From 1593d7cc3264e7cf077449692bcdf591dbe94523 Mon Sep 17 00:00:00 2001 From: Divyam Date: Fri, 24 Jan 2025 14:47:13 +0530 Subject: [PATCH] Move opentelemetry operator outside of openobserve Add openobserve chart again as it got removed --- argocd-helm-charts/openobserve/Chart.lock | 7 +- argocd-helm-charts/openobserve/Chart.yaml | 3 - .../charts/openobserve/.helmignore | 39 + .../openobserve/charts/openobserve/Chart.yaml | 24 + .../openobserve/charts/openobserve/README.md | 64 + .../openobserve/charts/etcd/.helmignore | 25 + .../charts/openobserve/charts/etcd/Chart.lock | 6 + .../charts/openobserve/charts/etcd/Chart.yaml | 34 + .../charts/openobserve/charts/etcd/README.md | 791 ++++++++++++ .../charts/etcd/charts/common/.helmignore | 26 + .../charts/etcd/charts/common/Chart.yaml | 23 + .../charts/etcd/charts/common/README.md | 235 ++++ .../charts/common/templates/_affinities.tpl | 139 +++ .../charts/common/templates/_capabilities.tpl | 229 ++++ .../common/templates/_compatibility.tpl | 46 + .../etcd/charts/common/templates/_errors.tpl | 28 + .../etcd/charts/common/templates/_images.tpl | 115 ++ .../etcd/charts/common/templates/_ingress.tpl | 73 ++ .../etcd/charts/common/templates/_labels.tpl | 46 + .../etcd/charts/common/templates/_names.tpl | 71 ++ .../charts/common/templates/_resources.tpl | 50 + .../etcd/charts/common/templates/_secrets.tpl | 185 +++ .../etcd/charts/common/templates/_storage.tpl | 21 + .../charts/common/templates/_tplvalues.tpl | 38 + .../etcd/charts/common/templates/_utils.tpl | 77 ++ .../charts/common/templates/_warnings.tpl | 109 ++ .../templates/validations/_cassandra.tpl | 77 ++ .../common/templates/validations/_mariadb.tpl | 108 ++ .../common/templates/validations/_mongodb.tpl | 113 ++ .../common/templates/validations/_mysql.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 134 ++ .../common/templates/validations/_redis.tpl | 81 ++ .../templates/validations/_validations.tpl | 51 + .../charts/etcd/charts/common/values.yaml | 8 + .../charts/etcd/templates/NOTES.txt | 119 ++ .../charts/etcd/templates/_helpers.tpl | 210 ++++ .../charts/etcd/templates/configmap.yaml | 20 + .../charts/etcd/templates/cronjob-defrag.yaml | 134 ++ .../charts/etcd/templates/cronjob.yaml | 154 +++ .../charts/etcd/templates/extra-list.yaml | 9 + .../charts/etcd/templates/networkpolicy.yaml | 84 ++ .../charts/etcd/templates/pdb.yaml | 28 + .../charts/etcd/templates/podmonitor.yaml | 46 + .../charts/etcd/templates/prometheusrule.yaml | 24 + .../charts/etcd/templates/secrets.yaml | 20 + .../charts/etcd/templates/serviceaccount.yaml | 19 + .../charts/etcd/templates/snapshot-pvc.yaml | 23 + .../charts/etcd/templates/statefulset.yaml | 460 +++++++ .../charts/etcd/templates/svc-headless.yaml | 57 + .../charts/etcd/templates/svc.yaml | 74 ++ .../charts/etcd/templates/token-secrets.yaml | 19 + .../openobserve/charts/etcd/values.yaml | 1098 +++++++++++++++++ .../openobserve/charts/minio/.helmignore | 23 + .../openobserve/charts/minio/Chart.yaml | 18 + .../charts/openobserve/charts/minio/README.md | 264 ++++ .../charts/minio/templates/NOTES.txt | 43 + .../minio/templates/_helper_create_bucket.txt | 122 ++ .../minio/templates/_helper_create_policy.txt | 75 ++ .../templates/_helper_create_svcacct.txt | 106 ++ .../minio/templates/_helper_create_user.txt | 107 ++ .../templates/_helper_custom_command.txt | 58 + .../charts/minio/templates/_helper_policy.tpl | 28 + .../charts/minio/templates/_helpers.tpl | 218 ++++ .../minio/templates/ciliumnetworkpolicy.yaml | 33 + .../charts/minio/templates/configmap.yaml | 32 + .../minio/templates/console-ingress.yaml | 55 + .../minio/templates/console-service.yaml | 45 + .../charts/minio/templates/deployment.yaml | 213 ++++ .../charts/minio/templates/ingress.yaml | 55 + .../charts/minio/templates/networkpolicy.yaml | 26 + .../minio/templates/poddisruptionbudget.yaml | 17 + .../charts/minio/templates/post-job.yaml | 258 ++++ .../charts/minio/templates/pvc.yaml | 32 + .../charts/minio/templates/secrets.yaml | 21 + .../templates/securitycontextconstraints.yaml | 45 + .../charts/minio/templates/service.yaml | 46 + .../minio/templates/serviceaccount.yaml | 6 + .../minio/templates/servicemonitor.yaml | 112 ++ .../charts/minio/templates/statefulset.yaml | 267 ++++ .../openobserve/charts/minio/values.yaml | 593 +++++++++ .../openobserve/charts/nats/.helmignore | 26 + .../charts/openobserve/charts/nats/Chart.yaml | 16 + .../charts/openobserve/charts/nats/README.md | 329 +++++ .../openobserve/charts/nats/UPGRADING.md | 155 +++ .../charts/nats/files/config-map.yaml | 10 + .../charts/nats/files/config/cluster.yaml | 32 + .../charts/nats/files/config/config.yaml | 114 ++ .../charts/nats/files/config/gateway.yaml | 11 + .../charts/nats/files/config/jetstream.yaml | 23 + .../charts/nats/files/config/leafnodes.yaml | 11 + .../charts/nats/files/config/mqtt.yaml | 10 + .../charts/nats/files/config/protocol.yaml | 10 + .../charts/nats/files/config/resolver.yaml | 3 + .../charts/nats/files/config/tls.yaml | 16 + .../charts/nats/files/config/websocket.yaml | 12 + .../charts/nats/files/headless-service.yaml | 24 + .../charts/nats/files/ingress.yaml | 34 + .../nats/files/nats-box/contents-secret.yaml | 17 + .../nats-box/contexts-secret/context.yaml | 51 + .../contexts-secret/contexts-secret.yaml | 13 + .../files/nats-box/deployment/container.yaml | 46 + .../files/nats-box/deployment/deployment.yaml | 16 + .../nats-box/deployment/pod-template.yaml | 44 + .../nats/files/nats-box/service-account.yaml | 7 + .../nats/files/pod-disruption-budget.yaml | 12 + .../charts/nats/files/pod-monitor.yaml | 13 + .../charts/nats/files/service-account.yaml | 7 + .../charts/nats/files/service.yaml | 23 + .../files/stateful-set/jetstream-pvc.yaml | 13 + .../files/stateful-set/nats-container.yaml | 106 ++ .../nats/files/stateful-set/pod-template.yaml | 71 ++ .../stateful-set/prom-exporter-container.yaml | 30 + .../stateful-set/reloader-container.yaml | 27 + .../nats/files/stateful-set/resolver-pvc.yaml | 13 + .../nats/files/stateful-set/stateful-set.yaml | 37 + .../charts/nats/templates/_helpers.tpl | 281 +++++ .../charts/nats/templates/_jsonpatch.tpl | 219 ++++ .../nats/templates/_toPrettyRawJson.tpl | 28 + .../charts/nats/templates/_tplYaml.tpl | 114 ++ .../charts/nats/templates/config-map.yaml | 4 + .../nats/templates/extra-resources.yaml | 5 + .../nats/templates/headless-service.yaml | 4 + .../charts/nats/templates/ingress.yaml | 6 + .../templates/nats-box/contents-secret.yaml | 10 + .../templates/nats-box/contexts-secret.yaml | 8 + .../nats/templates/nats-box/deployment.yaml | 8 + .../templates/nats-box/service-account.yaml | 8 + .../nats/templates/pod-disruption-budget.yaml | 6 + .../charts/nats/templates/pod-monitor.yaml | 8 + .../nats/templates/service-account.yaml | 6 + .../charts/nats/templates/service.yaml | 6 + .../charts/nats/templates/stateful-set.yaml | 4 + .../nats/templates/tests/request-reply.yaml | 37 + .../openobserve/charts/nats/values.yaml | 669 ++++++++++ .../examples/ldifs/create_ous.ldif | 13 + .../examples/ldifs/create_team1.ldif | 17 + .../examples/ldifs/create_team2.ldif | 13 + .../examples/ldifs/create_team3.ldif | 13 + .../examples/ldifs/create_team_ous.ldif | 17 + .../examples/ldifs/create_users.ldif | 37 + .../charts/openobserve/examples/openldap.yaml | 53 + .../charts/openobserve/templates/NOTES.txt | 19 + .../charts/openobserve/templates/_helpers.tpl | 70 ++ .../templates/alertmanager-configmap.yaml | 18 + .../templates/alertmanager-deployment.yaml | 121 ++ .../templates/alertmanager-service.yaml | 28 + .../templates/compactor-configmap.yaml | 20 + .../templates/compactor-deployment.yaml | 119 ++ .../openobserve/templates/compactor-hpa.yaml | 33 + .../templates/compactor-service.yaml | 22 + .../openobserve/templates/configmap.yaml | 331 +++++ .../templates/dex-clusterrole.yaml | 13 + .../templates/dex-clusterrolebinding.yaml | 14 + .../openobserve/templates/dex-configmap.yaml | 12 + .../openobserve/templates/dex-deployment.yaml | 95 ++ .../openobserve/templates/dex-ingress.yaml | 63 + .../openobserve/templates/dex-service.yaml | 14 + .../templates/dex-serviceaccount.yaml | 8 + .../templates/ingester-configmap.yaml | 18 + .../openobserve/templates/ingester-hpa.yaml | 33 + .../templates/ingester-service-headless.yaml | 23 + .../templates/ingester-service.yaml | 22 + .../templates/ingester-statefulset.yaml | 161 +++ .../charts/openobserve/templates/ingress.yaml | 64 + .../charts/openobserve/templates/issuer.yaml | 17 + .../templates/openfga-deployment.yaml | 81 ++ .../openobserve/templates/openfga-svc.yaml | 13 + .../openobserve/templates/pgadmin-sts.yaml | 69 ++ .../openobserve/templates/pgadmin-svc.yaml | 14 + .../templates/postgres-secret.yaml | 13 + .../openobserve/templates/postgres.yaml | 27 + .../templates/querier-configmap.yaml | 18 + .../templates/querier-service.yaml | 22 + .../templates/querier-statefulset.yaml | 137 ++ .../templates/reportserver-configmap.yaml | 13 + .../templates/reportserver-delpoyment.yaml | 103 ++ .../templates/reportserver-hpa.yaml | 33 + .../templates/reportserver-service.yaml | 19 + .../templates/router-configmap.yaml | 18 + .../templates/router-deployment.yaml | 119 ++ .../openobserve/templates/router-hpa.yaml | 33 + .../openobserve/templates/router-service.yaml | 26 + .../charts/openobserve/templates/secret.yaml | 59 + .../openobserve/templates/serviceaccount.yaml | 13 + .../templates/zplane-deployment.yaml | 73 ++ .../openobserve/templates/zplane-ingress.yaml | 64 + .../openobserve/templates/zplane-service.yaml | 20 + .../charts/openobserve/values.yaml | 979 +++++++++++++++ .../opentelemetry-operator/Chart.yaml | 7 + .../charts/opentelemetry-operator/.helmignore | 0 .../opentelemetry-operator/CONTRIBUTING.md | 0 .../charts/opentelemetry-operator/Chart.yaml | 0 .../charts/opentelemetry-operator/README.md | 0 .../opentelemetry-operator/UPGRADING.md | 0 ...t-manager-disable-nameoverride-values.yaml | 0 .../ci/cert-manager-disable-values.yaml | 0 .../ci/feature-gates-values.yaml | 0 .../ci/nameoverride-values.yaml | 0 .../ci/secret-name-nameoverride-values.yaml | 0 .../ci/secret-name-values.yaml | 0 .../crd-opentelemetry.io_opampbridges.yaml | 0 .../conf/crds/crd-opentelemetrycollector.yaml | 0 .../crd-opentelemetryinstrumentation.yaml | 0 .../opentelemetry-operator/examples/README.md | 0 .../operator-webhook-with-cert-manager.yaml | 0 .../admission-webhooks/operator-webhook.yaml | 0 .../default/rendered/certmanager.yaml | 0 .../default/rendered/clusterrole.yaml | 0 .../default/rendered/clusterrolebinding.yaml | 0 .../examples/default/rendered/deployment.yaml | 0 .../examples/default/rendered/role.yaml | 0 .../default/rendered/rolebinding.yaml | 0 .../examples/default/rendered/service.yaml | 0 .../default/rendered/serviceaccount.yaml | 0 .../tests/test-certmanager-connection.yaml | 0 .../tests/test-service-connection.yaml | 0 .../examples/default/values.yaml | 0 .../operator-webhook-with-cert-manager.yaml | 0 .../admission-webhooks/operator-webhook.yaml | 0 .../feature-gates/rendered/certmanager.yaml | 0 .../feature-gates/rendered/clusterrole.yaml | 0 .../rendered/clusterrolebinding.yaml | 0 .../feature-gates/rendered/deployment.yaml | 0 .../examples/feature-gates/rendered/role.yaml | 0 .../feature-gates/rendered/rolebinding.yaml | 0 .../feature-gates/rendered/service.yaml | 0 .../rendered/serviceaccount.yaml | 0 .../tests/test-certmanager-connection.yaml | 0 .../tests/test-service-connection.yaml | 0 .../examples/feature-gates/values.yaml | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../operator-webhook-with-cert-manager.yaml | 0 .../admission-webhooks/operator-webhook.yaml | 0 .../templates/certmanager.yaml | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/deployment.yaml | 0 .../opentelemetry-operator/templates/pdb.yaml | 0 .../templates/prometheusrule.yaml | 0 .../templates/role.yaml | 0 .../templates/rolebinding.yaml | 0 .../templates/service.yaml | 0 .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 0 .../tests/test-certmanager-connection.yaml | 0 .../tests/test-service-connection.yaml | 0 .../templates/verticalpodautoscaler.yaml | 0 .../opentelemetry-operator/values.schema.json | 0 .../charts/opentelemetry-operator/values.yaml | 0 250 files changed, 14979 insertions(+), 8 deletions(-) create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/.helmignore create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/Chart.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/README.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/.helmignore create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.lock create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/README.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/.helmignore create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/Chart.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/README.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_affinities.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_capabilities.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_compatibility.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_errors.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_images.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_ingress.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_labels.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_names.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_resources.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_secrets.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_storage.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_tplvalues.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_utils.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_warnings.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_cassandra.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mariadb.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mongodb.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mysql.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_postgresql.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_redis.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_validations.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/values.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/NOTES.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/_helpers.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob-defrag.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/extra-list.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/networkpolicy.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/pdb.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/podmonitor.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/prometheusrule.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/secrets.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/serviceaccount.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/snapshot-pvc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/statefulset.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc-headless.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/token-secrets.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/values.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/.helmignore create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/Chart.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/README.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/NOTES.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_bucket.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_policy.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_svcacct.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_user.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_custom_command.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_policy.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helpers.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ciliumnetworkpolicy.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/networkpolicy.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/poddisruptionbudget.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/post-job.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/pvc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/secrets.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/securitycontextconstraints.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/serviceaccount.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/servicemonitor.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/statefulset.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/minio/values.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/.helmignore create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/Chart.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/README.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/UPGRADING.md create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config-map.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/cluster.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/config.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/gateway.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/jetstream.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/leafnodes.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/mqtt.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/protocol.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/resolver.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/tls.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/websocket.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/headless-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contents-secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/context.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/container.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/pod-template.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/service-account.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-disruption-budget.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-monitor.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service-account.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/jetstream-pvc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/nats-container.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/pod-template.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/prom-exporter-container.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/reloader-container.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/resolver-pvc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/stateful-set.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_helpers.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_jsonpatch.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_toPrettyRawJson.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_tplYaml.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/config-map.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/extra-resources.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/headless-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contents-secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contexts-secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/service-account.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-disruption-budget.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-monitor.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service-account.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/stateful-set.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/tests/request-reply.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/charts/nats/values.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_ous.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team1.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team2.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team3.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team_ous.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_users.ldif create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/examples/openldap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/NOTES.txt create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/_helpers.tpl create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-hpa.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrole.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrolebinding.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/dex-serviceaccount.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-hpa.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service-headless.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-statefulset.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/issuer.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-svc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-sts.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-svc.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/postgres-secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/postgres.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/querier-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/querier-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/querier-statefulset.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-delpoyment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-hpa.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/router-configmap.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/router-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/router-hpa.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/router-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/secret.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/serviceaccount.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-deployment.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-ingress.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-service.yaml create mode 100644 argocd-helm-charts/openobserve/charts/openobserve/values.yaml create mode 100644 argocd-helm-charts/opentelemetry-operator/Chart.yaml rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/.helmignore (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/CONTRIBUTING.md (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/Chart.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/README.md (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/UPGRADING.md (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/cert-manager-disable-nameoverride-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/cert-manager-disable-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/feature-gates-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/nameoverride-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/secret-name-nameoverride-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/ci/secret-name-values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/conf/crds/crd-opentelemetry.io_opampbridges.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/conf/crds/crd-opentelemetrycollector.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/conf/crds/crd-opentelemetryinstrumentation.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/README.md (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/role.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/service.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/default/values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/certmanager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrole.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/deployment.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/role.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/rolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/service.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/serviceaccount.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-certmanager-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-service-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/examples/feature-gates/values.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/NOTES.txt (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/_helpers.tpl (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/certmanager.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/clusterrole.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/clusterrolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/deployment.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/pdb.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/prometheusrule.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/role.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/rolebinding.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/service.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/serviceaccount.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/servicemonitor.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/tests/test-certmanager-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/tests/test-service-connection.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/templates/verticalpodautoscaler.yaml (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/values.schema.json (100%) rename argocd-helm-charts/{openobserve => opentelemetry-operator}/charts/opentelemetry-operator/values.yaml (100%) diff --git a/argocd-helm-charts/openobserve/Chart.lock b/argocd-helm-charts/openobserve/Chart.lock index d7f8ec3aa..2b15e4b4c 100644 --- a/argocd-helm-charts/openobserve/Chart.lock +++ b/argocd-helm-charts/openobserve/Chart.lock @@ -5,8 +5,5 @@ dependencies: - name: openobserve-collector repository: https://charts.openobserve.ai/ version: 0.3.21 -- name: opentelemetry-operator - repository: https://open-telemetry.github.io/opentelemetry-helm-charts - version: 0.79.0 -digest: sha256:310055ba69ae394f734de7e65ee1f034d63d9043ee129c7183e8b2174a747205 -generated: "2025-01-27T11:59:23.382541937+05:30" +digest: sha256:ceae91943c3306f330fd0cc35983f6b05f25d62aa9b25a022255207ecff366d2 +generated: "2025-01-24T15:14:37.450184259+05:30" diff --git a/argocd-helm-charts/openobserve/Chart.yaml b/argocd-helm-charts/openobserve/Chart.yaml index dc9ae3f84..9cca9760d 100644 --- a/argocd-helm-charts/openobserve/Chart.yaml +++ b/argocd-helm-charts/openobserve/Chart.yaml @@ -8,6 +8,3 @@ dependencies: - name: openobserve-collector version: 0.3.21 repository: https://charts.openobserve.ai/ - - name: opentelemetry-operator - version: 0.79.0 - repository: https://open-telemetry.github.io/opentelemetry-helm-charts diff --git a/argocd-helm-charts/openobserve/charts/openobserve/.helmignore b/argocd-helm-charts/openobserve/charts/openobserve/.helmignore new file mode 100644 index 000000000..f788c37d8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/.helmignore @@ -0,0 +1,39 @@ +# Helmignore for a Helm Chart + +# Version control +.git +.git/ +.gitignore +.svn/ + +# Helm chart files +*.lock + +# Temp files +*.tmp +*.temp +*.bak +*.swp +*.viminfo + +# IDEs/Editors +.vscode/ +.idea/ +*.iml + +# OS generated +.DS_Store +Thumbs.db +__MACOSX/ + +# Other +secrets.yaml +test/ + +# test files +install.sh +uninstall.sh +values_testing.yaml + +t_*.* + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/Chart.yaml b/argocd-helm-charts/openobserve/charts/openobserve/Chart.yaml new file mode 100644 index 000000000..9ffdb4766 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +appVersion: v0.14.0 +dependencies: +- condition: etcd.enabled + name: etcd + repository: https://charts.bitnami.com/bitnami + version: 10.4.2 +- condition: nats.enabled + name: nats + repository: https://nats-io.github.io/k8s/helm/charts/ + version: 1.2.6 +- condition: minio.enabled + name: minio + repository: https://charts.min.io + version: 5.3.0 +description: Logs, Metrics and Traces, Dashboards, RUM, Error tracking, Session replay + etc. Elasticsearch API compatibility. +maintainers: +- email: hello@openobserve.ai + name: OpenObserve + url: https://openobserve.ai +name: openobserve +type: application +version: 0.14.7 diff --git a/argocd-helm-charts/openobserve/charts/openobserve/README.md b/argocd-helm-charts/openobserve/charts/openobserve/README.md new file mode 100644 index 000000000..5ec97a409 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/README.md @@ -0,0 +1,64 @@ +# OpenObserve helm chart + +## Amazon EKS + +openobserve uses [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) on Amazon EKS to securely access s3. + +You must set a minimum of 2 values: + +1. S3 bucket where data will be stored + - config.ZO_S3_BUCKET_NAME +1. IAM role for the serviceAccount to gain AWS IAM credentials to access s3 + - serviceAccount.annotations."eks.amazonaws.com/role-arn" + +## Install + +Install the Cloud Native PostgreSQL Operator. This is a prerequisite for openobserve helm chart. This helm chart sets up a postgres database cluster (1 primary + 1 replica) and uses it as metadata store of OpenObserve. +```shell +kubectl apply -f \ + https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml +``` + +Install the openobserve helm chart +```shell +helm repo add openobserve https://charts.openobserve.ai +helm repo update + +kubectl create ns openobserve + +helm --namespace openobserve -f values.yaml install o2 openobserve/openobserve +``` + +## Uninstall + +```shell +helm --namespace openobserve delete o2 +``` + +# Development + +If you are developing this chart then you should clone the repo and make any modifications. + +You can generate output of the chart using below command to verify: + +```shell +helm -n openobserve template o2 . > o2.yaml +``` + +You can then install using: + +```shell +helm -n openobserve install o2 . +``` + +To upgrade + +```shell +helm -n openobserve upgrade o2 . +``` + +To uninstall + +```shell +helm -n openobserve uninstall o2 +``` diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/.helmignore b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/.helmignore new file mode 100644 index 000000000..207983f36 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.lock b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.lock new file mode 100644 index 000000000..04773baf6 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.23.0 +digest: sha256:fbd6439f12ded949c04553b9c52a4c8153a8f2790147d972b314ddcd46921a14 +generated: "2024-09-23T09:32:14.87980615Z" diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.yaml new file mode 100644 index 000000000..bca23a7d9 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/Chart.yaml @@ -0,0 +1,34 @@ +annotations: + category: Database + images: | + - name: etcd + image: docker.io/bitnami/etcd:3.5.16-debian-12-r2 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r30 + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 3.5.16 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: etcd is a distributed key-value store designed to securely store data + across a cluster. etcd is widely used in production on account of its reliability, + fault-tolerance and ease of use. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/etcd/img/etcd-stack-220x234.png +keywords: +- etcd +- cluster +- database +- cache +- key-value +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: etcd +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/etcd +version: 10.4.2 diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/README.md b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/README.md new file mode 100644 index 000000000..4c61ff959 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/README.md @@ -0,0 +1,791 @@ + + +# Bitnami package for Etcd + +etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. + +[Overview of Etcd](https://etcd.io/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/etcd +``` + +Looking to use Etcd in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart bootstraps a [etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/etcd +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +These commands deploy etcd on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Cluster configuration + +The Bitnami etcd chart can be used to bootstrap an etcd cluster, easy to scale and with available features to implement disaster recovery. It uses static discovery configured via environment variables to bootstrap the etcd cluster. Based on the number of initial replicas, and using the A records added to the DNS configuration by the headless service, the chart can calculate every advertised peer URL. + +The chart makes use of some extra elements offered by Kubernetes to ensure the bootstrapping is successful: + +- It sets a "Parallel" Pod Management Policy. This is critical, since all the etcd replicas should be created simultaneously to guarantee they can find each other. +- It records "not ready" pods in the DNS, so etcd replicas are reachable using their associated FQDN before they're actually ready. + +Learn more about [etcd discovery](https://etcd.io/docs/current/op-guide/clustering/#discovery), [Pod Management Policies](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies) and [recording "not ready" pods](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-hostname-and-subdomain-fields). + +Here is an example of the environment configuration bootstrapping an etcd cluster with 3 replicas: + +| Member | Variable | Value | +|---------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 0 | ETCD_NAME | etcd-0 | +| 0 | ETCD_INITIAL_ADVERTISE_PEER_URLS | | +|---------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1 | ETCD_NAME | etcd-1 | +| 1 | ETCD_INITIAL_ADVERTISE_PEER_URLS | | +|---------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 2 | ETCD_NAME | etcd-2 | +| 2 | ETCD_INITIAL_ADVERTISE_PEER_URLS | | +|---------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| * | ETCD_INITIAL_CLUSTER_STATE | new | +| * | ETCD_INITIAL_CLUSTER_TOKEN | etcd-cluster-k8s | +| * | ETCD_INITIAL_CLUSTER | etcd-0=,etcd-1=,etcd-2= | + +The probes (readiness & liveness) are delayed 60 seconds by default, to give the etcd replicas time to start and find each other. After that period, the *etcdctl endpoint health* command is used to periodically perform health checks on every replica. + +#### Scalability + +The Bitnami etcd chart uses etcd reconfiguration operations to add/remove members of the cluster during scaling. + +When scaling down, a "pre-stop" lifecycle hook is used to ensure that the `etcdctl member remove` command is executed. The hook stores the output of this command in the persistent volume attached to the etcd pod. This hook is also executed when the pod is manually removed using the `kubectl delete pod` command or rescheduled by Kubernetes for any reason. This implies that the cluster can be scaled up/down without human intervention. + +Here is an example to explain how this works: + +1. An etcd cluster with three members running on a three-nodes Kubernetes cluster is bootstrapped. +2. After a few days, the cluster administrator decides to upgrade the kernel on one of the cluster nodes. To do so, the administrator drains the node. Pods running on that node are rescheduled to a different one. +3. During the pod eviction process, the "pre-stop" hook removes the etcd member from the cluster. Thus, the etcd cluster is scaled down to only two members. +4. Once the pod is scheduled on another node and initialized, the etcd member is added again to the cluster using the *etcdctl member add* command. Thus, the etcd cluster is scaled up to three replicas. + +If, for whatever reason, the "pre-stop" hook fails at removing the member, the initialization logic is able to detect that something went wrong by checking the `etcdctl member remove` command output that was stored in the persistent volume. It then uses the `etcdctl member update` command to add back the member. In this case, the cluster isn't automatically scaled down/up while the pod is recovered. Therefore, when other members attempt to connect to the pod, it may cause warnings or errors like the one below: + +```text +E | rafthttp: failed to dial XXXXXXXX on stream Message (peer XXXXXXXX failed to find local node YYYYYYYYY) +I | rafthttp: peer XXXXXXXX became inactive (message send to peer failed) +W | rafthttp: health check for peer XXXXXXXX could not connect: dial tcp A.B.C.D:2380: i/o timeout +``` + +Learn more about [etcd runtime configuration](https://etcd.io/docs/current/op-guide/runtime-configuration/) and how to safely [drain a Kubernetes node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/). + +#### Cluster updates + +When updating the etcd StatefulSet (such as when upgrading the chart version via the *helm upgrade* command), every pod must be replaced following the StatefulSet update strategy. + +The chart uses a "RollingUpdate" strategy by default and with default Kubernetes values. In other words, it updates each Pod, one at a time, in the same order as Pod termination (from the largest ordinal to the smallest). It will wait until an updated Pod is "Running" and "Ready" prior to updating its predecessor. + +Learn more about [StatefulSet update strategies](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). + +#### Disaster recovery + +If, for whatever reason, (N-1)/2 members of the cluster fail and the "pre-stop" hooks also fail at removing them from the cluster, the cluster disastrously fails, irrevocably losing quorum. Once quorum is lost, the cluster cannot reach consensus and therefore cannot continue accepting updates. Under this circumstance, the only possible solution is usually to restore the cluster from a snapshot. + +> IMPORTANT: All members should restore using the same snapshot. + +The Bitnami etcd chart solves this problem by optionally offering a Kubernetes cron job that periodically snapshots the keyspace and stores it in a RWX volume. In case the cluster disastrously fails, the pods will automatically try to restore it using the last avalable snapshot. + +[Learn how to enable this disaster recovery feature](#enable-disaster-recovery-features). + +The chart also sets by default a "soft" Pod AntiAffinity to reduce the risk of the cluster failing disastrously. + +Learn more about [etcd recovery](https://etcd.io/docs/current/op-guide/recovery), [Kubernetes cron jobs](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) and [pod affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) + +### Enable security for etcd + +The etcd chart can be configured with Role-based access control and TLS encryption to improve its security. + +#### Configure RBAC + +In order to enable Role-Based Access Control for etcd, set the following parameters: + +```text +auth.rbac.create=true +auth.rbac.rootPassword=ETCD_ROOT_PASSWORD +``` + +These parameters create a `root` user with an associate `root` role with access to everything. The remaining users will use the `guest` role and won't have permissions to do anything. + +#### Configure TLS for server-to-server communications + +In order to enable secure transport between peer nodes deploy the helm chart with these options: + +```text +auth.peer.secureTransport=true +auth.peer.useAutoTLS=true +``` + +#### Configure certificates for client communication + +In order to enable secure transport between client and server, create a secret containing the certificate and key files and the CA used to sign the client certificates. In this case, create the secret and then deploy the chart with these options: + +```text +auth.client.secureTransport=true +auth.client.enableAuthentication=true +auth.client.existingSecret=etcd-client-certs +``` + +Learn more about the [etcd security model](https://etcd.io/) and how to [generate self-signed certificates for etcd](https://coreos.com/os/docs/latest/generate-self-signed-certificates.html). + +### Enable disaster recovery features + +The Bitnami etcd Helm chart supports automatic disaster recovery by periodically snapshotting the keyspace. If the cluster permanently loses more than (N-1)/2 members, it tries to recover the cluster from a previous snapshot. + +Enable this feature with the following parameters: + +```text +persistence.enabled=true +disasterRecovery.enabled=true +disasterRecovery.pvc.size=2Gi +disasterRecovery.pvc.storageClassName=nfs +``` + +If the `startFromSnapshot.*` parameters are used at the same time as the `disasterRecovery.*` parameters, the PVC provided via the `startFromSnapshot.existingClaim` parameter will be used to store the periodical snapshots. + +> NOTE: The disaster recovery feature requires volumes with ReadWriteMany access mode. + +### Backup and restore the etcd keyspace + +Two different approaches are available to back up and restore this Helm Chart: + +- Back up the data from the source deployment and restore it in a new deployment using etcd's built-in backup/restore tools. +- Back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. + +#### Method 1: Backup and restore data using etcd's built-in tools + +This method involves the following steps: + +- Use the *etcdctl* tool to create a snapshot of the data in the source cluster. +- Make the snapshot available in a Kubernetes PersistentVolumeClaim (PVC) that supports ReadWriteMany access (for example, a PVC created with the NFS storage class) +- Restore the data snapshot in a new cluster using the <%= variable :catalog_name, :platform %> etcd Helm chart's *startFromSnapshot.existingClaim* and *startFromSnapshot.snapshotFilename* parameters to define the source PVC and source filename for the snapshot. + +> NOTE: Under this approach, it is important to create the new deployment on the destination cluster using the same credentials as the original deployment on the source cluster. + +#### Method 2: Back up and restore persistent data volumes + +This method involves copying the persistent data volumes for the etcd nodes and reusing them in a new deployment with [Velero](https://velero.io/), an open source Kubernetes backup/restore tool. This method is only suitable when: + +- The Kubernetes provider is [supported by Velero](https://velero.io/docs/latest/supported-providers/). +- Both clusters are on the same Kubernetes provider, as this is a requirement of [Velero's native support for migrating persistent volumes](https://velero.io/docs/latest/migration-case/). +- The restored deployment on the destination cluster will have the same name, namespace, topology and credentials as the original deployment on the source cluster. + +This method involves the following steps: + +- Install Velero on the source and destination clusters. +- Use Velero to back up the PersistentVolumes (PVs) used by the etcd deployment on the source cluster. +- Use Velero to restore the backed-up PVs on the destination cluster. +- Create a new etcd deployment on the destination cluster with the same deployment name, credentials and other parameters as the original. This new deployment will use the restored PVs and hence the original data. + +### Exposing etcd metrics + +The metrics exposed by etcd can be exposed to be scraped by Prometheus. Metrics can be scraped from within the cluster using any of the following approaches: + +- Adding the required annotations for Prometheus to discover the metrics endpoints, as in the example below: + +```yaml +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics/cluster" + prometheus.io/port: "9000" +``` + +- Creating a ServiceMonitor or PodMonitor entry (when the Prometheus Operator is available in the cluster) +- Using something similar to the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. + +### Using custom configuration + +In order to use custom configuration parameters, two options are available: + +- Using environment variables: etcd allows setting environment variables that map to configuration settings. In order to set extra environment variables, you can use the `extraEnvVars` property. Alternatively, you can use a ConfigMap or a Secret with the environment variables using the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +```yaml +extraEnvVars: + - name: ETCD_AUTO_COMPACTION_RETENTION + value: "0" + - name: ETCD_HEARTBEAT_INTERVAL + value: "150" +``` + +- Using a custom `etcd.conf.yml`: The etcd chart allows mounting a custom `etcd.conf.yml` file as ConfigMap. In order to so, you can use the `configuration` property. Alternatively, you can use an existing ConfigMap using the `existingConfigmap` parameter. + +### Auto Compaction + +Since etcd keeps an exact history of its keyspace, this history should be periodically compacted to avoid performance degradation and eventual storage space exhaustion. Compacting the keyspace history drops all information about keys superseded prior to a given keyspace revision. The space used by these keys then becomes available for additional writes to the keyspace. + +`autoCompactionMode`, by default periodic. Valid values: "periodic", "revision". + +- 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. "5m"). +- 'revision' for revision number based retention. +`autoCompactionRetention` for mvcc key value store in hour, by default 0, means disabled. + +You can enable auto compaction by using following parameters: + +```console +autoCompactionMode=periodic +autoCompactionRetention=10m +``` + +### Sidecars and Init Containers + +If you have a need for additional containers to run within the same pod as the etcd app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Similarly, you can add extra init containers using the `initContainers` parameter. + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Deploying extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) image stores the etcd data at the `/bitnami/etcd` path of the container. Persistent Volume Claims are used to keep the data across statefulsets. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### etcd parameters + +| Name | Description | Value | +| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | etcd image registry | `REGISTRY_NAME` | +| `image.repository` | etcd image name | `REPOSITORY_NAME/etcd` | +| `image.digest` | etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | etcd image pull policy | `IfNotPresent` | +| `image.pullSecrets` | etcd image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `auth.rbac.create` | Switch to enable RBAC authentication | `true` | +| `auth.rbac.allowNoneAuthentication` | Allow to use etcd without configuring RBAC authentication | `true` | +| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` | +| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` | +| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | +| `auth.token.enabled` | Enables token authentication | `true` | +| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` | +| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` | +| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` | +| `auth.token.signMethod` | JWT token sign method | `RS256` | +| `auth.token.ttl` | JWT token TTL | `10m` | +| `auth.client.secureTransport` | Switch to encrypt client-to-server communications using TLS certificates | `false` | +| `auth.client.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.client.existingSecret` | Name of the existing secret containing the TLS certificates for client-to-server communications | `""` | +| `auth.client.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.client.certFilename` | Name of the file containing the client certificate | `cert.pem` | +| `auth.client.certKeyFilename` | Name of the file containing the client certificate private key | `key.pem` | +| `auth.client.caFilename` | Name of the file containing the client CA certificate | `""` | +| `auth.peer.secureTransport` | Switch to encrypt server-to-server communications using TLS certificates | `false` | +| `auth.peer.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.peer.existingSecret` | Name of the existing secret containing the TLS certificates for server-to-server communications | `""` | +| `auth.peer.