From bee1f9e2a88d99e966d27f6a09d81cf872b33bf2 Mon Sep 17 00:00:00 2001 From: Khurram Baig Date: Wed, 18 Dec 2024 08:15:26 +0530 Subject: [PATCH] Install Tekton Logs Collector using Kustomize generator ArgoCD CR's Application/ApplicationSet CR isn't available in every cluster. So we switched to using kustomize generator for vector installation. --- .gitignore | 1 + .../base/log-collector/kustomization.yaml | 16 + .../log-collector/vector-helm-generator.yaml | 10 + .../log-collector/vector-helm-values.yaml | 110 ++++ .../base/log-collector/vector-pre.yaml | 54 ++ .../development/kustomization.yaml | 1 + .../main-pipeline-service-configuration.yaml | 190 ------- .../staging/base/kustomization.yaml | 2 + .../main-pipeline-service-configuration.yaml | 201 -------- .../staging/stone-stage-p01/deploy.yaml | 484 +++++++++++++----- .../staging/stone-stg-rh01/deploy.yaml | 484 +++++++++++++----- hack/generate-deploy-config.sh | 2 +- 12 files changed, 917 insertions(+), 638 deletions(-) create mode 100644 components/pipeline-service/base/log-collector/kustomization.yaml create mode 100644 components/pipeline-service/base/log-collector/vector-helm-generator.yaml create mode 100644 components/pipeline-service/base/log-collector/vector-helm-values.yaml create mode 100644 components/pipeline-service/base/log-collector/vector-pre.yaml diff --git a/.gitignore b/.gitignore index 88418819536..7c5b98666ed 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ cosign.pub .tmp/ tmp .idea/* +components/pipeline-service/base/log-collector/charts/* diff --git a/components/pipeline-service/base/log-collector/kustomization.yaml b/components/pipeline-service/base/log-collector/kustomization.yaml new file mode 100644 index 00000000000..1b75ee19635 --- /dev/null +++ b/components/pipeline-service/base/log-collector/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: tekton-logging +# Skip applying the Tekton/PaC operands while the Tekton/PaC operator is being installed. +# See more information about this option, here: +# https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#skip-dry-run-for-new-custom-resources-types +commonAnnotations: + argocd.argoproj.io/sync-wave: "-1" + +generators: + - vector-helm-generator.yaml + +resources: + - vector-pre.yaml + diff --git a/components/pipeline-service/base/log-collector/vector-helm-generator.yaml b/components/pipeline-service/base/log-collector/vector-helm-generator.yaml new file mode 100644 index 00000000000..3ef35209bdf --- /dev/null +++ b/components/pipeline-service/base/log-collector/vector-helm-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: builtin +kind: HelmChartInflationGenerator +metadata: + name: vector +name: vector +repo: https://helm.vector.dev +version: 0.38.1 +releaseName: vector-tekton-logs-collector +namespace: tekton-logging +valuesFile: vector-helm-values.yaml \ No newline at end of file diff --git a/components/pipeline-service/base/log-collector/vector-helm-values.yaml b/components/pipeline-service/base/log-collector/vector-helm-values.yaml new file mode 100644 index 00000000000..f8e22673b2d --- /dev/null +++ b/components/pipeline-service/base/log-collector/vector-helm-values.yaml @@ -0,0 +1,110 @@ +--- +role: Agent +customConfig: + data_dir: /vector-data-dir + api: + enabled: true + address: 127.0.0.1:8686 + playground: false + sources: + kubernetes_logs: + type: kubernetes_logs + rotate_wait_secs: 5 + glob_minimum_cooldown_ms: 15000 + auto_partial_merge: true + extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)" + internal_metrics: + type: internal_metrics + transforms: + remap_app_logs: + type: remap + inputs: [kubernetes_logs] + source: |- + .log_type = "application" + .kubernetes_namespace_name = .kubernetes.pod_namespace + if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { + .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") + } else { + .taskRunUID = "none" + } + if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { + .