operators
12 changes: 10 additions & 2 deletions ...hift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,23 @@ metadata:
name: loki-operator-metrics-monitor
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- authorization:
credentials:
key: token
name: loki-operator-controller-manager-metrics-token
type: bearer
interval: 30s
path: /metrics
scheme: https
scrapeTimeout: 10s
targetPort: 8443
tlsConfig:
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
ca:
secret:
key: service-ca.crt
name: loki-operator-controller-manager-metrics-token
serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc
selector:
matchLabels:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: loki-operator
7 changes: 4 additions & 3 deletions operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: docker.io/grafana/loki-operator:0.4.0
createdAt: "2024-03-04T17:34:37Z"
createdAt: "2024-03-14T20:38:35Z"
description: The Community Loki Operator provides Kubernetes native deployment
and management of Loki and related logging components.
features.operators.openshift.io/disconnected: "true"
Expand Down Expand Up @@ -1633,7 +1633,7 @@ spec:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
deployments:
- label:
app.kubernetes.io/instance: loki-operator-v0.4.0
Expand Down Expand Up @@ -1734,6 +1734,7 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: loki-operator-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- configMap:
Expand Down Expand Up @@ -1767,7 +1768,7 @@ spec:
verbs:
- create
- patch
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
strategy: deployment
installModes:
- supported: false
Expand Down
11 changes: 11 additions & 0 deletions ...ommunity/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: loki-operator
app.kubernetes.io/version: 0.4.0
name: loki-operator-controller-manager-metrics-reader
1 change: 1 addition & 0 deletions ...ndle/community/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ kind: Service
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
Expand Down
19 changes: 19 additions & 0 deletions ...ator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-v0.4.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: loki-operator
app.kubernetes.io/version: 0.4.0
name: loki-operator-controller-manager-read-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loki-operator-metrics-reader
subjects:
- kind: ServiceAccount
name: loki-operator-controller-manager-metrics-reader
namespace: loki-operator
7 changes: 4 additions & 3 deletions operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: docker.io/grafana/loki-operator:0.4.0
createdAt: "2024-03-04T17:34:34Z"
createdAt: "2024-03-14T20:38:33Z"
description: The Community Loki Operator provides Kubernetes native deployment
and management of Loki and related logging components.
operators.operatorframework.io/builder: operator-sdk-unknown
Expand Down Expand Up @@ -1613,7 +1613,7 @@ spec:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
deployments:
- label:
app.kubernetes.io/instance: loki-operator-v0.4.0
Expand Down Expand Up @@ -1703,6 +1703,7 @@ spec:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: loki-operator-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: webhook-cert
Expand Down Expand Up @@ -1735,7 +1736,7 @@ spec:
verbs:
- create
- patch
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
strategy: deployment
installModes:
- supported: false
Expand Down
11 changes: 11 additions & 0 deletions ...penshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-0.1.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: cluster-logging
app.kubernetes.io/version: 0.1.0
name: loki-operator-controller-manager-metrics-reader
1 change: 1 addition & 0 deletions ...ndle/openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ metadata:
service.beta.openshift.io/serving-cert-secret-name: loki-operator-metrics
creationTimestamp: null
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: loki-operator-0.1.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
Expand Down
13 changes: 13 additions & 0 deletions .../bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
labels:
app.kubernetes.io/instance: loki-operator-0.1.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: cluster-logging
app.kubernetes.io/version: 0.1.0
name: loki-operator-controller-manager-metrics-token
type: kubernetes.io/service-account-token
19 changes: 19 additions & 0 deletions ...ator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: loki-operator-0.1.0
app.kubernetes.io/managed-by: operator-lifecycle-manager
app.kubernetes.io/name: loki-operator
app.kubernetes.io/part-of: cluster-logging
app.kubernetes.io/version: 0.1.0
name: loki-operator-controller-manager-read-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loki-operator-metrics-reader
subjects:
- kind: ServiceAccount
name: loki-operator-controller-manager-metrics-reader
namespace: openshift-operators-redhat
12 changes: 10 additions & 2 deletions ...hift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,23 @@ metadata:
name: loki-operator-metrics-monitor
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- authorization:
credentials:
key: token
name: loki-operator-controller-manager-metrics-token
type: bearer
interval: 30s
path: /metrics
scheme: https
scrapeTimeout: 10s
targetPort: 8443
tlsConfig:
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
ca:
secret:
key: service-ca.crt
name: loki-operator-controller-manager-metrics-token
serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc
selector:
matchLabels:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: loki-operator
7 changes: 4 additions & 3 deletions operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: quay.io/openshift-logging/loki-operator:0.1.0
createdAt: "2024-03-04T17:34:40Z"
createdAt: "2024-03-14T20:38:36Z"
description: |
The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging.
## Prerequisites and Requirements
Expand Down Expand Up @@ -1618,7 +1618,7 @@ spec:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
deployments:
- label:
app.kubernetes.io/instance: loki-operator-0.1.0
Expand Down Expand Up @@ -1719,6 +1719,7 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: loki-operator-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- configMap:
Expand Down Expand Up @@ -1752,7 +1753,7 @@ spec:
verbs:
- create
- patch
serviceAccountName: default
serviceAccountName: loki-operator-controller-manager
strategy: deployment
installModes:
- supported: false
Expand Down
1 change: 1 addition & 0 deletions operator/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,5 @@ spec:
periodSeconds: 10
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
13 changes: 10 additions & 3 deletions operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,19 @@ metadata:
name: metrics-monitor
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
path: /metrics
- path: /metrics
targetPort: 8443
scheme: https
interval: 30s
scrapeTimeout: 10s
authorization:
type: bearer
credentials:
key: token
name: loki-operator-controller-manager-metrics-token
tlsConfig:
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
ca:
secret:
key: service-ca.crt
name: loki-operator-controller-manager-metrics-token
serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc
1 change: 1 addition & 0 deletions operator/config/overlays/openshift/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ resources:
- ../../manager
- ../../webhook
- ../../prometheus
- manager_metrics_secret_token.yaml

# Adds namespace to all resources.
namespace: openshift-operators-redhat
Expand Down
7 changes: 7 additions & 0 deletions operator/config/overlays/openshift/manager_metrics_secret_token.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: controller-manager-metrics-token
annotations:
kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
type: kubernetes.io/service-account-token
13 changes: 10 additions & 3 deletions operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,19 @@ metadata:
name: metrics-monitor
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
path: /metrics
- path: /metrics
targetPort: 8443
scheme: https
interval: 30s
scrapeTimeout: 10s
authorization:
type: bearer
credentials:
key: token
name: loki-operator-controller-manager-metrics-token
tlsConfig:
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
ca:
secret:
key: service-ca.crt
name: loki-operator-controller-manager-metrics-token
serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc
1 change: 1 addition & 0 deletions operator/config/prometheus/monitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ spec:
selector:
matchLabels:
app.kubernetes.io/name: loki-operator
app.kubernetes.io/component: metrics
12 changes: 12 additions & 0 deletions operator/config/rbac/auth_proxy_client_clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: controller-manager-read-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metrics-reader
subjects:
- kind: ServiceAccount
name: controller-manager-metrics-reader
namespace: system
Loading

0 comments on commit 481947f

Please sign in to comment.