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.peer.certFilename` | Name of the file containing the peer certificate | `cert.pem` | +| `auth.peer.certKeyFilename` | Name of the file containing the peer certificate private key | `key.pem` | +| `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` | +| `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` | +| `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` | +| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` | +| `initialClusterToken` | Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. | `etcd-cluster-k8s` | +| `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` | +| `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` | +| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` | +| `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` | +| `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` | +| `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `command` | Default container command (useful when using custom images) | `[]` | +| `args` | Default container args (useful when using custom images) | `[]` | + +### etcd statefulset parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of etcd replicas to deploy | `1` | +| `updateStrategy.type` | Update strategy type, can be set to RollingUpdate or OnDelete. | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for the etcd statefulset | `Parallel` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | etcd pod host aliases | `[]` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `containerPorts.client` | Client port to expose at container level | `2379` | +| `containerPorts.peer` | Peer port to expose at container level | `2380` | +| `containerPorts.metrics` | Metrics port to expose at container level when metrics.useSeparateEndpoint is true | `9090` | +| `podSecurityContext.enabled` | Enabled etcd pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set etcd pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled etcd containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.runAsUser` | Set etcd containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set etcd containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for etcd pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for etcd container(s) | `[]` | +| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volumeClaimTemplates for etcd container(s) | `[]` | +| `initContainers` | Add additional init containers to the etcd pods | `[]` | +| `sidecars` | Add additional sidecar containers to the etcd pods | `[]` | +| `podAnnotations` | Annotations for etcd pods | `{}` | +| `podLabels` | Extra labels for etcd pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to gracefully terminate | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `priorityClassName` | Name of the priority class to be used by etcd pods | `""` | +| `runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | + +### Traffic exposure parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.enabled` | create second service if equal true | `true` | +| `service.clusterIP` | Kubernetes service Cluster IP | `""` | +| `service.ports.client` | etcd client port | `2379` | +| `service.ports.peer` | etcd peer port | `2380` | +| `service.ports.metrics` | etcd metrics port when metrics.useSeparateEndpoint is true | `9090` | +| `service.nodePorts.client` | Specify the nodePort client value for the LoadBalancer and NodePort service types. | `""` | +| `service.nodePorts.peer` | Specify the nodePort peer value for the LoadBalancer and NodePort service types. | `""` | +| `service.nodePorts.metrics` | Specify the nodePort metrics value for the LoadBalancer and NodePort service types. The metrics port is only exposed when metrics.useSeparateEndpoint is true. | `""` | +| `service.clientPortNameOverride` | etcd client port name override | `""` | +| `service.peerPortNameOverride` | etcd peer port name override | `""` | +| `service.metricsPortNameOverride` | etcd metrics port name override. The metrics port is only exposed when metrics.useSeparateEndpoint is true. | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the etcd service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Load Balancer source ranges | `[]` | +| `service.externalIPs` | External IPs | `[]` | +| `service.externalTrafficPolicy` | %%MAIN_CONTAINER_NAME%% service external traffic policy | `Cluster` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Additional annotations for the etcd service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + +### Persistence parameters + +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | If true, use a Persistent Volume Claim. If false, use emptyDir. | `true` | +| `persistence.storageClass` | Persistent Volume Storage Class | `""` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.labels` | Labels for the PVC | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for etcd data volume | `8Gi` | +| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` | + +### Volume Permissions parameters + +| Name | Description | Value | +| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +### Network Policy parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------- | ------ | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### Metrics parameters + +| Name | Description | Value | +| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | +| `metrics.enabled` | Expose etcd metrics | `false` | +| `metrics.useSeparateEndpoint` | Use a separate endpoint for exposing metrics | `false` | +| `metrics.podAnnotations` | Annotations for the Prometheus metrics on etcd pods | `{}` | +| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | +| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | +| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` | +| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` | +| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` | +| `metrics.prometheusRule.enabled` | Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | + +### Snapshotting parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `startFromSnapshot.enabled` | Initialize new cluster recovering an existing snapshot | `false` | +| `startFromSnapshot.existingClaim` | Existing PVC containing the etcd snapshot | `""` | +| `startFromSnapshot.snapshotFilename` | Snapshot filename | `""` | +| `disasterRecovery.enabled` | Enable auto disaster recovery by periodically snapshotting the keyspace | `false` | +| `disasterRecovery.cronjob.schedule` | Schedule in Cron format to save snapshots | `*/30 * * * *` | +| `disasterRecovery.cronjob.historyLimit` | Number of successful finished jobs to retain | `1` | +| `disasterRecovery.cronjob.snapshotHistoryLimit` | Number of etcd snapshots to retain, tagged by date | `1` | +| `disasterRecovery.cronjob.snapshotsDir` | Directory to store snapshots | `/snapshots` | +| `disasterRecovery.cronjob.podAnnotations` | Pod annotations for cronjob pods | `{}` | +| `disasterRecovery.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if disasterRecovery.cronjob.resources is set (disasterRecovery.cronjob.resources is recommended for production). | `nano` | +| `disasterRecovery.cronjob.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `disasterRecovery.cronjob.nodeSelector` | Node labels for cronjob pods assignment | `{}` | +| `disasterRecovery.cronjob.tolerations` | Tolerations for cronjob pods assignment | `[]` | +| `disasterRecovery.cronjob.podLabels` | Labels that will be added to pods created by cronjob | `{}` | +| `disasterRecovery.cronjob.serviceAccountName` | Specifies the service account to use for disaster recovery cronjob | `""` | +| `disasterRecovery.cronjob.command` | Override default snapshot container command (useful when you want to customize the snapshot logic) | `[]` | +| `disasterRecovery.pvc.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `disasterRecovery.pvc.size` | PVC Storage Request | `2Gi` | +| `disasterRecovery.pvc.storageClassName` | Storage Class for snapshots volume | `nfs` | +| `disasterRecovery.pvc.subPath` | Path within the volume from which to mount | `""` | + +### Service account parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------ | ------- | +| `serviceAccount.create` | Enable/disable service account creation | `true` | +| `serviceAccount.name` | Name of the service account to create or use | `""` | +| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of service account token | `false` | +| `serviceAccount.annotations` | Additional annotations to be included on the service account | `{}` | +| `serviceAccount.labels` | Additional labels to be included on the service account | `{}` | + +### Defragmentation parameters + +| Name | Description | Value | +| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `defrag.enabled` | Enable automatic defragmentation. This is most effective when paired with auto compaction: consider setting "autoCompactionRetention > 0". | `false` | +| `defrag.cronjob.startingDeadlineSeconds` | Number of seconds representing the deadline for starting the job if it misses scheduled time for any reason | `""` | +| `defrag.cronjob.schedule` | Schedule in Cron format to defrag (daily at midnight by default) | `0 0 * * *` | +| `defrag.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Forbid` | +| `defrag.cronjob.suspend` | Boolean that indicates if the controller must suspend subsequent executions (not applied to already started executions) | `false` | +| `defrag.cronjob.successfulJobsHistoryLimit` | Number of successful finished jobs to retain | `1` | +| `defrag.cronjob.failedJobsHistoryLimit` | Number of failed finished jobs to retain | `1` | +| `defrag.cronjob.labels` | Additional labels to be added to the Defrag cronjob | `{}` | +| `defrag.cronjob.annotations` | Annotations to be added to the Defrag cronjob | `{}` | +| `defrag.cronjob.activeDeadlineSeconds` | Number of seconds relative to the startTime that the job may be continuously active before the system tries to terminate it | `""` | +| `defrag.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` | +| `defrag.cronjob.podLabels` | Labels that will be added to pods created by Defrag cronjob | `{}` | +| `defrag.cronjob.podAnnotations` | Pod annotations for Defrag cronjob pods | `{}` | +| `defrag.cronjob.podSecurityContext.enabled` | Enable security context for Defrag pods | `true` | +| `defrag.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `defrag.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `defrag.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `defrag.cronjob.podSecurityContext.fsGroup` | Group ID for the Defrag filesystem | `1001` | +| `defrag.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `defrag.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `defrag.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `defrag.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `defrag.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `defrag.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `defrag.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `defrag.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `defrag.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `defrag.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `defrag.cronjob.nodeSelector` | Node labels for pod assignment in Defrag cronjob | `{}` | +| `defrag.cronjob.tolerations` | Tolerations for pod assignment in Defrag cronjob | `[]` | +| `defrag.cronjob.serviceAccountName` | Specifies the service account to use for Defrag cronjob | `""` | +| `defrag.cronjob.command` | Override default container command for defragmentation (useful when using custom images) | `[]` | +| `defrag.cronjob.args` | Override default container args (useful when using custom images) | `[]` | +| `defrag.cronjob.resourcesPreset` | Set container resources according to one common preset | `nano` | +| `defrag.cronjob.resources` | Set container requests and limits for different resources like CPU or | `{}` | + +### Other parameters + +| Name | Description | Value | +| -------------------- | -------------------------------------------------------------- | ------ | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `51%` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set auth.rbac.rootPassword=secretpassword oci://REGISTRY_NAME/REPOSITORY_NAME/etcd +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the etcd `root` account password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/etcd +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/etcd/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 10.0.0 + +This major bump changes the following security defaults: + +- `runAsGroup` is changed from `0` to `1001` +- `readOnlyRootFilesystem` is set to `true` +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 9.0.0 + +This version adds a new label `app.kubernetes.io/component=etcd` to the StatefulSet and pods. Due to this change, the StatefulSet will be replaced (as it's not possible to add additional `spec.selector.matchLabels` to an existing StatefulSet) and the pods will be recreated. To upgrade to this version from a previous version, you need to run the following steps: + +1. Add new label to your pods + + ```console + kubectl label pod my-release-0 app.kubernetes.io/component=etcd + # Repeat for all etcd pods, based on configured .replicaCount (excluding the etcd snappshoter pod, if .disasterRecovery.enabled is set to true) + ```` + +2. Remove the StatefulSet keeping the pods: + + ```console + kubectl delete statefulset my-release --cascade=orphan + ``` + +3. Upgrade your cluster: + + ```console + helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/etcd --set auth.rbac.rootPassword=$ETCD_ROOT_PASSWORD + ``` + + > Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +### To 8.0.0 + +This version reverts the change in the previous major bump ([7.0.0](https://github.com/bitnami/charts/tree/main/bitnami/etcd#to-700)). Now the default `etcd` branch is `3.5` again once confirmed by the [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation) that this version is production-ready once solved the data corruption issue. + +### To 7.0.0 + +This version changes the default `etcd` branch to `3.4` as suggested by [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation). In order to migrate the data follow the official etcd instructions. + +### To 6.0.0 + +This version introduces several features and performance improvements: + +- The statefulset can now be scaled using `kubectl scale` command. Using `helm upgrade` to recalculate available endpoints is no longer needed. +- The scripts used for bootstrapping, runtime reconfiguration, and disaster recovery have been refactored and moved to the etcd container with two purposes: removing technical debt & improving the stability. +- Several parameters were reorganized to simplify the structure and follow the same standard used on other Bitnami charts: + - `etcd.initialClusterState` is renamed to `initialClusterState`. + - `statefulset.replicaCount` is renamed to `replicaCount`. + - `statefulset.podManagementPolicy` is renamed to `podManagementPolicy`. + - `statefulset.updateStrategy` and `statefulset.rollingUpdatePartition` are merged into `updateStrategy`. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - `configFileConfigMap` is deprecated in favor of `configuration` and `existingConfigmap`. + - `envVarsConfigMap` is deprecated in favor of `extraEnvVars`, `extraEnvVarsCM` and `extraEnvVarsSecret`. + - `allowNoneAuthentication` is renamed to `auth.rbac.allowNoneAuthentication`. +- New parameters/features were added: + - `extraDeploy` to deploy any extra desired object. + - `initContainers` and `sidecars` to define custom init containers and sidecars. + - `extraVolumes`, `extraVolumeMounts` and `extraVolumeClaimTemplates` to define custom volumes, mount points and volume claim templates. + - Probes can be now customized, and support to startup probes is added. + - LifecycleHooks can be customized using `lifecycleHooks` parameter. + - The default command/args can be customized using `command` and `args` parameters. +- Metrics integration with Prometheus Operator does no longer use a ServiceMonitor object, but a PodMonitor instead. + +Consequences: + +- Backwards compatibility is not guaranteed unless you adapt you **values.yaml** according to the changes described above. + +### To 5.2.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 5.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +### To 4.4.14 + +In this release we addressed a vulnerability that showed the `ETCD_ROOT_PASSWORD` environment variable in the application logs. Users are advised to update immediately. More information in [this issue](https://github.com/bitnami/charts/issues/1901). + +### To 3.0.0 + +Backwards compatibility is not guaranteed. The following notables changes were included: + +- **etcdctl** uses v3 API. +- Adds support for auto disaster recovery. +- Labels are adapted to follow the Helm charts best practices. + +To upgrade from previous charts versions, create a snapshot of the keyspace and restore it in a new etcd cluster. Only v3 API data can be restored. +You can use the command below to upgrade your chart by starting a new cluster using an existing snapshot, available in an existing PVC, to initialize the members: + +```console +helm install new-release oci://REGISTRY_NAME/REPOSITORY_NAME/etcd \ + --set statefulset.replicaCount=3 \ + --set persistence.enabled=true \ + --set persistence.size=8Gi \ + --set startFromSnapshot.enabled=true \ + --set startFromSnapshot.existingClaim=my-claim \ + --set startFromSnapshot.snapshotFilename=my-snapshot.db +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +### To 1.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is etcd: + +```console +kubectl delete statefulset etcd --cascade=false +``` + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/.helmignore b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/.helmignore new file mode 100644 index 000000000..d0e10845d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/Chart.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/Chart.yaml new file mode 100644 index 000000000..8cc0aaa01 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.23.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://bitnami.com +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/common +type: library +version: 2.23.0 diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/README.md b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/README.md new file mode 100644 index 000000000..fee26c991 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_affinities.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_affinities.tpl new file mode 100644 index 000000000..c2d290792 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_capabilities.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..2fe81d32d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_capabilities.tpl @@ -0,0 +1,229 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if (.Values.ingress).apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_compatibility.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_compatibility.tpl new file mode 100644 index 000000000..a61588d68 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_compatibility.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} +{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_errors.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..e96536519 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_images.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_images.tpl new file mode 100644 index 000000000..76bb7ce44 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_images.tpl @@ -0,0 +1,115 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name. +If image tag and digest are not defined, termination fallbacks to chart appVersion. +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} + +{{- if not .imageRoot.tag }} + {{- if .chart }} + {{- $termination = .chart.AppVersion | toString -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- range ((.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- range (($context.Values.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_ingress.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_ingress.tpl new file mode 100644 index 000000000..7d2b87985 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_labels.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..0a0cc5488 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_names.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_names.tpl new file mode 100644 index 000000000..ba8395685 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_resources.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_resources.tpl new file mode 100644 index 000000000..d8a43e1c2 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_secrets.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..801918ce3 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_secrets.tpl @@ -0,0 +1,185 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- end }} + +{{- if not $password }} + {{- if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- else }} + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- if not (eq .failOnNew false) }} + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + {{- end }} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} + {{- end -}} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_storage.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..aa75856c0 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_storage.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} +{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else -}} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_tplvalues.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..c84d72c80 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_utils.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..d53c74aa2 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_warnings.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..e4dbecde2 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/_warnings.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html +{{- end }} +{{- end -}} + +{{/* +Warning about replaced images from the original. +Usage: +{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.warnings.modifiedImages" -}} +{{- $affectedImages := list -}} +{{- $printMessage := false -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- if not (contains $fullImageName $originalImages) }} + {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- $printMessage = true -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +âš  SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. + +Substituted images detected: +{{- range $affectedImages }} + - {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_cassandra.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 000000000..3f41ff8fc --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mariadb.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 000000000..6ea8c0f45 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mongodb.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 000000000..d4cd38cbb --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mysql.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 000000000..924812a93 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_postgresql.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 000000000..0fa0b1467 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_redis.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_redis.tpl new file mode 100644 index 000000000..f4778256d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_validations.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_validations.tpl new file mode 100644 index 000000000..7cdee6170 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/values.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/values.yaml new file mode 100644 index 000000000..de2cac57d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/NOTES.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/NOTES.txt new file mode 100644 index 000000000..8aa4cc0d7 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/NOTES.txt @@ -0,0 +1,119 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if and (eq .Values.service.type "LoadBalancer") .Values.auth.rbac.allowNoneAuthentication }} +------------------------------------------------------------------------------- + WARNING + + By specifying "service.type=LoadBalancer", "auth.rbac.enabled=false" and + "auth.rbac.allowNoneAuthentication=true" you have most likely exposed the etcd + service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As alternative, you can also switch to "auth.rbac.enabled=true" + providing a valid password on "auth.rbac.rootPassword" parameter. + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/etcd/entrypoint.sh /opt/bitnami/scripts/etcd/run.sh + +{{- else }} + +etcd can be accessed via port {{ coalesce .Values.service.ports.client .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + +To create a pod that you can use as a etcd client run the following command: + + kubectl run {{ template "common.names.fullname" . }}-client --restart='Never' --image {{ template "etcd.image" . }}{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} --env ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.auth.rbac.existingSecret }}{{ .Values.auth.rbac.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} -o jsonpath="{{ if .Values.auth.rbac.existingSecret }}{.data.{{ .Values.auth.rbac.existingSecretPasswordKey }}}{{ else }}{.data.etcd-root-password}{{ end }}" | base64 -d){{- end }} --env ETCDCTL_ENDPOINTS="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}" --namespace {{ .Release.Namespace }} --command -- sleep infinity + +Then, you can set/get a key using the commands below: + + kubectl exec --namespace {{ .Release.Namespace }} -it {{ template "common.names.fullname" . }}-client -- bash + {{- $etcdAuthOptions := include "etcd.authOptions" . }} + etcdctl {{ $etcdAuthOptions }} put /message Hello + etcdctl {{ $etcdAuthOptions }} get /message + +To connect to your etcd server from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + echo "etcd URL: http://$NODE_IP:$NODE_PORT/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "etcd URL: http://$SERVICE_IP:{{ coalesce .Values.service.ports.client .Values.service.port }}/" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ coalesce .Values.service.ports.client .Values.service.port }}:{{ coalesce .Values.service.ports.client .Values.service.port }} & + echo "etcd URL: http://127.0.0.1:{{ coalesce .Values.service.ports.client .Values.service.port }}" + +{{- end }} +{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + + * As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password: + + export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.auth.rbac.existingSecret }}{{ .Values.auth.rbac.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} -o jsonpath="{{ if .Values.auth.rbac.existingSecret }}{.data.{{ .Values.auth.rbac.existingSecretPasswordKey }}}{{ else }}{.data.etcd-root-password}{{ end }}" | base64 -d) + +{{- end }} +{{- if .Values.auth.client.secureTransport }} +{{- if .Values.auth.client.useAutoTLS }} + + * As TLS is enabled you should add the flag `--cert-file /bitnami/etcd/data/fixtures/client/cert.pem --key-file /bitnami/etcd/data/fixtures/client/key.pem` to the etcdctl commands. + +{{- else }} + + * As TLS is enabled you should add the flag `--cert-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }} --key-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}` to the etcdctl commands. + +{{- end }} + + * You should also export a proper etcdctl endpoint using the https schema. Eg. + + export ETCDCTL_ENDPOINTS=https://{{ template "common.names.fullname" . }}-0:{{ coalesce .Values.service.ports.client .Values.service.port }} + +{{- end }} +{{- if .Values.auth.client.enableAuthentication }} + + * As TLS host authentication is enabled you should add the flag `--ca-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}` to the etcdctl commands. + +{{- end }} +{{- $autoCompactionValue := (regexReplaceAll "[^0-9]" .Values.autoCompactionRetention "" | int) }} +{{- if and .Values.defrag.enabled (or (empty .Values.autoCompactionRetention) (eq $autoCompactionValue 0)) }} + + * Disk defragmentation in etcd is most effective when paired with key history auto compaction. Consider setting "autoCompactionRetention > 0". + +{{- end }} +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "etcd.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "disasterRecovery.cronjob" "" "volumePermissions") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }} \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/_helpers.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/_helpers.tpl new file mode 100644 index 000000000..c45d83383 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/_helpers.tpl @@ -0,0 +1,210 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper etcd image name +*/}} +{{- define "etcd.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "etcd.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "etcd.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper etcd peer protocol +*/}} +{{- define "etcd.peerProtocol" -}} +{{- if .Values.auth.peer.secureTransport -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper etcd client protocol +*/}} +{{- define "etcd.clientProtocol" -}} +{{- if .Values.auth.client.secureTransport -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper etcdctl authentication options +*/}} +{{- define "etcd.authOptions" -}} +{{- $rbacOption := "--user root:$ROOT_PASSWORD" -}} +{{- $certsOption := " --cert $ETCD_CERT_FILE --key $ETCD_KEY_FILE" -}} +{{- $autoCertsOption := " --cert /bitnami/etcd/data/fixtures/client/cert.pem --key /bitnami/etcd/data/fixtures/client/key.pem" -}} +{{- $caOption := " --cacert $ETCD_TRUSTED_CA_FILE" -}} +{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled -}} + {{- printf "%s" $rbacOption -}} +{{- end -}} +{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS -}} + {{- printf "%s" $autoCertsOption -}} +{{- else if and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS) -}} + {{- printf "%s" $certsOption -}} + {{- if .Values.auth.client.enableAuthentication -}} + {{- printf "%s" $caOption -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the etcd configuration configmap +*/}} +{{- define "etcd.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "etcd.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with etcd credentials +*/}} +{{- define "etcd.secretName" -}} + {{- if .Values.auth.rbac.existingSecret -}} + {{- printf "%s" .Values.auth.rbac.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Get the secret password key to be retrieved from etcd secret. +*/}} +{{- define "etcd.secretPasswordKey" -}} +{{- if and .Values.auth.rbac.existingSecret .Values.auth.rbac.existingSecretPasswordKey -}} +{{- printf "%s" .Values.auth.rbac.existingSecretPasswordKey -}} +{{- else -}} +{{- printf "etcd-root-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for the etcd token private key +*/}} +{{- define "etcd.token.createSecret" -}} +{{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with etcd token private key +*/}} +{{- define "etcd.token.secretName" -}} + {{- if .Values.auth.token.privateKey.existingSecret -}} + {{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the proper Disaster Recovery PVC name +*/}} +{{- define "etcd.disasterRecovery.pvc.name" -}} +{{- if .Values.disasterRecovery.pvc.existingClaim -}} + {{- printf "%s" (tpl .Values.disasterRecovery.pvc.existingClaim $) | trunc 63 | trimSuffix "-" -}} +{{- else if .Values.startFromSnapshot.existingClaim -}} + {{- printf "%s" (tpl .Values.startFromSnapshot.existingClaim $) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "etcd.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "common.names.fullname" .) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "etcd.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.existingClaim" .) -}} +{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.snapshotFilename" .) -}} +{{- $messages := append $messages (include "etcd.validateValues.disasterRecovery" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - an existing claim must be provided when startFromSnapshot is enabled */}} +{{- define "etcd.validateValues.startFromSnapshot.existingClaim" -}} +{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.existingClaim) (not .Values.disasterRecovery.enabled) -}} +etcd: startFromSnapshot.existingClaim + An existing claim must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!! + Please provide it (--set startFromSnapshot.existingClaim="xxxx") +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - the snapshot filename must be provided when startFromSnapshot is enabled */}} +{{- define "etcd.validateValues.startFromSnapshot.snapshotFilename" -}} +{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.snapshotFilename) (not .Values.disasterRecovery.enabled) -}} +etcd: startFromSnapshot.snapshotFilename + The snapshot filename must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!! + Please provide it (--set startFromSnapshot.snapshotFilename="xxxx") +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - persistence must be enabled when disasterRecovery is enabled */}} +{{- define "etcd.validateValues.disasterRecovery" -}} +{{- if and .Values.disasterRecovery.enabled (not .Values.persistence.enabled) -}} +etcd: disasterRecovery + Persistence must be enabled when disasterRecovery is enabled!! + Please enable persistence (--set persistence.enabled=true) +{{- end -}} +{{- end -}} + +{{- define "etcd.token.jwtToken" -}} +{{- if (include "etcd.token.createSecret" .) -}} +{{- $jwtToken := lookup "v1" "Secret" .Release.Namespace (printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" ) -}} +{{- if $jwtToken -}} +{{ index $jwtToken "data" "jwt-token.pem" | b64dec }} +{{- else -}} +{{ genPrivateKey "rsa" }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/configmap.yaml new file mode 100644 index 000000000..759426f46 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "etcd.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + etcd.conf.yml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob-defrag.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob-defrag.yaml new file mode 100644 index 000000000..b296c930d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob-defrag.yaml @@ -0,0 +1,134 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.defrag.enabled }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ printf "%s-defrag" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.defrag.cronjob.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.defrag.cronjob.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.defrag.cronjob.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.defrag.cronjob.startingDeadlineSeconds }} + startingDeadlineSeconds: {{ .Values.defrag.cronjob.startingDeadlineSeconds }} + {{- end }} + concurrencyPolicy: {{ .Values.defrag.cronjob.concurrencyPolicy }} + schedule: {{ .Values.defrag.cronjob.schedule | quote }} + suspend: {{ .Values.defrag.cronjob.suspend }} + successfulJobsHistoryLimit: {{ .Values.defrag.cronjob.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.defrag.cronjob.failedJobsHistoryLimit }} + jobTemplate: + spec: + template: + metadata: + {{- $mergedLabels := mergeOverwrite (dict) .Values.commonLabels .Values.defrag.cronjob.podLabels }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $mergedLabels "context" $ ) | nindent 12 }} + {{- if .Values.defrag.cronjob.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.defrag.cronjob.podAnnotations "context" $) | nindent 12 }} + {{- end }} + spec: + {{- if .Values.defrag.cronjob.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.defrag.cronjob.activeDeadlineSeconds }} + {{- end }} + restartPolicy: {{ .Values.defrag.cronjob.restartPolicy }} + {{- if .Values.defrag.cronjob.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defrag.cronjob.podSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defrag.cronjob.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.defrag.cronjob.nodeSelector "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defrag.cronjob.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.defrag.cronjob.tolerations "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defrag.cronjob.serviceAccountName }} + serviceAccountName: {{ .Values.defrag.cronjob.serviceAccountName | quote }} + {{- end }} + containers: + - name: etcd-defrag + image: {{ include "etcd.image" . }} + imagePullPolicy: "IfNotPresent" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.auth.rbac.create .Values.auth.token.enabled }} + {{- if eq .Values.auth.token.type "simple" }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- else }} + {{- fail "defragmention and auth.token = jwt is not supported by the helm chart" }} + {{- end }} + - name: ETCDCTL_USER + value: "root:$(ETCD_ROOT_PASSWORD)" + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: ETCDCTL_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + - name: ETCDCTL_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + - name: ETCDCTL_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + {{- end }} + {{- if .Values.defrag.cronjob.command }} + command: {{ .Values.defrag.cronjob.command | toYaml | nindent 16 }} + {{- else }} + command: ["etcdctl"] + {{- end }} + {{- if .Values.defrag.cronjob.args }} + args: {{ .Values.defrag.cronjob.args | toYaml | nindent 16 }} + {{- else }} + args: + - defrag + - --cluster + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $namespace := .Release.Namespace }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $port := int .Values.service.ports.client }} + {{- $endpointStr := "--endpoints=[" }} + {{- $replicaCount := (int .Values.replicaCount) }} + {{- $releaseNamespace := .Release.Namespace }} + {{- range $iEndpoint, $e := until $replicaCount }} + {{- $endpoint := printf "http://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $iEndpoint $etcdHeadlessServiceName $namespace $clusterDomain $port }} + {{- $endpointStr = printf "%s%s" $endpointStr $endpoint }} + {{- if ne $iEndpoint (sub $replicaCount 1) }} + {{- $endpointStr = printf "%s," $endpointStr }} + {{- end }} + {{- end }} + {{- $endpointStr = printf "%s]" $endpointStr }} + - {{ $endpointStr }} + {{- end }} + {{- if .Values.defrag.cronjob.resources }} + resources: {{- toYaml .Values.defrag.cronjob.resources | nindent 16 }} + {{- else if ne .Values.defrag.cronjob.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defrag.cronjob.resourcesPreset) | nindent 16 }} + {{- end }} + {{- if .Values.defrag.cronjob.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defrag.cronjob.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + volumeMounts: + - name: etcd-client-certs + mountPath: /opt/bitnami/etcd/certs/client/ + readOnly: true + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + volumes: + - name: etcd-client-certs + secret: + secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob.yaml new file mode 100644 index 000000000..fc29ae047 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/cronjob.yaml @@ -0,0 +1,154 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.disasterRecovery.enabled -}} +{{- $mergedLabels := mergeOverwrite (dict) .Values.commonLabels .Values.disasterRecovery.cronjob.podLabels -}} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + concurrencyPolicy: Forbid + schedule: {{ .Values.disasterRecovery.cronjob.schedule | quote }} + successfulJobsHistoryLimit: {{ .Values.disasterRecovery.cronjob.historyLimit }} + jobTemplate: + spec: + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $mergedLabels "context" $ ) | nindent 12 }} + app.kubernetes.io/component: snapshotter + {{- if .Values.disasterRecovery.cronjob.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.disasterRecovery.cronjob.podAnnotations "context" $) | nindent 12 }} + {{- end }} + spec: + {{- include "etcd.imagePullSecrets" . | nindent 10 }} + {{- if .Values.disasterRecovery.cronjob.nodeSelector }} + nodeSelector: {{- toYaml .Values.disasterRecovery.cronjob.nodeSelector | nindent 12 }} + {{- end }} + {{- if .Values.disasterRecovery.cronjob.tolerations }} + tolerations: {{- toYaml .Values.disasterRecovery.cronjob.tolerations | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.disasterRecovery.cronjob.serviceAccountName }} + serviceAccountName: {{ .Values.disasterRecovery.cronjob.serviceAccountName | quote }} + {{- end }} + {{- if and .Values.volumePermissions.enabled (or .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled) }} + initContainers: + - name: volume-permissions + image: {{ include "etcd.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /snapshots + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 16 }} + {{- end }} + volumeMounts: + - name: snapshot-volume + mountPath: /snapshots + - name: empty-dir + mountPath: /tmp + {{- end }} + containers: + - name: etcd-snapshotter + image: {{ include "etcd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 16 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else if .Values.disasterRecovery.cronjob.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.disasterRecovery.cronjob.command "context" $) | nindent 16 }} + {{- else }} + command: + - /opt/bitnami/scripts/etcd/snapshot.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: ETCDCTL_API + value: "3" + - name: ETCD_ON_K8S + value: "yes" + - name: MY_STS_NAME + value: {{ include "common.names.fullname" . | quote }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $clusterDomain := .Values.clusterDomain }} + - name: ETCD_CLUSTER_DOMAIN + value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }} + - name: ETCD_SNAPSHOT_HISTORY_LIMIT + value: {{ .Values.disasterRecovery.cronjob.snapshotHistoryLimit | quote }} + - name: ETCD_SNAPSHOTS_DIR + value: {{ .Values.disasterRecovery.cronjob.snapshotsDir | quote }} + {{- if .Values.auth.client.secureTransport }} + - name: ETCD_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + - name: ETCD_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + {{- if .Values.auth.client.enableAuthentication }} + - name: ETCD_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.client.caFilename }} + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- end }} + {{- if .Values.disasterRecovery.cronjob.resources }} + resources: {{- toYaml .Values.disasterRecovery.cronjob.resources | nindent 16 }} + {{- else if ne .Values.disasterRecovery.cronjob.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.disasterRecovery.cronjob.resourcesPreset) | nindent 16 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: snapshot-volume + mountPath: /snapshots + {{- if .Values.disasterRecovery.pvc.subPath }} + subPath: {{ .Values.disasterRecovery.pvc.subPath }} + {{- end }} + {{- if .Values.auth.client.secureTransport }} + - name: certs + mountPath: /opt/bitnami/etcd/certs/client + readOnly: true + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if .Values.auth.client.secureTransport }} + - name: certs + secret: + secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} + - name: snapshot-volume + persistentVolumeClaim: + claimName: {{ include "etcd.disasterRecovery.pvc.name" . }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/extra-list.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/extra-list.yaml new file mode 100644 index 000000000..329f5c653 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/networkpolicy.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/networkpolicy.yaml new file mode 100644 index 000000000..efb9ca695 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/networkpolicy.yaml @@ -0,0 +1,84 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.containerPorts.client }} + - port: {{ .Values.containerPorts.peer }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: etcd + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.containerPorts.client }} + - port: {{ .Values.containerPorts.peer }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: etcd + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes for metrics + - ports: + - port: {{ .Values.metrics.useSeparateEndpoint | ternary .Values.containerPorts.metrics .Values.containerPorts.client }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/pdb.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/pdb.yaml new file mode 100644 index 000000000..9380fd20b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/podmonitor.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/podmonitor.yaml new file mode 100644 index 000000000..9afc9368b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/podmonitor.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ ternary .Values.metrics.podMonitor.namespace .Release.Namespace (not (empty .Values.metrics.podMonitor.namespace)) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: {{ .Values.metrics.useSeparateEndpoint | ternary "metrics" "client" }} + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.podMonitor.scheme }} + scheme: {{ .Values.metrics.podMonitor.scheme }} + {{- end }} + {{- if .Values.metrics.podMonitor.tlsConfig }} + tlsConfig: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podMonitor.tlsConfig "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podMonitor.relabelings }} + relabelings: + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/prometheusrule.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/prometheusrule.yaml new file mode 100644 index 000000000..55a88b7e4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/secrets.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/secrets.yaml new file mode 100644 index 000000000..00bb06d30 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/secrets.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + etcd-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "etcd-root-password" "providedValues" (list "auth.rbac.rootPassword") "context" $) }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/serviceaccount.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/serviceaccount.yaml new file mode 100644 index 000000000..ae09f95f7 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "etcd.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/snapshot-pvc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/snapshot-pvc.yaml new file mode 100644 index 000000000..f1d3d1ff3 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/snapshot-pvc.yaml @@ -0,0 +1,23 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.disasterRecovery.pvc.size | quote }} + storageClassName: {{ .Values.disasterRecovery.pvc.storageClassName | quote }} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/statefulset.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/statefulset.yaml new file mode 100644 index 000000000..cd4ca62bb --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/statefulset.yaml @@ -0,0 +1,460 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: etcd + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: etcd + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if (include "etcd.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "etcd.token.createSecret" .) }} + checksum/token-secret: {{ include (print $.Template.BasePath "/token-secrets.yaml") . | sha256sum }} + {{- end }} + spec: + {{- include "etcd.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.shareProcessNamespace }} + {{- end }} + serviceAccountName: {{ include "etcd.serviceAccountName" $ | quote }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "etcd.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/etcd + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/etcd + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- end }} + {{- end }} + containers: + {{- $replicaCount := int .Values.replicaCount }} + {{- $peerPort := int .Values.containerPorts.peer }} + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $etcdPeerProtocol := include "etcd.peerProtocol" . }} + {{- $etcdClientProtocol := include "etcd.clientProtocol" . }} + - name: etcd + image: {{ include "etcd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_STS_NAME + value: {{ include "common.names.fullname" . | quote }} + - name: ETCDCTL_API + value: "3" + - name: ETCD_ON_K8S + value: "yes" + - name: ETCD_START_FROM_SNAPSHOT + value: {{ ternary "yes" "no" .Values.startFromSnapshot.enabled | quote }} + - name: ETCD_DISASTER_RECOVERY + value: {{ ternary "yes" "no" .Values.disasterRecovery.enabled | quote }} + - name: ETCD_NAME + value: "$(MY_POD_NAME)" + - name: ETCD_DATA_DIR + value: "/bitnami/etcd/data" + - name: ETCD_LOG_LEVEL + value: {{ ternary "debug" .Values.logLevel .Values.image.debug | quote }} + - name: ALLOW_NONE_AUTHENTICATION + value: {{ ternary "yes" "no" (and (not (or .Values.auth.rbac.create .Values.auth.rbac.enabled)) .Values.auth.rbac.allowNoneAuthentication) | quote }} + {{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- end }} + {{- if .Values.auth.token.enabled }} + - name: ETCD_AUTH_TOKEN + {{- if eq .Values.auth.token.type "jwt" }} + value: {{ printf "jwt,priv-key=/opt/bitnami/etcd/certs/token/%s,sign-method=%s,ttl=%s" .Values.auth.token.privateKey.filename .Values.auth.token.signMethod .Values.auth.token.ttl | quote }} + {{- else if eq .Values.auth.token.type "simple" }} + value: "simple" + {{- end }} + {{- end }} + - name: ETCD_ADVERTISE_CLIENT_URLS + value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }}{{- if .Values.service.enabled }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}{{- end }}" + - name: ETCD_LISTEN_CLIENT_URLS + value: "{{ $etcdClientProtocol }}://0.0.0.0:{{ .Values.containerPorts.client }}" + - name: ETCD_INITIAL_ADVERTISE_PEER_URLS + value: "{{ $etcdPeerProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.peer }}" + - name: ETCD_LISTEN_PEER_URLS + value: "{{ $etcdPeerProtocol }}://0.0.0.0:{{ .Values.containerPorts.peer }}" + {{- if .Values.metrics.useSeparateEndpoint }} + - name: ETCD_LISTEN_METRICS_URLS + value: "http://0.0.0.0:{{ .Values.containerPorts.metrics }}" + {{- end }} + {{- if .Values.autoCompactionMode }} + - name: ETCD_AUTO_COMPACTION_MODE + value: {{ .Values.autoCompactionMode | quote }} + {{- end }} + {{- if .Values.autoCompactionRetention }} + - name: ETCD_AUTO_COMPACTION_RETENTION + value: {{ .Values.autoCompactionRetention | quote }} + {{- end }} + {{- if .Values.maxProcs }} + - name: GOMAXPROCS + value: {{ .Values.maxProcs }} + {{- end }} + {{- if gt $replicaCount 1 }} + - name: ETCD_INITIAL_CLUSTER_TOKEN + value: {{ .Values.initialClusterToken | quote }} + - name: ETCD_INITIAL_CLUSTER_STATE + value: {{ default (ternary "new" "existing" .Release.IsInstall) .Values.initialClusterState | quote }} + {{- $initialCluster := list }} + {{- range $e, $i := until $replicaCount }} + {{- $initialCluster = append $initialCluster (printf "%s-%d=%s://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $i $etcdPeerProtocol $etcdFullname $i $etcdHeadlessServiceName $releaseNamespace $clusterDomain $peerPort) }} + {{- end }} + - name: ETCD_INITIAL_CLUSTER + value: {{ join "," $initialCluster | quote }} + {{- end }} + - name: ETCD_CLUSTER_DOMAIN + value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }} + {{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS }} + - name: ETCD_AUTO_TLS + value: "true" + {{- else if .Values.auth.client.secureTransport }} + - name: ETCD_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + - name: ETCD_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + {{- if .Values.auth.client.enableAuthentication }} + - name: ETCD_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.client.caFilename }} + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if and .Values.auth.peer.secureTransport .Values.auth.peer.useAutoTLS }} + - name: ETCD_PEER_AUTO_TLS + value: "true" + {{- else if .Values.auth.peer.secureTransport }} + - name: ETCD_PEER_CERT_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certFilename }}" + - name: ETCD_PEER_KEY_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certKeyFilename }}" + {{- if .Values.auth.peer.enableAuthentication }} + - name: ETCD_PEER_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_PEER_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.peer.caFilename }} + - name: ETCD_PEER_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if .Values.startFromSnapshot.enabled }} + - name: ETCD_INIT_SNAPSHOT_FILENAME + value: {{ .Values.startFromSnapshot.snapshotFilename | quote }} + - name: ETCD_INIT_SNAPSHOTS_DIR + value: {{ ternary "/snapshots" "/init-snapshot" (and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim)) | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: client + containerPort: {{ .Values.containerPorts.client }} + protocol: TCP + - name: peer + containerPort: {{ .Values.containerPorts.peer }} + protocol: TCP + {{- if .Values.metrics.useSeparateEndpoint }} + - name: metrics + containerPort: {{ .Values.containerPorts.metrics }} + protocol: TCP + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + port: {{ .Values.containerPorts.client }} + path: /livez + scheme: {{ ternary "HTTPS" "HTTP" .Values.auth.client.secureTransport | quote }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- else if and (gt $replicaCount 1) .Values.removeMemberOnContainerTermination }} + lifecycle: + preStop: + exec: + command: + - /opt/bitnami/scripts/etcd/prestop.