diff --git a/bundles/k3d-standard/README.md b/bundles/k3d-standard/README.md index 8ac801dd6..d5a8215e2 100644 --- a/bundles/k3d-standard/README.md +++ b/bundles/k3d-standard/README.md @@ -8,26 +8,76 @@ This bundle is used for demonstration, development, and testing of UDS Core. In - [MetalLB](https://metallb.universe.tf/) - Provides type: LoadBalancer for cluster resources and Istio Gateways - [HAProxy](https://www.haproxy.org/) - Utilizes k3d host port mapping to bind ports 80 and 443, facilitating local FQDN-based routing through ACLs to MetalLB load balancer backends for Istio Gateways serving *.uds.dev, keycloak.uds.dev, and *.admin.uds.dev. -## Configuration +## Available Overrides +### Package: uds-k3d +##### uds-dev-stack (minio) +| Variable | Description | Path | +|----------|-------------|------| +| `BUCKETS` | Set Minio Buckets | buckets | +| `SVCACCTS` | Minio Service Accounts | svcaccts | +| `USERS` | Minio Users | users | +| `POLICIES` | Minio policies | policies | -### Minio -You can customize the Minio setup at deploy time via your ```uds-config.yaml```. +### Package: core +##### loki (loki) +| Variable | Description | Path | +|----------|-------------|------| +| `LOKI_CHUNKS_BUCKET` | The object storage bucket for Loki chunks | loki.storage.bucketNames.chunks | +| `LOKI_RULER_BUCKET` | The object storage bucket for Loki ruler | loki.storage.bucketNames.ruler | +| `LOKI_ADMIN_BUCKET` | The object storage bucket for Loki admin | loki.storage.bucketNames.admin | +| `LOKI_S3_ENDPOINT` | The S3 endpoint | loki.storage.s3.endpoint | +| `LOKI_S3_REGION` | The S3 region | loki.storage.s3.region | +| `LOKI_S3_ACCESS_KEY_ID` | The S3 Access Key ID | loki.storage.s3.accessKeyId | +| `LOKI_S3_SECRET_ACCESS_KEY` | The S3 Secret Access Key | loki.storage.s3.secretAccessKey | -Example: +##### istio-admin-gateway (uds-istio-config) +| Variable | Description | Path | +|----------|-------------|------| +| `ADMIN_TLS_CERT` | The TLS cert for the admin gateway (must be base64 encoded) | tls.cert | +| `ADMIN_TLS_KEY` | The TLS key for the admin gateway (must be base64 encoded) | tls.key | + +##### istio-tenant-gateway (uds-istio-config) +| Variable | Description | Path | +|----------|-------------|------| +| `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert | +| `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key | + + +## Override Examples: + +### Minio Customization + +You can customize the Minio deployed with uds-k3d at deploy time via your ```uds-config.yaml```. ```yaml variables: uds-k3d-dev: - set: - buckets: - - name: "myfavoritebucket" - policy: "public" - purge: false - users: - - accessKey: console - secretKey: "console-secret" - policy: consoleAdmin + BUCKETS: + - name: "myfavoritebucket" + policy: "public" + purge: false + USERS: + - accessKey: console + secretKey: "console-secret" + policy: consoleAdmin ``` For more details on how to customize the Minio deployment, please see [Configuring Minio](https://github.com/defenseunicorns/uds-k3d/blob/main/docs/MINIO.md). + +### Loki example using AWS S3 +By default Loki will be configured to use the uds-k3d built in Minio, but variables are exposed with this bundle to configure external object storage + +You can customize the Loki setup at deploy time via ```uds-config.yaml``` + +```yaml +variables: + core: + LOKI_CHUNKS_BUCKET: loki + LOKI_RULES_BUCKET: loki + LOKI_ADMIN_BUCKET: loki + LOKI_S3_ENDPOINT: loki.s3.us-east-1.amazonaws.com + LOKI_S3_REGION: us-east-1 + LOKI_S3_ACCESS_KEY_ID: + LOKI_S3_SECRET_ACCESS_KEY: +``` \ No newline at end of file diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index 19782e2c8..961275d8d 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -15,16 +15,16 @@ packages: uds-dev-stack: minio: variables: - - name: buckets + - name: BUCKETS description: "Set Minio Buckets" path: buckets - - name: svcaccts + - name: SVCACCTS description: "Minio Service Accounts" path: svcaccts - - name: users + - name: USERS description: "Minio Users" path: users - - name: policies + - name: POLICIES description: "Minio policies" path: policies @@ -39,6 +39,42 @@ packages: ref: 0.17.0 # x-release-please-end overrides: + loki: + loki: + variables: + - name: LOKI_CHUNKS_BUCKET + description: "The object storage bucket for Loki chunks" + path: loki.storage.bucketNames.chunks + - name: LOKI_RULER_BUCKET + description: "The object storage bucket for Loki ruler" + path: loki.storage.bucketNames.ruler + - name: LOKI_ADMIN_BUCKET + description: "The object storage bucket for Loki admin" + path: loki.storage.bucketNames.admin + - name: LOKI_S3_ENDPOINT + description: "The S3 endpoint" + path: loki.storage.s3.endpoint + - name: LOKI_S3_REGION + description: "The S3 region" + path: loki.storage.s3.region + - name: LOKI_S3_ACCESS_KEY_ID + description: "The S3 Access Key ID" + path: loki.storage.s3.accessKeyId + - name: LOKI_S3_SECRET_ACCESS_KEY + path: loki.storage.s3.secretAccessKey + description: "The S3 Secret Access Key" + - name: LOKI_WRITE_REPLICAS + path: write.replicas + description: "Loki write replicas" + default: "1" + - name: LOKI_READ_REPLICAS + path: read.replicas + description: "Loki read replicas" + default: "1" + - name: LOKI_BACKEND_REPLICAS + path: backend.replicas + description: "Loki backend replicas" + default: "1" istio-admin-gateway: uds-istio-config: variables: diff --git a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml index 3866624cc..90f748d95 100644 --- a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml +++ b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml @@ -1,4 +1,4 @@ -{{- if .Values.scalable }} +{{- if .Capabilities.APIVersions.Has "security.istio.io/v1beta1" }} apiVersion: "security.istio.io/v1beta1" kind: PeerAuthentication metadata: diff --git a/src/loki/chart/values.yaml b/src/loki/chart/values.yaml index ab487ddac..e69de29bb 100644 --- a/src/loki/chart/values.yaml +++ b/src/loki/chart/values.yaml @@ -1 +0,0 @@ -scalable: false diff --git a/src/loki/values/values.yaml b/src/loki/values/values.yaml index d0513e1c4..da491a8d1 100644 --- a/src/loki/values/values.yaml +++ b/src/loki/values/values.yaml @@ -5,11 +5,28 @@ fullnameOverride: loki # -- Overrides the chart's cluster label clusterLabelOverride: null +# Prevent startup issues with service existence/resolution +memberlist: + service: + publishNotReadyAddresses: true + loki: storage: - type: "filesystem" + bucketNames: + chunks: uds + ruler: uds + admin: uds + type: s3 + s3: + endpoint: http://minio.uds-dev-stack.svc.cluster.local:9000 + secretAccessKey: uds-secret + accessKeyId: uds + s3ForcePathStyle: true + insecure: false commonConfig: replication_factor: 1 + extraMemberlistConfig: + rejoin_interval: 120s # Should authentication be enabled auth_enabled: false # -- Additional storage config @@ -48,29 +65,11 @@ rbac: # -- Section for configuring optional Helm test test: enabled: false -# Configuration for the write pod(s) -write: - resources: - limits: - cpu: 300m - memory: 2Gi - requests: - cpu: 300m - memory: 2Gi -# Configuration for the read pod(s) -read: - # -- Resource requests and limits for the read - resources: - limits: - cpu: 300m - memory: 2Gi - requests: - cpu: 300m - memory: 2Gi + # Configuration for the single binary node(s) singleBinary: # -- Number of replicas for the single binary - replicas: 1 + replicas: 0 # -- Resource requests and limits for the single binary resources: limits: @@ -118,5 +117,17 @@ monitoring: enabled: false gateway: enabled: true - # Remove default anti-affinity since this is a 1-replica setup + # Remove default anti-affinity to support single node + affinity: "" + +read: + # Remove default anti-affinity to support single node + affinity: "" + +write: + # Remove default anti-affinity to support single node + affinity: "" + +backend: + # Remove default anti-affinity to support single node affinity: "" diff --git a/src/loki/zarf.yaml b/src/loki/zarf.yaml index d6c4088ed..75d765ccb 100644 --- a/src/loki/zarf.yaml +++ b/src/loki/zarf.yaml @@ -21,7 +21,7 @@ components: - name: loki required: true - description: "Install Loki using Chainguard images" + description: "Install Loki using registry1 images" only: flavor: "registry1" import: diff --git a/tasks/create.yaml b/tasks/create.yaml index 0f807bebe..310d25f89 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -13,7 +13,7 @@ tasks: - task: pepr-build - description: "Create the UDS Core Standard Zarf Package" - cmd: "uds zarf package create packages/standard --confirm --flavor ${FLAVOR}" + cmd: "uds zarf package create packages/standard --confirm --no-progress --flavor ${FLAVOR}" - name: k3d-standard-bundle description: "Create the K3d-UDS Core Bundle" @@ -41,10 +41,10 @@ tasks: - task: pepr-build - description: "Create the Pepr Zarf Package, if it exists" - cmd: "uds zarf package create dist --confirm" + cmd: "uds zarf package create dist --confirm --no-progress" - description: "Create the requested Zarf Package (must set UDS_PKG environment variable)" - cmd: "uds zarf package create src/${UDS_PKG} --confirm --flavor ${FLAVOR}" + cmd: "uds zarf package create src/${UDS_PKG} --confirm --no-progress --flavor ${FLAVOR}" - name: pepr-build description: "Build the UDS Core Pepr Module"