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") + .result = .pipelineRunUID + } else { + .result = .taskRunUID + } + if exists(.kubernetes.pod_labels."tekton.dev/task") { + .task = del(.kubernetes.pod_labels."tekton.dev/task") + } else { + .task = "none" + } + if exists(.kubernetes.pod_namespace) { + .namespace = del(.kubernetes.pod_namespace) + } else { + .namespace = "unlabeled" + } + .pod = .kubernetes.pod_name + .container = .kubernetes.container_name + sinks: + aws_s3: + type: "aws_s3" + bucket: ${BUCKET} + buffer: + type: "disk" + max_size: 1073741824 + inputs: ["remap_app_logs"] + compression: "none" + endpoint: ${ENDPOINT} + encoding: + codec: "text" + key_prefix: "/logs/{{ `{{ .namespace }}` }}/{{`{{ .result }}`}}/{{`{{ .taskRunUID }}`}}/{{`{{ .container }}`}}" + filename_time_format: "" + filename_append_uuid: false +env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: tekton-results-s3 + key: aws_access_key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: tekton-results-s3 + key: aws_secret_access_key + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + name: tekton-results-s3 + key: aws_region + - name: BUCKET + valueFrom: + secretKeyRef: + name: tekton-results-s3 + key: bucket + - name: ENDPOINT + valueFrom: + secretKeyRef: + name: tekton-results-s3 + key: endpoint +tolerations: + - effect: NoSchedule + key: konflux-ci.dev/workload + operator: Exists +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - FSETID + - KILL + - NET_BIND_SERVICE + - SETGID + - SETPCAP + - SETUID + readOnlyRootFilesystem: true + seLinuxOptions: + type: spc_t + seccompProfile: + type: RuntimeDefault diff --git a/components/pipeline-service/base/log-collector/vector-pre.yaml b/components/pipeline-service/base/log-collector/vector-pre.yaml new file mode 100644 index 00000000000..c8b05bf298a --- /dev/null +++ b/components/pipeline-service/base/log-collector/vector-pre.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-logging +--- +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +allowedCapabilities: null +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: null +defaultAllowPrivilegeEscalation: false +forbiddenSysctls: +- '*' +fsGroup: + type: RunAsAny +groups: [] +kind: SecurityContextConstraints +metadata: + name: logging-scc + namespace: tekton-logging +priority: null +readOnlyRootFilesystem: true +requiredDropCapabilities: +- CHOWN +- DAC_OVERRIDE +- FSETID +- FOWNER +- SETGID +- SETUID +- SETPCAP +- NET_BIND_SERVICE +- KILL +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: +- runtime/default +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:tekton-logging:vector-tekton-logs-collector +volumes: +- configMap +- emptyDir +- hostPath +- projected +- secret diff --git a/components/pipeline-service/development/kustomization.yaml b/components/pipeline-service/development/kustomization.yaml index 3e1408456c2..7a613c1475e 100644 --- a/components/pipeline-service/development/kustomization.yaml +++ b/components/pipeline-service/development/kustomization.yaml @@ -11,3 +11,4 @@ resources: - main-pipeline-service-configuration.yaml - dev-only-pipeline-service-storage-configuration.yaml - ../base/rbac + - ../base/log-collector diff --git a/components/pipeline-service/development/main-pipeline-service-configuration.yaml b/components/pipeline-service/development/main-pipeline-service-configuration.yaml index 1da5039be16..016105adb6b 100644 --- a/components/pipeline-service/development/main-pipeline-service-configuration.yaml +++ b/components/pipeline-service/development/main-pipeline-service-configuration.yaml @@ -1767,196 +1767,6 @@ spec: - name: AUTOINSTALL_COMPONENTS value: "false" --- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vectors-tekton-logs-collector - namespace: openshift-gitops -spec: - destination: - namespace: tekton-logging - server: https://kubernetes.default.svc - project: default - source: - path: charts/vector - repoURL: 'https://github.com/vectordotdev/helm-charts' - targetRevision: "08506fdc01c7cc3fcf2dd83102add7b44980ee23" - helm: - valueFiles: - - values.yaml - values: |- - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: true - address: 127.0.0.1:8686 - playground: false - sources: - kubernetes_logs: - type: kubernetes_logs - rotate_wait_secs: 5 - glob_minimum_cooldown_ms: 15000 - auto_partial_merge: true - extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)" - internal_metrics: - type: internal_metrics - transforms: - remap_app_logs: - type: remap - inputs: [kubernetes_logs] - source: |- - .log_type = "application" - .kubernetes_namespace_name = .kubernetes.pod_namespace - if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { - .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") - } else { - .taskRunUID = "none" - } - if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { - .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") - .result = .pipelineRunUID - } else { - .result = .taskRunUID - } - if exists(.kubernetes.pod_labels."tekton.dev/task") { - .task = del(.kubernetes.pod_labels."tekton.dev/task") - } else { - .task = "none" - } - if exists(.kubernetes.pod_namespace) { - .namespace = del(.kubernetes.pod_namespace) - } else { - .namespace = "unlabeled" - } - .pod = .kubernetes.pod_name - .container = .kubernetes.container_name - sinks: - aws_s3: - type: "aws_s3" - bucket: ${BUCKET} - buffer: - type: "disk" - max_size: 1073741824 - inputs: ["remap_app_logs"] - compression: "none" - endpoint: ${ENDPOINT} - encoding: - codec: "text" - key_prefix: "/logs/{{ `{{ .namespace }}` }}/{{`{{ .result }}`}}/{{`{{ .taskRunUID }}`}}/{{`{{ .container }}`}}" - filename_time_format: "" - filename_append_uuid: false - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_access_key_id - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_secret_access_key - - name: AWS_DEFAULT_REGION - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_region - - name: BUCKET - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: bucket - - name: ENDPOINT - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: endpoint - tolerations: - - effect: NoSchedule - key: konflux-ci.dev/workload - operator: Exists - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - CHOWN - - DAC_OVERRIDE - - FOWNER - - FSETID - - KILL - - NET_BIND_SERVICE - - SETGID - - SETPCAP - - SETUID - readOnlyRootFilesystem: true - seLinuxOptions: - type: spc_t - seccompProfile: - type: RuntimeDefault - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - backoff: - duration: 10s - factor: 2 - maxDuration: 3m - limit: -1 - syncOptions: - - CreateNamespace=true - - Validate=false ---- -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -allowedCapabilities: null -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -defaultAllowPrivilegeEscalation: false -forbiddenSysctls: -- '*' -fsGroup: - type: RunAsAny -groups: [] -kind: SecurityContextConstraints -metadata: - name: logging-scc - namespace: tekton-logging -priority: null -readOnlyRootFilesystem: true -requiredDropCapabilities: -- CHOWN -- DAC_OVERRIDE -- FSETID -- FOWNER -- SETGID -- SETUID -- SETPCAP -- NET_BIND_SERVICE -- KILL -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: -- runtime/default -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:tekton-logging:vectors-tekton-logs-collector -volumes: -- configMap -- emptyDir -- hostPath -- projected -- secret ---- apiVersion: route.openshift.io/v1 kind: Route metadata: diff --git a/components/pipeline-service/staging/base/kustomization.yaml b/components/pipeline-service/staging/base/kustomization.yaml index 225a0a245a2..43de8b61061 100644 --- a/components/pipeline-service/staging/base/kustomization.yaml +++ b/components/pipeline-service/staging/base/kustomization.yaml @@ -7,6 +7,7 @@ kind: Kustomization commonAnnotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + resources: - main-pipeline-service-configuration.yaml - pipelines-as-code-secret.yaml @@ -14,3 +15,4 @@ resources: - ../../base/testing - ../../base/rbac - ../../base/certificates + - ../../base/log-collector diff --git a/components/pipeline-service/staging/base/main-pipeline-service-configuration.yaml b/components/pipeline-service/staging/base/main-pipeline-service-configuration.yaml index 29f1e3819fa..db822d79b84 100644 --- a/components/pipeline-service/staging/base/main-pipeline-service-configuration.yaml +++ b/components/pipeline-service/staging/base/main-pipeline-service-configuration.yaml @@ -19,16 +19,6 @@ metadata: name: tekton-results --- apiVersion: v1 -kind: Namespace -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: "-1" - labels: - argocd.argoproj.io/managed-by: openshift-gitops - name: tekton-logging ---- -apiVersion: v1 kind: ServiceAccount metadata: annotations: @@ -1720,197 +1710,6 @@ spec: bucket: '{{ .bucket }}' endpoint: https://{{ .endpoint }} --- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vectors-tekton-logs-collector - namespace: openshift-gitops -spec: - destination: - namespace: tekton-logging - server: https://kubernetes.default.svc - project: default - source: - path: charts/vector - repoURL: 'https://github.com/vectordotdev/helm-charts' - targetRevision: "08506fdc01c7cc3fcf2dd83102add7b44980ee23" - helm: - valueFiles: - - values.yaml - values: |- - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: true - address: 127.0.0.1:8686 - playground: false - sources: - kubernetes_logs: - type: kubernetes_logs - rotate_wait_secs: 5 - glob_minimum_cooldown_ms: 15000 - auto_partial_merge: true - extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)" - internal_metrics: - type: internal_metrics - transforms: - remap_app_logs: - type: remap - inputs: [kubernetes_logs] - source: |- - .log_type = "application" - .kubernetes_namespace_name = .kubernetes.pod_namespace - if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { - .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") - } else { - .taskRunUID = "none" - } - if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { - .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") - .result = .pipelineRunUID - } else { - .result = .taskRunUID - } - if exists(.kubernetes.pod_labels."tekton.dev/task") { - .task = del(.kubernetes.pod_labels."tekton.dev/task") - } else { - .task = "none" - } - if exists(.kubernetes.pod_namespace) { - .namespace = del(.kubernetes.pod_namespace) - } else { - .namespace = "unlabeled" - } - .pod = .kubernetes.pod_name - .container = .kubernetes.container_name - sinks: - aws_s3: - type: "aws_s3" - bucket: ${BUCKET} - buffer: - type: "disk" - max_size: 1073741824 - inputs: ["remap_app_logs"] - compression: "none" - endpoint: ${ENDPOINT} - encoding: - codec: "text" - key_prefix: "/logs/{{ `{{ .namespace }}` }}/{{`{{ .result }}`}}/{{`{{ .taskRunUID }}`}}/{{`{{ .container }}`}}" - filename_time_format: "" - filename_append_uuid: false - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_access_key_id - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_secret_access_key - - name: AWS_DEFAULT_REGION - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_region - - name: BUCKET - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: bucket - - name: ENDPOINT - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: endpoint - tolerations: - - effect: NoSchedule - key: konflux-ci.dev/workload - operator: Equal - value: konflux-tenants - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - CHOWN - - DAC_OVERRIDE - - FOWNER - - FSETID - - KILL - - NET_BIND_SERVICE - - SETGID - - SETPCAP - - SETUID - readOnlyRootFilesystem: true - seLinuxOptions: - type: spc_t - seccompProfile: - type: RuntimeDefault - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - backoff: - duration: 10s - factor: 2 - maxDuration: 3m - limit: -1 - syncOptions: - - CreateNamespace=false - - Validate=false ---- -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -allowedCapabilities: null -apiVersion: security.openshift.io/v1 -defaultAddCapabilities: null -defaultAllowPrivilegeEscalation: false -forbiddenSysctls: -- '*' -fsGroup: - type: RunAsAny -groups: [] -kind: SecurityContextConstraints -metadata: - name: logging-scc - namespace: tekton-logging -priority: null -readOnlyRootFilesystem: true -requiredDropCapabilities: -- CHOWN -- DAC_OVERRIDE -- FSETID -- FOWNER -- SETGID -- SETUID -- SETPCAP -- NET_BIND_SERVICE -- KILL -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: -- runtime/default -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:tekton-logging:vectors-tekton-logs-collector -volumes: -- configMap -- emptyDir -- hostPath -- projected -- secret ---- apiVersion: route.openshift.io/v1 kind: Route metadata: diff --git a/components/pipeline-service/staging/stone-stage-p01/deploy.yaml b/components/pipeline-service/staging/stone-stage-p01/deploy.yaml index 989395707ac..706b65f59a4 100644 --- a/components/pipeline-service/staging/stone-stage-p01/deploy.yaml +++ b/components/pipeline-service/staging/stone-stage-p01/deploy.yaml @@ -21,8 +21,6 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: "-1" - labels: - argocd.argoproj.io/managed-by: openshift-gitops name: tekton-logging --- apiVersion: v1 @@ -53,6 +51,23 @@ metadata: namespace: plnsvc-tests --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +--- +apiVersion: v1 kind: ServiceAccount metadata: annotations: @@ -542,6 +557,31 @@ rules: - create --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector +rules: +- apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: @@ -830,6 +870,109 @@ subjects: name: tekton-results-watcher namespace: tekton-results --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vector-tekton-logs-collector +subjects: +- kind: ServiceAccount + name: vector-tekton-logs-collector + namespace: tekton-logging +--- +apiVersion: v1 +data: + vector.yaml: | + api: + address: 127.0.0.1:8686 + enabled: true + playground: false + data_dir: /vector-data-dir + sinks: + aws_s3: + bucket: ${BUCKET} + buffer: + max_size: 1073741824 + type: disk + compression: none + encoding: + codec: text + endpoint: ${ENDPOINT} + filename_append_uuid: false + filename_time_format: "" + inputs: + - remap_app_logs + key_prefix: /logs/{{ .namespace }}/{{ .result }}/{{ .taskRunUID + }}/{{ .container }} + type: aws_s3 + sources: + internal_metrics: + type: internal_metrics + kubernetes_logs: + auto_partial_merge: true + extra_label_selector: app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev) + glob_minimum_cooldown_ms: 15000 + rotate_wait_secs: 5 + type: kubernetes_logs + transforms: + remap_app_logs: + inputs: + - kubernetes_logs + source: |- + .log_type = "application" + .kubernetes_namespace_name = .kubernetes.pod_namespace + if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { + .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") + } else { + .taskRunUID = "none" + } + if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { + .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") + .result = .pipelineRunUID + } else { + .result = .taskRunUID + } + if exists(.kubernetes.pod_labels."tekton.dev/task") { + .task = del(.kubernetes.pod_labels."tekton.dev/task") + } else { + .task = "none" + } + if exists(.kubernetes.pod_namespace) { + .namespace = del(.kubernetes.pod_namespace) + } else { + .namespace = "unlabeled" + } + .pod = .kubernetes.pod_name + .container = .kubernetes.container_name + type: remap +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +--- apiVersion: v1 data: tekton-results-db-ca.pem: |- @@ -1237,6 +1380,61 @@ spec: --- apiVersion: v1 kind: Service +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +spec: + ports: + - name: api + port: 8686 + protocol: TCP + targetPort: 8686 + selector: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector-headless + namespace: tekton-logging +spec: + clusterIP: None + ports: + - name: api + port: 8686 + protocol: TCP + targetPort: 8686 + selector: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -1711,115 +1909,95 @@ spec: secret: secretName: tekton-results-tls --- -apiVersion: argoproj.io/v1alpha1 -kind: Application +apiVersion: apps/v1 +kind: DaemonSet metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - name: vectors-tekton-logs-collector - namespace: openshift-gitops + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging spec: - destination: - namespace: tekton-logging - server: https://kubernetes.default.svc - project: default - source: - helm: - valueFiles: - - values.yaml - values: |- - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: true - address: 127.0.0.1:8686 - playground: false - sources: - kubernetes_logs: - type: kubernetes_logs - rotate_wait_secs: 5 - glob_minimum_cooldown_ms: 15000 - auto_partial_merge: true - extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)" - internal_metrics: - type: internal_metrics - transforms: - remap_app_logs: - type: remap - inputs: [kubernetes_logs] - source: |- - .log_type = "application" - .kubernetes_namespace_name = .kubernetes.pod_namespace - if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { - .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") - } else { - .taskRunUID = "none" - } - if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { - .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") - .result = .pipelineRunUID - } else { - .result = .taskRunUID - } - if exists(.kubernetes.pod_labels."tekton.dev/task") { - .task = del(.kubernetes.pod_labels."tekton.dev/task") - } else { - .task = "none" - } - if exists(.kubernetes.pod_namespace) { - .namespace = del(.kubernetes.pod_namespace) - } else { - .namespace = "unlabeled" - } - .pod = .kubernetes.pod_name - .container = .kubernetes.container_name - sinks: - aws_s3: - type: "aws_s3" - bucket: ${BUCKET} - buffer: - type: "disk" - max_size: 1073741824 - inputs: ["remap_app_logs"] - compression: "none" - endpoint: ${ENDPOINT} - encoding: - codec: "text" - key_prefix: "/logs/{{ `{{ .namespace }}` }}/{{`{{ .result }}`}}/{{`{{ .taskRunUID }}`}}/{{`{{ .container }}`}}" - filename_time_format: "" - filename_append_uuid: false + minReadySeconds: 0 + selector: + matchLabels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + checksum/config: 90d3dfa5a525f4593840d7cf5c48e7d0da530e0d6262335fbf2a670983a5ec30 + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + vector.dev/exclude: "true" + spec: + containers: + - args: + - --config-dir + - /etc/vector/ env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_access_key_id - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_secret_access_key - - name: AWS_DEFAULT_REGION - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_region - - name: BUCKET - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: bucket - - name: ENDPOINT - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: endpoint - tolerations: - - effect: NoSchedule - key: konflux-ci.dev/workload - operator: Equal - value: konflux-tenants + - name: VECTOR_LOG + value: info + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: tekton-results-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: tekton-results-s3 + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: tekton-results-s3 + - name: BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: tekton-results-s3 + - name: ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: tekton-results-s3 + - name: VECTOR_SELF_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VECTOR_SELF_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VECTOR_SELF_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PROCFS_ROOT + value: /host/proc + - name: SYSFS_ROOT + value: /host/sys + image: timberio/vector:0.43.1-distroless-libc + imagePullPolicy: IfNotPresent + name: vector + ports: + - containerPort: 8686 + name: api + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: @@ -1838,22 +2016,52 @@ spec: type: spc_t seccompProfile: type: RuntimeDefault - path: charts/vector - repoURL: https://github.com/vectordotdev/helm-charts - targetRevision: 08506fdc01c7cc3fcf2dd83102add7b44980ee23 - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - backoff: - duration: 10s - factor: 2 - maxDuration: 3m - limit: -1 - syncOptions: - - CreateNamespace=false - - Validate=false + volumeMounts: + - mountPath: /vector-data-dir + name: data + - mountPath: /etc/vector/ + name: config + readOnly: true + - mountPath: /var/log/ + name: var-log + readOnly: true + - mountPath: /var/lib + name: var-lib + readOnly: true + - mountPath: /host/proc + name: procfs + readOnly: true + - mountPath: /host/sys + name: sysfs + readOnly: true + dnsPolicy: ClusterFirst + serviceAccountName: vector-tekton-logs-collector + terminationGracePeriodSeconds: 60 + tolerations: + - effect: NoSchedule + key: konflux-ci.dev/workload + operator: Exists + volumes: + - name: config + projected: + sources: + - configMap: + name: vector-tekton-logs-collector + - hostPath: + path: /var/lib/vector + name: data + - hostPath: + path: /var/log/ + name: var-log + - hostPath: + path: /var/lib/ + name: var-lib + - hostPath: + path: /proc + name: procfs + - hostPath: + path: /sys + name: sysfs --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -1956,6 +2164,35 @@ spec: --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + name: tekton-results-s3 + namespace: tekton-logging +spec: + dataFrom: + - extract: + key: integrations-output/terraform-resources/appsres09ue1/stone-stage-p01/stone-stage-p01-plnsvc-s3 + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: appsre-vault + target: + creationPolicy: Owner + deletionPolicy: Delete + name: tekton-results-s3 + template: + data: + aws_access_key_id: '{{ .aws_access_key_id }}' + aws_region: '{{ .aws_region }}' + aws_secret_access_key: '{{ .aws_secret_access_key }}' + bucket: '{{ .bucket }}' + endpoint: https://{{ .endpoint }} + s3_url: s3://{{ .bucket }} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -2421,6 +2658,7 @@ kind: SecurityContextConstraints metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" name: logging-scc namespace: tekton-logging priority: null @@ -2444,7 +2682,7 @@ seccompProfiles: supplementalGroups: type: RunAsAny users: -- system:serviceaccount:tekton-logging:vectors-tekton-logs-collector +- system:serviceaccount:tekton-logging:vector-tekton-logs-collector volumes: - configMap - emptyDir diff --git a/components/pipeline-service/staging/stone-stg-rh01/deploy.yaml b/components/pipeline-service/staging/stone-stg-rh01/deploy.yaml index 9b247d770a3..0388d56fb04 100644 --- a/components/pipeline-service/staging/stone-stg-rh01/deploy.yaml +++ b/components/pipeline-service/staging/stone-stg-rh01/deploy.yaml @@ -21,8 +21,6 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: "-1" - labels: - argocd.argoproj.io/managed-by: openshift-gitops name: tekton-logging --- apiVersion: v1 @@ -53,6 +51,23 @@ metadata: namespace: plnsvc-tests --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +--- +apiVersion: v1 kind: ServiceAccount metadata: annotations: @@ -542,6 +557,31 @@ rules: - create --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector +rules: +- apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: @@ -830,6 +870,109 @@ subjects: name: tekton-results-watcher namespace: tekton-results --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vector-tekton-logs-collector +subjects: +- kind: ServiceAccount + name: vector-tekton-logs-collector + namespace: tekton-logging +--- +apiVersion: v1 +data: + vector.yaml: | + api: + address: 127.0.0.1:8686 + enabled: true + playground: false + data_dir: /vector-data-dir + sinks: + aws_s3: + bucket: ${BUCKET} + buffer: + max_size: 1073741824 + type: disk + compression: none + encoding: + codec: text + endpoint: ${ENDPOINT} + filename_append_uuid: false + filename_time_format: "" + inputs: + - remap_app_logs + key_prefix: /logs/{{ .namespace }}/{{ .result }}/{{ .taskRunUID + }}/{{ .container }} + type: aws_s3 + sources: + internal_metrics: + type: internal_metrics + kubernetes_logs: + auto_partial_merge: true + extra_label_selector: app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev) + glob_minimum_cooldown_ms: 15000 + rotate_wait_secs: 5 + type: kubernetes_logs + transforms: + remap_app_logs: + inputs: + - kubernetes_logs + source: |- + .log_type = "application" + .kubernetes_namespace_name = .kubernetes.pod_namespace + if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { + .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") + } else { + .taskRunUID = "none" + } + if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { + .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") + .result = .pipelineRunUID + } else { + .result = .taskRunUID + } + if exists(.kubernetes.pod_labels."tekton.dev/task") { + .task = del(.kubernetes.pod_labels."tekton.dev/task") + } else { + .task = "none" + } + if exists(.kubernetes.pod_namespace) { + .namespace = del(.kubernetes.pod_namespace) + } else { + .namespace = "unlabeled" + } + .pod = .kubernetes.pod_name + .container = .kubernetes.container_name + type: remap +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +--- apiVersion: v1 data: tekton-results-db-ca.pem: |- @@ -1237,6 +1380,61 @@ spec: --- apiVersion: v1 kind: Service +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging +spec: + ports: + - name: api + port: 8686 + protocol: TCP + targetPort: 8686 + selector: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector-headless + namespace: tekton-logging +spec: + clusterIP: None + ports: + - name: api + port: 8686 + protocol: TCP + targetPort: 8686 + selector: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -1711,115 +1909,95 @@ spec: secret: secretName: tekton-results-tls --- -apiVersion: argoproj.io/v1alpha1 -kind: Application +apiVersion: apps/v1 +kind: DaemonSet metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - name: vectors-tekton-logs-collector - namespace: openshift-gitops + argocd.argoproj.io/sync-wave: "-1" + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vector + app.kubernetes.io/version: 0.43.1-distroless-libc + helm.sh/chart: vector-0.38.1 + name: vector-tekton-logs-collector + namespace: tekton-logging spec: - destination: - namespace: tekton-logging - server: https://kubernetes.default.svc - project: default - source: - helm: - valueFiles: - - values.yaml - values: |- - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: true - address: 127.0.0.1:8686 - playground: false - sources: - kubernetes_logs: - type: kubernetes_logs - rotate_wait_secs: 5 - glob_minimum_cooldown_ms: 15000 - auto_partial_merge: true - extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)" - internal_metrics: - type: internal_metrics - transforms: - remap_app_logs: - type: remap - inputs: [kubernetes_logs] - source: |- - .log_type = "application" - .kubernetes_namespace_name = .kubernetes.pod_namespace - if exists(.kubernetes.pod_labels."tekton.dev/taskRunUID") { - .taskRunUID = del(.kubernetes.pod_labels."tekton.dev/taskRunUID") - } else { - .taskRunUID = "none" - } - if exists(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") { - .pipelineRunUID = del(.kubernetes.pod_labels."tekton.dev/pipelineRunUID") - .result = .pipelineRunUID - } else { - .result = .taskRunUID - } - if exists(.kubernetes.pod_labels."tekton.dev/task") { - .task = del(.kubernetes.pod_labels."tekton.dev/task") - } else { - .task = "none" - } - if exists(.kubernetes.pod_namespace) { - .namespace = del(.kubernetes.pod_namespace) - } else { - .namespace = "unlabeled" - } - .pod = .kubernetes.pod_name - .container = .kubernetes.container_name - sinks: - aws_s3: - type: "aws_s3" - bucket: ${BUCKET} - buffer: - type: "disk" - max_size: 1073741824 - inputs: ["remap_app_logs"] - compression: "none" - endpoint: ${ENDPOINT} - encoding: - codec: "text" - key_prefix: "/logs/{{ `{{ .namespace }}` }}/{{`{{ .result }}`}}/{{`{{ .taskRunUID }}`}}/{{`{{ .container }}`}}" - filename_time_format: "" - filename_append_uuid: false + minReadySeconds: 0 + selector: + matchLabels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + checksum/config: 90d3dfa5a525f4593840d7cf5c48e7d0da530e0d6262335fbf2a670983a5ec30 + labels: + app.kubernetes.io/component: Agent + app.kubernetes.io/instance: vector-tekton-logs-collector + app.kubernetes.io/name: vector + vector.dev/exclude: "true" + spec: + containers: + - args: + - --config-dir + - /etc/vector/ env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_access_key_id - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_secret_access_key - - name: AWS_DEFAULT_REGION - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: aws_region - - name: BUCKET - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: bucket - - name: ENDPOINT - valueFrom: - secretKeyRef: - name: tekton-results-s3 - key: endpoint - tolerations: - - effect: NoSchedule - key: konflux-ci.dev/workload - operator: Equal - value: konflux-tenants + - name: VECTOR_LOG + value: info + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: tekton-results-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: tekton-results-s3 + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: tekton-results-s3 + - name: BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: tekton-results-s3 + - name: ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: tekton-results-s3 + - name: VECTOR_SELF_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VECTOR_SELF_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VECTOR_SELF_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PROCFS_ROOT + value: /host/proc + - name: SYSFS_ROOT + value: /host/sys + image: timberio/vector:0.43.1-distroless-libc + imagePullPolicy: IfNotPresent + name: vector + ports: + - containerPort: 8686 + name: api + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: @@ -1838,22 +2016,52 @@ spec: type: spc_t seccompProfile: type: RuntimeDefault - path: charts/vector - repoURL: https://github.com/vectordotdev/helm-charts - targetRevision: 08506fdc01c7cc3fcf2dd83102add7b44980ee23 - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - backoff: - duration: 10s - factor: 2 - maxDuration: 3m - limit: -1 - syncOptions: - - CreateNamespace=false - - Validate=false + volumeMounts: + - mountPath: /vector-data-dir + name: data + - mountPath: /etc/vector/ + name: config + readOnly: true + - mountPath: /var/log/ + name: var-log + readOnly: true + - mountPath: /var/lib + name: var-lib + readOnly: true + - mountPath: /host/proc + name: procfs + readOnly: true + - mountPath: /host/sys + name: sysfs + readOnly: true + dnsPolicy: ClusterFirst + serviceAccountName: vector-tekton-logs-collector + terminationGracePeriodSeconds: 60 + tolerations: + - effect: NoSchedule + key: konflux-ci.dev/workload + operator: Exists + volumes: + - name: config + projected: + sources: + - configMap: + name: vector-tekton-logs-collector + - hostPath: + path: /var/lib/vector + name: data + - hostPath: + path: /var/log/ + name: var-log + - hostPath: + path: /var/lib/ + name: var-lib + - hostPath: + path: /proc + name: procfs + - hostPath: + path: /sys + name: sysfs --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -1956,6 +2164,35 @@ spec: --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" + name: tekton-results-s3 + namespace: tekton-logging +spec: + dataFrom: + - extract: + key: integrations-output/terraform-resources/appsres07ue1/stonesoup-infra-stage/redhat-stg-plnsvc-s3 + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: appsre-vault + target: + creationPolicy: Owner + deletionPolicy: Delete + name: tekton-results-s3 + template: + data: + aws_access_key_id: '{{ .aws_access_key_id }}' + aws_region: '{{ .aws_region }}' + aws_secret_access_key: '{{ .aws_secret_access_key }}' + bucket: '{{ .bucket }}' + endpoint: https://{{ .endpoint }} + s3_url: s3://{{ .bucket }} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -2432,6 +2669,7 @@ kind: SecurityContextConstraints metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" name: logging-scc namespace: tekton-logging priority: null @@ -2455,7 +2693,7 @@ seccompProfiles: supplementalGroups: type: RunAsAny users: -- system:serviceaccount:tekton-logging:vectors-tekton-logs-collector +- system:serviceaccount:tekton-logging:vector-tekton-logs-collector volumes: - configMap - emptyDir diff --git a/hack/generate-deploy-config.sh b/hack/generate-deploy-config.sh index cb7caa357e9..bd24acdd240 100755 --- a/hack/generate-deploy-config.sh +++ b/hack/generate-deploy-config.sh @@ -42,7 +42,7 @@ function main() { for DIR in $(find "$COMPONENT" -name resources); do TARGET=$(dirname "$DIR")/deploy.yaml echo "$DIR: $TARGET" - kustomize build "$DIR" >"$TARGET" + kustomize build --enable-helm "$DIR" >"$TARGET" done }