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + mountPath: /opt/bitnami/etcd/conf/ + {{- else }} + - name: empty-dir + mountPath: /opt/bitnami/etcd/conf/ + subPath: app-conf-dir + {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: data + mountPath: /bitnami/etcd + {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} + - name: etcd-jwt-token + mountPath: /opt/bitnami/etcd/certs/token/ + readOnly: true + {{- end }} + {{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }} + - name: init-snapshot-volume + mountPath: /init-snapshot + {{- end }} + {{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }} + - name: snapshot-volume + mountPath: /snapshots + {{- if .Values.disasterRecovery.pvc.subPath }} + subPath: {{ .Values.disasterRecovery.pvc.subPath }} + {{- end }} + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + mountPath: /opt/bitnami/etcd/certs/client/ + readOnly: true + {{- end }} + {{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }} + - name: etcd-peer-certs + mountPath: /opt/bitnami/etcd/certs/peer/ + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + configMap: + name: {{ include "etcd.configmapName" . }} + {{- end }} + {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} + - name: etcd-jwt-token + secret: + secretName: {{ include "etcd.token.secretName" . }} + defaultMode: 256 + {{- end }} + {{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }} + - name: init-snapshot-volume + persistentVolumeClaim: + claimName: {{ .Values.startFromSnapshot.existingClaim }} + {{- end }} + {{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }} + - name: snapshot-volume + persistentVolumeClaim: + claimName: {{ include "etcd.disasterRecovery.pvc.name" . }} + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + secret: + secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} + {{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }} + - name: etcd-peer-certs + secret: + secretName: {{ required "A secret containing the peer certificates is required" (tpl .Values.auth.peer.existingSecret .) }} + defaultMode: 256 + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.labels }} + labels: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.extraVolumeClaimTemplates }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeClaimTemplates "context" $) | nindent 4 }} + {{- end }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc-headless.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc-headless.yaml new file mode 100644 index 000000000..aaf899214 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc-headless.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- if .Values.service.clientPortNameOverride }} + {{- if .Values.auth.client.secureTransport }} + - name: {{ .Values.service.clientPortNameOverride }}-ssl + {{- else }} + - name: {{ .Values.service.clientPortNameOverride }} + {{- end }} + {{- else }} + - name: client + {{- end }} + port: {{ .Values.containerPorts.client }} + targetPort: client + {{- if .Values.service.peerPortNameOverride }} + {{- if .Values.auth.peer.secureTransport }} + - name: {{ .Values.service.peerPortNameOverride }}-ssl + {{- else }} + - name: {{ .Values.service.peerPortNameOverride }} + {{- end }} + {{- else }} + - name: peer + {{- end }} + port: {{ .Values.containerPorts.peer }} + targetPort: peer + {{- if .Values.metrics.useSeparateEndpoint }} + {{- if .Values.service.metricsPortNameOverride }} + - name: {{ .Values.service.metricsPortNameOverride }} + {{- else }} + - name: metrics + {{- end }} + port: {{ .Values.containerPorts.metrics }} + targetPort: metrics + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc.yaml new file mode 100644 index 000000000..5c0f1ffdf --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/svc.yaml @@ -0,0 +1,74 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: {{ default "client" .Values.service.clientPortNameOverride | quote }} + port: {{ coalesce .Values.service.ports.client .Values.service.port }} + targetPort: client + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort))) }} + nodePort: {{ coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: {{ default "peer" .Values.service.peerPortNameOverride | quote }} + port: {{ coalesce .Values.service.ports.peer .Values.service.peerPort }} + targetPort: peer + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort))) }} + nodePort: {{ coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.useSeparateEndpoint }} + - name: {{ default "metrics" .Values.service.metricsPortNameOverride | quote }} + port: {{ .Values.service.ports.metrics }} + targetPort: metrics + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (.Values.service.nodePorts.metrics))) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/token-secrets.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/token-secrets.yaml new file mode 100644 index 000000000..7e510e375 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/templates/token-secrets.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "etcd.token.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + jwt-token.pem: {{ include "etcd.token.jwtToken" . | b64enc | quote }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/values.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/values.yaml new file mode 100644 index 000000000..c13157111 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/etcd/values.yaml @@ -0,0 +1,1098 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets [array] Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters +## + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels [object] Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations [object] Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy [array] Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity +## @section etcd parameters +## + +## Bitnami etcd image version +## ref: https://hub.docker.com/r/bitnami/etcd/tags/ +## @param image.registry [default: REGISTRY_NAME] etcd image registry +## @param image.repository [default: REPOSITORY_NAME/etcd] etcd image name +## @skip image.tag etcd image tag +## @param image.digest etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## +image: + registry: docker.io + repository: bitnami/etcd + tag: 3.5.16-debian-12-r2 + digest: "" + ## @param image.pullPolicy etcd image pull policy + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## @param image.pullSecrets [array] etcd image pull secrets + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param image.debug Enable image debug mode + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## +auth: + ## Role-based access control parameters + ## ref: https://etcd.io/docs/current/op-guide/authentication/ + ## + rbac: + ## @param auth.rbac.create Switch to enable RBAC authentication + ## + create: true + ## @param auth.rbac.allowNoneAuthentication Allow to use etcd without configuring RBAC authentication + ## + allowNoneAuthentication: true + ## @param auth.rbac.rootPassword Root user password. The root user is always `root` + ## + rootPassword: "" + ## @param auth.rbac.existingSecret Name of the existing secret containing credentials for the root user + ## + existingSecret: "" + ## @param auth.rbac.existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret + ## + existingSecretPasswordKey: "" + ## Authentication token + ## ref: https://etcd.io/docs/latest/learning/design-auth-v3/#two-types-of-tokens-simple-and-jwt + ## + token: + ## @param auth.token.enabled Enables token authentication + ## + enabled: true + ## @param auth.token.type Authentication token type. Allowed values: 'simple' or 'jwt' + ## ref: https://etcd.io/docs/latest/op-guide/configuration/#--auth-token + ## + type: jwt + ## @param auth.token.privateKey.filename Name of the file containing the private key for signing the JWT token + ## @param auth.token.privateKey.existingSecret Name of the existing secret containing the private key for signing the JWT token + ## NOTE: Ignored if auth.token.type=simple + ## NOTE: A secret containing a private key will be auto-generated if an existing one is not provided. + ## + privateKey: + filename: jwt-token.pem + existingSecret: "" + ## @param auth.token.signMethod JWT token sign method + ## NOTE: Ignored if auth.token.type=simple + ## + signMethod: RS256 + ## @param auth.token.ttl JWT token TTL + ## NOTE: Ignored if auth.token.type=simple + ## + ttl: 10m + ## TLS authentication for client-to-server communications + ## ref: https://etcd.io/docs/current/op-guide/security/ + ## + client: + ## @param auth.client.secureTransport Switch to encrypt client-to-server communications using TLS certificates + ## + secureTransport: false + ## @param auth.client.useAutoTLS Switch to automatically create the TLS certificates + ## + useAutoTLS: false + ## @param auth.client.existingSecret Name of the existing secret containing the TLS certificates for client-to-server communications + ## + existingSecret: "" + ## @param auth.client.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret + ## + enableAuthentication: false + ## @param auth.client.certFilename Name of the file containing the client certificate + ## + certFilename: cert.pem + ## @param auth.client.certKeyFilename Name of the file containing the client certificate private key + ## + certKeyFilename: key.pem + ## @param auth.client.caFilename Name of the file containing the client CA certificate + ## If not specified and `auth.client.enableAuthentication=true` or `auth.rbac.enabled=true`, the default is is `ca.crt` + ## + caFilename: "" + ## TLS authentication for server-to-server communications + ## ref: https://etcd.io/docs/current/op-guide/security/ + ## + peer: + ## @param auth.peer.secureTransport Switch to encrypt server-to-server communications using TLS certificates + ## + secureTransport: false + ## @param auth.peer.useAutoTLS Switch to automatically create the TLS certificates + ## + useAutoTLS: false + ## @param auth.peer.existingSecret Name of the existing secret containing the TLS certificates for server-to-server communications + ## + existingSecret: "" + ## @param auth.peer.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret + ## + enableAuthentication: false + ## @param auth.peer.certFilename Name of the file containing the peer certificate + ## + certFilename: cert.pem + ## @param auth.peer.certKeyFilename Name of the file containing the peer certificate private key + ## + certKeyFilename: key.pem + ## @param auth.peer.caFilename Name of the file containing the peer CA certificate + ## If not specified and `auth.peer.enableAuthentication=true` or `rbac.enabled=true`, the default is is `ca.crt` + ## + caFilename: "" +## @param autoCompactionMode Auto compaction mode, by default periodic. Valid values: "periodic", "revision". +## - 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. 5m). +## - 'revision' for revision number based retention. +## +autoCompactionMode: "" +## @param autoCompactionRetention Auto compaction retention for mvcc key value store in hour, by default 0, means disabled +## +autoCompactionRetention: "" +## @param initialClusterState Initial cluster state. Allowed values: 'new' or 'existing' +## If this values is not set, the default values below are set: +## - 'new': when installing the chart ('helm install ...') +## - 'existing': when upgrading the chart ('helm upgrade ...') +## +initialClusterState: "" +## @param initialClusterToken Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. +## If spinning up multiple clusters (or creating and destroying a single cluster) +## with same configuration for testing purpose, it is highly recommended that each cluster is given a unique initial-cluster-token. +## By doing this, etcd can generate unique cluster IDs and member IDs for the clusters even if they otherwise have the exact same configuration. +## +initialClusterToken: "etcd-cluster-k8s" +## @param logLevel Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' +## +logLevel: "info" +## @param maxProcs Limits the number of operating system threads that can execute user-level +## Go code simultaneously by setting GOMAXPROCS environment variable +## ref: https://golang.org/pkg/runtime +## +maxProcs: "" +## @param removeMemberOnContainerTermination Use a PreStop hook to remove the etcd members from the etcd cluster on container termination +## they the containers are terminated. Set to 'false' if appears an error-related member ID wasn't properly stored. +## NOTE: Ignored if lifecycleHooks is set or replicaCount=1 +## +removeMemberOnContainerTermination: true +## @param configuration etcd configuration. Specify content for etcd.conf.yml +## e.g: +## configuration: |- +## foo: bar +## baz: +## +configuration: "" +## @param existingConfigmap Existing ConfigMap with etcd configuration +## NOTE: When it's set the configuration parameter is ignored +## +existingConfigmap: "" +## @param extraEnvVars [array] Extra environment variables to be set on etcd container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @param command [array] Default container command (useful when using custom images) +## +command: [] +## @param args [array] Default container args (useful when using custom images) +## +args: [] +## @section etcd statefulset parameters +## + +## @param replicaCount Number of etcd replicas to deploy +## +replicaCount: 1 +## Update strategy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## @param updateStrategy.type Update strategy type, can be set to RollingUpdate or OnDelete. +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for the etcd statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +## +podManagementPolicy: Parallel +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases [array] etcd pod host aliases +## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param lifecycleHooks [object] Override default etcd container hooks +## +lifecycleHooks: {} +## etcd container ports to open +## @param containerPorts.client Client port to expose at container level +## @param containerPorts.peer Peer port to expose at container level +## @param containerPorts.metrics Metrics port to expose at container level when metrics.useSeparateEndpoint is true +## +containerPorts: + client: 2379 + peer: 2380 + metrics: 9090 +## etcd pods' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled etcd pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Set etcd pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## etcd containers' SecurityContext +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled etcd containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set etcd containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set etcd containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set primary container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## etcd containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "micro" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe [object] Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe [object] Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe [object] Override default startup probe +## +customStartupProbe: {} +## @param extraVolumes [array] Optionally specify extra list of additional volumes for etcd pods +## +extraVolumes: [] +## @param extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for etcd container(s) +## +extraVolumeMounts: [] +## @param extraVolumeClaimTemplates [array] Optionally specify extra list of additional volumeClaimTemplates for etcd container(s) +## +extraVolumeClaimTemplates: [] +## @param initContainers [array] Add additional init containers to the etcd pods +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars [array] Add additional sidecar containers to the etcd pods +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param podAnnotations [object] Annotations for etcd pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels [object] Extra labels for etcd pods +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. +## @param nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set. +## +nodeAffinityPreset: + type: "" + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity [object] Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector [object] Node labels for pod assignment +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations [array] Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate +## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution +## +terminationGracePeriodSeconds: "" +## @param schedulerName Name of the k8s scheduler (other than default) +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param priorityClassName Name of the priority class to be used by etcd pods +## Priority class needs to be created beforehand +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## @param shareProcessNamespace Enable shared process namespace in a pod. +## If set to false (default), each container will run in separate namespace, etcd will have PID=1. +## If set to true, the /pause will run as init process and will reap any zombie PIDs, +## for example, generated by a custom exec probe running longer than a probe timeoutSeconds. +## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ +## +shareProcessNamespace: false +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain +## @section Traffic exposure parameters +## + +service: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.enabled create second service if equal true + ## + enabled: true + ## @param service.clusterIP Kubernetes service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.ports.client etcd client port + ## @param service.ports.peer etcd peer port + ## @param service.ports.metrics etcd metrics port when metrics.useSeparateEndpoint is true + ## + ports: + client: 2379 + peer: 2380 + metrics: 9090 + ## @param service.nodePorts.client Specify the nodePort client value for the LoadBalancer and NodePort service types. + ## @param service.nodePorts.peer Specify the nodePort peer value for the LoadBalancer and NodePort service types. + ## @param service.nodePorts.metrics Specify the nodePort metrics value for the LoadBalancer and NodePort service types. The metrics port is only exposed when metrics.useSeparateEndpoint is true. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + client: "" + peer: "" + metrics: "" + ## @param service.clientPortNameOverride etcd client port name override + ## + clientPortNameOverride: "" + ## @param service.peerPortNameOverride etcd peer port name override + ## + peerPortNameOverride: "" + ## @param service.metricsPortNameOverride etcd metrics port name override. The metrics port is only exposed when metrics.useSeparateEndpoint is true. + ## + metricsPortNameOverride: "" + ## @param service.loadBalancerIP loadBalancerIP for the etcd service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges [array] Load Balancer source ranges + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalIPs [array] External IPs + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations [object] Additional annotations for the etcd service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled If true, use a Persistent Volume Claim. If false, use emptyDir. + ## + enabled: true + ## @param persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## + ## @param persistence.annotations [object] Annotations for the PVC + ## + annotations: {} + ## @param persistence.labels [object] Labels for the PVC + ## + labels: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for etcd data volume + ## + size: 8Gi + ## @param persistence.selector [object] Selector to match an existing Persistent Volume + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + selector: {} +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name + ## @skip volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r30 + digest: "" + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## + pullPolicy: IfNotPresent + ## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} +## @section Network Policy parameters +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the ports + ## etcd is listening on. When true, etcd will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## @section Metrics parameters +## +metrics: + ## @param metrics.enabled Expose etcd metrics + ## + enabled: false + ## @param metrics.useSeparateEndpoint Use a separate endpoint for exposing metrics + # + useSeparateEndpoint: false + ## @param metrics.podAnnotations [object] Annotations for the Prometheus metrics on etcd pods + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.useSeparateEndpoint | ternary .Values.containerPorts.metrics .Values.containerPorts.client }}" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + podMonitor: + ## @param metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace Namespace in which Prometheus is running + ## + namespace: monitoring + ## @param metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## + scrapeTimeout: 30s + ## @param metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## @param metrics.podMonitor.scheme Scheme to use for scraping + ## + scheme: http + ## @param metrics.podMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + ## e.g: + ## tlsConfig: + ## ca: + ## secret: + ## name: existingSecretName + ## + tlsConfig: {} + ## @param metrics.podMonitor.relabelings [array] Prometheus relabeling rules + ## + relabelings: [] + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Prometheus Rule definitions + # - alert: ETCD has no leader + # annotations: + # summary: "ETCD has no leader" + # description: "pod {{`{{`}} $labels.pod {{`}}`}} state error, can't connect leader" + # for: 1m + # expr: etcd_server_has_leader == 0 + # labels: + # severity: critical + # group: PaaS + ## + rules: [] +## @section Snapshotting parameters +## + +## Start a new etcd cluster recovering the data from an existing snapshot before bootstrapping +## +startFromSnapshot: + ## @param startFromSnapshot.enabled Initialize new cluster recovering an existing snapshot + ## + enabled: false + ## @param startFromSnapshot.existingClaim Existing PVC containing the etcd snapshot + ## + existingClaim: "" + ## @param startFromSnapshot.snapshotFilename Snapshot filename + ## + snapshotFilename: "" +## Enable auto disaster recovery by periodically snapshotting the keyspace: +## - It creates a cronjob to periodically snapshotting the keyspace +## - It also creates a ReadWriteMany PVC to store the snapshots +## If the cluster permanently loses more than (N-1)/2 members, it tries to +## recover itself from the last available snapshot. +## +disasterRecovery: + ## @param disasterRecovery.enabled Enable auto disaster recovery by periodically snapshotting the keyspace + ## + enabled: false + cronjob: + ## @param disasterRecovery.cronjob.schedule Schedule in Cron format to save snapshots + ## See https://en.wikipedia.org/wiki/Cron + ## + schedule: "*/30 * * * *" + ## @param disasterRecovery.cronjob.historyLimit Number of successful finished jobs to retain + ## + historyLimit: 1 + ## @param disasterRecovery.cronjob.snapshotHistoryLimit Number of etcd snapshots to retain, tagged by date + ## + snapshotHistoryLimit: 1 + ## @param disasterRecovery.cronjob.snapshotsDir Directory to store snapshots + ## + snapshotsDir: "/snapshots" + ## @param disasterRecovery.cronjob.podAnnotations [object] Pod annotations for cronjob pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## Configure resource requests and limits for snapshotter containers + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param disasterRecovery.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if disasterRecovery.cronjob.resources is set (disasterRecovery.cronjob.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param disasterRecovery.cronjob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param disasterRecovery.cronjob.nodeSelector Node labels for cronjob pods assignment + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param disasterRecovery.cronjob.tolerations Tolerations for cronjob pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param disasterRecovery.cronjob.podLabels [object] Labels that will be added to pods created by cronjob + ## + podLabels: {} + ## @param disasterRecovery.cronjob.serviceAccountName Specifies the service account to use for disaster recovery cronjob + ## + serviceAccountName: "" + ## @param disasterRecovery.cronjob.command Override default snapshot container command (useful when you want to customize the snapshot logic) + ## + command: [] + ## + pvc: + ## @param disasterRecovery.pvc.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + existingClaim: "" + ## @param disasterRecovery.pvc.size PVC Storage Request + ## + size: 2Gi + ## @param disasterRecovery.pvc.storageClassName Storage Class for snapshots volume + ## + storageClassName: nfs + ## @param disasterRecovery.pvc.subPath Path within the volume from which to mount + ## Useful if snapshots should only be stored in a subdirectory of the volume + ## + subPath: "" +## @section Service account parameters +## +serviceAccount: + ## @param serviceAccount.create Enable/disable service account creation + ## + create: true + ## @param serviceAccount.name Name of the service account to create or use + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations [object] Additional annotations to be included on the service account + ## + annotations: {} + ## @param serviceAccount.labels [object] Additional labels to be included on the service account + ## + labels: {} +## @section Defragmentation parameters +## + +## Enable defragmentation by periodically rearranging fragmented data after history compaction. +## It creates a cronjob to periodically run the defragmentation command: +## etcdctl defrag [OPTIONS] +## See https://etcd.io/docs/latest/op-guide/maintenance/ +## +defrag: + ## @param defrag.enabled Enable automatic defragmentation. This is most effective when paired with auto compaction: consider setting "autoCompactionRetention > 0". + ## + enabled: false + cronjob: + ## @param defrag.cronjob.startingDeadlineSeconds Number of seconds representing the deadline for starting the job if it misses scheduled time for any reason + ## + startingDeadlineSeconds: "" + ## @param defrag.cronjob.schedule Schedule in Cron format to defrag (daily at midnight by default) + ## See https://en.wikipedia.org/wiki/Cron + ## + schedule: "0 0 * * *" + ## @param defrag.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy + ## + concurrencyPolicy: Forbid + ## @param defrag.cronjob.suspend Boolean that indicates if the controller must suspend subsequent executions (not applied to already started executions) + ## + suspend: false + ## @param defrag.cronjob.successfulJobsHistoryLimit Number of successful finished jobs to retain + ## + successfulJobsHistoryLimit: 1 + ## @param defrag.cronjob.failedJobsHistoryLimit Number of failed finished jobs to retain + ## + failedJobsHistoryLimit: 1 + ## @param defrag.cronjob.labels [object] Additional labels to be added to the Defrag cronjob + ## + labels: {} + ## @param defrag.cronjob.annotations [object] Annotations to be added to the Defrag cronjob + ## + annotations: {} + ## @param defrag.cronjob.activeDeadlineSeconds Number of seconds relative to the startTime that the job may be continuously active before the system tries to terminate it + ## + activeDeadlineSeconds: "" + ## @param defrag.cronjob.restartPolicy Set the cronjob parameter restartPolicy + ## + restartPolicy: OnFailure + ## @param defrag.cronjob.podLabels [object] Labels that will be added to pods created by Defrag cronjob + ## + podLabels: {} + ## @param defrag.cronjob.podAnnotations [object] Pod annotations for Defrag cronjob pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## K8s Security Context for Defrag cronjob pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param defrag.cronjob.podSecurityContext.enabled Enable security context for Defrag pods + ## @param defrag.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param defrag.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param defrag.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param defrag.cronjob.podSecurityContext.fsGroup Group ID for the Defrag filesystem + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure container security context for Defrag cronjob pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param defrag.cronjob.containerSecurityContext.enabled Enabled containers' Security Context + ## @param defrag.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param defrag.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param defrag.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param defrag.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param defrag.cronjob.containerSecurityContext.privileged Set container's Security Context privileged + ## @param defrag.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param defrag.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param defrag.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param defrag.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## @param defrag.cronjob.nodeSelector [object] Node labels for pod assignment in Defrag cronjob + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param defrag.cronjob.tolerations [array] Tolerations for pod assignment in Defrag cronjob + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param defrag.cronjob.serviceAccountName Specifies the service account to use for Defrag cronjob + ## + serviceAccountName: "" + ## @param defrag.cronjob.command [array] Override default container command for defragmentation (useful when using custom images) + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + command: [] + ## @param defrag.cronjob.args [array] Override default container args (useful when using custom images) + ## + args: [] + ## @param defrag.cronjob.resourcesPreset Set container resources according to one common preset + ## (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if + ## defrag.cronjob.resources is set (defrag.cronjob.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defrag.cronjob.resources [object] Set container requests and limits for different resources like CPU or + ## memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} +## @section Other parameters +## + +## etcd Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: true + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 51% + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: "" diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/.helmignore b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/.helmignore new file mode 100644 index 000000000..a9fe72788 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/Chart.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/Chart.yaml new file mode 100644 index 000000000..10a64231b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: RELEASE.2024-04-18T19-09-19Z +description: High Performance Object Storage +home: https://min.io +icon: https://min.io/resources/img/logo/MINIO_wordmark.png +keywords: +- minio +- storage +- object-storage +- s3 +- cluster +maintainers: +- email: dev@minio.io + name: MinIO, Inc +name: minio +sources: +- https://github.com/minio/minio +version: 5.3.0 diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/README.md b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/README.md new file mode 100644 index 000000000..a1d5c99f8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/README.md @@ -0,0 +1,264 @@ +# MinIO Community Helm Chart + +[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE) + +MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. + +| IMPORTANT | +| -------------------------- | +| This Helm chart is community built, maintained, and supported. MinIO does not guarantee support for any given bug, feature request, or update referencing this chart.

MinIO publishes a separate [MinIO Kubernetes Operator and Tenant Helm Chart](https://github.com/minio/operator/tree/master/helm) that is officially maintained and supported. MinIO strongly recommends using the MinIO Kubernetes Operator for production deployments. See [Deploy Operator With Helm](https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html?ref=github) for additional documentation. | + +## Introduction + +This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Helm cli with Kubernetes cluster configured. +- PV provisioner support in the underlying infrastructure. (We recommend using ) +- Use Kubernetes version v1.19 and later for best experience. + +## Configure MinIO Helm repo + +```bash +helm repo add minio https://charts.min.io/ +``` + +### Installing the Chart + +Install this chart using: + +```bash +helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio +``` + +The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Installing the Chart (toy-setup) + +Minimal toy setup for testing purposes can be deployed using: + +```bash +helm install --set resources.requests.memory=512Mi --set replicas=1 --set persistence.enabled=false --set mode=standalone --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio +``` + +### Upgrading the Chart + +You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: + +```bash +helm get values my-release > old_values.yaml +``` + +Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using + +```bash +helm upgrade -f old_values.yaml my-release minio/minio +``` + +Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. + +### Configuration + +Refer the [Values file](./values.yaml) for all the possible config fields. + +You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install --name my-release --set persistence.size=1Ti minio/minio +``` + +The above command deploys MinIO server with a 1Ti backing persistent volume. + +Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, + +```bash +helm install --name my-release -f values.yaml minio/minio +``` + +### Persistence + +This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: + +```bash +helm install --set persistence.enabled=false minio/minio +``` + +> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* + +### Existing PersistentVolumeClaim + +If a Persistent Volume Claim already exists, specify it during installation. + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```bash +helm install --set persistence.existingClaim=PVC_NAME minio/minio +``` + +### NetworkPolicy + +To enable network policy for MinIO, +install [a networking plugin that implements the Kubernetes +NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), +and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting +the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: + +``` +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +When using `Cilium` as a CNI in your cluster, please edit the `flavor` field to `cilium`. + +With NetworkPolicy enabled, traffic will be limited to just port 9000. + +For more precise policy, set `networkPolicy.allowExternal=true`. This will +only allow pods with the generated client label to connect to MinIO. +This label will be displayed in the output of a successful install. + +### Existing secret + +Instead of having this chart create the secret for you, you can supply a preexisting secret, much +like an existing PersistentVolumeClaim. + +First, create the secret: + +```bash +kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux +``` + +Then install the chart, specifying that you want to use an existing secret: + +```bash +helm install --set existingSecret=my-minio-secret minio/minio +``` + +The following fields are expected in the secret: + +| .data.\ in Secret | Corresponding variable | Description | Required | +|:------------------------|:-----------------------|:---------------|:---------| +| `rootUser` | `rootUser` | Root user. | yes | +| `rootPassword` | `rootPassword` | Root password. | yes | + +All corresponding variables will be ignored in values file. + +### Configure TLS + +To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using + +```bash +kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt +``` + +Then install the chart, specifying that you want to use the TLS secret: + +```bash +helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio +``` + +### Installing certificates from third party CAs + +MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. + +For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: + +``` +kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt +``` + +If TLS is not enabled, you would need only the third party CA: + +``` +kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt +``` + +The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter: + +``` +trustedCertsSecret: "minio-trusted-certs" + +or + +--set trustedCertsSecret=minio-trusted-certs +``` + +### Create buckets after install + +Install the chart, specifying the buckets you want to create after install: + +```bash +helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio +``` + +Description of the configuration parameters used above - + +- `buckets[].name` - name of the bucket to create, must be a string with length > 0 +- `buckets[].policy` - can be one of none|download|upload|public +- `buckets[].purge` - purge if bucket exists already + +### Create policies after install + +Install the chart, specifying the policies you want to create after install: + +```bash +helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio +``` + +Description of the configuration parameters used above - + +- `policies[].name` - name of the policy to create, must be a string with length > 0 +- `policies[].statements[]` - list of statements, includes actions and resources +- `policies[].statements[].resources[]` - list of resources that applies the statement +- `policies[].statements[].actions[]` - list of actions granted + +### Create user after install + +Install the chart, specifying the users you want to create after install: + +```bash +helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio +``` + +Description of the configuration parameters used above - + +- `users[].accessKey` - accessKey of user +- `users[].secretKey` - secretKey of usersecretRef +- `users[].existingSecret` - secret name that contains the secretKey of user +- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey +- `users[].policy` - name of the policy to assign to user + +### Create service account after install + +Install the chart, specifying the service accounts you want to create after install: + +```bash +helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio +``` + +Description of the configuration parameters used above - + +- `svcaccts[].accessKey` - accessKey of service account +- `svcaccts[].secretKey` - secretKey of svcacctsecretRef +- `svcaccts[].existingSecret` - secret name that contains the secretKey of service account +- `svcaccts[].existingSecretKey` - data key in existingSecret secret containing the secretKey +- `svcaccts[].user` - name of the parent user to assign to service account + +## Uninstalling the Chart + +Assuming your release is named as `my-release`, delete it using the command: + +```bash +helm delete my-release +``` + +or + +```bash +helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/NOTES.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/NOTES.txt new file mode 100644 index 000000000..ba51b4c6c --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/NOTES.txt @@ -0,0 +1,43 @@ +{{- if eq .Values.service.type "ClusterIP" "NodePort" }} +MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: +{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.{{ .Values.clusterDomain }} + +To access MinIO from localhost, run the below commands: + + 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + + 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} + +Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ + +You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: + + 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart + + 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} + + 3. mc ls {{ template "minio.fullname" . }}-local + +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} +MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: +kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} + +Note that the public IP may take a couple of minutes to be available. + +You can now access MinIO server on http://:9000. Follow the below steps to connect to MinIO server with mc client: + + 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart + + 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@:{{ .Values.service.port }} + + 3. mc ls {{ template "minio.fullname" . }} + +Alternately, you can use your browser or the MinIO SDK to access the server - https://min.io/docs/minio/linux/reference/minio-server/minio-server.html +{{- end }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label +{{ template "minio.fullname" . }}-client=true" +will be able to connect to this minio cluster. +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_bucket.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_bucket.txt new file mode 100644 index 000000000..83b8dcb2d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_bucket.txt @@ -0,0 +1,122 @@ +#!/bin/sh +set -e # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 + LIMIT=29 # Allow 30 attempts + set -e # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) + SECRET=$(cat /config/rootPassword) + set +e # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" + $MC_COMMAND + STATUS=$? + until [ $STATUS = 0 ]; do + ATTEMPTS=$(expr $ATTEMPTS + 1) + echo \"Failed attempts: $ATTEMPTS\" + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 + fi + sleep 2 # 1 second intervals between attempts + $MC_COMMAND + STATUS=$? + done + set -e # reset `e` as active + return 0 +} + +# checkBucketExists ($bucket) +# Check if the bucket exists, by using the exit code of `mc ls` +checkBucketExists() { + BUCKET=$1 + CMD=$(${MC} stat myminio/$BUCKET >/dev/null 2>&1) + return $? +} + +# createBucket ($bucket, $policy, $purge) +# Ensure bucket exists, purging if asked to +createBucket() { + BUCKET=$1 + POLICY=$2 + PURGE=$3 + VERSIONING=$4 + OBJECTLOCKING=$5 + + # Purge the bucket, if set & exists + # Since PURGE is user input, check explicitly for `true` + if [ $PURGE = true ]; then + if checkBucketExists $BUCKET; then + echo "Purging bucket '$BUCKET'." + set +e # don't exit if this fails + ${MC} rm -r --force myminio/$BUCKET + set -e # reset `e` as active + else + echo "Bucket '$BUCKET' does not exist, skipping purge." + fi + fi + + # Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) + if ! checkBucketExists $BUCKET; then + if [ ! -z $OBJECTLOCKING ]; then + if [ $OBJECTLOCKING = true ]; then + echo "Creating bucket with OBJECTLOCKING '$BUCKET'" + ${MC} mb --with-lock myminio/$BUCKET + elif [ $OBJECTLOCKING = false ]; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + fi + elif [ -z $OBJECTLOCKING ]; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + else + echo "Bucket '$BUCKET' already exists." + fi + fi + + # set versioning for bucket if objectlocking is disabled or not set + if [ $OBJECTLOCKING = false ]; then + if [ ! -z $VERSIONING ]; then + if [ $VERSIONING = true ]; then + echo "Enabling versioning for '$BUCKET'" + ${MC} version enable myminio/$BUCKET + elif [ $VERSIONING = false ]; then + echo "Suspending versioning for '$BUCKET'" + ${MC} version suspend myminio/$BUCKET + fi + fi + else + echo "Bucket '$BUCKET' versioning unchanged." + fi + + # At this point, the bucket should exist, skip checking for existence + # Set policy on the bucket + echo "Setting policy of bucket '$BUCKET' to '$POLICY'." + ${MC} anonymous set $POLICY myminio/$BUCKET +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.buckets }} +{{ $global := . }} +# Create the buckets +{{- range .Values.buckets }} +createBucket {{ tpl .name $global }} {{ .policy | default "none" | quote }} {{ .purge | default false }} {{ .versioning | default false }} {{ .objectlocking | default false }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_policy.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_policy.txt new file mode 100644 index 000000000..aa584952f --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_policy.txt @@ -0,0 +1,75 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkPolicyExists ($policy) +# Check if the policy exists, by using the exit code of `mc admin policy info` +checkPolicyExists() { + POLICY=$1 + CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) + return $? +} + +# createPolicy($name, $filename) +createPolicy () { + NAME=$1 + FILENAME=$2 + + # Create the name if it does not exist + echo "Checking policy: $NAME (in /config/$FILENAME.json)" + if ! checkPolicyExists $NAME ; then + echo "Creating policy '$NAME'" + else + echo "Policy '$NAME' already exists." + fi + ${MC} admin policy create myminio $NAME /config/$FILENAME.json + +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.policies }} +# Create the policies +{{- range $idx, $policy := .Values.policies }} +createPolicy {{ $policy.name }} policy_{{ $idx }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_svcacct.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_svcacct.txt new file mode 100644 index 000000000..5c8aec4f0 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_svcacct.txt @@ -0,0 +1,106 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. +# Special characters for example : ',",<,>,{,} +MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp" + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 2 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkSvcacctExists () +# Check if the svcacct exists, by using the exit code of `mc admin user svcacct info` +checkSvcacctExists() { + CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) + return $? +} + +# createSvcacct ($user) +createSvcacct () { + USER=$1 + FILENAME=$2 + #check accessKey_and_secretKey_tmp file + if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then + echo "credentials file does not exist" + return 1 + fi + if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then + echo "credentials file is invalid" + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + return 1 + fi + SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) + # Create the svcacct if it does not exist + if ! checkSvcacctExists ; then + echo "Creating svcacct '$SVCACCT'" + # Check if policy file is define + if [ -z $FILENAME ]; then + ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER + else + ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER + fi + else + echo "Svcacct '$SVCACCT' already exists." + fi + #clean up credentials files. + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.svcaccts }} +{{ $global := . }} +# Create the svcaccts +{{- range $idx, $svc := .Values.svcaccts }} +echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP +{{- if .existingSecret }} +cat /config/secrets-svc/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +# Add a new line if it doesn't exist +echo >> $MINIO_ACCESSKEY_SECRETKEY_TMP +{{ else }} +echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +{{- end }} +{{- if $svc.policy}} +createSvcacct {{ .user }} svc_policy_{{ $idx }} +{{ else }} +createSvcacct {{ .user }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_user.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_user.txt new file mode 100644 index 000000000..bfb79bee5 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_create_user.txt @@ -0,0 +1,107 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. +# Special characters for example : ',",<,>,{,} +MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkUserExists () +# Check if the user exists, by using the exit code of `mc admin user info` +checkUserExists() { + CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) + return $? +} + +# createUser ($policy) +createUser() { + POLICY=$1 + #check accessKey_and_secretKey_tmp file + if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then + echo "credentials file does not exist" + return 1 + fi + if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then + echo "credentials file is invalid" + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + return 1 + fi + USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) + # Create the user if it does not exist + if ! checkUserExists ; then + echo "Creating user '$USER'" + cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio + else + echo "User '$USER' already exists." + fi + #clean up credentials files. + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + + # set policy for user + if [ ! -z $POLICY -a $POLICY != " " ] ; then + echo "Adding policy '$POLICY' for '$USER'" + set +e ; # policy already attach errors out, allow it. + ${MC} admin policy attach myminio $POLICY --user=$USER + set -e + else + echo "User '$USER' has no policy attached." + fi +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.users }} +{{ $global := . }} +# Create the users +{{- range .Values.users }} +echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP +{{- if .existingSecret }} +cat /config/secrets/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +# Add a new line if it doesn't exist +echo >> $MINIO_ACCESSKEY_SECRETKEY_TMP +createUser {{ .policy }} +{{ else }} +echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +createUser {{ .policy }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_custom_command.txt b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_custom_command.txt new file mode 100644 index 000000000..b583a7782 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_custom_command.txt @@ -0,0 +1,58 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# runCommand ($@) +# Run custom mc command +runCommand() { + ${MC} "$@" + return $? +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.customCommands }} +# Run custom commands +{{- range .Values.customCommands }} +runCommand {{ .command }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_policy.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_policy.tpl new file mode 100644 index 000000000..8be998e5d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helper_policy.tpl @@ -0,0 +1,28 @@ +{{- $statements_length := len .statements -}} +{{- $statements_length := sub $statements_length 1 -}} +{ + "Version": "2012-10-17", + "Statement": [ +{{- range $i, $statement := .statements }} + { + "Effect": "{{ $statement.effect | default "Allow" }}", + "Action": [ +"{{ $statement.actions | join "\",\n\"" }}" + ]{{ if $statement.resources }}, + "Resource": [ +"{{ $statement.resources | join "\",\n\"" }}" + ]{{ end }} +{{- if $statement.conditions }} +{{- $condition_len := len $statement.conditions }} +{{- $condition_len := sub $condition_len 1 }} + , + "Condition": { + {{- range $k,$v := $statement.conditions }} + {{- range $operator,$object := $v }} + "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }} + {{- end }}{{- end }} + }{{- end }} + }{{ if lt $i $statements_length }},{{end }} +{{- end }} + ] +} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helpers.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helpers.tpl new file mode 100644 index 000000000..1cb209e5e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/_helpers.tpl @@ -0,0 +1,218 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "minio.name" -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "minio.fullname" -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "minio.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "minio.networkPolicy.apiVersion" -}} + {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "minio.deployment.apiVersion" -}} + {{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "minio.statefulset.apiVersion" -}} + {{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "minio.ingress.apiVersion" -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for console ingress. +*/}} +{{- define "minio.consoleIngress.apiVersion" -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} +{{- end -}} + +{{/* +Determine secret name. +*/}} +{{- define "minio.secretName" -}} + {{- if .Values.existingSecret -}} + {{- .Values.existingSecret }} + {{- else -}} + {{- include "minio.fullname" . -}} + {{- end -}} +{{- end -}} + +{{/* +Determine name for scc role and rolebinding +*/}} +{{- define "minio.sccRoleName" -}} + {{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Properly format optional additional arguments to MinIO binary +*/}} +{{- define "minio.extraArgs" -}} +{{- range .Values.extraArgs -}} +{{ " " }}{{ . }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "minio.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: + {{ toYaml .Values.imagePullSecrets }} +{{- end -}} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: + {{ toYaml .Values.imagePullSecrets }} +{{- end -}} +{{- end -}} + +{{/* +Formats volumeMount for MinIO TLS keys and trusted certs +*/}} +{{- define "minio.tlsKeysVolumeMount" -}} +{{- if .Values.tls.enabled }} +- name: cert-secret-volume + mountPath: {{ .Values.certsPath }} +{{- end }} +{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} +{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} +- name: trusted-cert-secret-volume + mountPath: {{ $casPath }} +{{- end }} +{{- end -}} + +{{/* +Formats volume for MinIO TLS keys and trusted certs +*/}} +{{- define "minio.tlsKeysVolume" -}} +{{- if .Values.tls.enabled }} +- name: cert-secret-volume + secret: + secretName: {{ tpl .Values.tls.certSecret $ }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key +{{- end }} +{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} +{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} +{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} +- name: trusted-cert-secret-volume + secret: + secretName: {{ $certSecret }} + {{- if ne $publicCrt "" }} + items: + - key: {{ $publicCrt }} + path: public.crt + {{- end }} +{{- end }} +{{- end -}} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "minio.getValueFromSecret" }} + {{- $len := (default 16 .Length) | int -}} + {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $obj }} + {{- index $obj .Key | b64dec -}} + {{- else -}} + {{- randAlphaNum $len -}} + {{- end -}} +{{- end }} + +{{- define "minio.root.username" -}} + {{- if .Values.rootUser }} + {{- .Values.rootUser | toString }} + {{- else }} + {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }} + {{- end }} +{{- end -}} + +{{- define "minio.root.password" -}} + {{- if .Values.rootPassword }} + {{- .Values.rootPassword | toString }} + {{- else }} + {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }} + {{- end }} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ciliumnetworkpolicy.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ciliumnetworkpolicy.yaml new file mode 100644 index 000000000..1dc91bcf2 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ciliumnetworkpolicy.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "cilium") }} +kind: CiliumNetworkPolicy +apiVersion: cilium.io/v2 +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + endpointSelector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + ingress: + - toPorts: + - ports: + - port: "{{ .Values.minioAPIPort }}" + protocol: TCP + - port: "{{ .Values.minioConsolePort }}" + protocol: TCP + {{- if not .Values.networkPolicy.allowExternal }} + fromEndpoints: + - matchLabels: + {{ template "minio.name" . }}-client: "true" + {{- end }} + egress: + {{- range $entity := .Values.networkPolicy.egressEntities }} + - toEntities: + - {{ $entity }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/configmap.yaml new file mode 100644 index 000000000..47f64cc23 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + initialize: |- + {{- include (print $.Template.BasePath "/_helper_create_bucket.txt") . | nindent 4 }} + add-user: |- + {{- include (print $.Template.BasePath "/_helper_create_user.txt") . | nindent 4 }} + add-policy: |- + {{- include (print $.Template.BasePath "/_helper_create_policy.txt") . | nindent 4 }} + {{- range $idx, $policy := .Values.policies }} + # Policy: {{ $policy.name }} + policy_{{ $idx }}.json: |- + {{- include (print $.Template.BasePath "/_helper_policy.tpl") . | nindent 4 }} + {{ end }} + {{- range $idx, $svc := .Values.svcaccts }} + {{- if $svc.policy }} + # SVC: {{ $svc.accessKey }} + svc_policy_{{ $idx }}.json: |- + {{- include (print $.Template.BasePath "/_helper_policy.tpl") .policy | nindent 4 }} + {{- end }} + {{- end }} + add-svcacct: |- + {{- include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | nindent 4 }} + custom-command: |- + {{- include (print $.Template.BasePath "/_helper_custom_command.txt") . | nindent 4 }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-ingress.yaml new file mode 100644 index 000000000..79a2b1b58 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-ingress.yaml @@ -0,0 +1,55 @@ +{{- if .Values.consoleIngress.enabled -}} +{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}} +{{- $servicePort := .Values.consoleService.port -}} +{{- $ingressPath := .Values.consoleIngress.path -}} +apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.consoleIngress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.consoleIngress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.consoleIngress.ingressClassName }} + ingressClassName: {{ .Values.consoleIngress.ingressClassName }} + {{- end }} + {{- if .Values.consoleIngress.tls }} + tls: + {{- range .Values.consoleIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.consoleIngress.hosts }} + - http: + paths: + - path: {{ $ingressPath }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if . }} + host: {{ tpl . $ | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-service.yaml new file mode 100644 index 000000000..f09e3f3c6 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/console-service.yaml @@ -0,0 +1,45 @@ +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }}-console + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.consoleService.annotations }} + annotations: {{- toYaml .Values.consoleService.annotations | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.consoleService.type }} + {{- if and (eq .Values.consoleService.type "ClusterIP") .Values.consoleService.clusterIP }} + clusterIP: {{ .Values.consoleService.clusterIP }} + {{- end }} + {{- if or (eq .Values.consoleService.type "LoadBalancer") (eq .Values.consoleService.type "NodePort") }} + externalTrafficPolicy: {{ .Values.consoleService.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.consoleService.type "LoadBalancer") .Values.consoleService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ .Values.consoleService.loadBalancerSourceRanges }} + {{ end }} + {{- if and (eq .Values.consoleService.type "LoadBalancer") (not (empty .Values.consoleService.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.consoleService.loadBalancerIP }} + {{- end }} + ports: + - name: {{ $scheme }} + port: {{ .Values.consoleService.port }} + protocol: TCP + {{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} + nodePort: {{ .Values.consoleService.nodePort }} + {{- else }} + targetPort: {{ .Values.minioConsolePort }} + {{- end }} + {{- if .Values.consoleService.externalIPs }} + externalIPs: + {{- range $i , $ip := .Values.consoleService.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/deployment.yaml new file mode 100644 index 000000000..4c57010fd --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/deployment.yaml @@ -0,0 +1,213 @@ +{{- if eq .Values.mode "standalone" }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +apiVersion: {{ template "minio.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} +spec: + strategy: + type: {{ .Values.deploymentUpdate.type }} + {{- if eq .Values.deploymentUpdate.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ .Values.deploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.deploymentUpdate.maxUnavailable }} + {{- end }} + replicas: 1 + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + annotations: + {{- if not .Values.ignoreChartChecksums }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | trimSuffix "\n" | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: "{{ .Values.runtimeClassName }}" + {{- end }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/bin/sh" + - "-ce" + - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" + volumeMounts: + - name: minio-user + mountPath: "/tmp/credentials" + readOnly: true + - name: export + mountPath: {{ .Values.mountPath }} + {{- if and .Values.persistence.enabled .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + mountPath: "/tmp/minio-config-env" + {{- end }} + {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + ports: + - name: {{ $scheme }} + containerPort: {{ .Values.minioAPIPort }} + - name: {{ $scheme }}-console + containerPort: {{ .Values.minioConsolePort }} + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootPassword + {{- if .Values.extraSecret }} + - name: MINIO_CONFIG_ENV_FILE + value: "/tmp/minio-config-env/config.env" + {{- end }} + {{- if .Values.metrics.serviceMonitor.public }} + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + {{- end }} + {{- if .Values.oidc.enabled }} + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: {{ .Values.oidc.configUrl }} + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }} + valueFrom: + secretKeyRef: + name: {{ .Values.oidc.existingClientSecretName }} + key: {{ .Values.oidc.existingClientIdKey }} + {{- else }} + value: {{ .Values.oidc.clientId }} + {{- end }} + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET + {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }} + valueFrom: + secretKeyRef: + name: {{ .Values.oidc.existingClientSecretName }} + key: {{ .Values.oidc.existingClientSecretKey }} + {{- else }} + value: {{ .Values.oidc.clientSecret }} + {{- end }} + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: {{ .Values.oidc.claimName }} + - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX + value: {{ .Values.oidc.claimPrefix }} + - name: MINIO_IDENTITY_OPENID_SCOPES + value: {{ .Values.oidc.scopes }} + - name: MINIO_IDENTITY_OPENID_COMMENT + value: {{ .Values.oidc.comment }} + - name: MINIO_IDENTITY_OPENID_REDIRECT_URI + value: {{ .Values.oidc.redirectUri }} + - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME + value: {{ .Values.oidc.displayName }} + {{- end }} + {{- if .Values.etcd.endpoints }} + - name: MINIO_ETCD_ENDPOINTS + value: {{ join "," .Values.etcd.endpoints | quote }} + {{- if .Values.etcd.clientCert }} + - name: MINIO_ETCD_CLIENT_CERT + value: "/tmp/credentials/etcd_client_cert.pem" + {{- end }} + {{- if .Values.etcd.clientCertKey }} + - name: MINIO_ETCD_CLIENT_CERT_KEY + value: "/tmp/credentials/etcd_client_cert_key.pem" + {{- end }} + {{- if .Values.etcd.pathPrefix }} + - name: MINIO_ETCD_PATH_PREFIX + value: {{ .Values.etcd.pathPrefix }} + {{- end }} + {{- if .Values.etcd.corednsPathPrefix }} + - name: MINIO_ETCD_COREDNS_PATH + value: {{ .Values.etcd.corednsPathPrefix }} + {{- end }} + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ tpl $val $ | quote }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12}} + {{- end }} + {{- end }} + {{- with .Values.extraContainers }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: export + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + secret: + secretName: {{ .Values.extraSecret }} + {{- end }} + - name: minio-user + secret: + secretName: {{ template "minio.secretName" . }} + {{- include "minio.tlsKeysVolume" . | indent 8 }} + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ingress.yaml new file mode 100644 index 000000000..1a564c6bc --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/ingress.yaml @@ -0,0 +1,55 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "minio.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: {{ template "minio.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ $ingressPath }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if . }} + host: {{ tpl . $ | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/networkpolicy.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/networkpolicy.yaml new file mode 100644 index 000000000..b9c077171 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/networkpolicy.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.networkPolicy.enabled) (eq .Values.networkPolicy.flavor "kubernetes") }} +kind: NetworkPolicy +apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.minioAPIPort }} + - port: {{ .Values.minioConsolePort }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "minio.name" . }}-client: "true" + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/poddisruptionbudget.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..a5f90a080 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/poddisruptionbudget.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodDisruptionBudget" }} +apiVersion: policy/v1beta1 +{{- else }} +apiVersion: policy/v1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: minio + labels: + app: {{ template "minio.name" . }} +spec: + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + app: {{ template "minio.name" . }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/post-job.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/post-job.yaml new file mode 100644 index 000000000..955d6558c --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/post-job.yaml @@ -0,0 +1,258 @@ +{{- if or .Values.buckets .Values.users .Values.policies .Values.customCommands .Values.svcaccts }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-post-job + labels: + app: {{ template "minio.name" . }}-post-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + {{- with .Values.postJob.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + {{- if .Values.postJob.podAnnotations }} + annotations: {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} + {{- end }} + spec: + restartPolicy: OnFailure + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} + {{- end }} + {{- with .Values.postJob.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.postJob.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.postJob.securityContext.enabled }} + securityContext: {{ omit .Values.postJob.securityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumes: + - name: etc-path + emptyDir: {} + - name: tmp + emptyDir: {} + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ template "minio.secretName" . }} + {{- range (concat .Values.users (default (list) .Values.svcaccts)) }} + {{- if .existingSecret }} + - secret: + name: {{ tpl .existingSecret $ }} + items: + - key: {{ .existingSecretKey }} + path: secrets/{{ tpl .existingSecret $ }}/{{ tpl .existingSecretKey $ }} + {{- end }} + {{- end }} + {{- range ( default list .Values.svcaccts ) }} + {{- if .existingSecret }} + - secret: + name: {{ tpl .existingSecret $ }} + items: + - key: {{ .existingSecretKey }} + path: secrets-svc/{{ tpl .existingSecret $ }}/{{ tpl .existingSecretKey $ }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{- end }} + {{- if .Values.customCommandJob.extraVolumes }} + {{- toYaml .Values.customCommandJob.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} + {{- if .Values.policies }} + initContainers: + - name: minio-make-policy + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.makePolicyJob.securityContext.enabled }} + {{- with .Values.makePolicyJob.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makePolicyJob.exitCommand }} + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] + {{- else }} + command: [ "/bin/sh", "/config/add-policy" ] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{- end }} + resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} + {{- end }} + containers: + {{- if .Values.buckets }} + - name: minio-make-bucket + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.makeBucketJob.securityContext.enabled }} + {{- with .Values.makeBucketJob.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makeBucketJob.exitCommand }} + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] + {{- else }} + command: [ "/bin/sh", "/config/initialize" ] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{- end }} + resources: {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} + {{- end }} + {{- if .Values.users }} + - name: minio-make-user + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.makeUserJob.securityContext.enabled }} + {{- with .Values.makeUserJob.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makeUserJob.exitCommand }} + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] + {{- else }} + command: [ "/bin/sh", "/config/add-user" ] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{- end }} + resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} + {{- end }} + {{- if .Values.customCommands }} + - name: minio-custom-command + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.customCommandJob.securityContext.enabled }} + {{- with .Values.customCommandJob.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.customCommandJob.exitCommand }} + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/custom-command; EV=$?; {{ .Values.customCommandJob.exitCommand }} && exit $EV" ] + {{- else }} + command: [ "/bin/sh", "/config/custom-command" ] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{- end }} + {{- if .Values.customCommandJob.extraVolumeMounts }} + {{- toYaml .Values.customCommandJob.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.customCommandJob.resources | nindent 12 }} + {{- end }} + {{- if .Values.svcaccts }} + - name: minio-make-svcacct + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.makeServiceAccountJob.securityContext.enabled }} + {{- with .Values.makeServiceAccountJob.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makeServiceAccountJob.exitCommand }} + command: [ "/bin/sh", "-c" ] + args: ["/bin/sh /config/add-svcacct; EV=$?; {{ .Values.makeServiceAccountJob.exitCommand }} && exit $EV" ] + {{- else }} + command: ["/bin/sh", "/config/add-svcacct"] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{- end }} + resources: {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/pvc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/pvc.yaml new file mode 100644 index 000000000..60f5267b0 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if eq .Values.mode "standalone" }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- if .Values.persistence.volumeName }} + volumeName: "{{ .Values.persistence.volumeName }}" + {{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/secrets.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/secrets.yaml new file mode 100644 index 000000000..476c3da51 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "minio.secretName" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + rootUser: {{ include "minio.root.username" . | b64enc | quote }} + rootPassword: {{ include "minio.root.password" . | b64enc | quote }} + {{- if .Values.etcd.clientCert }} + etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }} + {{- end }} + {{- if .Values.etcd.clientCertKey }} + etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/securitycontextconstraints.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/securitycontextconstraints.yaml new file mode 100644 index 000000000..4bac7e372 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/securitycontextconstraints.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +readOnlyRootFilesystem: false +defaultAddCapabilities: [] +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +fsGroup: + type: MustRunAs + ranges: + - max: {{ .Values.securityContext.fsGroup }} + min: {{ .Values.securityContext.fsGroup }} +runAsUser: + type: MustRunAs + uid: {{ .Values.securityContext.runAsUser }} +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/service.yaml new file mode 100644 index 000000000..d872cd07a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/service.yaml @@ -0,0 +1,46 @@ +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + monitoring: "true" + {{- if .Values.service.annotations }} + annotations: {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }} + {{- end }} + ports: + - name: {{ $scheme }} + port: {{ .Values.service.port }} + protocol: TCP + {{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- else }} + targetPort: {{ .Values.minioAPIPort }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: + {{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/serviceaccount.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/serviceaccount.yaml new file mode 100644 index 000000000..07840153d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name | quote }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/servicemonitor.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/servicemonitor.yaml new file mode 100644 index 000000000..f875a850e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/servicemonitor.yaml @@ -0,0 +1,112 @@ +{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "minio.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.tls.enabled }} + - port: https + scheme: https + tlsConfig: + ca: + secret: + name: {{ .Values.tls.certSecret }} + key: {{ .Values.tls.publicCrt }} + serverName: {{ template "minio.fullname" . }} + {{- else }} + - port: http + scheme: http + {{- end }} + path: /minio/v2/metrics/node + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelConfigs }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }} + {{- end }} + {{- if not .Values.metrics.serviceMonitor.public }} + bearerTokenSecret: + name: {{ template "minio.fullname" . }}-prometheus + key: token + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + app: {{ include "minio.name" . }} + release: {{ .Release.Name }} + monitoring: "true" +{{- end }} +{{- if .Values.metrics.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Probe +metadata: + name: {{ template "minio.fullname" . }}-cluster + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + jobName: {{ template "minio.fullname" . }} + {{- if .Values.tls.enabled }} + tlsConfig: + ca: + secret: + name: {{ .Values.tls.certSecret }} + key: {{ .Values.tls.publicCrt }} + serverName: {{ template "minio.fullname" . }} + {{- end }} + prober: + url: {{ template "minio.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} + path: /minio/v2/metrics/cluster + {{- if .Values.tls.enabled }} + scheme: https + {{- else }} + scheme: http + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | nindent 2 }} + {{- end }} + targets: + staticConfig: + static: + - {{ template "minio.fullname" . }}.{{ .Release.Namespace }} + {{- if not .Values.metrics.serviceMonitor.public }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + bearerTokenSecret: + name: {{ template "minio.fullname" . }}-prometheus + key: token + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/statefulset.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/statefulset.yaml new file mode 100644 index 000000000..d671eaaf4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/templates/statefulset.yaml @@ -0,0 +1,267 @@ +{{- if eq .Values.mode "distributed" }} +{{ $poolCount := .Values.pools | int }} +{{ $nodeCount := .Values.replicas | int }} +{{ $replicas := mul $poolCount $nodeCount }} +{{ $drivesPerNode := .Values.drivesPerNode | int }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} +{{ $mountPath := .Values.mountPath }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +{{ $subPath := .Values.persistence.subPath }} +{{ $penabled := .Values.persistence.enabled }} +{{ $accessMode := .Values.persistence.accessMode }} +{{ $storageClass := .Values.persistence.storageClass }} +{{ $psize := .Values.persistence.size }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }}-svc + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + publishNotReadyAddresses: true + clusterIP: None + ports: + - name: {{ $scheme }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.minioAPIPort }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +--- +apiVersion: {{ template "minio.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} +spec: + updateStrategy: + type: {{ .Values.statefulSetUpdate.updateStrategy }} + podManagementPolicy: "Parallel" + serviceName: {{ template "minio.fullname" . }}-svc + replicas: {{ $replicas }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + annotations: + {{- if not .Values.ignoreChartChecksums }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: "{{ .Values.runtimeClassName }}" + {{- end }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ + "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{ else }}{{ $bucketRoot }}{{end }}{{- end }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" + ] + volumeMounts: + {{- if $penabled }} + {{- if (gt $drivesPerNode 1) }} + {{- range $i := until $drivesPerNode }} + - name: export-{{ $i }} + mountPath: {{ $mountPath }}-{{ $i }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- else }} + - name: export + mountPath: {{ $mountPath }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + mountPath: "/tmp/minio-config-env" + {{- end }} + {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + ports: + - name: {{ $scheme }} + containerPort: {{ .Values.minioAPIPort }} + - name: {{ $scheme }}-console + containerPort: {{ .Values.minioConsolePort }} + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootPassword + {{- if .Values.extraSecret }} + - name: MINIO_CONFIG_ENV_FILE + value: "/tmp/minio-config-env/config.env" + {{- end }} + {{- if .Values.metrics.serviceMonitor.public }} + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + {{- end }} + {{- if .Values.oidc.enabled }} + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: {{ .Values.oidc.configUrl }} + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }} + valueFrom: + secretKeyRef: + name: {{ .Values.oidc.existingClientSecretName }} + key: {{ .Values.oidc.existingClientIdKey }} + {{- else }} + value: {{ .Values.oidc.clientId }} + {{- end }} + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET + {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }} + valueFrom: + secretKeyRef: + name: {{ .Values.oidc.existingClientSecretName }} + key: {{ .Values.oidc.existingClientSecretKey }} + {{- else }} + value: {{ .Values.oidc.clientSecret }} + {{- end }} + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: {{ .Values.oidc.claimName }} + - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX + value: {{ .Values.oidc.claimPrefix }} + - name: MINIO_IDENTITY_OPENID_SCOPES + value: {{ .Values.oidc.scopes }} + - name: MINIO_IDENTITY_OPENID_COMMENT + value: {{ .Values.oidc.comment }} + - name: MINIO_IDENTITY_OPENID_REDIRECT_URI + value: {{ .Values.oidc.redirectUri }} + - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME + value: {{ .Values.oidc.displayName }} + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ tpl $val $ | quote }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12}} + {{- end }} + {{- end }} + {{- with .Values.extraContainers }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + volumes: + - name: minio-user + secret: + secretName: {{ template "minio.secretName" . }} + {{- if .Values.extraSecret }} + - name: extra-secret + secret: + secretName: {{ .Values.extraSecret }} + {{- end }} + {{- include "minio.tlsKeysVolume" . | indent 8 }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + {{- if gt $drivesPerNode 1 }} + {{- range $diskId := until $drivesPerNode}} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: export-{{ $diskId }} + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} + {{- else }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: export + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/values.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/values.yaml new file mode 100644 index 000000000..8eb9863f6 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/minio/values.yaml @@ -0,0 +1,593 @@ +## Provide a name in place of minio for `app:` labels +## +nameOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## set kubernetes cluster domain where minio is running +## +clusterDomain: cluster.local + +## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the +## +image: + repository: quay.io/minio/minio + tag: RELEASE.2024-04-18T19-09-19Z + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio +## client used to create a default bucket). +## +mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2024-04-18T16-45-29Z + pullPolicy: IfNotPresent + +## minio mode, i.e. standalone or distributed +mode: distributed ## other supported values are "standalone" + +## Additional labels to include with deployment or statefulset +additionalLabels: {} + +## Additional annotations to include with deployment or statefulset +additionalAnnotations: {} + +## Typically the deployment/statefulset includes checksums of secrets/config, +## So that when these change on a subsequent helm install, the deployment/statefulset +## is restarted. This can result in unnecessary restarts under GitOps tooling such as +## flux, so set to "true" to disable this behaviour. +ignoreChartChecksums: false + +## Additional arguments to pass to minio binary +extraArgs: [] +# example for enabling FTP: +# - --ftp=\"address=:8021\" +# - --ftp=\"passive-port-range=10000-10010\" + +## Additional volumes to minio container +extraVolumes: [] + +## Additional volumeMounts to minio container +extraVolumeMounts: [] + +## Additional sidecar containers +extraContainers: [] + +## Internal port number for MinIO S3 API container +## Change service.port to change external port number +minioAPIPort: "9000" + +## Internal port number for MinIO Browser Console container +## Change consoleService.port to change external port number +minioConsolePort: "9001" + +## Update strategy for Deployments +deploymentUpdate: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 100% + +## Update strategy for StatefulSets +statefulSetUpdate: + updateStrategy: RollingUpdate + +## Pod priority settings +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" + +## Pod runtime class name +## ref https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" + +## Set default rootUser, rootPassword +## rootUser and rootPassword is generated when not set +## Distributed MinIO ref: https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html +## +rootUser: "" +rootPassword: "" + +## Use existing Secret that store following variables: +## +## | Chart var | .data. in Secret | +## |:----------------------|:-------------------------| +## | rootUser | rootUser | +## | rootPassword | rootPassword | +## +## All mentioned variables will be ignored in values file. +## .data.rootUser and .data.rootPassword are mandatory, +## others depend on enabled status of corresponding sections. +existingSecret: "" + +## Directory on the MinIO pof +certsPath: "/etc/minio/certs/" +configPathmc: "/etc/minio/mc/" + +## Path where PV would be mounted on the MinIO Pod +mountPath: "/export" +## Override the root directory which the minio server should serve from. +## If left empty, it defaults to the value of {{ .Values.mountPath }} +## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} +## +bucketRoot: "" + +# Number of drives attached to a node +drivesPerNode: 1 +# Number of MinIO containers running +replicas: 16 +# Number of expanded MinIO clusters +pools: 1 + +## TLS Settings for MinIO +tls: + enabled: false + ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + certSecret: "" + publicCrt: public.crt + privateKey: private.key + +## Trusted Certificates Settings for MinIO. Ref: https://min.io/docs/minio/linux/operations/network-encryption.html#third-party-certificate-authorities +## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret +## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt. +## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret. +trustedCertsSecret: "" + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: true + annotations: {} + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## minio data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## Storage class of PV to bind. By default it looks for standard storage class. + ## If the PV uses a different storage class, specify that here. + storageClass: "" + volumeName: "" + accessMode: ReadWriteOnce + size: 500Gi + + ## If subPath is set mount a sub folder of a volume instead of the root of the volume. + ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). + ## + subPath: "" + +## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + clusterIP: ~ + port: "9000" + nodePort: 32000 + loadBalancerIP: ~ + externalIPs: [] + annotations: {} + + ## service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + #loadBalancerSourceRanges: + # - 10.10.10.0/24 + loadBalancerSourceRanges: [] + + ## service.externalTrafficPolicy minio service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + +## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## + +ingress: + enabled: false + ingressClassName: ~ + labels: {} + # node-role.kubernetes.io/ingress: platform + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.allow-http: "false" + # kubernetes.io/ingress.global-static-ip-name: "" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + path: / + hosts: + - minio-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +consoleService: + type: ClusterIP + clusterIP: ~ + port: "9001" + nodePort: 32001 + loadBalancerIP: ~ + externalIPs: [] + annotations: {} + ## consoleService.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + #loadBalancerSourceRanges: + # - 10.10.10.0/24 + loadBalancerSourceRanges: [] + + ## servconsoleServiceice.externalTrafficPolicy minio service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + +consoleIngress: + enabled: false + ingressClassName: ~ + labels: {} + # node-role.kubernetes.io/ingress: platform + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.allow-http: "false" + # kubernetes.io/ingress.global-static-ip-name: "" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + path: / + hosts: + - console.minio-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +tolerations: [] +affinity: {} +topologySpreadConstraints: [] + +## Add stateful containers to have security context, if enabled MinIO will run as this +## user and group NOTE: securityContext is only enabled if persistence.enabled=true +securityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: "OnRootMismatch" + +containerSecurityContext: + readOnlyRootFilesystem: false + +# Additational pod annotations +podAnnotations: {} + +# Additional pod labels +podLabels: {} + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 16Gi + +## List of policies to be created after minio install +## +## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics] +## you can define additional policies with custom supported actions and resources +policies: [] +## writeexamplepolicy policy grants creation or deletion of buckets with name +## starting with example. In addition, grants objects write permissions on buckets starting with +## example. +# - name: writeexamplepolicy +# statements: +# - effect: Allow # this is the default +# resources: +# - 'arn:aws:s3:::example*/*' +# actions: +# - "s3:AbortMultipartUpload" +# - "s3:GetObject" +# - "s3:DeleteObject" +# - "s3:PutObject" +# - "s3:ListMultipartUploadParts" +# - resources: +# - 'arn:aws:s3:::example*' +# actions: +# - "s3:CreateBucket" +# - "s3:DeleteBucket" +# - "s3:GetBucketLocation" +# - "s3:ListBucket" +# - "s3:ListBucketMultipartUploads" +## readonlyexamplepolicy policy grants access to buckets with name starting with example. +## In addition, grants objects read permissions on buckets starting with example. +# - name: readonlyexamplepolicy +# statements: +# - resources: +# - 'arn:aws:s3:::example*/*' +# actions: +# - "s3:GetObject" +# - resources: +# - 'arn:aws:s3:::example*' +# actions: +# - "s3:GetBucketLocation" +# - "s3:ListBucket" +# - "s3:ListBucketMultipartUploads" +## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only +# - name: conditionsexample +# statements: +# - resources: +# - 'arn:aws:s3:::example/*' +# actions: +# - 's3:*' +# conditions: +# - StringEquals: '"aws:username": "johndoe"' +# - IpAddress: | +# "aws:SourceIp": [ +# "10.0.0.0/8", +# "192.168.0.0/24" +# ] +# +## Additional Annotations for the Kubernetes Job makePolicyJob +makePolicyJob: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + resources: + requests: + memory: 128Mi + # Command to run after the main command on exit + exitCommand: "" + +## List of users to be created after minio install +## +users: + ## Username, password and policy to be assigned to the user + ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] + ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management + ## NOTE: this will fail if LDAP is enabled in your MinIO deployment + ## make sure to disable this if you are using LDAP. + - accessKey: console + secretKey: console123 + policy: consoleAdmin + # Or you can refer to specific secret + #- accessKey: externalSecret + # existingSecret: my-secret + # existingSecretKey: password + # policy: readonly + +## Additional Annotations for the Kubernetes Job makeUserJob +makeUserJob: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + resources: + requests: + memory: 128Mi + # Command to run after the main command on exit + exitCommand: "" + +## List of service accounts to be created after minio install +## +svcaccts: [] + ## accessKey, secretKey and parent user to be assigned to the service accounts + ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts + # - accessKey: console-svcacct + # secretKey: console123 + # user: console + ## Or you can refer to specific secret + # - accessKey: externalSecret + # existingSecret: my-secret + # existingSecretKey: password + # user: console + ## You also can pass custom policy + # - accessKey: console-svcacct + # secretKey: console123 + # user: console + # policy: + # statements: + # - resources: + # - 'arn:aws:s3:::example*/*' + # actions: + # - "s3:AbortMultipartUpload" + # - "s3:GetObject" + # - "s3:DeleteObject" + # - "s3:PutObject" + # - "s3:ListMultipartUploadParts" + +makeServiceAccountJob: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + resources: + requests: + memory: 128Mi + # Command to run after the main command on exit + exitCommand: "" + +## List of buckets to be created after minio install +## +buckets: [] + # # Name of the bucket + # - name: bucket1 + # # Policy to be set on the + # # bucket [none|download|upload|public] + # policy: none + # # Purge if bucket exists already + # purge: false + # # set versioning for + # # bucket [true|false] + # versioning: false # remove this key if you do not want versioning feature + # # set objectlocking for + # # bucket [true|false] NOTE: versioning is enabled by default if you use locking + # objectlocking: false + # - name: bucket2 + # policy: none + # purge: false + # versioning: true + # # set objectlocking for + # # bucket [true|false] NOTE: versioning is enabled by default if you use locking + # objectlocking: false + +## Additional Annotations for the Kubernetes Job makeBucketJob +makeBucketJob: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + resources: + requests: + memory: 128Mi + # Command to run after the main command on exit + exitCommand: "" + +## List of command to run after minio install +## NOTE: the mc command TARGET is always "myminio" +customCommands: + # - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'" + +## Additional Annotations for the Kubernetes Job customCommandJob +customCommandJob: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + resources: + requests: + memory: 128Mi + ## Additional volumes to add to the post-job. + extraVolumes: [] + # - name: extra-policies + # configMap: + # name: my-extra-policies-cm + ## Additional volumeMounts to add to the custom commands container when + ## running the post-job. + extraVolumeMounts: [] + # - name: extra-policies + # mountPath: /mnt/extras/ + # Command to run after the main command on exit + exitCommand: "" + +## Merge jobs +postJob: + podAnnotations: {} + annotations: {} + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + nodeSelector: {} + tolerations: [] + affinity: {} + +## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) +## when Chart is deployed +environment: + ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html + ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io" + ## MINIO_BROWSER: "off" + +## The name of a secret in the same kubernetes namespace which contain secret values +## This can be useful for LDAP password, etc +## The key in the secret must be 'config.env' +## +extraSecret: ~ + +## OpenID Identity Management +## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. +## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. +oidc: + enabled: false + configUrl: "https://identity-provider-url/.well-known/openid-configuration" + clientId: "minio" + clientSecret: "" + # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret`` + existingClientSecretName: "" + existingClientIdKey: "" + existingClientSecretKey: "" + claimName: "policy" + scopes: "openid,profile,email" + redirectUri: "https://console-endpoint-url/oauth_callback" + # Can leave empty + claimPrefix: "" + comment: "" + displayName: "" + +networkPolicy: + enabled: false + # Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) + # or Cilium Network Policies (flavor: cilium) + flavor: kubernetes + allowExternal: true + # only when using flavor: cilium + egressEntities: + - kube-apiserver + +## PodDisruptionBudget settings +## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ +## +podDisruptionBudget: + enabled: false + maxUnavailable: 1 + +## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' +## and 'name' is left unspecified, the account 'default' will be used. +serviceAccount: + create: true + ## The name of the service account to use. If 'create' is 'true', a service account with that name + ## will be created. + name: "minio-sa" + +metrics: + serviceMonitor: + enabled: false + # scrape each node/pod individually for additional metrics + includeNode: false + public: true + additionalLabels: {} + annotations: {} + # for node metrics + relabelConfigs: {} + # for cluster metrics + relabelConfigsCluster: {} + # metricRelabelings: + # - regex: (server|pod) + # action: labeldrop + namespace: ~ + # Scrape interval, for example `interval: 30s` + interval: ~ + # Scrape timeout, for example `scrapeTimeout: 10s` + scrapeTimeout: ~ + +## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md +## Define endpoints to enable this section. +etcd: + endpoints: [] + pathPrefix: "" + corednsPathPrefix: "" + clientCert: "" + clientCertKey: "" diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/.helmignore b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/.helmignore new file mode 100644 index 000000000..240dfde2a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# template tests +/test diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/Chart.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/Chart.yaml new file mode 100644 index 000000000..400ad07d4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +appVersion: 2.10.22 +description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications + Technology. +home: http://github.com/nats-io/k8s +icon: https://nats.io/img/nats-icon-color.png +keywords: +- nats +- messaging +- cncf +maintainers: +- email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io +name: nats +version: 1.2.6 diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/README.md b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/README.md new file mode 100644 index 000000000..0916999df --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/README.md @@ -0,0 +1,329 @@ +# NATS Server + +--- + +[NATS](https://nats.io) is a simple, secure and performant communications system for digital systems, services and devices. +NATS is part of the Cloud Native Computing Foundation ([CNCF](https://cncf.io)). +NATS has over [30 client language implementations](https://nats.io/download/), and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. +NATS can secure and simplify design and operation of modern distributed systems. + +```shell +helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +helm upgrade --install nats nats/nats +``` + +## Upgrade Nodes + +- **Upgrading from 0.x**: The `values.yaml` schema changed significantly from 0.x to 1.x. Read [UPGRADING.md](UPGRADING.md) for instructions on upgrading a 0.x release to 1.x. + +## Values + +There are a handful of explicitly defined options which are documented with comments in the [values.yaml](values.yaml) file. + +Everything in the NATS Config or Kubernetes Resources can be overridden by `merge` and `patch`, which is supported for the following values: + +| key | type | enabled by default | +|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| +| `config` | [NATS Config](https://docs.nats.io/running-a-nats-service/configuration) | yes | +| `config.cluster` | [NATS Cluster](https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config) | no | +| `config.cluster.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.jetstream` | [NATS JetStream](https://docs.nats.io/running-a-nats-service/configuration#jetstream) | no | +| `config.jetstream.fileStore.pvc` | [k8s PVC](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core) | yes, when `config.jetstream` is enabled | +| `config.nats.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.leafnodes` | [NATS LeafNodes](https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf) | no | +| `config.leafnodes.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.websocket` | [NATS WebSocket](https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf) | no | +| `config.websocket.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.websocket.ingress` | [k8s Ingress](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io) | no | +| `config.mqtt` | [NATS MQTT](https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config) | no | +| `config.mqtt.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.gateway` | [NATS Gateway](https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block) | no | +| `config.gateway.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.resolver` | [NATS Resolver](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver) | no | +| `config.resolver.pvc` | [k8s PVC](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core) | yes, when `config.resolver` is enabled | +| `container` | nats [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `reloader` | config reloader [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `promExporter` | prometheus exporter [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | no | +| `promExporter.podMonitor` | [prometheus PodMonitor](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor) | no | +| `service` | [k8s Service](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core) | yes | +| `statefulSet` | [k8s StatefulSet](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps) | yes | +| `podTemplate` | [k8s PodTemplate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core) | yes | +| `headlessService` | [k8s Service](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core) | yes | +| `configMap` | [k8s ConfigMap](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core) | yes | +| `natsBox.contexts.default` | [NATS Context](https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts) | yes | +| `natsBox.contexts.[name]` | [NATS Context](https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts) | no | +| `natsBox.container` | nats-box [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `natsBox.deployment` | [k8s Deployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps) | yes | +| `natsBox.podTemplate` | [k8s PodTemplate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core) | yes | +| `natsBox.contextsSecret` | [k8s Secret](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core) | yes | +| `natsBox.contentsSecret` | [k8s Secret](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core) | yes | + +### Merge + +Merging is performed using the Helm `merge` function. Example - add NATS accounts and container resources: + +```yaml +config: + merge: + accounts: + A: + users: + - {user: a, password: a} + B: + users: + - {user: b, password: b} +natsBox: + contexts: + a: + merge: {user: a, password: a} + b: + merge: {user: b, password: b} + defaultContextName: a +``` + +## Patch + +Patching is performed using [JSON Patch](https://jsonpatch.com/). Example - add additional route to end of route list: + +```yaml +config: + cluster: + enabled: true + patch: + - op: add + path: /routes/- + value: nats://demo.nats.io:6222 +``` + +## Common Configurations + +### JetStream Cluster on 3 separate hosts + +```yaml +config: + cluster: + enabled: true + replicas: 3 + jetstream: + enabled: true + fileStore: + pvc: + size: 10Gi + +podTemplate: + topologySpreadConstraints: + kubernetes.io/hostname: + maxSkew: 1 + whenUnsatisfiable: DoNotSchedule +``` + +### NATS Container Resources + +```yaml +container: + env: + # different from k8s units, suffix must be B, KiB, MiB, GiB, or TiB + # should be ~90% of memory limit + GOMEMLIMIT: 7GiB + merge: + # recommended limit is at least 2 CPU cores and 8Gi Memory for production JetStream clusters + resources: + requests: + cpu: "2" + memory: 8Gi + limits: + cpu: "2" + memory: 8Gi +``` + +### Specify Image Version + +```yaml +container: + image: + tag: x.y.z-alpine +``` + +### Operator Mode with NATS Resolver + +Run `nsc generate config --nats-resolver` and replace the `OPERATOR_JWT`, `SYS_ACCOUNT_ID`, and `SYS_ACCOUNT_JWT` with your values. +Make sure that you do not include the trailing `,` in the `SYS_ACCOUNT_JWT`. + +``` +config: + resolver: + enabled: true + merge: + type: full + interval: 2m + timeout: 1.9s + merge: + operator: OPERATOR_JWT + system_account: SYS_ACCOUNT_ID + resolver_preload: + SYS_ACCOUNT_ID: SYS_ACCOUNT_JWT +``` + + +## Accessing NATS + +The chart contains 2 services by default, `service` and `headlessService`. + +### `service` + +The `service` is intended to be accessed by NATS Clients. It is a `ClusterIP` service by default, however it can easily be changed to a different service type. + +The `nats`, `websocket`, `leafnodes`, and `mqtt` ports will be exposed through this service by default if they are enabled. + +Example: change this service type to a `LoadBalancer`: + +```yaml +service: + merge: + spec: + type: LoadBalancer +``` + +### `headlessService` + +The `headlessService` is used for NATS Servers in the Stateful Set to discover one another. It is primarily intended to be used for Cluster Route connections. + +### TLS Considerations + +The TLS Certificate used for Client Connections should have a SAN covering DNS Name that clients access the `service` at. + +The TLS Certificate used for Cluster Route Connections should have a SAN covering the DNS Name that routes access each other on the `headlessService` at. This is `*.` by default. + +## Advanced Features + +### Templating Values + +Anything in `values.yaml` can be templated: + +- maps matching the following syntax will be templated and parsed as YAML: + ```yaml + $tplYaml: | + yaml template + ``` +- maps matching the follow syntax will be templated, parsed as YAML, and spread into the parent map/slice + ```yaml + $tplYamlSpread: | + yaml template + ``` + +Example - change service name: + +```yaml +service: + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-svc +``` + +### NATS Config Units and Variables + +NATS configuration extends JSON, and can represent Units and Variables. They must be wrapped in `<< >>` in order to template correctly. Example: + +```yaml +config: + merge: + authorization: + # variable + token: << $TOKEN >> + # units + max_payload: << 2MB >> +``` + +templates to the `nats.conf`: + +``` +{ + "authorization": { + "token": $TOKEN + }, + "max_payload": 2MB, + "port": 4222, + ... +} +``` + +### NATS Config Includes + +Any NATS Config key ending in `$include` will be replaced with an include directive. Included files should be in paths relative to `/etc/nats-config`. Multiple `$include` keys are supported by using a prefix, and will be sorted alphabetically. Example: + +```yaml +config: + merge: + 00$include: auth.conf + 01$include: params.conf +configMap: + merge: + data: + auth.conf: | + accounts: { + A: { + users: [ + {user: a, password: a} + ] + }, + B: { + users: [ + {user: b, password: b} + ] + }, + } + params.conf: | + max_payload: 2MB +``` + +templates to the `nats.conf`: + +``` +include auth.conf; +"port": 4222, +... +include params.conf; +``` + +### Extra Resources + +Enables adding additional arbitrary resources. Example - expose WebSocket via VirtualService in Istio: + +```yaml +config: + websocket: + enabled: true +extraResources: +- apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + namespace: + $tplYamlSpread: > + {{ include "nats.metadataNamespace" $ }} + name: + $tplYaml: > + {{ include "nats.fullname" $ | quote }} + labels: + $tplYaml: | + {{ include "nats.labels" $ }} + spec: + hosts: + - demo.nats.io + gateways: + - my-gateway + http: + - name: default + match: + - name: root + uri: + exact: / + route: + - destination: + host: + $tplYaml: > + {{ .Values.service.name | quote }} + port: + number: + $tplYaml: > + {{ .Values.config.websocket.port }} +``` diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/UPGRADING.md b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/UPGRADING.md new file mode 100644 index 000000000..9cc177991 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/UPGRADING.md @@ -0,0 +1,155 @@ +# Upgrading from 0.x to 1.x + +Instructions for upgrading an existing `nats` 0.x release to 1.x. + +## Rename Immutable Fields + +There are a number of immutable fields in the NATS Stateful Set and NATS Box deployment. All 1.x `values.yaml` files targeting an existing 0.x release will require some or all of these settings: + +```yaml +config: + # required if using JetStream file storage + jetstream: + # uncomment the next line if using JetStream file storage + # enabled: true + fileStore: + pvc: + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-js-pvc + # set other PVC options here to make it match 0.x, refer to values.yaml for schema + + # required if using a full or cache resolver + resolver: + # uncomment the next line if using a full or cache resolver + # enabled: true + pvc: + name: nats-jwt-pvc + # set other PVC options here to make it match 0.x, refer to values.yaml for schema + +# required +statefulSet: + patch: + - op: remove + path: /spec/selector/matchLabels/app.kubernetes.io~1component + - $tplYamlSpread: |- + {{- if and + .Values.config.jetstream.enabled + .Values.config.jetstream.fileStore.enabled + .Values.config.jetstream.fileStore.pvc.enabled + .Values.config.resolver.enabled + .Values.config.resolver.pvc.enabled + }} + - op: move + from: /spec/volumeClaimTemplates/0 + path: /spec/volumeClaimTemplates/1 + {{- else}} + [] + {{- end }} + +# required +headlessService: + name: + $tplYaml: >- + {{ include "nats.fullname" . }} + +# required unless 0.x values explicitly set nats.serviceAccount.create=false +serviceAccount: + enabled: true + +# required to use new ClusterIP service for Clients accessing NATS +# if using TLS, this may require adding another SAN +service: + # uncomment the next line to disable the new ClusterIP service + # enabled: false + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-svc + +# required if using NatsBox +natsBox: + deployment: + patch: + - op: replace + path: /spec/selector/matchLabels + value: + app: nats-box + - op: add + path: /spec/template/metadata/labels/app + value: nats-box +``` + +## Update NATS Config to new values.yaml schema + +Most values that control the NATS Config have changed and moved under the `config` key. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema. + +After migrating to the new values schema, ensure that changes you expect in the NATS Config files match by templating the old and new config files. + +Template your old 0.x Config Map, this example uses a file called `values-old.yaml`: + +```sh +helm template \ + --version "0.x" \ + -f values-old.yaml \ + -s templates/configmap.yaml \ + nats \ + nats/nats +``` + +Template your new 1.x Config Map, this example uses a file called `values.yaml`: + +```sh +helm template \ + --version "^1-beta" \ + -f values.yaml \ + -s templates/config-map.yaml \ + nats \ + nats/nats +``` + +## Update Kubernetes Resources to new values.yaml schema + +Most values that control Kubernetes Resources have been changed. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema. + +After migrating to the new values schema, ensure that changes you expect in resources match by templating the old and new resources. + +| Resource | 0.x Template File | 1.x Template File | +|-------------------------|---------------------------------|-------------------------------------------| +| Config Map | `templates/configmap.yaml` | `templates/config-map.yaml` | +| Stateful Set | `templates/statefulset.yaml` | `templates/stateful-set.yaml` | +| Headless Service | `templates/service.yaml` | `templates/headless-service.yaml` | +| ClusterIP Service | N/A | `templates/service.yaml` | +| Network Policy | `templates/networkpolicy.yaml` | N/A | +| Pod Disruption Budget | `templates/pdb.yaml` | `templates/pod-disruption-budget.yaml` | +| Service Account | `templates/rbac.yaml` | `templates/service-account.yaml` | +| Resource | `templates/` | `templates/` | +| Resource | `templates/` | `templates/` | +| Prometheus Monitor | `templates/serviceMonitor.yaml` | `templates/pod-monitor.yaml` | +| NatsBox Deployment | `templates/nats-box.yaml` | `templates/nats-box/deployment.yaml` | +| NatsBox Service Account | N/A | `templates/nats-box/service-account.yaml` | +| NatsBox Contents Secret | N/A | `templates/nats-box/contents-secret.yaml` | +| NatsBox Contexts Secret | N/A | `templates/nats-box/contexts-secret.yaml` | + +For example, to check that the Stateful Set matches: + +Template your old 0.x Stateful Set, this example uses a file called `values-old.yaml`: + +```sh +helm template \ + --version "0.x" \ + -f values-old.yaml \ + -s templates/statefulset.yaml \ + nats \ + nats/nats +``` + +Template your new 1.x Stateful Set, this example uses a file called `values.yaml`: + +```sh +helm template \ + --version "^1-beta" \ + -f values.yaml \ + -s templates/stateful-set.yaml \ + nats \ + nats/nats +``` diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config-map.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config-map.yaml new file mode 100644 index 000000000..89ee3c281 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config-map.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.configMap.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +data: + nats.conf: | + {{- include "nats.formatConfig" .config | nindent 4 }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/cluster.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/cluster.yaml new file mode 100644 index 000000000..719cb8ade --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/cluster.yaml @@ -0,0 +1,32 @@ +{{- with .Values.config.cluster }} +name: {{ $.Values.statefulSet.name }} +port: {{ .port }} +no_advertise: true +routes: +{{- $proto := ternary "tls" "nats" .tls.enabled }} +{{- $auth := "" }} +{{- if and .routeURLs.user .routeURLs.password }} + {{- $auth = printf "%s:%s@" (urlquery .routeURLs.user) (urlquery .routeURLs.password) -}} +{{- end }} +{{- $domain := $.Values.headlessService.name }} +{{- if .routeURLs.useFQDN }} + {{- $domain = printf "%s.%s.svc.%s" $domain (include "nats.namespace" $) .routeURLs.k8sClusterDomain }} +{{- end }} +{{- $port := (int .port) }} +{{- range $i, $_ := until (int .replicas) }} +- {{ printf "%s://%s%s-%d.%s:%d" $proto $auth $.Values.statefulSet.name $i $domain $port }} +{{- end }} + +{{- if and .routeURLs.user .routeURLs.password }} +authorization: + user: {{ .routeURLs.user | quote }} + password: {{ .routeURLs.password | quote }} +{{- end }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/config.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/config.yaml new file mode 100644 index 000000000..92fd96f1a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/config.yaml @@ -0,0 +1,114 @@ +{{- with .Values.config }} + +server_name: << $SERVER_NAME >> +lame_duck_grace_period: 10s +lame_duck_duration: 30s +pid_file: /var/run/nats/nats.pid + +######################################## +# NATS +######################################## +{{- with .nats }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} + +######################################## +# leafnodes +######################################## +{{- with .leafnodes }} +{{- if .enabled }} +leafnodes: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/leafnodes.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# websocket +######################################## +{{- with .websocket }} +{{- if .enabled }} +websocket: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/websocket.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# MQTT +######################################## +{{- with .mqtt }} +{{- if .enabled }} +mqtt: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/mqtt.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# cluster +######################################## +{{- with .cluster }} +{{- if .enabled }} +cluster: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/cluster.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# gateway +######################################## +{{- with .gateway }} +{{- if .enabled }} +gateway: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/gateway.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# monitor +######################################## +{{- with .monitor }} +{{- if .enabled }} +{{- if .tls.enabled }} +https_port: {{ .port }} +{{- else }} +http_port: {{ .port }} +{{- end }} +{{- end }} +{{- end }} + +######################################## +# profiling +######################################## +{{- with .profiling }} +{{- if .enabled }} +prof_port: {{ .port }} +{{- end }} +{{- end }} + +######################################## +# jetstream +######################################## +{{- with $.Values.config.jetstream -}} +{{- if .enabled }} +jetstream: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/jetstream.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# resolver +######################################## +{{- with $.Values.config.resolver -}} +{{- if .enabled }} +resolver: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/resolver.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/gateway.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/gateway.yaml new file mode 100644 index 000000000..32d4ed9f7 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/gateway.yaml @@ -0,0 +1,11 @@ +{{- with .Values.config.gateway }} +name: {{ $.Values.statefulSet.name }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/jetstream.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/jetstream.yaml new file mode 100644 index 000000000..17262f643 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/jetstream.yaml @@ -0,0 +1,23 @@ +{{- with .Values.config.jetstream }} +{{- with .memoryStore }} +{{- if .enabled }} +{{- with .maxSize }} +max_memory_store: << {{ . }} >> +{{- end }} +{{- else }} +max_memory_store: 0 +{{- end }} +{{- end }} +{{- with .fileStore }} +{{- if .enabled }} +store_dir: {{ .dir }} +{{- if .maxSize }} +max_file_store: << {{ .maxSize }} >> +{{- else if .pvc.enabled }} +max_file_store: << {{ .pvc.size }} >> +{{- end }} +{{- else }} +max_file_store: 0 +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/leafnodes.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/leafnodes.yaml new file mode 100644 index 000000000..3a1d9a14a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/leafnodes.yaml @@ -0,0 +1,11 @@ +{{- with .Values.config.leafnodes }} +port: {{ .port }} +no_advertise: true + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/mqtt.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/mqtt.yaml new file mode 100644 index 000000000..e25d8a3e0 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/mqtt.yaml @@ -0,0 +1,10 @@ +{{- with .Values.config.mqtt }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/protocol.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/protocol.yaml new file mode 100644 index 000000000..288c80d75 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/protocol.yaml @@ -0,0 +1,10 @@ +{{- with .protocol }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/resolver.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/resolver.yaml new file mode 100644 index 000000000..a6761c403 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/resolver.yaml @@ -0,0 +1,3 @@ +{{- with .Values.config.resolver }} +dir: {{ .dir }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/tls.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/tls.yaml new file mode 100644 index 000000000..26aee0155 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/tls.yaml @@ -0,0 +1,16 @@ +# tls +{{- with .tls }} +{{- if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +cert_file: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }} +key_file: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }} +{{- end }} +{{- end }} + +# tlsCA +{{- with $.Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +{{- $dir := trimSuffix "/" .dir }} +ca_file: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/websocket.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/websocket.yaml new file mode 100644 index 000000000..afcd178a7 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/config/websocket.yaml @@ -0,0 +1,12 @@ +{{- with .Values.config.websocket }} +port: {{ .port }} + +{{- if .tls.enabled }} +{{- with .tls }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- else }} +no_tls: true +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/headless-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/headless-service.yaml new file mode 100644 index 000000000..da6552b37 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/headless-service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.headlessService.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + {{- include "nats.selectorLabels" $ | nindent 4 }} + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- if or (eq $protocol "nats") $configProtocol.enabled }} + {{- $tlsEnabled := false }} + {{- if hasKey $configProtocol "tls" }} + {{- $tlsEnabled = $configProtocol.tls.enabled }} + {{- end }} + {{- $appProtocol := or (eq $protocol "websocket") (eq $protocol "monitor") | ternary ($tlsEnabled | ternary "https" "http") ($tlsEnabled | ternary "tls" "tcp") }} + - {{ dict "name" $protocol "port" $configProtocol.port "targetPort" $protocol "appProtocol" $appProtocol | toYaml | nindent 4 }} + {{- end }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/ingress.yaml new file mode 100644 index 000000000..b59f0fa5f --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/ingress.yaml @@ -0,0 +1,34 @@ +{{- with .Values.config.websocket.ingress }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + {{- with .className }} + ingressClassName: {{ . | quote }} + {{- end }} + rules: + {{- $path := .path }} + {{- $pathType := .pathType }} + {{- range .hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $path | quote }} + pathType: {{ $pathType | quote }} + backend: + service: + name: {{ $.Values.service.name }} + port: + name: websocket + {{- end }} + {{- if .tlsSecretName }} + tls: + - secretName: {{ .tlsSecretName | quote }} + hosts: + {{- toYaml .hosts | nindent 4 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contents-secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contents-secret.yaml new file mode 100644 index 000000000..6e8fdb26f --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contents-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.contentsSecret.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +type: Opaque +stringData: + {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + {{- range $secretKey, $secretVal := dict "creds" "creds" "nkey" "nk" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if and $secret $secret.contents }} + "{{ $ctxKey }}.{{ $secretVal }}": {{ $secret.contents | quote }} + {{- end }} + {{- end }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/context.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/context.yaml new file mode 100644 index 000000000..54480eac9 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/context.yaml @@ -0,0 +1,51 @@ +{{- $contextName := .contextName }} + +# url +{{- if .Values.service.enabled }} +url: nats://{{ .Values.service.name }} +{{- else }} +url: nats://{{ .Values.headlessService.name }} +{{- end }} + +{{- with .context }} + +# creds +{{- with .creds}} +{{- if .contents }} +creds: /etc/nats-contents/{{ $contextName }}.creds +{{- else if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +creds: {{ printf "%s/%s" $dir (.key | default "nats.creds") | quote }} +{{- end }} +{{- end }} + +# nkey +{{- with .nkey}} +{{- if .contents }} +nkey: /etc/nats-contents/{{ $contextName }}.nk +{{- else if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +nkey: {{ printf "%s/%s" $dir (.key | default "nats.nk") | quote }} +{{- end }} +{{- end }} + +# tls +{{- with .tls }} +{{- if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +cert: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }} +key: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }} +{{- end }} +{{- end }} + +# tlsCA +{{- if $.Values.config.nats.tls.enabled }} +{{- with $.Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +{{- $dir := trimSuffix "/" .dir }} +ca: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml new file mode 100644 index 000000000..0ce8d1d87 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.contextsSecret.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +type: Opaque +stringData: +{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + "{{ $ctxKey }}.json": | + {{- include "toPrettyRawJson" (include "nats.loadMergePatch" (dict "file" "nats-box/contexts-secret/context.yaml" "merge" (.merge | default dict) "patch" (.patch | default list) "ctx" (merge (dict "contextName" $ctxKey "context" $ctxVal) $)) | fromYaml) | nindent 4 }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/container.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/container.yaml new file mode 100644 index 000000000..aa1753b4b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/container.yaml @@ -0,0 +1,46 @@ +name: nats-box +{{ include "nats.image" (merge (pick $.Values "global") .Values.natsBox.container.image) }} + +{{- with .Values.natsBox.container.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +command: +- sh +- -ec +- | + work_dir="$(pwd)" + mkdir -p "$XDG_CONFIG_HOME/nats" + cd "$XDG_CONFIG_HOME/nats" + if ! [ -s context ]; then + ln -s /etc/nats-contexts context + fi + {{- if .Values.natsBox.defaultContextName }} + if ! [ -f context.txt ]; then + echo -n {{ .Values.natsBox.defaultContextName | quote }} > context.txt + fi + {{- end }} + cd "$work_dir" + exec /entrypoint.sh "$@" +- -- +args: +- sh +- -ec +- trap true INT TERM; sleep infinity & wait +volumeMounts: +# contexts secret +- name: contexts + mountPath: /etc/nats-contexts +# contents secret +{{- if .hasContentsSecret }} +- name: contents + mountPath: /etc/nats-contents +{{- end }} +# tlsCA +{{- include "nats.tlsCAVolumeMount" $ }} +# secrets +{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }} +- name: {{ .name | quote }} + mountPath: {{ .dir | quote }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/deployment.yaml new file mode 100644 index 000000000..bf39dd8d5 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.deployment.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "natsBox.selectorLabels" $ | nindent 6 }} + replicas: 1 + template: + {{- with .Values.natsBox.podTemplate }} + {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/pod-template.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/pod-template.yaml new file mode 100644 index 000000000..71056bfb6 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/deployment/pod-template.yaml @@ -0,0 +1,44 @@ +metadata: + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +spec: + containers: + {{- with .Values.natsBox.container }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/container.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + + # service discovery uses DNS; don't need service env vars + enableServiceLinks: false + + {{- with .Values.global.image.pullSecretNames }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + + {{- with .Values.natsBox.serviceAccount }} + {{- if .enabled }} + serviceAccountName: {{ .name | quote }} + {{- end }} + {{- end }} + + volumes: + # contexts secret + - name: contexts + secret: + secretName: {{ .Values.natsBox.contextsSecret.name }} + # contents secret + {{- if .hasContentsSecret }} + - name: contents + secret: + secretName: {{ .Values.natsBox.contentsSecret.name }} + {{- end }} + # tlsCA + {{- include "nats.tlsCAVolume" $ | nindent 2 }} + # secrets + {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }} + - name: {{ .name | quote }} + secret: + secretName: {{ .secretName | quote }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/service-account.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/service-account.yaml new file mode 100644 index 000000000..c31e52f18 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/nats-box/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.serviceAccount.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-disruption-budget.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-disruption-budget.yaml new file mode 100644 index 000000000..fd1fdead5 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-disruption-budget.yaml @@ -0,0 +1,12 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.podDisruptionBudget.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-monitor.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-monitor.yaml new file mode 100644 index 000000000..c6c8eae06 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/pod-monitor.yaml @@ -0,0 +1,13 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.promExporter.podMonitor.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} + podMetricsEndpoints: + - port: prom-metrics diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service-account.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service-account.yaml new file mode 100644 index 000000000..22c18cc70 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.serviceAccount.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service.yaml new file mode 100644 index 000000000..db08fe5b5 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.service.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + {{- include "nats.selectorLabels" $ | nindent 4 }} + ports: + {{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- $servicePort := get $.Values.service.ports $protocol }} + {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $servicePort.enabled }} + {{- $tlsEnabled := false }} + {{- if hasKey $configProtocol "tls" }} + {{- $tlsEnabled = $configProtocol.tls.enabled }} + {{- end }} + {{- $appProtocol := or (eq $protocol "websocket") (eq $protocol "monitor") | ternary ($tlsEnabled | ternary "https" "http") ($tlsEnabled | ternary "tls" "tcp") }} + - {{ merge (dict "name" $protocol "targetPort" $protocol "appProtocol" $appProtocol) (omit $servicePort "enabled") (dict "port" $configProtocol.port) | toYaml | nindent 4 }} + {{- end }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/jetstream-pvc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/jetstream-pvc.yaml new file mode 100644 index 000000000..a43f20059 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/jetstream-pvc.yaml @@ -0,0 +1,13 @@ +{{- with .Values.config.jetstream.fileStore.pvc }} +metadata: + name: {{ .name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size | quote }} + {{- with .storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/nats-container.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/nats-container.yaml new file mode 100644 index 000000000..c5402efea --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/nats-container.yaml @@ -0,0 +1,106 @@ +name: nats +{{ include "nats.image" (merge (pick $.Values "global") .Values.container.image) }} + +ports: +{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} +{{- $configProtocol := get $.Values.config $protocol }} +{{- $containerPort := get $.Values.container.ports $protocol }} +{{- if or (eq $protocol "nats") $configProtocol.enabled }} +- {{ merge (dict "name" $protocol "containerPort" $configProtocol.port) $containerPort | toYaml | nindent 2 }} +{{- end }} +{{- end }} + +args: +- --config +- /etc/nats-config/nats.conf + +env: +- name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: SERVER_NAME + value: {{ printf "%s$(POD_NAME)" .Values.config.serverNamePrefix | quote }} +{{- with .Values.container.env }} +{{- include "nats.env" . }} +{{- end }} + +lifecycle: + preStop: + exec: + # send the lame duck shutdown signal to trigger a graceful shutdown + command: + - nats-server + - -sl=ldm=/var/run/nats/nats.pid + +{{- with .Values.config.monitor }} +{{- if .enabled }} +startupProbe: + httpGet: + path: /healthz + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 90 +readinessProbe: + httpGet: + path: /healthz?js-server-only=true + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +livenessProbe: + httpGet: + path: /healthz?js-enabled-only=true + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 +{{- end }} +{{- end }} + +volumeMounts: +# nats config +- name: config + mountPath: /etc/nats-config +# PID volume +- name: pid + mountPath: /var/run/nats +# JetStream PVC +{{- with .Values.config.jetstream }} +{{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }} +{{- with .fileStore }} +- name: {{ .pvc.name }} + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +{{- end }} +# resolver PVC +{{- with .Values.config.resolver }} +{{- if and .enabled .pvc.enabled }} +- name: {{ .pvc.name }} + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +# tlsCA +{{- include "nats.tlsCAVolumeMount" $ }} +# secrets +{{- range (include "nats.secretNames" $ | fromJson).secretNames }} +- name: {{ .name | quote }} + mountPath: {{ .dir | quote }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/pod-template.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/pod-template.yaml new file mode 100644 index 000000000..bb1d8d7be --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/pod-template.yaml @@ -0,0 +1,71 @@ +metadata: + labels: + {{- include "nats.labels" $ | nindent 4 }} + annotations: + {{- if .Values.podTemplate.configChecksumAnnotation }} + {{- $configMap := include "nats.loadMergePatch" (merge (dict "file" "config-map.yaml" "ctx" $) $.Values.configMap) }} + checksum/config: {{ sha256sum $configMap }} + {{- end }} +spec: + containers: + # nats + {{- $nats := dict }} + {{- with .Values.container }} + {{- $nats = include "nats.loadMergePatch" (merge (dict "file" "stateful-set/nats-container.yaml" "ctx" $) .) | fromYaml }} + - {{ toYaml $nats | nindent 4 }} + {{- end }} + # reloader + {{- with .Values.reloader }} + {{- if .enabled }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/reloader-container.yaml" "ctx" (merge (dict "natsVolumeMounts" $nats.volumeMounts) $)) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.promExporter }} + {{- if .enabled }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/prom-exporter-container.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + + # service discovery uses DNS; don't need service env vars + enableServiceLinks: false + + {{- with .Values.global.image.pullSecretNames }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + + {{- with .Values.serviceAccount }} + {{- if .enabled }} + serviceAccountName: {{ .name | quote }} + {{- end }} + {{- end }} + + {{- if .Values.reloader.enabled }} + shareProcessNamespace: true + {{- end }} + + volumes: + # nats config + - name: config + configMap: + name: {{ .Values.configMap.name }} + # PID volume + - name: pid + emptyDir: {} + # tlsCA + {{- include "nats.tlsCAVolume" $ | nindent 2 }} + # secrets + {{- range (include "nats.secretNames" $ | fromJson).secretNames }} + - name: {{ .name | quote }} + secret: + secretName: {{ .secretName | quote }} + {{- end }} + + {{- with .Values.podTemplate.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $k, $v := . }} + - {{ merge (dict "topologyKey" $k "labelSelector" (dict "matchLabels" (include "nats.selectorLabels" $ | fromYaml))) $v | toYaml | nindent 4 }} + {{- end }} + {{- end}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/prom-exporter-container.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/prom-exporter-container.yaml new file mode 100644 index 000000000..c3e1b6fbe --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/prom-exporter-container.yaml @@ -0,0 +1,30 @@ +name: prom-exporter +{{ include "nats.image" (merge (pick $.Values "global") .Values.promExporter.image) }} + +ports: +- name: prom-metrics + containerPort: {{ .Values.promExporter.port }} + +{{- with .Values.promExporter.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +args: +- -port={{ .Values.promExporter.port }} +- -connz +- -routez +- -subz +- -varz +- -prefix=nats +- -use_internal_server_id +{{- if .Values.config.jetstream.enabled }} +- -jsz=all +{{- end }} +{{- if .Values.config.leafnodes.enabled }} +- -leafz +{{- end }} +{{- if .Values.config.gateway.enabled }} +- -gatewayz +{{- end }} +- http://localhost:{{ .Values.config.monitor.port }}/ diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/reloader-container.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/reloader-container.yaml new file mode 100644 index 000000000..96722045f --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/reloader-container.yaml @@ -0,0 +1,27 @@ +name: reloader +{{ include "nats.image" (merge (pick $.Values "global") .Values.reloader.image) }} + +{{- with .Values.reloader.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +args: +- -pid +- /var/run/nats/nats.pid +- -config +- /etc/nats-config/nats.conf +{{ include "nats.reloaderConfig" (dict "config" .config "dir" "/etc/nats-config") }} + +volumeMounts: +- name: pid + mountPath: /var/run/nats +{{- range $mnt := .natsVolumeMounts }} +{{- $found := false }} +{{- range $.Values.reloader.natsVolumeMountPrefixes }} +{{- if and (not $found) (hasPrefix . $mnt.mountPath) }} +{{- $found = true }} +- {{ toYaml $mnt | nindent 2}} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/resolver-pvc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/resolver-pvc.yaml new file mode 100644 index 000000000..3634cd826 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/resolver-pvc.yaml @@ -0,0 +1,13 @@ +{{- with .Values.config.resolver.pvc }} +metadata: + name: {{ .name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size | quote }} + {{- with .storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/stateful-set.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/stateful-set.yaml new file mode 100644 index 000000000..cd8082cbb --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/files/stateful-set/stateful-set.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.statefulSet.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} + {{- if .Values.config.cluster.enabled }} + replicas: {{ .Values.config.cluster.replicas }} + {{- else }} + replicas: 1 + {{- end }} + serviceName: {{ .Values.headlessService.name }} + podManagementPolicy: Parallel + template: + {{- with .Values.podTemplate }} + {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/pod-template.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + volumeClaimTemplates: + {{- with .Values.config.jetstream }} + {{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }} + {{- with .fileStore.pvc }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/jetstream-pvc.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.config.resolver }} + {{- if and .enabled .pvc.enabled }} + {{- with .pvc }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/resolver-pvc.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_helpers.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_helpers.tpl new file mode 100644 index 000000000..ba831397d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_helpers.tpl @@ -0,0 +1,281 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "nats.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nats.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nats.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Print the namespace +*/}} +{{- define "nats.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + +{{/* +Print the namespace for the metadata section +*/}} +{{- define "nats.metadataNamespace" -}} +{{- with .Values.namespaceOverride }} +namespace: {{ . | quote }} +{{- end }} +{{- end }} + +{{/* +Set default values. +*/}} +{{- define "nats.defaultValues" }} +{{- if not .defaultValuesSet }} + {{- $name := include "nats.fullname" . }} + {{- with .Values }} + {{- $_ := set .config.jetstream.fileStore.pvc "name" (.config.jetstream.fileStore.pvc.name | default (printf "%s-js" $name)) }} + {{- $_ := set .config.resolver.pvc "name" (.config.resolver.pvc.name | default (printf "%s-resolver" $name)) }} + {{- $_ := set .config.websocket.ingress "name" (.config.websocket.ingress.name | default (printf "%s-ws" $name)) }} + {{- $_ := set .configMap "name" (.configMap.name | default (printf "%s-config" $name)) }} + {{- $_ := set .headlessService "name" (.headlessService.name | default (printf "%s-headless" $name)) }} + {{- $_ := set .natsBox.contentsSecret "name" (.natsBox.contentsSecret.name | default (printf "%s-box-contents" $name)) }} + {{- $_ := set .natsBox.contextsSecret "name" (.natsBox.contextsSecret.name | default (printf "%s-box-contexts" $name)) }} + {{- $_ := set .natsBox.deployment "name" (.natsBox.deployment.name | default (printf "%s-box" $name)) }} + {{- $_ := set .natsBox.serviceAccount "name" (.natsBox.serviceAccount.name | default (printf "%s-box" $name)) }} + {{- $_ := set .podDisruptionBudget "name" (.podDisruptionBudget.name | default $name) }} + {{- $_ := set .service "name" (.service.name | default $name) }} + {{- $_ := set .serviceAccount "name" (.serviceAccount.name | default $name) }} + {{- $_ := set .statefulSet "name" (.statefulSet.name | default $name) }} + {{- $_ := set .promExporter.podMonitor "name" (.promExporter.podMonitor.name | default $name) }} + {{- end }} + + {{- $values := get (include "tplYaml" (dict "doc" .Values "ctx" $) | fromJson) "doc" }} + {{- $_ := set . "Values" $values }} + + {{- $hasContentsSecret := false }} + {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if $secret }} + {{- $_ := set $secret "dir" ($secret.dir | default (printf "/etc/%s/%s" $secretVal $ctxKey)) }} + {{- if and (ne $secretKey "tls") $secret.contents }} + {{- $hasContentsSecret = true }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- $_ := set $ "hasContentsSecret" $hasContentsSecret }} + + {{- with .Values.config }} + {{- $config := include "nats.loadMergePatch" (merge (dict "file" "config/config.yaml" "ctx" $) .) | fromYaml }} + {{- $_ := set $ "config" $config }} + {{- end }} + + {{- $_ := set . "defaultValuesSet" true }} +{{- end }} +{{- end }} + +{{/* +NATS labels +*/}} +{{- define "nats.labels" -}} +{{- with .Values.global.labels -}} +{{ toYaml . }} +{{ end -}} +helm.sh/chart: {{ include "nats.chart" . }} +{{ include "nats.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +NATS selector labels +*/}} +{{- define "nats.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nats.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: nats +{{- end }} + +{{/* +NATS Box labels +*/}} +{{- define "natsBox.labels" -}} +{{- with .Values.global.labels -}} +{{ toYaml . }} +{{ end -}} +helm.sh/chart: {{ include "nats.chart" . }} +{{ include "natsBox.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +NATS Box selector labels +*/}} +{{- define "natsBox.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nats.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: nats-box +{{- end }} + +{{/* +Print the image +*/}} +{{- define "nats.image" }} +{{- $image := printf "%s:%s" .repository .tag }} +{{- if or .registry .global.image.registry }} +{{- $image = printf "%s/%s" (.registry | default .global.image.registry) $image }} +{{- end -}} +image: {{ $image }} +{{- if or .pullPolicy .global.image.pullPolicy }} +imagePullPolicy: {{ .pullPolicy | default .global.image.pullPolicy }} +{{- end }} +{{- end }} + +{{- define "nats.secretNames" -}} +{{- $secrets := list }} +{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $configProtocol.tls.enabled $configProtocol.tls.secretName }} + {{- $secrets = append $secrets (merge (dict "name" (printf "%s-tls" $protocol)) $configProtocol.tls) }} + {{- end }} +{{- end }} +{{- toJson (dict "secretNames" $secrets) }} +{{- end }} + +{{- define "natsBox.secretNames" -}} +{{- $secrets := list }} +{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} +{{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if and $secret $secret.secretName }} + {{- $secrets = append $secrets (merge (dict "name" (printf "ctx-%s-%s" $ctxKey $secretKey)) $secret) }} + {{- end }} + {{- end }} +{{- end }} +{{- toJson (dict "secretNames" $secrets) }} +{{- end }} + +{{- define "nats.tlsCAVolume" -}} +{{- with .Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +- name: tls-ca +{{- if .configMapName }} + configMap: + name: {{ .configMapName | quote }} +{{- else if .secretName }} + secret: + secretName: {{ .secretName | quote }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "nats.tlsCAVolumeMount" -}} +{{- with .Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +- name: tls-ca + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +translates env var map to list +*/}} +{{- define "nats.env" -}} +{{- range $k, $v := . }} +{{- if kindIs "string" $v }} +- name: {{ $k | quote }} + value: {{ $v | quote }} +{{- else if kindIs "map" $v }} +- {{ merge (dict "name" $k) $v | toYaml | nindent 2 }} +{{- else }} +{{- fail (cat "env var" $k "must be string or map, got" (kindOf $v)) }} +{{- end }} +{{- end }} +{{- end }} + +{{- /* +nats.loadMergePatch +input: map with 4 keys: +- file: name of file to load +- ctx: context to pass to tpl +- merge: interface{} to merge +- patch: []interface{} valid JSON Patch document +output: JSON encoded map with 1 key: +- doc: interface{} patched json result +*/}} +{{- define "nats.loadMergePatch" -}} +{{- $doc := tpl (.ctx.Files.Get (printf "files/%s" .file)) .ctx | fromYaml | default dict -}} +{{- $doc = mergeOverwrite $doc (deepCopy (.merge | default dict)) -}} +{{- get (include "jsonpatch" (dict "doc" $doc "patch" (.patch | default list)) | fromJson ) "doc" | toYaml -}} +{{- end }} + + +{{- /* +nats.reloaderConfig +input: map with 2 keys: +- config: interface{} nats config +- dir: dir config file is in +output: YAML list of reloader config files +*/}} +{{- define "nats.reloaderConfig" -}} + {{- $dir := trimSuffix "/" .dir -}} + {{- with .config -}} + {{- if kindIs "map" . -}} + {{- range $k, $v := . -}} + {{- if or (eq $k "cert_file") (eq $k "key_file") (eq $k "ca_file") }} +- -config +- {{ $v }} + {{- else if hasSuffix "$include" $k }} +- -config +- {{ clean (printf "%s/%s" $dir $v) }} + {{- else }} + {{- include "nats.reloaderConfig" (dict "config" $v "dir" $dir) }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{- /* +nats.formatConfig +input: map[string]interface{} +output: string with following format rules +1. keys ending in $natsRaw are unquoted +2. keys ending in $natsInclude are converted to include directives +*/}} +{{- define "nats.formatConfig" -}} + {{- + (regexReplaceAll "\"<<\\s+(.*)\\s+>>\"" + (regexReplaceAll "\".*\\$include\": \"(.*)\",?" (include "toPrettyRawJson" .) "include ${1};") + "${1}") + -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_jsonpatch.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_jsonpatch.tpl new file mode 100644 index 000000000..cd42c3bbc --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_jsonpatch.tpl @@ -0,0 +1,219 @@ +{{- /* +jsonpatch +input: map with 2 keys: +- doc: interface{} valid JSON document +- patch: []interface{} valid JSON Patch document +output: JSON encoded map with 1 key: +- doc: interface{} patched json result +*/}} +{{- define "jsonpatch" -}} + {{- $params := fromJson (toJson .) -}} + {{- $patches := $params.patch -}} + {{- $docContainer := pick $params "doc" -}} + + {{- range $patch := $patches -}} + {{- if not (hasKey $patch "op") -}} + {{- fail "patch is missing op key" -}} + {{- end -}} + {{- if and (ne $patch.op "add") (ne $patch.op "remove") (ne $patch.op "replace") (ne $patch.op "copy") (ne $patch.op "move") (ne $patch.op "test") -}} + {{- fail (cat "patch has invalid op" $patch.op) -}} + {{- end -}} + {{- if not (hasKey $patch "path") -}} + {{- fail "patch is missing path key" -}} + {{- end -}} + {{- if and (or (eq $patch.op "add") (eq $patch.op "replace") (eq $patch.op "test")) (not (hasKey $patch "value")) -}} + {{- fail (cat "patch with op" $patch.op "is missing value key") -}} + {{- end -}} + {{- if and (or (eq $patch.op "copy") (eq $patch.op "move")) (not (hasKey $patch "from")) -}} + {{- fail (cat "patch with op" $patch.op "is missing from key") -}} + {{- end -}} + + {{- $opPathKeys := list "path" -}} + {{- if or (eq $patch.op "copy") (eq $patch.op "move") -}} + {{- $opPathKeys = append $opPathKeys "from" -}} + {{- end -}} + {{- $reSlice := list -}} + + {{- range $opPathKey := $opPathKeys -}} + {{- $obj := $docContainer -}} + {{- if and (eq $patch.op "copy") (eq $opPathKey "from") -}} + {{- $obj = (fromJson (toJson $docContainer)) -}} + {{- end -}} + {{- $key := "doc" -}} + {{- $lastMap := dict "root" $obj -}} + {{- $lastKey := "root" -}} + {{- $paths := (splitList "/" (get $patch $opPathKey)) -}} + {{- $firstPath := index $paths 0 -}} + {{- if ne (index $paths 0) "" -}} + {{- fail (cat "invalid" $opPathKey (get $patch $opPathKey) "must be empty string or start with /") -}} + {{- end -}} + {{- $paths = slice $paths 1 -}} + + {{- range $path := $paths -}} + {{- $path = replace "~1" "/" $path -}} + {{- $path = replace "~0" "~" $path -}} + + {{- if kindIs "slice" $obj -}} + {{- $mapObj := dict -}} + {{- range $i, $v := $obj -}} + {{- $_ := set $mapObj (toString $i) $v -}} + {{- end -}} + {{- $obj = $mapObj -}} + {{- $_ := set $lastMap $lastKey $obj -}} + {{- $reSlice = prepend $reSlice (dict "lastMap" $lastMap "lastKey" $lastKey "mapObj" $obj) -}} + {{- end -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat "key" $key "does not exist") -}} + {{- end -}} + {{- $lastKey = $key -}} + {{- $lastMap = $obj -}} + {{- $obj = index $obj $key -}} + {{- $key = $path -}} + {{- else -}} + {{- fail (cat "cannot iterate into path" $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- $_ := set $patch (printf "%sKey" $opPathKey) $key -}} + {{- $_ := set $patch (printf "%sLastKey" $opPathKey) $lastKey -}} + {{- $_ = set $patch (printf "%sLastMap" $opPathKey) $lastMap -}} + {{- end -}} + + {{- if eq $patch.op "move" }} + {{- if and (ne $patch.path $patch.from) (hasPrefix (printf "%s/" $patch.path) (printf "%s/" $patch.from)) -}} + {{- fail (cat "from" $patch.from "may not be a child of path" $patch.path) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "move") (eq $patch.op "copy") (eq $patch.op "test") }} + {{- $key := $patch.fromKey -}} + {{- $lastMap := $patch.fromLastMap -}} + {{- $lastKey := $patch.fromLastKey -}} + {{- $setKey := "value" -}} + {{- if eq $patch.op "test" }} + {{- $key = $patch.pathKey -}} + {{- $lastMap = $patch.pathLastMap -}} + {{- $lastKey = $patch.pathLastKey -}} + {{- $setKey = "testValue" -}} + {{- end -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat $key "does not exist") -}} + {{- end -}} + {{- $_ := set $patch $setKey (index $obj $key) -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if lt $i (len $obj) -}} + {{- $_ := set $patch $setKey (index $obj $i) -}} + {{- else -}} + {{- fail "slice index >= slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "remove") (eq $patch.op "replace") (eq $patch.op "move") }} + {{- $key := $patch.pathKey -}} + {{- $lastMap := $patch.pathLastMap -}} + {{- $lastKey := $patch.pathLastKey -}} + {{- if eq $patch.op "move" }} + {{- $key = $patch.fromKey -}} + {{- $lastMap = $patch.fromLastMap -}} + {{- $lastKey = $patch.fromLastKey -}} + {{- end -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat $key "does not exist") -}} + {{- end -}} + {{- $_ := unset $obj $key -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if eq $i 0 -}} + {{- $_ := set $lastMap $lastKey (slice $obj 1) -}} + {{- else if lt $i (sub (len $obj) 1) -}} + {{- $_ := set $lastMap $lastKey (concat (slice $obj 0 $i) (slice $obj (add $i 1) (len $obj))) -}} + {{- else if eq $i (sub (len $obj) 1) -}} + {{- $_ := set $lastMap $lastKey (slice $obj 0 (sub (len $obj) 1)) -}} + {{- else -}} + {{- fail "slice index >= slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "add") (eq $patch.op "replace") (eq $patch.op "move") (eq $patch.op "copy") }} + {{- $key := $patch.pathKey -}} + {{- $lastMap := $patch.pathLastMap -}} + {{- $lastKey := $patch.pathLastKey -}} + {{- $value := $patch.value -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- $_ := set $obj $key $value -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := 0 -}} + {{- if eq $key "-" -}} + {{- $i = len $obj -}} + {{- else -}} + {{- $i = atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if eq $i 0 -}} + {{- $_ := set $lastMap $lastKey (prepend $obj $value) -}} + {{- else if lt $i (len $obj) -}} + {{- $_ := set $lastMap $lastKey (concat (append (slice $obj 0 $i) $value) (slice $obj $i)) -}} + {{- else if eq $i (len $obj) -}} + {{- $_ := set $lastMap $lastKey (append $obj $value) -}} + {{- else -}} + {{- fail "slice index > slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if eq $patch.op "test" }} + {{- if not (deepEqual $patch.value $patch.testValue) }} + {{- fail (cat "test failed, expected" (toJson $patch.value) "but got" (toJson $patch.testValue)) -}} + {{- end -}} + {{- end -}} + + {{- range $reSliceOp := $reSlice -}} + {{- $sliceObj := list -}} + {{- range $i := until (len $reSliceOp.mapObj) -}} + {{- $sliceObj = append $sliceObj (index $reSliceOp.mapObj (toString $i)) -}} + {{- end -}} + {{- $_ := set $reSliceOp.lastMap $reSliceOp.lastKey $sliceObj -}} + {{- end -}} + + {{- end -}} + {{- toJson $docContainer -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_toPrettyRawJson.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_toPrettyRawJson.tpl new file mode 100644 index 000000000..612a62f9c --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_toPrettyRawJson.tpl @@ -0,0 +1,28 @@ +{{- /* +toPrettyRawJson +input: interface{} valid JSON document +output: pretty raw JSON string +*/}} +{{- define "toPrettyRawJson" -}} + {{- include "toPrettyRawJsonStr" (toPrettyJson .) -}} +{{- end -}} + +{{- /* +toPrettyRawJsonStr +input: pretty JSON string +output: pretty raw JSON string +*/}} +{{- define "toPrettyRawJsonStr" -}} + {{- $s := + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u003e" + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u003c" + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u0026" . "${1}&") + "${1}<") + "${1}>") + -}} + {{- if regexMatch "([^\\\\](?:\\\\\\\\)*)\\\\u00(26|3c|3e)" $s -}} + {{- include "toPrettyRawJsonStr" $s -}} + {{- else -}} + {{- $s -}} + {{- end -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_tplYaml.tpl b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_tplYaml.tpl new file mode 100644 index 000000000..f42b9c168 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/_tplYaml.tpl @@ -0,0 +1,114 @@ +{{- /* +tplYaml +input: map with 2 keys: +- doc: interface{} +- ctx: context to pass to tpl function +output: JSON encoded map with 1 key: +- doc: interface{} with any keys called tpl or tplSpread values templated and replaced + +maps matching the following syntax will be templated and parsed as YAML +{ + $tplYaml: string +} + +maps matching the follow syntax will be templated, parsed as YAML, and spread into the parent map/slice +{ + $tplYamlSpread: string +} +*/}} +{{- define "tplYaml" -}} + {{- $patch := get (include "tplYamlItr" (dict "ctx" .ctx "parentKind" "" "parentPath" "" "path" "/" "value" .doc) | fromJson) "patch" -}} + {{- include "jsonpatch" (dict "doc" .doc "patch" $patch) -}} +{{- end -}} + +{{- /* +tplYamlItr +input: map with 4 keys: +- path: string JSONPath to current element +- parentKind: string kind of parent element +- parentPath: string JSONPath to parent element +- value: interface{} +- ctx: context to pass to tpl function +output: JSON encoded map with 1 key: +- patch: list of patches to apply in order to template +*/}} +{{- define "tplYamlItr" -}} + {{- $params := . -}} + {{- $kind := kindOf $params.value -}} + {{- $patch := list -}} + {{- $joinPath := $params.path -}} + {{- if eq $params.path "/" -}} + {{- $joinPath = "" -}} + {{- end -}} + {{- $joinParentPath := $params.parentPath -}} + {{- if eq $params.parentPath "/" -}} + {{- $joinParentPath = "" -}} + {{- end -}} + + {{- if eq $kind "slice" -}} + {{- $iAdj := 0 -}} + {{- range $i, $v := $params.value -}} + {{- $iPath := printf "%s/%d" $joinPath (add $i $iAdj) -}} + {{- $itrPatch := get (include "tplYamlItr" (dict "ctx" $params.ctx "parentKind" $kind "parentPath" $params.path "path" $iPath "value" $v) | fromJson) "patch" -}} + {{- $itrLen := len $itrPatch -}} + {{- if gt $itrLen 0 -}} + {{- $patch = concat $patch $itrPatch -}} + {{- if eq (get (index $itrPatch 0) "op") "remove" -}} + {{- $iAdj = add $iAdj (sub $itrLen 2) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- else if eq $kind "map" -}} + {{- if and (eq (len $params.value) 1) (or (hasKey $params.value "$tplYaml") (hasKey $params.value "$tplYamlSpread")) -}} + {{- $tpl := get $params.value "$tplYaml" -}} + {{- $spread := false -}} + {{- if hasKey $params.value "$tplYamlSpread" -}} + {{- if eq $params.path "/" -}} + {{- fail "cannot $tplYamlSpread on root object" -}} + {{- end -}} + {{- $tpl = get $params.value "$tplYamlSpread" -}} + {{- $spread = true -}} + {{- end -}} + + {{- $res := tpl $tpl $params.ctx -}} + {{- $res = get (fromYaml (tpl "tpl: {{ nindent 2 .res }}" (merge (dict "res" $res) $params.ctx))) "tpl" -}} + + {{- if eq $spread false -}} + {{- $patch = append $patch (dict "op" "replace" "path" $params.path "value" $res) -}} + {{- else -}} + {{- $resKind := kindOf $res -}} + {{- if and (ne $resKind "invalid") (ne $resKind $params.parentKind) -}} + {{- fail (cat "can only $tplYamlSpread slice onto a slice or map onto a map; attempted to spread" $resKind "on" $params.parentKind "at path" $params.path) -}} + {{- end -}} + {{- $patch = append $patch (dict "op" "remove" "path" $params.path) -}} + {{- if eq $resKind "invalid" -}} + {{- /* no-op */ -}} + {{- else if eq $resKind "slice" -}} + {{- range $v := reverse $res -}} + {{- $patch = append $patch (dict "op" "add" "path" $params.path "value" $v) -}} + {{- end -}} + {{- else -}} + {{- range $k, $v := $res -}} + {{- $kPath := replace "~" "~0" $k -}} + {{- $kPath = replace "/" "~1" $kPath -}} + {{- $kPath = printf "%s/%s" $joinParentPath $kPath -}} + {{- $patch = append $patch (dict "op" "add" "path" $kPath "value" $v) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $k, $v := $params.value -}} + {{- $kPath := replace "~" "~0" $k -}} + {{- $kPath = replace "/" "~1" $kPath -}} + {{- $kPath = printf "%s/%s" $joinPath $kPath -}} + {{- $itrPatch := get (include "tplYamlItr" (dict "ctx" $params.ctx "parentKind" $kind "parentPath" $params.path "path" $kPath "value" $v) | fromJson) "patch" -}} + {{- if gt (len $itrPatch) 0 -}} + {{- $patch = concat $patch $itrPatch -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toJson (dict "patch" $patch) -}} +{{- end -}} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/config-map.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/config-map.yaml new file mode 100644 index 000000000..b95afda20 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/config-map.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.configMap }} +{{- include "nats.loadMergePatch" (merge (dict "file" "config-map.yaml" "ctx" $) .) }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/extra-resources.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/extra-resources.yaml new file mode 100644 index 000000000..c11f0085e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/extra-resources.yaml @@ -0,0 +1,5 @@ +{{- include "nats.defaultValues" . }} +{{- range .Values.extraResources }} +--- +{{ . | toYaml }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/headless-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/headless-service.yaml new file mode 100644 index 000000000..f11a83d13 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/headless-service.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.headlessService }} +{{- include "nats.loadMergePatch" (merge (dict "file" "headless-service.yaml" "ctx" $) .) }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/ingress.yaml new file mode 100644 index 000000000..eccd73ffd --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/ingress.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.config.websocket.ingress }} +{{- if and .enabled .hosts $.Values.config.websocket.enabled $.Values.service.enabled $.Values.service.ports.websocket.enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "ingress.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contents-secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contents-secret.yaml new file mode 100644 index 000000000..db629bf7b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contents-secret.yaml @@ -0,0 +1,10 @@ +{{- include "nats.defaultValues" . }} +{{- if .hasContentsSecret }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .contentsSecret}} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/contents-secret.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contexts-secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contexts-secret.yaml new file mode 100644 index 000000000..5ae20f45a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/contexts-secret.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .contextsSecret}} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/contexts-secret/contexts-secret.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/deployment.yaml new file mode 100644 index 000000000..a063332a2 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/deployment.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .deployment }} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/deployment.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/service-account.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/service-account.yaml new file mode 100644 index 000000000..e11bdd363 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/nats-box/service-account.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- if .Values.natsBox.enabled }} +{{- with .Values.natsBox.serviceAccount }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/service-account.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-disruption-budget.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-disruption-budget.yaml new file mode 100644 index 000000000..911722629 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-disruption-budget.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.podDisruptionBudget }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "pod-disruption-budget.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-monitor.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-monitor.yaml new file mode 100644 index 000000000..0e42a43a5 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/pod-monitor.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.promExporter }} +{{- if and .enabled .podMonitor.enabled }} +{{- with .podMonitor }} +{{- include "nats.loadMergePatch" (merge (dict "file" "pod-monitor.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service-account.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service-account.yaml new file mode 100644 index 000000000..6c763bd3e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service-account.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.serviceAccount }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "service-account.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service.yaml new file mode 100644 index 000000000..04b0b37e7 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/service.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.service }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "service.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/stateful-set.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/stateful-set.yaml new file mode 100644 index 000000000..bb198323e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/stateful-set.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.statefulSet }} +{{- include "nats.loadMergePatch" (merge (dict "file" "stateful-set/stateful-set.yaml" "ctx" $) .) }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/tests/request-reply.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/tests/request-reply.yaml new file mode 100644 index 000000000..3e06edc08 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/templates/tests/request-reply.yaml @@ -0,0 +1,37 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox | deepCopy }} +{{- $natsBox := . }} +{{- if .enabled -}} +apiVersion: v1 +kind: Pod +{{- with .container }} +{{- $_ := set . "merge" (dict + "args" (list + "sh" + "-ec" + "nats reply --echo echo & pid=\"$!\"; sleep 1; nats request echo hi > /tmp/resp; kill \"$pid\"; wait; grep -qF hi /tmp/resp" + ) +) }} +{{- $_ := set . "patch" list }} +{{- end }} +{{- with .podTemplate }} +{{- $_ := set . "merge" (dict + "metadata" (dict + "name" (printf "%s-test-request-reply" $.Values.statefulSet.name) + "labels" (dict + "app.kubernetes.io/component" "test-request-reply" + ) + "annotations" (dict + "helm.sh/hook" "test" + "helm.sh/hook-delete-policy" "before-hook-creation,hook-succeeded" + ) + ) + "spec" (dict + "restartPolicy" "Never" + ) +) }} +{{- $_ := set . "patch" list }} +{{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" (merge (dict "Values" (dict "natsBox" $natsBox)) $)) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/values.yaml b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/values.yaml new file mode 100644 index 000000000..6f19c84cb --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/charts/nats/values.yaml @@ -0,0 +1,669 @@ +################################################################################ +# Global options +################################################################################ +global: + image: + # global image pull policy to use for all container images in the chart + # can be overridden by individual image pullPolicy + pullPolicy: + # global list of secret names to use as image pull secrets for all pod specs in the chart + # secrets must exist in the same namespace + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + pullSecretNames: [] + # global registry to use for all container images in the chart + # can be overridden by individual image registry + registry: + + # global labels will be applied to all resources deployed by the chart + labels: {} + +################################################################################ +# Common options +################################################################################ +# override name of the chart +nameOverride: +# override full name of the chart+release +fullnameOverride: +# override the namespace that resources are installed into +namespaceOverride: + +# reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts +# note: `tls.verify` still must be set in the appropriate nats config `tls` blocks to require mTLS +tlsCA: + enabled: false + # set configMapName in order to mount an existing configMap to dir + configMapName: + # set secretName in order to mount an existing secretName to dir + secretName: + # directory to mount the configMap or secret to + dir: /etc/nats-ca-cert + # key in the configMap or secret that contains the CA Certificate or Bundle + key: ca.crt + +################################################################################ +# NATS Stateful Set and associated resources +################################################################################ + +############################################################ +# NATS config +############################################################ +config: + cluster: + enabled: false + port: 6222 + # must be 2 or higher when jetstream is enabled + replicas: 3 + + # apply to generated route URLs that connect to other pods in the StatefulSet + routeURLs: + # if both user and password are set, they will be added to route URLs + # and the cluster authorization block + user: + password: + # set to true to use FQDN in route URLs + useFQDN: false + k8sClusterDomain: cluster.local + + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/cluster + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the cluster config + # https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config + merge: {} + patch: [] + + jetstream: + enabled: false + + fileStore: + enabled: true + dir: /data + + ############################################################ + # stateful set -> volume claim templates -> jetstream pvc + ############################################################ + pvc: + enabled: true + size: 10Gi + storageClassName: + + # merge or patch the jetstream pvc + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-js" + name: + + # defaults to the PVC size + maxSize: + + memoryStore: + enabled: false + # ensure that container has a sufficient memory limit greater than maxSize + maxSize: 1Gi + + # merge or patch the jetstream config + # https://docs.nats.io/running-a-nats-service/configuration#jetstream + merge: {} + patch: [] + + nats: + port: 4222 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/nats + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + leafnodes: + enabled: false + port: 7422 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/leafnodes + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the leafnodes config + # https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf + merge: {} + patch: [] + + websocket: + enabled: false + port: 8080 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/websocket + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + ############################################################ + # ingress + ############################################################ + # service must be enabled also + ingress: + enabled: false + # must contain at least 1 host otherwise ingress will not be created + hosts: [] + path: / + pathType: Exact + # sets to the ingress class name + className: + # set to an existing secret name to enable TLS on the ingress; applies to all hosts + tlsSecretName: + + # merge or patch the ingress + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-ws" + name: + + # merge or patch the websocket config + # https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf + merge: {} + patch: [] + + mqtt: + enabled: false + port: 1883 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/mqtt + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the mqtt config + # https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config + merge: {} + patch: [] + + gateway: + enabled: false + port: 7222 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/gateway + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the gateway config + # https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block + merge: {} + patch: [] + + monitor: + enabled: true + port: 8222 + tls: + # config.nats.tls must be enabled also + # when enabled, monitoring port will use HTTPS with the options from config.nats.tls + enabled: false + + profiling: + enabled: false + port: 65432 + + resolver: + enabled: false + dir: /data/resolver + + ############################################################ + # stateful set -> volume claim templates -> resolver pvc + ############################################################ + pvc: + enabled: true + size: 1Gi + storageClassName: + + # merge or patch the pvc + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-resolver" + name: + + # merge or patch the resolver + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver + merge: {} + patch: [] + + # adds a prefix to the server name, which defaults to the pod name + # helpful for ensuring server name is unique in a super cluster + serverNamePrefix: "" + + # merge or patch the nats config + # https://docs.nats.io/running-a-nats-service/configuration + # following special rules apply + # 1. strings that start with << and end with >> will be unquoted + # use this for variables and numbers with units + # 2. keys ending in $include will be switched to include directives + # keys are sorted alphabetically, use prefix before $includes to control includes ordering + # paths should be relative to /etc/nats-config/nats.conf + # example: + # + # merge: + # $include: ./my-config.conf + # zzz$include: ./my-config-last.conf + # server_name: nats + # authorization: + # token: << $TOKEN >> + # jetstream: + # max_memory_store: << 1GB >> + # + # will yield the config: + # { + # include ./my-config.conf; + # "authorization": { + # "token": $TOKEN + # }, + # "jetstream": { + # "max_memory_store": 1GB + # }, + # "server_name": "nats", + # include ./my-config-last.conf; + # } + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> nats container +############################################################ +container: + image: + repository: nats + tag: 2.10.22-alpine + pullPolicy: + registry: + + # container port options + # must be enabled in the config section also + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#containerport-v1-core + ports: + nats: {} + leafnodes: {} + websocket: {} + mqtt: {} + cluster: {} + gateway: {} + monitor: {} + profiling: {} + + # map with key as env var name, value can be string or map + # example: + # + # env: + # GOMEMLIMIT: 7GiB + # TOKEN: + # valueFrom: + # secretKeyRef: + # name: nats-auth + # key: token + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> reloader container +############################################################ +reloader: + enabled: true + image: + repository: natsio/nats-server-config-reloader + tag: 0.16.0 + pullPolicy: + registry: + + # env var map, see nats.env for an example + env: {} + + # all nats container volume mounts with the following prefixes + # will be mounted into the reloader container + natsVolumeMountPrefixes: + - /etc/ + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> prom-exporter container +############################################################ +# config.monitor must be enabled +promExporter: + enabled: false + image: + repository: natsio/prometheus-nats-exporter + tag: 0.15.0 + pullPolicy: + registry: + + port: 7777 + # env var map, see nats.env for an example + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + + ############################################################ + # prometheus pod monitor + ############################################################ + podMonitor: + enabled: false + + # merge or patch the pod monitor + # https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + + +############################################################ +# service +############################################################ +service: + enabled: true + + # service port options + # additional boolean field enable to control whether port is exposed in the service + # must be enabled in the config section also + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceport-v1-core + ports: + nats: + enabled: true + leafnodes: + enabled: true + websocket: + enabled: true + mqtt: + enabled: true + cluster: + enabled: false + gateway: + enabled: false + monitor: + enabled: false + profiling: + enabled: false + + # merge or patch the service + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +############################################################ +# other nats extension points +############################################################ + +# stateful set +statefulSet: + # merge or patch the stateful set + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +# stateful set -> pod template +podTemplate: + # adds a hash of the ConfigMap as a pod annotation + # this will cause the StatefulSet to roll when the ConfigMap is updated + configChecksumAnnotation: true + + # map of topologyKey: topologySpreadConstraint + # labelSelector will be added to match StatefulSet pods + # + # topologySpreadConstraints: + # kubernetes.io/hostname: + # maxSkew: 1 + # + topologySpreadConstraints: {} + + # merge or patch the pod template + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core + merge: {} + patch: [] + +# headless service +headlessService: + # merge or patch the headless service + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-headless" + name: + +# config map +configMap: + # merge or patch the config map + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-config" + name: + +# pod disruption budget +podDisruptionBudget: + enabled: true + # merge or patch the pod disruption budget + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudget-v1-policy + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +# service account +serviceAccount: + enabled: false + # merge or patch the service account + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + + +############################################################ +# natsBox +# +# NATS Box Deployment and associated resources +############################################################ +natsBox: + enabled: true + + ############################################################ + # NATS contexts + ############################################################ + contexts: + default: + creds: + # set contents in order to create a secret with the creds file contents + contents: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-creds/ + dir: + key: nats.creds + nkey: + # set contents in order to create a secret with the nkey file contents + contents: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-nkeys/ + dir: + key: nats.nk + # used to connect with client certificates + tls: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-certs/ + dir: + cert: tls.crt + key: tls.key + + # merge or patch the context + # https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts + merge: {} + patch: [] + + # name of context to select by default + defaultContextName: default + + ############################################################ + # deployment -> pod template -> nats-box container + ############################################################ + container: + image: + repository: natsio/nats-box + tag: 0.14.5 + pullPolicy: + registry: + + # env var map, see nats.env for an example + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + + ############################################################ + # other nats-box extension points + ############################################################ + + # deployment + deployment: + # merge or patch the deployment + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box" + name: + + # deployment -> pod template + podTemplate: + # merge or patch the pod template + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core + merge: {} + patch: [] + + # contexts secret + contextsSecret: + # merge or patch the context secret + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box-contexts" + name: + + # contents secret + contentsSecret: + # merge or patch the contents secret + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box-contents" + name: + + # service account + serviceAccount: + enabled: false + # merge or patch the service account + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box" + name: + + +################################################################################ +# Extra user-defined resources +################################################################################ +# +# add arbitrary user-generated resources +# example: +# +# config: +# websocket: +# enabled: true +# extraResources: +# - apiVersion: networking.istio.io/v1beta1 +# kind: VirtualService +# metadata: +# name: +# $tplYaml: > +# {{ include "nats.fullname" $ | quote }} +# labels: +# $tplYaml: | +# {{ include "nats.labels" $ }} +# spec: +# hosts: +# - demo.nats.io +# gateways: +# - my-gateway +# http: +# - name: default +# match: +# - name: root +# uri: +# exact: / +# route: +# - destination: +# host: +# $tplYaml: > +# {{ .Values.service.name | quote }} +# port: +# number: +# $tplYaml: > +# {{ .Values.config.websocket.port }} +# +extraResources: [] diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_ous.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_ous.ldif new file mode 100644 index 000000000..d13a1a2ff --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_ous.ldif @@ -0,0 +1,13 @@ +# Create OU for Users +dn: ou=users,dc=o2,dc=ai +objectClass: organizationalUnit +ou: users +description: Organizational Unit for Users + +# Create OU for Teams +dn: ou=teams,dc=o2,dc=ai +objectClass: organizationalUnit +ou: teams +description: Organizational Unit for Teams + + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team1.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team1.ldif new file mode 100644 index 000000000..8e956d784 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team1.ldif @@ -0,0 +1,17 @@ +# Create Admin group for Team1 +dn: cn=admin,ou=team1,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: admin +uniqueMember: uid=ashish,ou=users,dc=o2,dc=ai + +# Create Editor group for Team1 +dn: cn=editor,ou=team1,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: editor +uniqueMember: uid=prabhat,ou=users,dc=o2,dc=ai + +# Create Viewer group for Team1 +dn: cn=viewer,ou=team1,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: viewer +uniqueMember: uid=ankur,ou=users,dc=o2,dc=ai diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team2.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team2.ldif new file mode 100644 index 000000000..168064fbd --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team2.ldif @@ -0,0 +1,13 @@ +# Create Admin group for Team2 +dn: cn=admin,ou=team2,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: admin +uniqueMember: uid=ankur,ou=users,dc=o2,dc=ai + + +# Create Viewer group for Team2 +dn: cn=viewer,ou=team2,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: viewer +uniqueMember: uid=hengfei,ou=users,dc=o2,dc=ai +uniqueMember: uid=prabhat,ou=users,dc=o2,dc=ai diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team3.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team3.ldif new file mode 100644 index 000000000..74c081f34 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team3.ldif @@ -0,0 +1,13 @@ +# Create Admin group for Team3 +dn: cn=admin,ou=team3,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: admin +uniqueMember: uid=ankur,ou=users,dc=o2,dc=ai +uniqueMember: uid=prabhat,ou=users,dc=o2,dc=ai + + +# Create Viewer group for Team3 +dn: cn=viewer,ou=team3,ou=teams,dc=o2,dc=ai +objectClass: groupOfUniqueNames +cn: viewer +uniqueMember: uid=hengfei,ou=users,dc=o2,dc=ai diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team_ous.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team_ous.ldif new file mode 100644 index 000000000..0317bcd44 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_team_ous.ldif @@ -0,0 +1,17 @@ +# Create OU for Team1 +dn: ou=team1,ou=teams,dc=o2,dc=ai +objectClass: organizationalUnit +ou: team1 +description: Organizational Unit for Team 1 + +# Create OU for Team2 +dn: ou=team2,ou=teams,dc=o2,dc=ai +objectClass: organizationalUnit +ou: team2 +description: Organizational Unit for Team 2 + +# Create OU for Team3 +dn: ou=team3,ou=teams,dc=o2,dc=ai +objectClass: organizationalUnit +ou: team3 +description: Organizational Unit for Team 3 \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_users.ldif b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_users.ldif new file mode 100644 index 000000000..f0411c74a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/ldifs/create_users.ldif @@ -0,0 +1,37 @@ +# Add ashish +dn: uid=ashish,ou=users,dc=o2,dc=ai +objectClass: inetOrgPerson +uid: ashish +cn: ashish k +sn: ashish +mail: ashish@o2.ai +userPassword: ComplexSuperman1 + +# Add prabhat +dn: uid=prabhat,ou=users,dc=o2,dc=ai +objectClass: inetOrgPerson +uid: prabhat +cn: prabhat +sn: prabhat +mail: prabhat@o2.ai +userPassword: ComplexSuperman1 + + +# Add ankur +dn: uid=ankur,ou=users,dc=o2,dc=ai +objectClass: inetOrgPerson +uid: ankur +cn: ankur s +sn: ankur +mail: ankur@o2.ai +userPassword: ComplexSuperman1 + + +# Add Hengfei +dn: uid=hengfei,ou=users,dc=o2,dc=ai +objectClass: inetOrgPerson +uid: hengfei +cn: hengfei +sn: hengfei +mail: hengfei@o2.ai +userPassword: ComplexSuperman1 \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/examples/openldap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/examples/openldap.yaml new file mode 100644 index 000000000..c468a92f8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/examples/openldap.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: dex + namespace: o2e +spec: + ports: + - port: 5556 + targetPort: 5556 + selector: + app: dex + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap + namespace: o2e +spec: + replicas: 1 + selector: + matchLabels: + app: openldap + template: + metadata: + labels: + app: openldap + spec: + containers: + - name: openldap + image: osixia/openldap:latest + # OpenLDAP configuration + env: + - name: LDAP_ORGANISATION + value: "o2" + - name: LDAP_DOMAIN + value: "o2.ai" + - name: LDAP_ADMIN_PASSWORD + value: "Z54H7w5WQUARsLKaumM967iX62msTEno" + +--- +apiVersion: v1 +kind: Service +metadata: + name: openldap + namespace: o2e +spec: + ports: + - port: 389 + targetPort: 389 + selector: + app: openldap + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/NOTES.txt b/argocd-helm-charts/openobserve/charts/openobserve/templates/NOTES.txt new file mode 100644 index 000000000..252dee2ac --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "openobserve.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "openobserve.fullname" . }}-router' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "openobserve.fullname" . }}-router --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.http_port }} +{{- else if contains "ClusterIP" .Values.service.type }} + kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "openobserve.fullname" . }}-router 5080:5080 +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/_helpers.tpl b/argocd-helm-charts/openobserve/charts/openobserve/templates/_helpers.tpl new file mode 100644 index 000000000..2c5dd024b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/_helpers.tpl @@ -0,0 +1,70 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "openobserve.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openobserve.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "openobserve.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "openobserve.labels" -}} +helm.sh/chart: {{ include "openobserve.chart" . }} +{{ include "openobserve.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} + +{{- $custom := .Values.labels | default dict -}} +{{- range $key, $value := $custom }} +{{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} + +{{/* +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "openobserve.selectorLabels" -}} +app.kubernetes.io/name: {{ include "openobserve.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "openobserve.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "openobserve.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-configmap.yaml new file mode 100644 index 000000000..23d6b3dab --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-alertmanager + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # This condition is necessary to ensure backwards compatibility for users + {{- if .Values.alertmanager.config }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.alertmanager.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.alertmanager.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.alertmanager.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- else }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-deployment.yaml new file mode 100644 index 000000000..a41131bf4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-alertmanager + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount.alertmanager }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: alertmanager + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/alertmanager-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: alertmanager + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.etcd.enabled }} + - name: check-etcd + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -z {{ .Release.Name }}-etcd 2379; do + echo "Waiting for etcd to be ready"; + sleep 5; + done; + '] + {{- end }} + {{- if .Values.nats.enabled }} + - name: check-nats + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -zv {{ .Release.Name }}-nats 4222; do + echo "Waiting for NATS to be ready..."; + sleep 2; + done; + '] + {{- end }} + containers: + - name: {{ .Chart.Name }}-alertmanager + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.enterprise.enabled }} + image: "{{ .Values.image.enterprise.repository }}:{{ .Values.image.enterprise.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.oss.repository }}:{{ .Values.image.oss.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + - name: grpc + containerPort: {{ .Values.config.ZO_GRPC_PORT }} + {{- if .Values.reportserver.enabled }} + - name: reportserver + containerPort: {{ .Values.config.ZO_REPORT_SERVER_HTTP_PORT }} + {{- end }} + {{- if .Values.probes.alertmanager.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.alertmanager.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.alertmanager.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.alertmanager.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.alertmanager.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.alertmanager.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.alertmanager.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.alertmanager.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.alertmanager.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.alertmanager.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.alertmanager.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.alertmanager.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.alertmanager | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-alertmanager + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + env: + - name: ZO_NODE_ROLE + value: "alertmanager" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.nodeSelector.alertmanager }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.alertmanager }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.alertmanager }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-service.yaml new file mode 100644 index 000000000..0ae36f068 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/alertmanager-service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-alertmanager + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" +spec: + # type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if .Values.reportserver.enabled }} + - port: {{ .Values.config.ZO_REPORT_SERVER_HTTP_PORT }} + targetPort: reportserver + protocol: TCP + name: reportserver + {{- end }} + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: alertmanager diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-configmap.yaml new file mode 100644 index 000000000..8890429b0 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-compactor + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # This condition is necessary to ensure backwards compatibility for users + {{- if .Values.compactor.config }} + ZO_COMPACT_MAX_FILE_SIZE: "{{ .Values.compactor.config.ZO_COMPACT_MAX_FILE_SIZE }}" + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.compactor.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.compactor.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.compactor.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- else }} + ZO_COMPACT_MAX_FILE_SIZE: "{{ .Values.config.ZO_COMPACT_MAX_FILE_SIZE }}" + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-deployment.yaml new file mode 100644 index 000000000..e2b3d4643 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-deployment.yaml @@ -0,0 +1,119 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-compactor + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.compactor.enabled }} + replicas: {{ .Values.replicaCount.compactor }} + {{- end }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: compactor + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/compactor-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: compactor + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.etcd.enabled }} + - name: check-etcd + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -z {{ .Release.Name }}-etcd 2379; do + echo "Waiting for etcd to be ready"; + sleep 5; + done; + '] + {{- end }} + {{- if .Values.nats.enabled }} + - name: check-nats + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -zv {{ .Release.Name }}-nats 4222; do + echo "Waiting for NATS to be ready..."; + sleep 2; + done; + '] + {{- end }} + containers: + - name: {{ .Chart.Name }}-compactor + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.enterprise.enabled }} + image: "{{ .Values.image.enterprise.repository }}:{{ .Values.image.enterprise.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.oss.repository }}:{{ .Values.image.oss.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + - name: grpc + containerPort: {{ .Values.config.ZO_GRPC_PORT }} + {{- if .Values.probes.compactor.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.compactor.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.compactor.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.compactor.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.compactor.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.compactor.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.compactor.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.compactor.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.compactor.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.compactor.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.compactor.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.compactor.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.compactor | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-compactor + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + env: + - name: ZO_NODE_ROLE + value: "compactor" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.nodeSelector.compactor }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.compactor }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.compactor }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-hpa.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-hpa.yaml new file mode 100644 index 000000000..f9412fe7e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.compactor.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "openobserve.fullname" . }}-compactor + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "openobserve.fullname" . }}-compactor + minReplicas: {{ .Values.autoscaling.compactor.minReplicas }} + maxReplicas: {{ .Values.autoscaling.compactor.maxReplicas }} + metrics: + {{- if .Values.autoscaling.compactor.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.compactor.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.compactor.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.compactor.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-service.yaml new file mode 100644 index 000000000..6f23e3d13 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/compactor-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-compactor + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" +spec: + # type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: compactor diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/configmap.yaml new file mode 100644 index 000000000..f0a2b8bb4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/configmap.yaml @@ -0,0 +1,331 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + ZO_APP_NAME: "{{ .Values.config.ZO_APP_NAME }}" + ZO_CLUSTER_NAME: "{{ .Values.config.ZO_CLUSTER_NAME }}" + ZO_INSTANCE_NAME: "{{ .Values.config.ZO_INSTANCE_NAME }}" + ZO_NODE_ROLE: "{{ .Values.config.ZO_NODE_ROLE }}" + ZO_LOCAL_MODE: "{{ .Values.config.ZO_LOCAL_MODE }}" + ZO_LOCAL_MODE_STORAGE: "{{ .Values.config.ZO_LOCAL_MODE_STORAGE }}" + {{- if not .Values.etcd.enabled }} + ZO_ETCD_ADDR: "{{ .Values.etcd.externalUrl }}" + {{- else }} + ZO_ETCD_ADDR: "{{ .Release.Name }}-etcd-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:2379" + {{- end }} + ZO_ETCD_PREFIX: "{{ .Values.config.ZO_ETCD_PREFIX }}" + ZO_ETCD_CONNECT_TIMEOUT: "{{ .Values.config.ZO_ETCD_CONNECT_TIMEOUT }}" + ZO_ETCD_COMMAND_TIMEOUT: "{{ .Values.config.ZO_ETCD_COMMAND_TIMEOUT }}" + ZO_ETCD_LOCK_WAIT_TIMEOUT: "{{ .Values.config.ZO_ETCD_LOCK_WAIT_TIMEOUT }}" + ZO_ETCD_USER: "{{ .Values.config.ZO_ETCD_USER }}" + ZO_ETCD_PASSWORD: "{{ .Values.config.ZO_ETCD_PASSWORD }}" + ZO_ETCD_CLIENT_CERT_AUTH: "{{ .Values.config.ZO_ETCD_CLIENT_CERT_AUTH }}" + ZO_ETCD_TRUSTED_CA_FILE: "{{ .Values.config.ZO_ETCD_TRUSTED_CA_FILE }}" + ZO_ETCD_CERT_FILE: "{{ .Values.config.ZO_ETCD_CERT_FILE }}" + ZO_ETCD_KEY_FILE: "{{ .Values.config.ZO_ETCD_KEY_FILE }}" + ZO_ETCD_DOMAIN_NAME: "{{ .Values.config.ZO_ETCD_DOMAIN_NAME }}" + ZO_ETCD_LOAD_PAGE_SIZE: "{{ .Values.config.ZO_ETCD_LOAD_PAGE_SIZE }}" + {{- if .Values.reportserver.enabled }} + ZO_REPORT_SERVER_URL: "http://{{ include "openobserve.fullname" . }}-reportserver.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.config.ZO_HTTP_PORT }}" + {{- end }} + ZO_REPORT_SERVER_SKIP_TLS_VERIFY: "{{ .Values.config.ZO_REPORT_SERVER_SKIP_TLS_VERIFY }}" + ZO_CHROME_SLEEP_SECS: "{{ .Values.config.ZO_CHROME_SLEEP_SECS }}" + ZO_CHROME_NO_SANDBOX: "{{ .Values.config.ZO_CHROME_NO_SANDBOX }}" + {{- if not .Values.nats.enabled }} + ZO_NATS_ADDR: "{{ .Values.nats.externalUrl }}" + {{- else }} + ZO_NATS_ADDR: "nats://{{ .Release.Name }}-nats.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:4222" + {{- end }} + ZO_NATS_PREFIX: "{{ .Values.config.ZO_NATS_PREFIX }}" + ZO_NATS_USER: "{{ .Values.config.ZO_NATS_USER }}" + ZO_NATS_PASSWORD: "{{ .Values.config.ZO_NATS_PASSWORD }}" + ZO_NATS_REPLICAS: "{{ .Values.config.ZO_NATS_REPLICAS }}" + ZO_NATS_QUEUE_MAX_AGE: "{{ .Values.config.ZO_NATS_QUEUE_MAX_AGE }}" + ZO_NATS_CONNECT_TIMEOUT: "{{ .Values.config.ZO_NATS_CONNECT_TIMEOUT }}" + ZO_NATS_COMMAND_TIMEOUT: "{{ .Values.config.ZO_NATS_COMMAND_TIMEOUT }}" + ZO_NATS_LOCK_WAIT_TIMEOUT: "{{ .Values.config.ZO_NATS_LOCK_WAIT_TIMEOUT }}" + ZO_HTTP_PORT: "{{ .Values.config.ZO_HTTP_PORT }}" + ZO_HTTP_ADDR: "{{ .Values.config.ZO_HTTP_ADDR }}" + ZO_HTTP_IPV6_ENABLED: "{{ .Values.config.ZO_HTTP_IPV6_ENABLED }}" + ZO_GRPC_PORT: "{{ .Values.config.ZO_GRPC_PORT }}" + ZO_GRPC_ADDR: "{{ .Values.config.ZO_GRPC_ADDR }}" + ZO_GRPC_TIMEOUT: "{{ .Values.config.ZO_GRPC_TIMEOUT }}" + ZO_GRPC_MAX_MESSAGE_SIZE: "{{ .Values.config.ZO_GRPC_MAX_MESSAGE_SIZE }}" + ZO_GRPC_ORG_HEADER_KEY: "{{ .Values.config.ZO_GRPC_ORG_HEADER_KEY }}" + ZO_GRPC_STREAM_HEADER_KEY: "{{ .Values.config.ZO_GRPC_STREAM_HEADER_KEY }}" + ZO_INTERNAL_GRPC_TOKEN: "{{ .Values.config.ZO_INTERNAL_GRPC_TOKEN }}" + ZO_TCP_PORT: "{{ .Values.config.ZO_TCP_PORT }}" + ZO_UDP_PORT: "{{ .Values.config.ZO_UDP_PORT }}" + ZO_DATA_DIR: "{{ .Values.config.ZO_DATA_DIR }}" + ZO_DATA_DB_DIR: "{{ .Values.config.ZO_DATA_DB_DIR }}" + ZO_DATA_WAL_DIR: "{{ .Values.config.ZO_DATA_WAL_DIR }}" + ZO_DATA_IDX_DIR: "{{ .Values.config.ZO_DATA_IDX_DIR }}" + ZO_DATA_STREAM_DIR: "{{ .Values.config.ZO_DATA_STREAM_DIR }}" + ZO_DATA_CACHE_DIR: "{{ .Values.config.ZO_DATA_CACHE_DIR }}" + ZO_UI_ENABLED: "{{ .Values.config.ZO_UI_ENABLED }}" + ZO_UI_SQL_BASE64_ENABLED: "{{ .Values.config.ZO_UI_SQL_BASE64_ENABLED }}" + ZO_WEB_URL: "{{ .Values.config.ZO_WEB_URL }}" + ZO_BASE_URI: "{{ .Values.config.ZO_BASE_URI }}" + ZO_CLUSTER_COORDINATOR: "{{ .Values.config.ZO_CLUSTER_COORDINATOR }}" + ZO_QUEUE_STORE: "{{ .Values.config.ZO_QUEUE_STORE }}" + {{- if .Values.postgres.enabled }} + ZO_META_STORE: "postgres" + {{- else }} + ZO_META_STORE: "{{ .Values.config.ZO_META_STORE }}" + {{- end }} + ZO_META_MYSQL_DSN: "{{ .Values.config.ZO_META_MYSQL_DSN }}" + ZO_META_TRANSACTION_RETRIES: "{{ .Values.config.ZO_META_TRANSACTION_RETRIES }}" + ZO_META_TRANSACTION_LOCK_TIMEOUT: "{{ .Values.config.ZO_META_TRANSACTION_LOCK_TIMEOUT }}" + ZO_COLUMN_TIMESTAMP: "{{ .Values.config.ZO_COLUMN_TIMESTAMP }}" + ZO_COLS_PER_RECORD_LIMIT: "{{ .Values.config.ZO_COLS_PER_RECORD_LIMIT }}" + ZO_WIDENING_SCHEMA_EVOLUTION: "{{ .Values.config.ZO_WIDENING_SCHEMA_EVOLUTION }}" + ZO_SKIP_SCHEMA_VALIDATION: "{{ .Values.config.ZO_SKIP_SCHEMA_VALIDATION }}" + ZO_FEATURE_FULLTEXT_EXTRA_FIELDS: "{{ .Values.config.ZO_FEATURE_FULLTEXT_EXTRA_FIELDS }}" + ZO_FEATURE_DISTINCT_EXTRA_FIELDS: "{{ .Values.config.ZO_FEATURE_DISTINCT_EXTRA_FIELDS }}" + ZO_FEATURE_FILELIST_DEDUP_ENABLED: "{{ .Values.config.ZO_FEATURE_FILELIST_DEDUP_ENABLED }}" + ZO_FEATURE_QUERY_QUEUE_ENABLED: "{{ .Values.config.ZO_FEATURE_QUERY_QUEUE_ENABLED }}" + ZO_FEATURE_QUERY_INFER_SCHEMA: "{{ .Values.config.ZO_FEATURE_QUERY_INFER_SCHEMA }}" + ZO_FEATURE_QUICK_MODE_FIELDS: "{{ .Values.config.ZO_FEATURE_QUICK_MODE_FIELDS }}" + ZO_FEATURE_QUERY_PARTITION_STRATEGY: "{{ .Values.config.ZO_FEATURE_QUERY_PARTITION_STRATEGY }}" + ZO_FEATURE_PER_THREAD_LOCK: "{{ .Values.config.ZO_FEATURE_PER_THREAD_LOCK }}" + ZO_RESULT_CACHE_ENABLED: "{{ .Values.config.ZO_RESULT_CACHE_ENABLED }}" + ZO_CONSISTENT_HASH_VNODES: "{{ .Values.config.ZO_CONSISTENT_HASH_VNODES }}" + ZO_QUERY_OPTIMIZATION_NUM_FIELDS: "{{ .Values.config.ZO_QUERY_OPTIMIZATION_NUM_FIELDS }}" + ZO_QUICK_MODE_NUM_FIELDS: "{{ .Values.config.ZO_QUICK_MODE_NUM_FIELDS }}" + ZO_QUICK_MODE_STRATEGY: "{{ .Values.config.ZO_QUICK_MODE_STRATEGY }}" + ZO_QUICK_MODE_FILE_LIST_ENABLED: "{{ .Values.config.ZO_QUICK_MODE_FILE_LIST_ENABLED }}" + ZO_QUICK_MODE_FILE_LIST_INTERVAL: "{{ .Values.config.ZO_QUICK_MODE_FILE_LIST_INTERVAL }}" + ZO_BLOOM_FILTER_ENABLED: "{{ .Values.config.ZO_BLOOM_FILTER_ENABLED }}" + ZO_BLOOM_FILTER_DEFAULT_FIELDS: "{{ .Values.config.ZO_BLOOM_FILTER_DEFAULT_FIELDS }}" + ZO_ENABLE_INVERTED_INDEX: "{{ .Values.config.ZO_ENABLE_INVERTED_INDEX }}" + ZO_INVERTED_INDEX_STORE_FORMAT: "{{ .Values.config.ZO_INVERTED_INDEX_STORE_FORMAT }}" + ZO_INVERTED_INDEX_SEARCH_FORMAT: "{{ .Values.config.ZO_INVERTED_INDEX_SEARCH_FORMAT }}" + ZO_INVERTED_INDEX_COUNT_OPTIMIZER_ENABLED: "{{ .Values.config.ZO_INVERTED_INDEX_COUNT_OPTIMIZER_ENABLED }}" + ZO_FEATURE_QUERY_REMOVE_FILTER_WITH_INDEX: "{{ .Values.config.ZO_FEATURE_QUERY_REMOVE_FILTER_WITH_INDEX }}" + ZO_INVERTED_INDEX_SPLIT_CHARS: "{{ .Values.config.ZO_INVERTED_INDEX_SPLIT_CHARS }}" + ZO_FULL_TEXT_SEARCH_TYPE: "{{ .Values.config.ZO_FULL_TEXT_SEARCH_TYPE }}" + ZO_QUERY_ON_STREAM_SELECTION: "{{ .Values.config.ZO_QUERY_ON_STREAM_SELECTION }}" + ZO_DISTINCT_VALUES_INTERVAL: "{{ .Values.config.ZO_DISTINCT_VALUES_INTERVAL }}" + ZO_DISTINCT_VALUES_HOURLY: "{{ .Values.config.ZO_DISTINCT_VALUES_HOURLY }}" + ZO_TRACING_ENABLED: "{{ .Values.config.ZO_TRACING_ENABLED }}" + ZO_TRACING_SEARCH_ENABLED: "{{ .Values.config.ZO_TRACING_SEARCH_ENABLED }}" + ZO_TRACING_HEADER_KEY: "{{ .Values.config.ZO_TRACING_HEADER_KEY }}" + OTEL_OTLP_HTTP_ENDPOINT: "{{ .Values.config.OTEL_OTLP_HTTP_ENDPOINT }}" + ZO_TELEMETRY: "{{ .Values.config.ZO_TELEMETRY }}" + ZO_TELEMETRY_HEARTBEAT: "{{ .Values.config.ZO_TELEMETRY_HEARTBEAT }}" + ZO_TELEMETRY_URL: "{{ .Values.config.ZO_TELEMETRY_URL }}" + ZO_JSON_LIMIT: "{{ .Values.config.ZO_JSON_LIMIT }}" + ZO_PAYLOAD_LIMIT: "{{ .Values.config.ZO_PAYLOAD_LIMIT }}" + ZO_PARQUET_MAX_ROW_GROUP_SIZE: "{{ .Values.config.ZO_PARQUET_MAX_ROW_GROUP_SIZE }}" + ZO_MAX_FILE_SIZE_ON_DISK: "{{ .Values.config.ZO_MAX_FILE_SIZE_ON_DISK }}" + ZO_MAX_FILE_SIZE_IN_MEMORY: "{{ .Values.config.ZO_MAX_FILE_SIZE_IN_MEMORY }}" + ZO_MAX_FILE_RETENTION_TIME: "{{ .Values.config.ZO_MAX_FILE_RETENTION_TIME }}" + ZO_FILE_PUSH_INTERVAL: "{{ .Values.config.ZO_FILE_PUSH_INTERVAL }}" + ZO_FILE_PUSH_LIMIT: "{{ .Values.config.ZO_FILE_PUSH_LIMIT }}" + ZO_FILE_MOVE_THREAD_NUM: "{{ .Values.config.ZO_FILE_MOVE_THREAD_NUM }}" + ZO_FILE_MERGE_THREAD_NUM: "{{ .Values.config.ZO_FILE_MERGE_THREAD_NUM }}" + ZO_MEM_DUMP_THREAD_NUM: "{{ .Values.config.ZO_MEM_DUMP_THREAD_NUM }}" + ZO_MEM_TABLE_MAX_SIZE: "{{ .Values.config.ZO_MEM_TABLE_MAX_SIZE }}" + ZO_MEM_TABLE_BUCKET_NUM: "{{ .Values.config.ZO_MEM_TABLE_BUCKET_NUM }}" + ZO_MEM_PERSIST_INTERVAL: "{{ .Values.config.ZO_MEM_PERSIST_INTERVAL }}" + ZO_ENRICHMENT_TABLE_LIMIT: "{{ .Values.config.ZO_ENRICHMENT_TABLE_LIMIT }}" + ZO_WAL_WRITE_BUFFER_SIZE: "{{ .Values.config.ZO_WAL_WRITE_BUFFER_SIZE }}" + ZO_WAL_FSYNC_DISABLED: "{{ .Values.config.ZO_WAL_FSYNC_DISABLED }}" + ZO_QUERY_THREAD_NUM: "{{ .Values.config.ZO_QUERY_THREAD_NUM }}" + ZO_QUERY_TIMEOUT: "{{ .Values.config.ZO_QUERY_TIMEOUT }}" + ZO_ROUTE_TIMEOUT: "{{ .Values.config.ZO_ROUTE_TIMEOUT }}" + ZO_ROUTE_MAX_CONNECTIONS: "{{ .Values.config.ZO_ROUTE_MAX_CONNECTIONS }}" + ZO_HTTP_WORKER_NUM: "{{ .Values.config.ZO_HTTP_WORKER_NUM }}" + ZO_HTTP_WORKER_MAX_BLOCKING: "{{ .Values.config.ZO_HTTP_WORKER_MAX_BLOCKING }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + ZO_ACTIX_KEEP_ALIVE: "{{ .Values.config.ZO_ACTIX_KEEP_ALIVE }}" + ZO_ACTIX_SHUTDOWN_TIMEOUT: "{{ .Values.config.ZO_ACTIX_SHUTDOWN_TIMEOUT }}" + ZO_INGEST_ALLOWED_UPTO: "{{ .Values.config.ZO_INGEST_ALLOWED_UPTO }}" + ZO_INGEST_FLATTEN_LEVEL: "{{ .Values.config.ZO_INGEST_FLATTEN_LEVEL }}" + ZO_LOGS_FILE_RETENTION: "{{ .Values.config.ZO_LOGS_FILE_RETENTION }}" + ZO_TRACES_FILE_RETENTION: "{{ .Values.config.ZO_TRACES_FILE_RETENTION }}" + ZO_METRICS_FILE_RETENTION: "{{ .Values.config.ZO_METRICS_FILE_RETENTION }}" + ZO_METRICS_DEDUP_ENABLED: "{{ .Values.config.ZO_METRICS_DEDUP_ENABLED }}" + ZO_METRICS_LEADER_PUSH_INTERVAL: "{{ .Values.config.ZO_METRICS_LEADER_PUSH_INTERVAL }}" + ZO_METRICS_LEADER_ELECTION_INTERVAL: "{{ .Values.config.ZO_METRICS_LEADER_ELECTION_INTERVAL }}" + ZO_PROMETHEUS_HA_CLUSTER: "{{ .Values.config.ZO_PROMETHEUS_HA_CLUSTER }}" + ZO_PROMETHEUS_HA_REPLICA: "{{ .Values.config.ZO_PROMETHEUS_HA_REPLICA }}" + ZO_COMPACT_ENABLED: "{{ .Values.config.ZO_COMPACT_ENABLED }}" + ZO_COMPACT_INTERVAL: "{{ .Values.config.ZO_COMPACT_INTERVAL }}" + ZO_COMPACT_SYNC_TO_DB_INTERVAL: "{{ .Values.config.ZO_COMPACT_SYNC_TO_DB_INTERVAL }}" + ZO_COMPACT_STRATEGY: "{{ .Values.config.ZO_COMPACT_STRATEGY }}" + ZO_COMPACT_MAX_FILE_SIZE: "{{ .Values.config.ZO_COMPACT_MAX_FILE_SIZE }}" + ZO_COMPACT_DATA_RETENTION_DAYS: "{{ .Values.config.ZO_COMPACT_DATA_RETENTION_DAYS }}" + ZO_COMPACT_DELETE_FILES_DELAY_HOURS: "{{ .Values.config.ZO_COMPACT_DELETE_FILES_DELAY_HOURS }}" + ZO_COMPACT_BATCH_SIZE: "{{ .Values.config.ZO_COMPACT_BATCH_SIZE }}" + ZO_COMPACT_BLOCKED_ORGS: "{{ .Values.config.ZO_COMPACT_BLOCKED_ORGS }}" + ZO_MEMORY_CACHE_ENABLED: "{{ .Values.config.ZO_MEMORY_CACHE_ENABLED }}" + ZO_MEMORY_CACHE_STRATEGY: "{{ .Values.config.ZO_MEMORY_CACHE_STRATEGY }}" + ZO_MEMORY_CACHE_CACHE_LATEST_FILES: "{{ .Values.config.ZO_MEMORY_CACHE_CACHE_LATEST_FILES }}" + ZO_MEMORY_CACHE_MAX_SIZE: "{{ .Values.config.ZO_MEMORY_CACHE_MAX_SIZE }}" + ZO_MEMORY_CACHE_SKIP_SIZE: "{{ .Values.config.ZO_MEMORY_CACHE_SKIP_SIZE }}" + ZO_MEMORY_CACHE_RELEASE_SIZE: "{{ .Values.config.ZO_MEMORY_CACHE_RELEASE_SIZE }}" + ZO_MEMORY_CACHE_GC_SIZE: "{{ .Values.config.ZO_MEMORY_CACHE_GC_SIZE }}" + ZO_MEMORY_CACHE_GC_INTERVAL: "{{ .Values.config.ZO_MEMORY_CACHE_GC_INTERVAL }}" + ZO_MEMORY_CACHE_DATAFUSION_MEMORY_POOL: "{{ .Values.config.ZO_MEMORY_CACHE_DATAFUSION_MEMORY_POOL }}" + ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE: "{{ .Values.config.ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE }}" + ZO_DISK_CACHE_ENABLED: "{{ .Values.config.ZO_DISK_CACHE_ENABLED }}" + ZO_DISK_CACHE_STRATEGY: "{{ .Values.config.ZO_DISK_CACHE_STRATEGY }}" + ZO_DISK_CACHE_MAX_SIZE: "{{ .Values.config.ZO_DISK_CACHE_MAX_SIZE }}" + ZO_DISK_CACHE_SKIP_SIZE: "{{ .Values.config.ZO_DISK_CACHE_SKIP_SIZE }}" + ZO_DISK_CACHE_RELEASE_SIZE: "{{ .Values.config.ZO_DISK_CACHE_RELEASE_SIZE }}" + ZO_DISK_CACHE_GC_SIZE: "{{ .Values.config.ZO_DISK_CACHE_GC_SIZE }}" + ZO_DISK_CACHE_GC_INTERVAL: "{{ .Values.config.ZO_DISK_CACHE_GC_INTERVAL }}" + {{- if .Values.minio.enabled }} + ZO_S3_PROVIDER: "minio" + ZO_S3_SERVER_URL: "http://{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:9000" + ZO_S3_REGION_NAME: "us-east-1" + ZO_S3_BUCKET_NAME: "{{ (index .Values.minio.buckets 0 ).name }}" + {{- else }} + ZO_S3_PROVIDER: "{{ .Values.config.ZO_S3_PROVIDER }}" + ZO_S3_SERVER_URL: "{{ .Values.config.ZO_S3_SERVER_URL }}" + ZO_S3_REGION_NAME: "{{ .Values.config.ZO_S3_REGION_NAME }}" + ZO_S3_BUCKET_NAME: "{{ .Values.config.ZO_S3_BUCKET_NAME }}" + {{- end }} + ZO_S3_BUCKET_PREFIX: "{{ .Values.config.ZO_S3_BUCKET_PREFIX }}" + ZO_S3_CONNECT_TIMEOUT: "{{ .Values.config.ZO_S3_CONNECT_TIMEOUT }}" + ZO_S3_REQUEST_TIMEOUT: "{{ .Values.config.ZO_S3_REQUEST_TIMEOUT }}" + ZO_S3_FEATURE_FORCE_PATH_STYLE: "{{ .Values.config.ZO_S3_FEATURE_FORCE_PATH_STYLE }}" + ZO_S3_FEATURE_FORCE_HOSTED_STYLE: "{{ .Values.config.ZO_S3_FEATURE_FORCE_HOSTED_STYLE }}" + ZO_S3_FEATURE_HTTP1_ONLY: "{{ .Values.config.ZO_S3_FEATURE_HTTP1_ONLY }}" + ZO_S3_FEATURE_HTTP2_ONLY: "{{ .Values.config.ZO_S3_FEATURE_HTTP2_ONLY }}" + ZO_S3_ALLOW_INVALID_CERTIFICATES: "{{ .Values.config.ZO_S3_ALLOW_INVALID_CERTIFICATES }}" + ZO_S3_SYNC_TO_CACHE_INTERVAL: "{{ .Values.config.ZO_S3_SYNC_TO_CACHE_INTERVAL }}" + ZO_S3_MAX_RETRIES: "{{ .Values.config.ZO_S3_MAX_RETRIES }}" + ZO_S3_MAX_IDLE_PER_HOST: "{{ .Values.config.ZO_S3_MAX_IDLE_PER_HOST }}" + ZO_USAGE_REPORTING_ENABLED: "{{ .Values.config.ZO_USAGE_REPORTING_ENABLED }}" + ZO_USAGE_REPORTING_MODE: "{{ .Values.config.ZO_USAGE_REPORTING_MODE }}" + ZO_USAGE_REPORTING_URL: "{{ .Values.config.ZO_USAGE_REPORTING_URL }}" + ZO_USAGE_REPORTING_CREDS: "{{ .Values.config.ZO_USAGE_REPORTING_CREDS }}" + ZO_USAGE_ORG: "{{ .Values.config.ZO_USAGE_ORG }}" + ZO_USAGE_BATCH_SIZE: "{{ .Values.config.ZO_USAGE_BATCH_SIZE }}" + ZO_PRINT_KEY_CONFIG: "{{ .Values.config.ZO_PRINT_KEY_CONFIG }}" + ZO_PRINT_KEY_EVENT: "{{ .Values.config.ZO_PRINT_KEY_EVENT }}" + ZO_PRINT_KEY_SQL: "{{ .Values.config.ZO_PRINT_KEY_SQL }}" + ZO_INGESTER_SERVICE_URL: "{{ .Values.config.ZO_INGESTER_SERVICE_URL }}" + ZO_IGNORE_FILE_RETENTION_BY_STREAM: "{{ .Values.config.ZO_IGNORE_FILE_RETENTION_BY_STREAM }}" + ZO_RUM_ENABLED: "{{ .Values.config.ZO_RUM_ENABLED }}" + ZO_RUM_APPLICATION_ID: "{{ .Values.config.ZO_RUM_APPLICATION_ID }}" + ZO_RUM_SERVICE: "{{ .Values.config.ZO_RUM_SERVICE }}" + ZO_RUM_ENV: "{{ .Values.config.ZO_RUM_ENV }}" + ZO_RUM_VERSION: "{{ .Values.config.ZO_RUM_VERSION }}" + ZO_RUM_ORGANIZATION_IDENTIFIER: "{{ .Values.config.ZO_RUM_ORGANIZATION_IDENTIFIER }}" + ZO_RUM_API_VERSION: "{{ .Values.config.ZO_RUM_API_VERSION }}" + ZO_RUM_INSECURE_HTTP: "{{ .Values.config.ZO_RUM_INSECURE_HTTP }}" + ZO_RUM_SITE: "{{ .Values.config.ZO_RUM_SITE }}" + ZO_COOKIE_MAX_AGE: "{{ .Values.config.ZO_COOKIE_MAX_AGE }}" + ZO_COOKIE_SAME_SITE_LAX: "{{ .Values.config.ZO_COOKIE_SAME_SITE_LAX }}" + ZO_COOKIE_SECURE_ONLY: "{{ .Values.config.ZO_COOKIE_SECURE_ONLY }}" + ZO_PROF_PYROSCOPE_ENABLED: "{{ .Values.config.ZO_PROF_PYROSCOPE_ENABLED }}" + ZO_PROF_PYROSCOPE_SERVER_URL: "{{ .Values.config.ZO_PROF_PYROSCOPE_SERVER_URL }}" + ZO_PROF_PYROSCOPE_PROJECT_NAME: "{{ .Values.config.ZO_PROF_PYROSCOPE_PROJECT_NAME }}" + ZO_ENTRY_PER_SCHEMA_VERSION_ENABLED: "{{ .Values.config.ZO_ENTRY_PER_SCHEMA_VERSION_ENABLED }}" + ZO_SHOW_STREAM_DATES_DOCS_NUM: "{{ .Values.config.ZO_SHOW_STREAM_DATES_DOCS_NUM }}" + ZO_INGEST_BLOCKED_STREAMS: "{{ .Values.config.ZO_INGEST_BLOCKED_STREAMS }}" + ZO_INGEST_INFER_SCHEMA_PER_REQUEST: "{{ .Values.config.ZO_INGEST_INFER_SCHEMA_PER_REQUEST }}" + ZO_CONCATENATED_SCHEMA_FIELD_NAME: "{{ .Values.config.ZO_CONCATENATED_SCHEMA_FIELD_NAME }}" + ZO_SCHEMA_CACHE_COMPRESS_ENABLED: "{{ .Values.config.ZO_SCHEMA_CACHE_COMPRESS_ENABLED }}" + ZO_SKIP_FORMAT_BULK_STREAM_NAME: "{{ .Values.config.ZO_SKIP_FORMAT_BULK_STREAM_NAME }}" + ZO_BULK_RESPONSE_INCLUDE_ERRORS_ONLY: "{{ .Values.config.ZO_BULK_RESPONSE_INCLUDE_ERRORS_ONLY }}" + ZO_ALLOW_USER_DEFINED_SCHEMAS: "{{ .Values.config.ZO_ALLOW_USER_DEFINED_SCHEMAS }}" + ZO_MEM_TABLE_STREAMS: "{{ .Values.config.ZO_MEM_TABLE_STREAMS }}" + ZO_QUICK_MODE_ENABLED: "{{ .Values.config.ZO_QUICK_MODE_ENABLED }}" + ZO_QUERY_GROUP_BASE_SPEED: "{{ .Values.config.ZO_QUERY_GROUP_BASE_SPEED }}" + ZO_QUERY_PARTITION_MIN_SECS: "{{ .Values.config.ZO_QUERY_PARTITION_MIN_SECS }}" + ZO_QUERY_PARTITION_BY_SECS: "{{ .Values.config.ZO_QUERY_PARTITION_BY_SECS }}" + RUST_LOG: "{{ .Values.config.RUST_LOG }}" + RUST_BACKTRACE: "{{ .Values.config.RUST_BACKTRACE }}" + O2_OPENFGA_ENABLED: "{{ .Values.enterprise.openfga.enabled }}" + O2_OPENFGA_BASE_URL: "http://{{ include "openobserve.fullname" . }}-openfga.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:8080" + O2_DEX_ENABLED: "{{ .Values.enterprise.dex.enabled }}" + O2_DEX_CLIENT_ID: "{{ (index .Values.enterprise.dex.config.staticClients 0).id }}" + O2_DEX_CLIENT_SECRET: "{{ (index .Values.enterprise.dex.config.staticClients 0).secret }}" + O2_DEX_REDIRECT_URL: "{{index (index .Values.enterprise.dex.config.staticClients 0).redirectURIs 0 }}" + O2_DEX_BASE_URL: "{{ .Values.enterprise.dex.config.issuer }}" + O2_CALLBACK_URL: "{{ .Values.enterprise.dex.parameters.O2_CALLBACK_URL }}" + O2_DEX_SCOPES: "{{ .Values.enterprise.dex.parameters.O2_DEX_SCOPES }}" + O2_DEX_GROUP_ATTRIBUTE: "{{ .Values.enterprise.dex.parameters.O2_DEX_GROUP_ATTRIBUTE }}" + O2_DEX_ROLE_ATTRIBUTE: "{{ .Values.enterprise.dex.parameters.O2_DEX_ROLE_ATTRIBUTE }}" + O2_DEX_DEFAULT_ORG: "{{ .Values.enterprise.dex.parameters.O2_DEX_DEFAULT_ORG }}" + O2_DEX_DEFAULT_ROLE: "{{ .Values.enterprise.dex.parameters.O2_DEX_DEFAULT_ROLE }}" + O2_MAP_GROUP_TO_ROLE: "{{ .Values.enterprise.openfga.parameters.O2_MAP_GROUP_TO_ROLE }}" + O2_MAP_GROUP_TO_ROLE_SKIP_CREATION: "{{ .Values.enterprise.openfga.parameters.O2_MAP_GROUP_TO_ROLE_SKIP_CREATION }}" + O2_DEX_NATIVE_LOGIN_ENABLED: "{{ .Values.enterprise.dex.parameters.O2_DEX_NATIVE_LOGIN_ENABLED }}" + O2_DEX_GROUP_CLAIM: "{{ .Values.enterprise.dex.parameters.O2_DEX_GROUP_CLAIM }}" + O2_DEX_LDAP_GROUP_ATTRIBUTE: "{{ .Values.enterprise.dex.parameters.O2_DEX_LDAP_GROUP_ATTRIBUTE }}" + O2_DEX_LDAP_ROLE_ATTRIBUTE: "{{ .Values.enterprise.dex.parameters.O2_DEX_LDAP_ROLE_ATTRIBUTE }}" + O2_OPENFGA_PAGE_SIZE: "{{ .Values.enterprise.openfga.parameters.O2_OPENFGA_PAGE_SIZE }}" + O2_OPENFGA_LIST_ONLY_PERMITTED: "{{ .Values.enterprise.openfga.parameters.O2_OPENFGA_LIST_ONLY_PERMITTED }}" + O2_AUDIT_ENABLED: "{{ .Values.enterprise.parameters.O2_AUDIT_ENABLED }}" + O2_AUDIT_BATCH_SIZE: "{{ .Values.enterprise.parameters.O2_AUDIT_BATCH_SIZE }}" + O2_CUSTOM_LOGO_TEXT: "{{ .Values.enterprise.parameters.O2_CUSTOM_LOGO_TEXT }}" + O2_CUSTOM_SLACK_URL: "{{ .Values.enterprise.parameters.O2_CUSTOM_SLACK_URL }}" + O2_CUSTOM_DOCS_URL: "{{ .Values.enterprise.parameters.O2_CUSTOM_DOCS_URL }}" + O2_CUSTOM_HIDE_MENUS: "{{ .Values.enterprise.parameters.O2_CUSTOM_HIDE_MENUS }}" + O2_CUSTOM_HIDE_SELF_LOGO: "{{ .Values.enterprise.parameters.O2_CUSTOM_HIDE_SELF_LOGO }}" + O2_SUPER_CLUSTER_ENABLED: "{{ .Values.enterprise.parameters.O2_SUPER_CLUSTER_ENABLED }}" + O2_SUPER_CLUSTER_PUBLIC_ADDR: "{{ .Values.enterprise.parameters.O2_SUPER_CLUSTER_PUBLIC_ADDR }}" + O2_SUPER_CLUSTER_PUBLIC_PORT: "{{ .Values.enterprise.parameters.O2_SUPER_CLUSTER_PUBLIC_PORT }}" + O2_SUPER_CLUSTER_GRPC_TOKEN: "{{ .Values.enterprise.parameters.O2_SUPER_CLUSTER_GRPC_TOKEN }}" + O2_SEARCH_GROUP_LONG_MAX_CPU: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_LONG_MAX_CPU }}" + O2_SEARCH_GROUP_LONG_MAX_MEMORY: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_LONG_MAX_MEMORY }}" + O2_SEARCH_GROUP_LONG_MAX_CONCURRENCY: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_LONG_MAX_CONCURRENCY }}" + O2_SEARCH_GROUP_SHORT_MAX_CPU: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_SHORT_MAX_CPU }}" + O2_SEARCH_GROUP_SHORT_MAX_MEMORY: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_SHORT_MAX_MEMORY }}" + O2_SEARCH_GROUP_SHORT_MAX_CONCURRENCY: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_SHORT_MAX_CONCURRENCY }}" + O2_SEARCH_GROUP_BASE_SPEED: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_BASE_SPEED }}" + O2_SEARCH_GROUP_BASE_SECS: "{{ .Values.enterprise.parameters.O2_SEARCH_GROUP_BASE_SECS }}" + ZO_SMTP_ENABLED: "{{ .Values.config.ZO_SMTP_ENABLED }}" + ZO_SMTP_HOST: "{{ .Values.config.ZO_SMTP_HOST }}" + ZO_SMTP_PORT: "{{ .Values.config.ZO_SMTP_PORT }}" + ZO_SMTP_FROM_EMAIL: "{{ .Values.config.ZO_SMTP_FROM_EMAIL }}" + ZO_SMTP_ENCRYPTION: "{{ .Values.config.ZO_SMTP_ENCRYPTION }}" + ZO_RESULT_CACHE_ENABLED: "{{ .Values.config.ZO_RESULT_CACHE_ENABLED }}" + ZO_USE_MULTIPLE_RESULT_CACHE: "{{ .Values.config.ZO_USE_MULTIPLE_RESULT_CACHE }}" + ZO_RESULT_CACHE_SELECTION_STRATEGY: "{{ .Values.config.ZO_RESULT_CACHE_SELECTION_STRATEGY }}" + ZO_RESULT_CACHE_DISCARD_DURATION: "{{ .Values.config.ZO_RESULT_CACHE_DISCARD_DURATION }}" + ZO_INVERTED_INDEX_STORE_FORMAT: "{{ .Values.config.ZO_INVERTED_INDEX_STORE_FORMAT }}" + ZO_INVERTED_INDEX_SEARCH_FORMAT: "{{ .Values.config.ZO_INVERTED_INDEX_SEARCH_FORMAT }}" + ZO_INVERTED_INDEX_TANTIVY_MODE: "{{ .Values.config.ZO_INVERTED_INDEX_TANTIVY_MODE }}" + ZO_FULL_TEXT_SEARCH_TYPE: "{{ .Values.config.ZO_FULL_TEXT_SEARCH_TYPE }}" + ZO_QUERY_ON_STREAM_SELECTION: "{{ .Values.config.ZO_QUERY_ON_STREAM_SELECTION }}" + ZO_FILE_PUSH_LIMIT: "{{ .Values.config.ZO_FILE_PUSH_LIMIT }}" + ZO_FILE_MOVE_FIELDS_LIMIT: "{{ .Values.config.ZO_FILE_MOVE_FIELDS_LIMIT }}" + ZO_QUERY_DEFAULT_LIMIT: "{{ .Values.config.ZO_QUERY_DEFAULT_LIMIT }}" + ZO_USAGE_REPORTING_THREAD_NUM: "{{ .Values.config.ZO_USAGE_REPORTING_THREAD_NUM }}" + ZO_USAGE_PUBLISH_INTERVAL: "{{ .Values.config.ZO_USAGE_PUBLISH_INTERVAL }}" + ZO_SHOW_STREAM_DATES_DOCS_NUM: "{{ .Values.config.ZO_SHOW_STREAM_DATES_DOCS_NUM }}" + ZO_INGEST_BLOCKED_STREAMS: "{{ .Values.config.ZO_INGEST_BLOCKED_STREAMS }}" + ZO_MEM_TABLE_STREAMS: "{{ .Values.config.ZO_MEM_TABLE_STREAMS }}" + ZO_DEFAULT_SCRAPE_INTERVAL: "{{ .Values.config.ZO_DEFAULT_SCRAPE_INTERVAL }}" + ZO_CIRCUIT_BREAKER_ENABLED: "{{ .Values.config.ZO_CIRCUIT_BREAKER_ENABLED }}" + ZO_CIRCUIT_BREAKER_RATIO: "{{ .Values.config.ZO_CIRCUIT_BREAKER_RATIO }}" + ZO_MMDB_DATA_DIR: "{{ .Values.config.ZO_MMDB_DATA_DIR }}" + ZO_MMDB_DISABLE_DOWNLOAD: "{{ .Values.config.ZO_MMDB_DISABLE_DOWNLOAD }}" + ZO_MMDB_UPDATE_DURATION: "{{ .Values.config.ZO_MMDB_UPDATE_DURATION }}" + ZO_MMDB_GEOLITE_CITYDB_URL: "{{ .Values.config.ZO_MMDB_GEOLITE_CITYDB_URL }}" + ZO_MMDB_GEOLITE_CITYDB_SHA256_URL: "{{ .Values.config.ZO_MMDB_GEOLITE_CITYDB_SHA256_URL }}" + ZO_MMDB_GEOLITE_ASNDB_URL: "{{ .Values.config.ZO_MMDB_GEOLITE_ASNDB_URL }}" + ZO_MMDB_GEOLITE_ASNDB_SHA256_URL: "{{ .Values.config.ZO_MMDB_GEOLITE_ASNDB_SHA256_URL }}" + ZO_REPORT_USER_NAME: "{{ .Values.config.ZO_REPORT_USER_NAME }}" + ZO_REPORT_USER_PASSWORD: "{{ .Values.config.ZO_REPORT_USER_PASSWORD }}" + ZO_REPORT_SERVER_URL: "{{ .Values.config.ZO_REPORT_SERVER_URL }}" + ZO_REPORT_SERVER_SKIP_TLS_VERIFY: "{{ .Values.config.ZO_REPORT_SERVER_SKIP_TLS_VERIFY }}" + ZO_SKIP_FORMAT_STREAM_NAME: "{{ .Values.config.ZO_SKIP_FORMAT_STREAM_NAME }}" + ZO_TRACES_SPAN_METRICS_ENABLED: "{{ .Values.config.ZO_TRACES_SPAN_METRICS_ENABLED }}" + ZO_TRACES_SPAN_METRICS_EXPORT_INTERVAL: "{{ .Values.config.ZO_TRACES_SPAN_METRICS_EXPORT_INTERVAL }}" + ZO_TRACES_SPAN_METRICS_CHANNEL_BUFFER: "{{ .Values.config.ZO_TRACES_SPAN_METRICS_CHANNEL_BUFFER }}" + ZO_SELF_METRIC_CONSUMPTION_ENABLED: "{{ .Values.config.ZO_SELF_METRIC_CONSUMPTION_ENABLED }}" + ZO_SELF_METRIC_CONSUMPTION_INTERVAL: "{{ .Values.config.ZO_SELF_METRIC_CONSUMPTION_INTERVAL }}" + ZO_SELF_METRIC_CONSUMPTION_ACCEPTLIST: "{{ .Values.config.ZO_SELF_METRIC_CONSUMPTION_ACCEPTLIST }}" + ZO_SWAGGER_ENABLED: "{{ .Values.config.ZO_SWAGGER_ENABLED }}" + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrole.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrole.yaml new file mode 100644 index 000000000..3ff161442 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrole.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "openobserve.fullname" . }}-{{- .Release.Namespace -}}-dex +rules: +- apiGroups: ["dex.coreos.com"] # API group created by dex + resources: ["*"] + verbs: ["*"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create"] # To manage its own resources identity must be able to create customresourcedefinitions. +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrolebinding.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrolebinding.yaml new file mode 100644 index 000000000..f20661fe1 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "openobserve.fullname" . }}-{{- .Release.Namespace -}}-dex +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "openobserve.fullname" . }}-{{- .Release.Namespace -}}-dex +subjects: +- kind: ServiceAccount + name: {{ include "openobserve.fullname" . }}-dex # Service account assigned to the dex pod. + namespace: {{ .Release.Namespace | quote }} # The namespace dex is running in. +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-configmap.yaml new file mode 100644 index 000000000..a1951fe02 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "openobserve.fullname" . }}-dex + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + config.docker.yaml: | {{ .Values.enterprise.dex.config | toYaml | nindent 4 }} +{{- end }} + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-deployment.yaml new file mode 100644 index 000000000..f990090e8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-deployment.yaml @@ -0,0 +1,95 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-dex + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.dex.enabled }} + replicas: {{ .Values.replicaCount.dex }} + {{- end }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.enterprise.dex.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + app: dex + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.fullname" . }}-dex + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.enterprise.dex.image.repository }}:{{ .Values.enterprise.dex.image.tag }}" + imagePullPolicy: {{ .Values.enterprise.dex.image.pullPolicy }} + ports: + - containerPort: 5556 + name: http + {{- if .Values.probes.dex.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.dex.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.dex.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.dex.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.dex.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.dex.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.dex.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.dex.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.dex.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.dex.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.dex.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.dex.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.enterprise.dex.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /etc/dex + readOnly: true + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - secretRef: + name: {{ include "openobserve.fullname" . }} + env: + {{- with .Values.enterprise.dex.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "openobserve.fullname" . }}-dex + + {{- with .Values.enterprise.dex.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.enterprise.dex.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.dex }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-ingress.yaml new file mode 100644 index 000000000..8de5f630b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-ingress.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled .Values.enterprise.dex.ingress.enabled }} +{{- $fullName := include "openobserve.fullname" . -}} +{{- if and .Values.enterprise.dex.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.enterprise.dex.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.enterprise.dex.ingress.annotations "kubernetes.io/ingress.class" .Values.enterprise.dex.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-dex + namespace: {{ .Release.Namespace }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + {{- with .Values.enterprise.dex.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.enterprise.dex.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.enterprise.dex.ingress.className }} + {{- end }} + + {{- if .Values.enterprise.dex.ingress.tls }} + tls: + {{- range .Values.enterprise.dex.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + + rules: + {{- range .Values.enterprise.dex.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-dex + port: + number: 5556 + {{- else }} + serviceName: {{ $fullName }} + servicePort: 5556 + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-service.yaml new file mode 100644 index 000000000..da4e57a34 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-service.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-dex + namespace: {{ .Release.Namespace | quote }} +spec: + ports: + - port: 5556 + targetPort: 5556 + protocol: TCP + selector: + app: dex +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-serviceaccount.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-serviceaccount.yaml new file mode 100644 index 000000000..8b4a18a51 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/dex-serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.dex.enabled | default false }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openobserve.fullname" . }}-dex + namespace: {{ .Release.Namespace | quote }} +{{- end }} + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-configmap.yaml new file mode 100644 index 000000000..054e5a694 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-ingester + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # This condition is necessary to ensure backwards compatibility for users + {{- if .Values.ingester.config }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.ingester.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.ingester.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.ingester.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- else }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-hpa.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-hpa.yaml new file mode 100644 index 000000000..182839d1f --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.ingester.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "openobserve.fullname" . }}-ingester + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "openobserve.fullname" . }}-ingester + minReplicas: {{ .Values.autoscaling.ingester.minReplicas }} + maxReplicas: {{ .Values.autoscaling.ingester.maxReplicas }} + metrics: + {{- if .Values.autoscaling.ingester.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.ingester.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.ingester.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.ingester.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service-headless.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service-headless.yaml new file mode 100644 index 000000000..804420e1b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service-headless.yaml @@ -0,0 +1,23 @@ +{{ if .Values.ingester.headless.enabled}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-ingester-headless + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: ingester +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service.yaml new file mode 100644 index 000000000..547034f5a --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-ingester + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" +spec: + # type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: ingester diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-statefulset.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-statefulset.yaml new file mode 100644 index 000000000..cbfd8d357 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingester-statefulset.yaml @@ -0,0 +1,161 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "openobserve.fullname" . }}-ingester + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.ingester.enabled }} + replicas: {{ .Values.replicaCount.ingester }} + {{- end }} + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: 0 # Set to 0 to allow all pods to update in parallel + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: ingester + {{ if .Values.ingester.headless.enabled}} + serviceName: {{ include "openobserve.fullname" . }}-ingester-headless + {{- end }} + {{- if not .Values.ingester.headless.enabled}} + serviceName: {{ include "openobserve.fullname" . }} + {{- end }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/ingester-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: ingester + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + + initContainers: + {{- if and .Values.ingester.persistence.volumePermissions.enabled .Values.ingester.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /data + securityContext: + runAsUser: 0 + runAsNonRoot: false + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if .Values.etcd.enabled }} + - name: check-etcd + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -z {{ .Release.Name }}-etcd 2379; do + echo "Waiting for etcd to be ready"; + sleep 5; + done; + '] + {{- end }} + {{- if .Values.nats.enabled }} + - name: check-nats + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -zv {{ .Release.Name }}-nats 4222; do + echo "Waiting for NATS to be ready..."; + sleep 2; + done; + '] + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingester + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.enterprise.enabled }} + image: "{{ .Values.image.enterprise.repository }}:{{ .Values.image.enterprise.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.oss.repository }}:{{ .Values.image.oss.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + - name: grpc + containerPort: {{ .Values.config.ZO_GRPC_PORT }} + {{- if .Values.probes.ingester.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.ingester.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.ingester.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.ingester.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.ingester.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.ingester.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.ingester.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.ingester.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.ingester.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.ingester.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.ingester.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.ingester.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.ingester | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-ingester + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + env: + - name: ZO_NODE_ROLE + value: "ingester" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data + {{- with .Values.nodeSelector.ingester }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.ingester }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.ingester }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + {{- range .Values.ingester.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + storageClassName: {{ .Values.ingester.persistence.storageClass }} + resources: + requests: + storage: {{ .Values.ingester.persistence.size | quote }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingress.yaml new file mode 100644 index 000000000..2c800c0fe --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "openobserve.fullname" . -}} +{{- $svcPort := .Values.service.http_port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-router + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/issuer.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/issuer.yaml new file mode 100644 index 000000000..bcaccfeaf --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/issuer.yaml @@ -0,0 +1,17 @@ +{{- if .Values.certIssuer.enabled }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt + namespace: {{ .Release.Namespace }} +spec: + acme: + email: random-email-id@yahoo.com + privateKeySecretRef: + name: letsencrypt + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + class: nginx +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-deployment.yaml new file mode 100644 index 000000000..6dacd204d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-deployment.yaml @@ -0,0 +1,81 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.openfga.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-openfga + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: openfga + template: + metadata: + labels: + app: openfga + spec: + initContainers: + - name: openfga-migrate + image: {{ .Values.enterprise.openfga.image.repository }}:{{ .Values.enterprise.openfga.image.tag }} + imagePullPolicy: {{ .Values.enterprise.openfga.image.pullPolicy }} + command: ['/openfga', 'migrate'] + env: + - name: OPENFGA_DATASTORE_ENGINE + value: postgres + - name: OPENFGA_DATASTORE_URI + {{- if .Values.postgres.enabled }} + value: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable" + {{- else }} + value: "{{ .Values.auth.ZO_META_POSTGRES_DSN }}" + {{- end }} + resources: + limits: + cpu: 200m + memory: 200Mi + containers: + - name: openfga + image: {{ .Values.enterprise.openfga.image.repository }}:{{ .Values.enterprise.openfga.image.tag }} + imagePullPolicy: IfNotPresent + command: ['/openfga', 'run'] + env: + - name: OPENFGA_DATASTORE_ENGINE + value: postgres + - name: OPENFGA_DATASTORE_URI + {{- if .Values.postgres.enabled }} + value: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable" + {{- else }} + value: "{{ .Values.auth.ZO_META_POSTGRES_DSN }}" + {{- end }} + - name: OPENFGA_LOG_FORMAT + value: json + ports: + - containerPort: 8080 + name: http + - containerPort: 8081 + name: grpc + {{- if .Values.probes.openfga.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.openfga.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.openfga.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.openfga.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.openfga.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.openfga.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.openfga.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.openfga.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.openfga.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.openfga.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.openfga.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.openfga.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + limits: + cpu: 200m + memory: 200Mi +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-svc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-svc.yaml new file mode 100644 index 000000000..a45cc4503 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/openfga-svc.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.enterprise.enabled .Values.enterprise.openfga.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-openfga + namespace: {{ .Release.Namespace | quote }} +spec: + ports: + - port: 8080 + targetPort: 8080 + selector: + app: openfga +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-sts.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-sts.yaml new file mode 100644 index 000000000..22863d31c --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-sts.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.postgres.pgadmin.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "openobserve.fullname" . }}-pgadmin + namespace: {{ .Release.Namespace | quote }} + labels: + name: pgadmin +spec: + serviceName: {{ include "openobserve.fullname" . }}-pgadmin + replicas: 1 + selector: + matchLabels: + name: pgadmin + app: pgadmin + template: + metadata: + labels: + name: pgadmin + app: pgadmin + spec: + securityContext: + fsGroup: 2000 + runAsUser: 10000 + runAsGroup: 3000 + runAsNonRoot: true + # terminationGracePeriodSeconds: 0 + containers: + - name: pgadmin + image: "{{ .Values.postgres.pgadmin.image.repository }}:{{ .Values.postgres.pgadmin.image.tag }}" + env: + - name: PGADMIN_DEFAULT_EMAIL + value: {{ .Values.postgres.pgadmin.PGADMIN_DEFAULT_EMAIL }} + - name: PGADMIN_DEFAULT_PASSWORD + value: {{ .Values.postgres.pgadmin.PGADMIN_DEFAULT_PASSWORD }} + imagePullPolicy: Always + ports: + - containerPort: 80 + name: http + volumeMounts: + - name: data + mountPath: /var/lib/pgadmin + - name: log + mountPath: /var/log/pgadmin + resources: + requests: + memory: {{ .Values.postgres.pgadmin.resources.requests.memory }} + cpu: {{ .Values.postgres.pgadmin.resources.requests.cpu }} + limits: + memory: {{ .Values.postgres.pgadmin.resources.limits.memory }} + cpu: {{ .Values.postgres.pgadmin.resources.limits.cpu }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + - metadata: + name: log + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-svc.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-svc.yaml new file mode 100644 index 000000000..62e12d2ae --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/pgadmin-svc.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.postgres.pgadmin.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-pgadmin + namespace: {{ .Release.Namespace | quote }} +spec: + selector: + app: pgadmin + ports: + - name: http + port: 80 + targetPort: 80 +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres-secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres-secret.yaml new file mode 100644 index 000000000..a39153797 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres-secret.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.postgres.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "openobserve.fullname" . }}-openobservepguser + namespace: {{ .Release.Namespace | quote }} + labels: + cnpg.io/reload: "true" +type: kubernetes.io/basic-auth +data: + username: b3Blbm9ic2VydmU= # openobserve # this should match the role name in cluster + password: {{ .Values.postgres.spec.password | b64enc}} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres.yaml new file mode 100644 index 000000000..b8a447f75 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/postgres.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.postgres.enabled }} +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ include "openobserve.fullname" . }}-postgres + namespace: {{ .Release.Namespace | quote }} +spec: + enableSuperuserAccess: true + managed: + roles: + - name: openobserve # this should match the username in secret + ensure: present + comment: OpenObserve and allies - OpenObserve, OpenOFGA, DexIDP + login: true + superuser: true + createrole: true + inRoles: + - pg_read_all_data + - pg_write_all_data + passwordSecret: + name: {{ include "openobserve.fullname" . }}-openobservepguser + instances: {{ .Values.postgres.spec.instances}} + storage: {{ .Values.postgres.spec.storage | toYaml | nindent 4 }} + postgresql: {{ .Values.postgres.spec.postgresql | toYaml | nindent 4 }} + monitoring: {{ .Values.postgres.spec.monitoring | toYaml | nindent 4 }} + backup: {{ .Values.postgres.spec.backup | toYaml | nindent 4 }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-configmap.yaml new file mode 100644 index 000000000..4f56c656d --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-querier + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # This condition is necessary to ensure backwards compatibility for users + {{- if .Values.querier.config }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.querier.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.querier.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.querier.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- else }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-service.yaml new file mode 100644 index 000000000..86e420595 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-querier + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" +spec: + # type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: querier diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-statefulset.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-statefulset.yaml new file mode 100644 index 000000000..ef1943c69 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/querier-statefulset.yaml @@ -0,0 +1,137 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "openobserve.fullname" . }}-querier + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + serviceName: "{{ include "openobserve.fullname" . }}-querier" + replicas: {{ .Values.replicaCount.querier }} + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: 0 # Set to 0 to allow all pods to update in parallel + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: querier + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/querier-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: querier + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.etcd.enabled }} + - name: check-etcd + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -z {{ .Release.Name }}-etcd 2379; do + echo "Waiting for etcd to be ready"; + sleep 5; + done; + '] + {{- end }} + {{- if .Values.nats.enabled }} + - name: check-nats + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -zv {{ .Release.Name }}-nats 4222; do + echo "Waiting for NATS to be ready..."; + sleep 2; + done; + '] + {{- end }} + containers: + - name: {{ .Chart.Name }}-querier + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.enterprise.enabled }} + image: "{{ .Values.image.enterprise.repository }}:{{ .Values.image.enterprise.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.oss.repository }}:{{ .Values.image.oss.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + - name: grpc + containerPort: {{ .Values.config.ZO_GRPC_PORT }} + {{- if .Values.probes.querier.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.querier.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.querier.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.querier.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.querier.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.querier.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.querier.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.querier.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.querier.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.querier.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.querier.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.querier.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.querier | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-querier + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + env: + - name: ZO_NODE_ROLE + value: "querier" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: cache + mountPath: /data + {{- with .Values.nodeSelector.querier }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.querier }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.querier }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + {{- range .Values.ingester.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.querier.persistence.size }} + storageClassName: {{ .Values.querier.persistence.storageClass }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-configmap.yaml new file mode 100644 index 000000000..da74cee5b --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.reportserver.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-reportserver + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # Report server will call this router URL to visit the dashboards and generate PDFs from them + ZO_WEB_URL: "http://{{ include "openobserve.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.config.ZO_HTTP_PORT }}" +{{- end }} + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-delpoyment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-delpoyment.yaml new file mode 100644 index 000000000..b469664e4 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-delpoyment.yaml @@ -0,0 +1,103 @@ +{{- if .Values.reportserver.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-reportserver + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount.reportserver }} + {{- end }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: reportserver + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/reportserver-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: reportserver + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-reportserver + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.reportserver.repository }}:{{ .Values.image.reportserver.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.config }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-reportserver + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + {{- end }} + env: + - name: ZO_NODE_ROLE + value: "reportserver" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + protocol: TCP + {{- if .Values.probes.reportserver.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.reportserver.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.reportserver.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.reportserver.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.reportserver.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.reportserver.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.reportserver.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.reportserver.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.reportserver.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.reportserver.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.reportserver.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.reportserver.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.reportserver | nindent 12 }} + {{- with .Values.reportserver.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.reportserver.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector.reportserver }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.reportserver }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.reportserver }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-hpa.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-hpa.yaml new file mode 100644 index 000000000..ec0f27346 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-hpa.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.reportserver.enabled .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "openobserve.fullname" . }}-reportserver + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "openobserve.fullname" . }}-reportserver + minReplicas: {{ .Values.autoscaling.reportserver.minReplicas }} + maxReplicas: {{ .Values.autoscaling.reportserver.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.reportserver.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.reportserver.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.reportserver.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-service.yaml new file mode 100644 index 000000000..034ef69d6 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/reportserver-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.reportserver.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-reportserver + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: reportserver +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/router-configmap.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-configmap.yaml new file mode 100644 index 000000000..a6ebcdbee --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openobserve.fullname" . }}-router + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +data: + # This condition is necessary to ensure backwards compatibility for users + {{- if .Values.router.config }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.router.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.router.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.router.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- else }} + ZO_META_CONNECTION_POOL_MIN_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MIN_SIZE }}" + ZO_META_CONNECTION_POOL_MAX_SIZE: "{{ .Values.config.ZO_META_CONNECTION_POOL_MAX_SIZE }}" + ZO_ACTIX_REQ_TIMEOUT: "{{ .Values.config.ZO_ACTIX_REQ_TIMEOUT }}" + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/router-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-deployment.yaml new file mode 100644 index 000000000..15ff655c8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-deployment.yaml @@ -0,0 +1,119 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-router + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.router.enabled }} + replicas: {{ .Values.replicaCount.router }} + {{- end }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: router + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/specific-config: {{ include (print $.Template.BasePath "/router-configmap.yaml") . | sha256sum }} + checksum/generic-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: router + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.etcd.enabled }} + - name: check-etcd + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -z {{ .Release.Name }}-etcd 2379; do + echo "Waiting for etcd to be ready"; + sleep 5; + done; + '] + {{- end }} + {{- if .Values.nats.enabled }} + - name: check-nats + image: {{ .Values.image.busybox.repository }}:{{ .Values.image.busybox.tag }} + command: ['sh', '-c', ' + until nc -zv {{ .Release.Name }}-nats 4222; do + echo "Waiting for NATS to be ready..."; + sleep 2; + done; + '] + {{- end }} + containers: + - name: {{ .Chart.Name }}-router + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.enterprise.enabled }} + image: "{{ .Values.image.enterprise.repository }}:{{ .Values.image.enterprise.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.oss.repository }}:{{ .Values.image.oss.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.ZO_HTTP_PORT }} + - name: grpc + containerPort: {{ .Values.config.ZO_GRPC_PORT }} + {{- if .Values.probes.router.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.router.config.livenessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.router.config.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.router.config.livenessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.router.config.livenessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.router.config.livenessProbe.failureThreshold | default 3 }} + terminationGracePeriodSeconds: {{ .Values.probes.router.config.livenessProbe.terminationGracePeriodSeconds | default 30 }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.config.ZO_HTTP_PORT }} + initialDelaySeconds: {{ .Values.probes.router.config.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.probes.router.config.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.probes.router.config.readinessProbe.timeoutSeconds | default 10 }} + successThreshold: {{ .Values.probes.router.config.readinessProbe.successThreshold | default 1 }} + failureThreshold: {{ .Values.probes.router.config.readinessProbe.failureThreshold | default 3 }} + {{- end }} + resources: + {{- toYaml .Values.resources.router | nindent 12 }} + envFrom: + - configMapRef: + name: {{ include "openobserve.fullname" . }} + - configMapRef: + name: {{ include "openobserve.fullname" . }}-router + - secretRef: + name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }} + env: + - name: ZO_NODE_ROLE + value: "router" + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.nodeSelector.router }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.router }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.router }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/router-hpa.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-hpa.yaml new file mode 100644 index 000000000..15faf5c14 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.router.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "openobserve.fullname" . }}-router + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "openobserve.fullname" . }}-router + minReplicas: {{ .Values.autoscaling.router.minReplicas }} + maxReplicas: {{ .Values.autoscaling.router.maxReplicas }} + metrics: + {{- if .Values.autoscaling.router.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.router.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.router.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.router.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/router-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-service.yaml new file mode 100644 index 000000000..6ec6db385 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/router-service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-router + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.http_port }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.service.grpc_port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: router diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/secret.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/secret.yaml new file mode 100644 index 000000000..e194a43dc --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/secret.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "openobserve.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "openobserve.labels" . | nindent 4 }} +type: Opaque +stringData: + ZO_ROOT_USER_EMAIL: "{{ .Values.auth.ZO_ROOT_USER_EMAIL }}" + ZO_ROOT_USER_PASSWORD: "{{ .Values.auth.ZO_ROOT_USER_PASSWORD }}" + ZO_REPORT_USER_EMAIL: "{{ .Values.auth.ZO_ROOT_USER_EMAIL }}" + ZO_REPORT_USER_PASSWORD: "{{ .Values.auth.ZO_ROOT_USER_PASSWORD }}" + {{- if not .Values.minio.enabled }} + ZO_S3_ACCESS_KEY: "{{ .Values.auth.ZO_S3_ACCESS_KEY }}" + {{- else }} + ZO_S3_ACCESS_KEY: "{{ .Values.minio.rootUser }}" + {{- end }} + {{- if not .Values.minio.enabled }} + ZO_S3_SECRET_KEY: "{{ .Values.auth.ZO_S3_SECRET_KEY }}" + {{- else }} + ZO_S3_SECRET_KEY: "{{ .Values.minio.rootPassword }}" + {{- end }} + {{- if eq .Values.config.ZO_S3_PROVIDER "azure" }} + {{- if .Values.auth.AZURE_STORAGE_ACCOUNT_KEY }} + AZURE_STORAGE_ACCOUNT_KEY: "{{ .Values.auth.AZURE_STORAGE_ACCOUNT_KEY }}" + AZURE_STORAGE_ACCOUNT_NAME: "{{ .Values.auth.AZURE_STORAGE_ACCOUNT_NAME }}" + {{- else }} + AZURE_STORAGE_ACCOUNT_KEY: "{{ .Values.config.AZURE_STORAGE_ACCOUNT_KEY }}" + AZURE_STORAGE_ACCOUNT_NAME: "{{ .Values.config.AZURE_STORAGE_ACCOUNT_NAME }}" + {{- end }} + {{- end }} + {{- if .Values.postgres.enabled }} + ZO_META_POSTGRES_DSN: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable" + {{- else }} + ZO_META_POSTGRES_DSN: "{{ .Values.auth.ZO_META_POSTGRES_DSN }}" + {{- end }} + {{- if .Values.auth.ZO_META_MYSQL_DSN }} + ZO_META_MYSQL_DSN: "{{ .Values.auth.ZO_META_MYSQL_DSN }}" + {{- else }} + ZO_META_MYSQL_DSN: "{{ .Values.config.ZO_META_MYSQL_DSN }}" + {{- end }} + {{- if .Values.auth.ZO_TRACING_HEADER_KEY }} + ZO_TRACING_HEADER_KEY: "{{ .Values.auth.ZO_TRACING_HEADER_KEY }}" + {{- else }} + ZO_TRACING_HEADER_KEY: "{{ .Values.config.ZO_TRACING_HEADER_KEY }}" + {{- end }} + {{- if .Values.auth.ZO_TRACING_HEADER_VALUE }} + ZO_TRACING_HEADER_VALUE: "{{ .Values.auth.ZO_TRACING_HEADER_VALUE }}" + {{- else }} + ZO_TRACING_HEADER_VALUE: "{{ .Values.config.ZO_TRACING_HEADER_VALUE }}" + {{- end }} + {{- if .Values.auth.ZO_RUM_CLIENT_TOKEN }} + ZO_RUM_CLIENT_TOKEN: "{{ .Values.auth.ZO_RUM_CLIENT_TOKEN }}" + {{- else }} + ZO_RUM_CLIENT_TOKEN: "{{ .Values.config.ZO_RUM_CLIENT_TOKEN }}" + {{- end }} + ZO_SMTP_USER_NAME: "{{ .Values.auth.ZO_SMTP_USER_NAME }}" + ZO_SMTP_PASSWORD: "{{ .Values.auth.ZO_SMTP_PASSWORD }}" + diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/serviceaccount.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/serviceaccount.yaml new file mode 100644 index 000000000..c943f6900 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openobserve.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-deployment.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-deployment.yaml new file mode 100644 index 000000000..ca2818804 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-deployment.yaml @@ -0,0 +1,73 @@ +{{- if .Values.zplane.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "openobserve.fullname" . }}-zplane + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount.zplane }} + selector: + matchLabels: + {{- include "openobserve.selectorLabels" . | nindent 6 }} + role: zplane + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openobserve.selectorLabels" . | nindent 8 }} + role: zplane + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "openobserve.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.zplane.image.repository }}:{{ .Values.zplane.image.tag }}" + imagePullPolicy: {{ .Values.zplane.image.pullPolicy }} + ports: + - name: http + containerPort: 9200 + protocol: TCP + # livenessProbe: + # httpGet: + # path: / + # port: 9200 + # readinessProbe: + # httpGet: + # path: / + # port: 9200 + resources: + {{- toYaml .Values.zplane.resources | nindent 12 }} + env: + - name: ZPLANE_ZO_USERNAME + value: "{{ .Values.auth.ZO_ROOT_USER_EMAIL }}" + - name: ZPLANE_ZO_PASSWORD + value: "{{ .Values.auth.ZO_ROOT_USER_PASSWORD }}" + - name: ZPLANE_ZO_ENDPOINT + value: "http://{{ include "openobserve.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5080" + + {{- with .Values.nodeSelector.zplane }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity.zplane }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations.zplane }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-ingress.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-ingress.yaml new file mode 100644 index 000000000..36ca4b0d8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.zplane.ingress.enabled -}} +{{- $fullName := include "openobserve.fullname" . -}} +{{- $svcPort := .Values.zplane.service.port -}} +{{- if and .Values.zplane.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.zplane.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.zplane.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-zplane + namespace: {{ .Release.Namespace }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + {{- with .Values.zplane.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.zplane.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.zplane.ingress.className }} + {{- end }} + + {{- if .Values.zplane.ingress.tls }} + tls: + {{- range .Values.zplane.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + + rules: + {{- range .Values.zplane.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-zplane + port: + number: 9200 + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-service.yaml b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-service.yaml new file mode 100644 index 000000000..c463b1e1e --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/templates/zplane-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.zplane.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "openobserve.fullname" . }}-zplane + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "openobserve.labels" . | nindent 4 }} + prometheus.io/scrape: "true" +spec: + type: {{ .Values.zplane.service.type }} + ports: + - port: 9200 + targetPort: http + protocol: TCP + name: http + selector: + {{- include "openobserve.selectorLabels" . | nindent 4 }} + role: zplane +{{- end }} diff --git a/argocd-helm-charts/openobserve/charts/openobserve/values.yaml b/argocd-helm-charts/openobserve/charts/openobserve/values.yaml new file mode 100644 index 000000000..fe22212a8 --- /dev/null +++ b/argocd-helm-charts/openobserve/charts/openobserve/values.yaml @@ -0,0 +1,979 @@ +# Default values for openobserve. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + oss: + repository: public.ecr.aws/zinclabs/openobserve + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.14.0" + enterprise: + repository: public.ecr.aws/zinclabs/openobserve-enterprise + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.14.0" + reportserver: + repository: public.ecr.aws/zinclabs/report-server + tag: "v0.0.9-6618bad" + busybox: + repository: public.ecr.aws/docker/library/busybox + tag: 1.36.1 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +clusterDomain: "cluster.local" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::12345353456:role/zo-s3-eks + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +labels: {} + +podSecurityContext: + fsGroup: 2000 + runAsUser: 10000 + runAsGroup: 3000 + runAsNonRoot: true + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +replicaCount: + ingester: 1 + querier: 1 + router: 1 + alertmanager: 1 + compactor: 1 + zplane: 0 + reportserver: 0 + +alertmanager: + # Alertmanager specific configuration + config: + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" + +compactor: + # Compactor specific configuration + config: + ZO_COMPACT_MAX_FILE_SIZE: "512" + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" + +router: + # Router specific configuration + config: + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" + +ingester: + # Ingester specific configuration + config: + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" + headless: + enabled: false + persistence: + enabled: true + size: 10Gi + storageClass: "" + accessModes: + - ReadWriteOnce + annotations: {} + volumePermissions: + enabled: false + +querier: + # Querier specific configuration + config: + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" + persistence: # If enabled it will be used for disk cache. Highly recommend to enable this for production + enabled: true + size: 100Gi + storageClass: "" + accessModes: + - ReadWriteOnce + +reportserver: + enabled: false # if true then reportserver will be deployed as part of openobserve + # Additional volumes on the output Deployment definition. + volumes: [] + # - name: foo + # secret: + # secretName: mysecret + # optional: false + + # Additional volumeMounts on the output Deployment definition. + volumeMounts: [] + # - name: foo + # mountPath: "/etc/foo" + # readOnly: true + +# Enable the following to use an external secret instead of placing credentials under the auth section in this values.yaml file +externalSecret: + enabled: false + # name of the external secret + name: "super-secret" + +# Credentials for authentication. Will be stored in a k8s secret +auth: + ZO_ROOT_USER_EMAIL: "root@example.com" + ZO_ROOT_USER_PASSWORD: "Complexpass#123" + + # do not need to set this if enabled minio is being used. settings will be picked from minio section. Also IRSA is preferred if on EKS. Set the Service account section with the correct IAM role ARN. Refer https://zinc.dev/docs/guide/ha_deployment/#amazon-eks-s3 + ZO_S3_ACCESS_KEY: "" + ZO_S3_SECRET_KEY: "" + + AZURE_STORAGE_ACCOUNT_KEY: "" + AZURE_STORAGE_ACCOUNT_NAME: "" + ZO_META_POSTGRES_DSN: "" + ZO_META_MYSQL_DSN: "" + ZO_TRACING_HEADER_KEY: "Authorization" + ZO_TRACING_HEADER_VALUE: "Basic cm9vdEBleGFtcGxlLmNvbTpDb21wbGV4cGFzcyMxMjM=" + ZO_RUM_CLIENT_TOKEN: "" + ZO_REPORT_USER_EMAIL: "" # Check details at https://github.com/openobserve/o2_report_server + ZO_REPORT_USER_PASSWORD: "" + ZO_SMTP_USER_NAME: "ABAAQQQQFFFFF" # Replace with your own SMTP username + ZO_SMTP_PASSWORD: "+fjlahsguykevfkajvjk#jsbj43$bjkjbkk" # Replace with your own SMTP password + +config: + ZO_APP_NAME: "openobserve" + ZO_CLUSTER_NAME: "o2" + ZO_INSTANCE_NAME: "" + ZO_NODE_ROLE: "all" + ZO_LOCAL_MODE: "false" + ZO_LOCAL_MODE_STORAGE: "disk" + ZO_HTTP_PORT: "5080" + ZO_HTTP_ADDR: "" + ZO_HTTP_IPV6_ENABLED: "false" + ZO_GRPC_PORT: "5081" + ZO_GRPC_ADDR: "" + ZO_GRPC_TIMEOUT: "600" + ZO_GRPC_MAX_MESSAGE_SIZE: "16" + ZO_GRPC_ORG_HEADER_KEY: "organization" + ZO_GRPC_STREAM_HEADER_KEY: "stream-name" + ZO_INTERNAL_GRPC_TOKEN: "" + ZO_TCP_PORT: "5514" + ZO_UDP_PORT: "5514" + ZO_DATA_DIR: "./data/" + ZO_DATA_DB_DIR: "" + ZO_DATA_WAL_DIR: "" + ZO_DATA_IDX_DIR: "" + ZO_DATA_STREAM_DIR: "" + ZO_DATA_CACHE_DIR: "" + ZO_UI_ENABLED: "true" + ZO_UI_SQL_BASE64_ENABLED: "false" + ZO_WEB_URL: "" + ZO_BASE_URI: "" + ZO_CLUSTER_COORDINATOR: "nats" + ZO_QUEUE_STORE: "" + ZO_META_STORE: "postgres" + ZO_META_CONNECTION_POOL_MIN_SIZE: "0" + ZO_META_CONNECTION_POOL_MAX_SIZE: "0" + ZO_META_TRANSACTION_RETRIES: "3" + ZO_META_TRANSACTION_LOCK_TIMEOUT: "600" # seconds + ZO_COLUMN_TIMESTAMP: "_timestamp" + ZO_COLS_PER_RECORD_LIMIT: "200" + ZO_WIDENING_SCHEMA_EVOLUTION: "true" + ZO_SKIP_SCHEMA_VALIDATION: "false" + ZO_FEATURE_FULLTEXT_EXTRA_FIELDS: "" + ZO_FEATURE_DISTINCT_EXTRA_FIELDS: "" + ZO_FEATURE_FILELIST_DEDUP_ENABLED: "false" + ZO_FEATURE_QUERY_QUEUE_ENABLED: "true" + ZO_FEATURE_QUERY_INFER_SCHEMA: "false" + ZO_FEATURE_QUICK_MODE_FIELDS: "" # default fields for quick mode + ZO_FEATURE_QUERY_PARTITION_STRATEGY: "file_hash" + ZO_FEATURE_PER_THREAD_LOCK: "false" + ZO_RESULT_CACHE_ENABLED: "false" # Enable result cache for query results + ZO_USE_MULTIPLE_RESULT_CACHE: "false" # Enable to use mulple result caches for query results + ZO_RESULT_CACHE_SELECTION_STRATEGY: "overlap" # Strategy to use for result cache, default is both , possible value - both,overlap , duration + ZO_RESULT_CACHE_DISCARD_DURATION: "60" # Discard data of last n seconds from cached results + ZO_CONSISTENT_HASH_VNODES: "100" + ZO_QUERY_OPTIMIZATION_NUM_FIELDS: "0" + ZO_QUICK_MODE_NUM_FIELDS: "500" + ZO_QUICK_MODE_STRATEGY: "" + ZO_QUICK_MODE_FILE_LIST_ENABLED: "false" + ZO_QUICK_MODE_FILE_LIST_INTERVAL: "300" + ZO_BLOOM_FILTER_ENABLED: "true" + ZO_BLOOM_FILTER_DEFAULT_FIELDS: "" + ZO_ENABLE_INVERTED_INDEX: "true" + ZO_INVERTED_INDEX_STORE_FORMAT: "tantivy" # InvertedIndex store format, parquet(default), tantivy, both + ZO_INVERTED_INDEX_SEARCH_FORMAT: "tantivy" # InvertedIndex search format, parquet(default), tantivy. + ZO_INVERTED_INDEX_TANTIVY_MODE: "puffin" # Tantivy search mode, puffin or mmap, default is puffin. + ZO_INVERTED_INDEX_COUNT_OPTIMIZER_ENABLED: "true" + ZO_FEATURE_QUERY_REMOVE_FILTER_WITH_INDEX: "true" + ZO_INVERTED_INDEX_SPLIT_CHARS: "" + ZO_FULL_TEXT_SEARCH_TYPE: "prefix" # Search through full text fields with either 'contains' , 'eq' or 'prefix' match. + ZO_QUERY_ON_STREAM_SELECTION: "true" # Toggle search to be trigger based on button click event. + ZO_DISTINCT_VALUES_INTERVAL: "10" + ZO_DISTINCT_VALUES_HOURLY: "false" + ZO_TRACING_ENABLED: "false" + ZO_TRACING_SEARCH_ENABLED: "false" + ZO_TRACING_HEADER_KEY: "Authorization" + OTEL_OTLP_HTTP_ENDPOINT: "" + ZO_TELEMETRY: "true" + ZO_TELEMETRY_HEARTBEAT: "1800" + ZO_TELEMETRY_URL: "https://e1.zinclabs.dev" + ZO_JSON_LIMIT: "209715200" + ZO_PAYLOAD_LIMIT: "209715200" + ZO_PARQUET_MAX_ROW_GROUP_SIZE: "0" + ZO_MAX_FILE_SIZE_ON_DISK: "128" + ZO_MAX_FILE_SIZE_IN_MEMORY: "128" + ZO_MAX_FILE_RETENTION_TIME: "600" + ZO_FILE_PUSH_INTERVAL: "10" + ZO_FILE_PUSH_LIMIT: "10000" # over this limit will skip merging on ingester + ZO_FILE_MOVE_FIELDS_LIMIT: "2000" + ZO_FILE_MOVE_THREAD_NUM: "0" + ZO_FILE_MERGE_THREAD_NUM: "0" + ZO_MEM_DUMP_THREAD_NUM: "0" + ZO_MEM_TABLE_MAX_SIZE: "0" + ZO_MEM_TABLE_BUCKET_NUM: "0" + ZO_MEM_PERSIST_INTERVAL: "5" + ZO_ENRICHMENT_TABLE_LIMIT: "10" # size in mb + ZO_WAL_WRITE_BUFFER_SIZE: "16384" + ZO_WAL_FSYNC_DISABLED: "false" + ZO_QUERY_THREAD_NUM: "0" + ZO_QUERY_TIMEOUT: "600" + ZO_ROUTE_TIMEOUT: "600" + ZO_QUERY_DEFAULT_LIMIT: "1000" + ZO_ROUTE_MAX_CONNECTIONS: "1024" + ZO_HTTP_WORKER_NUM: "0" + ZO_HTTP_WORKER_MAX_BLOCKING: "0" + ZO_ACTIX_REQ_TIMEOUT: "30" # in second + ZO_ACTIX_KEEP_ALIVE: "30" # in second + ZO_ACTIX_SHUTDOWN_TIMEOUT: "10" # in second + ZO_INGEST_ALLOWED_UPTO: "24" + ZO_INGEST_FLATTEN_LEVEL: "3" + ZO_LOGS_FILE_RETENTION: "hourly" + ZO_TRACES_FILE_RETENTION: "hourly" + ZO_METRICS_FILE_RETENTION: "daily" + ZO_METRICS_DEDUP_ENABLED: "true" + ZO_METRICS_LEADER_PUSH_INTERVAL: "15" + ZO_METRICS_LEADER_ELECTION_INTERVAL: "30" + ZO_PROMETHEUS_HA_CLUSTER: "cluster" + ZO_PROMETHEUS_HA_REPLICA: "__replica__" + ZO_COMPACT_ENABLED: "true" + ZO_COMPACT_INTERVAL: "60" + ZO_COMPACT_SYNC_TO_DB_INTERVAL: "600" + ZO_COMPACT_STRATEGY: "file_time" + ZO_COMPACT_MAX_FILE_SIZE: "512" + ZO_COMPACT_DATA_RETENTION_DAYS: "3650" + ZO_COMPACT_DELETE_FILES_DELAY_HOURS: "2" + ZO_COMPACT_BATCH_SIZE: "500" + ZO_COMPACT_BLOCKED_ORGS: "" + ZO_MEMORY_CACHE_ENABLED: "true" + ZO_MEMORY_CACHE_STRATEGY: "lru" + ZO_MEMORY_CACHE_CACHE_LATEST_FILES: "false" + ZO_MEMORY_CACHE_MAX_SIZE: "0" + ZO_MEMORY_CACHE_SKIP_SIZE: "0" + ZO_MEMORY_CACHE_RELEASE_SIZE: "0" + ZO_MEMORY_CACHE_GC_SIZE: "50" + ZO_MEMORY_CACHE_GC_INTERVAL: "0" + ZO_MEMORY_CACHE_DATAFUSION_MEMORY_POOL: "" + ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE: "0" + ZO_DISK_CACHE_ENABLED: "true" + ZO_DISK_CACHE_STRATEGY: "lru" + ZO_DISK_CACHE_MAX_SIZE: "0" + ZO_DISK_CACHE_SKIP_SIZE: "0" + ZO_DISK_CACHE_RELEASE_SIZE: "0" + ZO_DISK_CACHE_GC_SIZE: "100" + ZO_DISK_CACHE_GC_INTERVAL: "0" + ZO_ETCD_PREFIX: "/zinc/observe/" + ZO_ETCD_CONNECT_TIMEOUT: "5" + ZO_ETCD_COMMAND_TIMEOUT: "5" + ZO_ETCD_LOCK_WAIT_TIMEOUT: "600" + ZO_ETCD_USER: "" + ZO_ETCD_PASSWORD: "" + ZO_ETCD_CLIENT_CERT_AUTH: "false" + ZO_ETCD_TRUSTED_CA_FILE: "" + ZO_ETCD_CERT_FILE: "" + ZO_ETCD_KEY_FILE: "" + ZO_ETCD_DOMAIN_NAME: "" + ZO_ETCD_LOAD_PAGE_SIZE: "100" + ZO_NATS_ADDR: "nats://nats.openobserve.svc.cluster.local:4222" + ZO_NATS_PREFIX: "o2_" + ZO_NATS_USER: "" + ZO_NATS_PASSWORD: "" + ZO_NATS_REPLICAS: "3" + ZO_NATS_QUEUE_MAX_AGE: "60" # days for queue message max age + ZO_NATS_CONNECT_TIMEOUT: "5" + ZO_NATS_COMMAND_TIMEOUT: "10" + ZO_NATS_LOCK_WAIT_TIMEOUT: "600" + ZO_S3_PROVIDER: "s3" # Valid values are s3, azure, minio, gcs + ZO_S3_SERVER_URL: "" # do not need to set this if enabled minio is being used. settings will be picked from minio section + ZO_S3_REGION_NAME: "us-east-2" # do not need to set this if enabled minio is being used. settings will be picked from minio section + ZO_S3_BUCKET_NAME: "o2-dev-bucket" # do not need to set this if enabled minio is being used. settings will be picked from minio section + ZO_S3_BUCKET_PREFIX: "" + ZO_S3_FEATURE_FORCE_PATH_STYLE: "false" + ZO_S3_FEATURE_FORCE_HOSTED_STYLE: "false" + ZO_S3_FEATURE_HTTP1_ONLY: "false" + ZO_S3_FEATURE_HTTP2_ONLY: "false" + ZO_S3_SYNC_TO_CACHE_INTERVAL: "600" + ZO_S3_CONNECT_TIMEOUT: "10" # in seconds + ZO_S3_REQUEST_TIMEOUT: "3600" # in seconds + ZO_S3_ALLOW_INVALID_CERTIFICATES: "false" + ZO_S3_MAX_RETRIES: "10" + ZO_S3_MAX_IDLE_PER_HOST: "0" + ZO_USAGE_REPORTING_ENABLED: "false" + ZO_USAGE_REPORTING_MODE: "local" + ZO_USAGE_REPORTING_URL: "http://localhost:5080/api/_meta/usage/_json" + ZO_USAGE_REPORTING_CREDS: "" + ZO_USAGE_REPORTING_THREAD_NUM: "0" + ZO_USAGE_ORG: "_meta" + ZO_USAGE_BATCH_SIZE: "2000" + ZO_USAGE_PUBLISH_INTERVAL: "60" # duration in seconds after last reporting usage will be published + ZO_PRINT_KEY_CONFIG: "false" + ZO_PRINT_KEY_EVENT: "false" + ZO_PRINT_KEY_SQL: "false" + ZO_INGESTER_SERVICE_URL: "" + ZO_IGNORE_FILE_RETENTION_BY_STREAM: "false" + ZO_RUM_ENABLED: "false" + ZO_RUM_APPLICATION_ID: "" + ZO_RUM_SITE: "" + ZO_RUM_SERVICE: "" + ZO_RUM_ENV: "" + ZO_RUM_VERSION: "0.9.1" + ZO_RUM_ORGANIZATION_IDENTIFIER: "default" + ZO_RUM_API_VERSION: "v1" + ZO_RUM_INSECURE_HTTP: "false" + ZO_COOKIE_MAX_AGE: "2592000" # 30 days + ZO_COOKIE_SAME_SITE_LAX: "true" + ZO_COOKIE_SECURE_ONLY: "false" + ZO_PROF_PYROSCOPE_ENABLED: "false" + ZO_PROF_PYROSCOPE_SERVER_URL: "http://localhost:4040" + ZO_PROF_PYROSCOPE_PROJECT_NAME: "openobserve" + ZO_ENTRY_PER_SCHEMA_VERSION_ENABLED: "true" + ZO_QUICK_MODE_ENABLED: "false" + ZO_QUERY_GROUP_BASE_SPEED: "768" # MB/s/core + ZO_QUERY_PARTITION_BY_SECS: "1" # In how many seconds we want to get the results per partition + ZO_QUERY_PARTITION_MIN_SECS: "600" # seconds. This is the minimum time range for a partition + RUST_LOG: "info" + RUST_BACKTRACE: "0" + ZO_SHOW_STREAM_DATES_DOCS_NUM: true # Show docs count and stream dates + ZO_INGEST_BLOCKED_STREAMS: "" # // use comma to split multiple streams + ZO_INGEST_INFER_SCHEMA_PER_REQUEST: "true" + ZO_REPORT_SERVER_HTTP_PORT: "5082" + ZO_CHROME_SLEEP_SECS: "50" + ZO_CHROME_NO_SANDBOX: "true" + ZO_SMTP_ENABLED: "false" # if true then smtp will be enabled. set SMTP creds in auth section. Set ZO_WEB_URL to the correct URL for reports to be sent + ZO_SMTP_HOST: "email-smtp.us-west-2.amazonaws.com" + ZO_SMTP_PORT: "465" + ZO_SMTP_FROM_EMAIL: "root@example.com" + ZO_SMTP_ENCRYPTION: "ssltls" + ZO_CONCATENATED_SCHEMA_FIELD_NAME: "_all" + ZO_SCHEMA_CACHE_COMPRESS_ENABLED: "false" + ZO_SKIP_FORMAT_BULK_STREAM_NAME: false + ZO_BULK_RESPONSE_INCLUDE_ERRORS_ONLY: false + ZO_ALLOW_USER_DEFINED_SCHEMAS: "true" + ZO_MEM_TABLE_STREAMS: "" # Streams for which dedicated MemTable will be used as comma separated values + ZO_DEFAULT_SCRAPE_INTERVAL: "15" + ZO_CIRCUIT_BREAKER_ENABLED: "false" + ZO_CIRCUIT_BREAKER_RATIO: "100" + ZO_MMDB_DATA_DIR: "./data/openobserve/mmdb/" + ZO_MMDB_DISABLE_DOWNLOAD: "false" + ZO_MMDB_UPDATE_DURATION: "86400" # Everyday to test + ZO_MMDB_GEOLITE_CITYDB_URL: "https://geoip.zinclabs.dev/GeoLite2-City.mmdb" + ZO_MMDB_GEOLITE_CITYDB_SHA256_URL: "https://geoip.zinclabs.dev/GeoLite2-ASN.sha256" + ZO_MMDB_GEOLITE_ASNDB_URL: "https://geoip.zinclabs.dev/GeoLite2-ASN.mmdb" + ZO_MMDB_GEOLITE_ASNDB_SHA256_URL: "https://geoip.zinclabs.dev/GeoLite2-ASN.sha256" + ZO_REPORT_USER_NAME: "" + ZO_REPORT_USER_PASSWORD: "" + ZO_REPORT_SERVER_URL: "" + ZO_REPORT_SERVER_SKIP_TLS_VERIFY: "false" + ZO_SKIP_FORMAT_STREAM_NAME: false + ZO_TRACES_SPAN_METRICS_ENABLED: "false" # enable span metrics for traces + ZO_TRACES_SPAN_METRICS_EXPORT_INTERVAL: "60" # traces span metrics export interval, unit seconds + ZO_TRACES_SPAN_METRICS_CHANNEL_BUFFER: "100000" # traces span metrics channel send buffer size + ZO_SELF_METRIC_CONSUMPTION_ENABLED: "false" # self-consume metrics generated by openobserve + ZO_SELF_METRIC_CONSUMPTION_INTERVAL: "60" # self-consume metrics interval, unit seconds + ZO_SELF_METRIC_CONSUMPTION_ACCEPTLIST: "" # only these metrics will be self-consumed, comma separated + ZO_SWAGGER_ENABLED: "true" + + + +# Add extra environment variables to all pods, useful for overriding secrets +extraEnv: [] +# - name: ZO_S3_SECRET_KEY +# valueFrom: +# secretKeyRef: +# name: s3credentials-secret +# key: S3_KEY + +service: + type: ClusterIP + # type: LoadBalancer + http_port: 5080 + grpc_port: 5081 + report_server_port: 5082 + # if the type of service is LoadBalancer, you can config available annotations for Kubernetes load balancers by cloud provider. + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + + +certIssuer: + enabled: false + +ingress: + enabled: false + className: "nginx" + annotations: + cert-manager.io/issuer: letsencrypt + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # nginx.ingress.kubernetes.io/connection-proxy-header: keep-alive + # nginx.ingress.kubernetes.io/proxy-connect-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-send-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-read-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-body-size: 32m + hosts: + - host: openobserve.example.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: openobserve.example.com + hosts: + - openobserve.example.com + +# You can specify resources for each deployment independently. +# For example, to configure resources for the ingester, use +# the code below: +# resources: +# ingester: +# limits: +# cpu: 150m +# memory: 512Mi +# requests: +# cpu: 100m +# memory: 128Mi +resources: + ingester: {} + querier: {} + compactor: {} + router: {} + alertmanager: {} + dex: {} + reportserver: {} + +# autoscaling: +# enabled: false +# minReplicas: 1 +# maxReplicas: 100 +# targetCPUUtilizationPercentage: 80 +# # targetMemoryUtilizationPercentage: 80 + +autoscaling: + ingester: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + router: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + compactor: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + dex: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + reportserver: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: + ingester: {} + querier: {} + compactor: {} + router: {} + alertmanager: {} + zplane: {} + dex: {} + reportserver: {} + +tolerations: + ingester: [] + querier: [] + compactor: [] + router: [] + alertmanager: [] + zplane: [] + dex: [] + reportserver: [] + +affinity: + ingester: {} + querier: {} + compactor: {} + router: {} + alertmanager: {} + zplane: {} + dex: {} + reportserver: {} + +nats: + enabled: true # if true then nats will be deployed as part of openobserve + externalUrl: "my_custom_host.com:4222" # if enabled is false then this is required + config: + cluster: + enabled: true + routeURLs: + user: "" + password: "" + jetstream: + enabled: true + fileStore: + enabled: true + pvc: + enabled: true + size: 20Gi + storageClassName: "" + promExporter: + enabled: true + podMonitor: + enabled: true + natsBox: + container: + image: + repository: natsio/nats-box + tag: 0.14.5-nonroot + +etcd: + enabled: false # if true then etcd will be deployed as part of openobserve + externalUrl: "my_custom_host.com:2379" # if enabled is false then this is required + replicaCount: 3 # if enabled is true then this is required. should be odd number + clusterDomain: "cluster.local" + image: + registry: docker.io + repository: bitnami/etcd + tag: 3.5.8-debian-11-r4 + pullPolicy: IfNotPresent + digest: "" + auth: + token: + enabled: false + rbac: + create: false + allowNoneAuthentication: true + rootPassword: "" + logLevel: "info" + extraEnvVars: + - name: ETCD_QUOTA_BACKEND_BYTES + value: "17179869184" + - name: ETCD_AUTO_COMPACTION_RETENTION + value: "2" + persistence: + size: 20Gi + storageClass: "" + accessModes: + - ReadWriteOnce + annotations: {} + +minio: + enabled: false # if true then minio will be deployed as part of openobserve + region: "us-east-1" + rootUser: rootuser + rootPassword: rootpass123 + drivesPerNode: 1 + replicas: 4 + mode: distributed # or standalone + image: + repository: quay.io/minio/minio + tag: RELEASE.2023-02-10T18-48-39Z + pullPolicy: IfNotPresent + mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2023-01-28T20-29-38Z + pullPolicy: IfNotPresent + buckets: + - name: mysuperduperbucket + policy: none + purge: false + resources: + requests: + memory: 256Mi + persistence: + enabled: true + size: 10Gi + storageClass: "" + accessModes: + - ReadWriteOnce + annotations: {} + +# zPlane enables elasticsearch compatibility for openobserve. Copyright (c) 2023 Zinc Labs Inc. +# You can enable zPlane by setting enabled to true +# zPlane is a commercial software and requires a license to be used. +# Reach out to hello@zinclabs.io for commercial license if you continue to use zPlane +zplane: + enabled: false # if true then zPlane will be deployed as part of openobserve + image: + repository: public.ecr.aws/zinclabs/zplane + tag: 0.1.6 + pullPolicy: IfNotPresent + service: + type: ClusterIP + port: 9200 + ingress: # if enabled is true then this is required + enabled: false + className: "" + annotations: + {} + # kubernetes.io/ingress.class: nginx + # cert-manager.io/issuer: letsencrypt + # kubernetes.io/tls-acme: true + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# Postgres is used for storing openobserve metadata. +# Make sure to install cloudnative-pg operator before enabling this +# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/docs/src/installation_upgrade.md +# kubectl apply --server-side -f \ +# https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml +postgres: + enabled: true + pgadmin: + enabled: false + image: + repository: dpage/pgadmin4 + tag: latest + resources: + requests: + memory: 200Mi + cpu: 10m + limits: + memory: 250Mi + cpu: 100m + PGADMIN_DEFAULT_EMAIL: hello@openobserve.ai + PGADMIN_DEFAULT_PASSWORD: Batman123 + spec: + password: Batman123 # password # username is hardcoded to openobserve, db is hardcoded to app + enableSuperuserAccess: true # if true then superuser access will be enabled. You can get the password from appropriate secret once the postgres is deployed + instances: 2 # creates a primary and a replica. replica will become primary if the primary fails + storage: + size: 10Gi + postgresql: + parameters: + shared_buffers: "1GB" + max_connections: "1500" + monitoring: + enablePodMonitor: true + backup: {} # All the configuration associated with an object store from https://cloudnative-pg.io/documentation/1.17/backup_recovery/ + +enterprise: + enabled: false + parameters: + O2_AUDIT_ENABLED: "true" + O2_AUDIT_BATCH_SIZE: "500" + O2_CUSTOM_LOGO_TEXT: "" + O2_CUSTOM_SLACK_URL: "" + O2_CUSTOM_DOCS_URL: "" + O2_CUSTOM_HIDE_MENUS: "" + O2_CUSTOM_HIDE_SELF_LOGO: "false" + O2_SUPER_CLUSTER_ENABLED: "false" + O2_SUPER_CLUSTER_PUBLIC_ADDR: "" + O2_SUPER_CLUSTER_PUBLIC_PORT: "" + O2_SUPER_CLUSTER_GRPC_TOKEN: "" + O2_SEARCH_GROUP_LONG_MAX_CPU: "80%" + O2_SEARCH_GROUP_LONG_MAX_MEMORY: "80%" + O2_SEARCH_GROUP_LONG_MAX_CONCURRENCY: "2" + O2_SEARCH_GROUP_SHORT_MAX_CPU: "20%" + O2_SEARCH_GROUP_SHORT_MAX_MEMORY: "20%" + O2_SEARCH_GROUP_SHORT_MAX_CONCURRENCY: "10" + O2_SEARCH_GROUP_BASE_SPEED: "1024" # in MB + O2_SEARCH_GROUP_BASE_SECS: "10" # in seconds + openfga: + enabled: false + parameters: + O2_OPENFGA_LIST_ONLY_PERMITTED: "true" + O2_MAP_GROUP_TO_ROLE: "true" + O2_MAP_GROUP_TO_ROLE_SKIP_CREATION: "false" + O2_OPENFGA_PAGE_SIZE: "100" + image: + repository: openfga/openfga + tag: latest + pullPolicy: IfNotPresent + dex: + enabled: false + parameters: + O2_CALLBACK_URL: https://openobserve.example.com/web/cb + O2_DEX_SCOPES: openid profile email groups offline_access + O2_DEX_GROUP_ATTRIBUTE: ou + O2_DEX_DEFAULT_ORG: default + O2_DEX_DEFAULT_ROLE: user + O2_DEX_ROLE_ATTRIBUTE: role + O2_DEX_NATIVE_LOGIN_ENABLED: "true" + O2_DEX_GROUP_CLAIM: "groups" + O2_DEX_LDAP_GROUP_ATTRIBUTE: "ou" + O2_DEX_LDAP_ROLE_ATTRIBUTE: "cn" + config: + issuer: https://dex.example.com/dex + storage: + type: kubernetes + config: + inCluster: true + web: + http: 0.0.0.0:5556 + expiry: + idTokens: 10m + refreshTokens: + validIfNotUsedFor: 30m + staticClients: + - id: o2-client + redirectURIs: + - https://openobserve.example.com/config/redirect + name: o2-client + secret: ZXhhbXBsZS1hcHAtc2VjcmV0 # This should be base64 encoded value of client secret.Gets mapped to O2_DEX_CLIENT_SECRET + oauth2: + responseTypes: + - code + skipApprovalScreen: true + connectors: + # - type: google + # id: google + # name: Google + # config: + + # # Connector config values starting with a "$" will read from the environment. + # clientID: 123144355-hcghfcfghd5fhcv5v7hvh.apps.googleusercontent.com + # clientSecret: GOABCD-gghfge543edfgc55dcgcghf6 + + # # Dex's issuer URL + "/callback" + # redirectURI: https://dex.example.com/dex/callback + # # Google supports whitelisting allowed domains when using G Suite + # # (Google Apps). The following field can be set to a list of domains + # # that can log in: + # # + # hostedDomains: + # - openobserve.ai + # - zinclabs.io + - type: ldap + name: OpenLDAP + id: ldap + config: + host: openldap:389 + insecureNoSSL: true + bindDN: cn=admin,dc=o2,dc=ai + bindPW: Z54H7w5WQUARsLKaumM967iX62msTEno + usernamePrompt: Email Address + userSearch: + baseDN: ou=users,dc=o2,dc=ai + filter: "(objectClass=inetOrgPerson)" + username: mail + idAttr: DN + emailAttr: mail + nameAttr: cn + groupSearch: + baseDN: ou=teams,dc=o2,dc=ai + filter: "(objectClass=groupOfUniqueNames)" + userMatchers: + - userAttr: DN + groupAttr: uniqueMember + nameAttr: entryDN + image: + repository: dexidp/dex + tag: v2.37.0 + pullPolicy: IfNotPresent + extraEnv: [] + podAnnotations: {} + ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/issuer: letsencrypt + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # nginx.ingress.kubernetes.io/connection-proxy-header: keep-alive + # nginx.ingress.kubernetes.io/proxy-connect-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-send-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-read-timeout: '600' + # nginx.ingress.kubernetes.io/proxy-body-size: 32m + hosts: + - host: dex.example.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: dex.example.com + hosts: + - dex.example.com + +probes: + alertmanager: + enabled: false + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + compactor: + enabled: false + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + ingester: + enabled: true + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + querier: + enabled: true + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + router: + enabled: true + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + dex: + enabled: false + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + openfga: + enabled: false + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + reportserver: + enabled: false + config: + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + terminationGracePeriodSeconds: 30 diff --git a/argocd-helm-charts/opentelemetry-operator/Chart.yaml b/argocd-helm-charts/opentelemetry-operator/Chart.yaml new file mode 100644 index 000000000..06c0abbc2 --- /dev/null +++ b/argocd-helm-charts/opentelemetry-operator/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: opentelemetry-operator +version: 0.13.4 +dependencies: + - name: opentelemetry-operator + version: 0.78.1 + repository: https://open-telemetry.github.io/opentelemetry-helm-charts diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/.helmignore b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/.helmignore similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/.helmignore rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/.helmignore diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/CONTRIBUTING.md b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/CONTRIBUTING.md similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/CONTRIBUTING.md rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/CONTRIBUTING.md diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/Chart.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/Chart.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/Chart.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/Chart.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/README.md b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/README.md similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/README.md rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/README.md diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/UPGRADING.md b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/UPGRADING.md similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/UPGRADING.md rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/UPGRADING.md diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/cert-manager-disable-nameoverride-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/cert-manager-disable-nameoverride-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/cert-manager-disable-nameoverride-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/cert-manager-disable-nameoverride-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/cert-manager-disable-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/cert-manager-disable-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/cert-manager-disable-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/cert-manager-disable-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/feature-gates-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/feature-gates-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/feature-gates-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/feature-gates-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/nameoverride-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/nameoverride-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/nameoverride-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/nameoverride-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/secret-name-nameoverride-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/secret-name-nameoverride-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/secret-name-nameoverride-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/secret-name-nameoverride-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/secret-name-values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/secret-name-values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/ci/secret-name-values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/ci/secret-name-values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetry.io_opampbridges.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetry.io_opampbridges.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetry.io_opampbridges.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetry.io_opampbridges.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetrycollector.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetrycollector.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetrycollector.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetrycollector.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetryinstrumentation.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetryinstrumentation.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/conf/crds/crd-opentelemetryinstrumentation.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/conf/crds/crd-opentelemetryinstrumentation.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/README.md b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/README.md similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/README.md rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/README.md diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/role.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/role.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/role.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/role.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/service.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/service.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/service.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/service.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/default/values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/default/values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/admission-webhooks/operator-webhook.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/certmanager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/certmanager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/certmanager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/certmanager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrole.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrole.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrole.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrole.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/clusterrolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/deployment.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/deployment.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/deployment.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/deployment.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/role.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/role.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/role.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/role.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/rolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/rolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/rolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/rolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/service.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/service.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/service.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/service.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/serviceaccount.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/serviceaccount.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/serviceaccount.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/serviceaccount.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-certmanager-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-certmanager-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-certmanager-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-certmanager-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-service-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-service-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-service-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/rendered/tests/test-service-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/examples/feature-gates/values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/examples/feature-gates/values.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/NOTES.txt b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/NOTES.txt similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/NOTES.txt rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/NOTES.txt diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/_helpers.tpl b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/_helpers.tpl similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/_helpers.tpl rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/_helpers.tpl diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/certmanager.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/certmanager.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/certmanager.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/certmanager.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/clusterrole.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/clusterrole.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/clusterrole.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/clusterrole.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/clusterrolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/clusterrolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/clusterrolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/clusterrolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/deployment.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/deployment.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/deployment.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/deployment.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/pdb.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/pdb.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/pdb.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/pdb.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/prometheusrule.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/prometheusrule.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/prometheusrule.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/prometheusrule.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/role.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/role.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/role.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/role.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/rolebinding.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/rolebinding.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/rolebinding.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/rolebinding.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/service.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/service.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/service.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/service.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/serviceaccount.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/serviceaccount.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/serviceaccount.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/serviceaccount.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/servicemonitor.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/servicemonitor.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/servicemonitor.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/servicemonitor.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/tests/test-certmanager-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/tests/test-certmanager-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/tests/test-certmanager-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/tests/test-certmanager-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/tests/test-service-connection.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/tests/test-service-connection.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/tests/test-service-connection.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/tests/test-service-connection.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/verticalpodautoscaler.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/verticalpodautoscaler.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/templates/verticalpodautoscaler.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/templates/verticalpodautoscaler.yaml diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/values.schema.json b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/values.schema.json similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/values.schema.json rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/values.schema.json diff --git a/argocd-helm-charts/openobserve/charts/opentelemetry-operator/values.yaml b/argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/values.yaml similarity index 100% rename from argocd-helm-charts/openobserve/charts/opentelemetry-operator/values.yaml rename to argocd-helm-charts/opentelemetry-operator/charts/opentelemetry-operator/values.yaml