From 8f5ea8928936e7aff38e163e7536a284bed4eab4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Tue, 16 May 2023 17:49:36 +0200 Subject: [PATCH 01/11] add vector.dev helm chart --- dp-terraform/helm/rhacs-terraform/.gitignore | 1 + dp-terraform/helm/rhacs-terraform/Chart.lock | 15 +++++++ dp-terraform/helm/rhacs-terraform/Chart.yaml | 7 +++ .../helm/rhacs-terraform/terraform_cluster.sh | 7 ++- dp-terraform/helm/rhacs-terraform/values.yaml | 44 ++++++++++++++++++- scripts/lib/helm.sh | 3 ++ 6 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 dp-terraform/helm/rhacs-terraform/.gitignore create mode 100644 dp-terraform/helm/rhacs-terraform/Chart.lock diff --git a/dp-terraform/helm/rhacs-terraform/.gitignore b/dp-terraform/helm/rhacs-terraform/.gitignore new file mode 100644 index 0000000000..9e30eb9b79 --- /dev/null +++ b/dp-terraform/helm/rhacs-terraform/.gitignore @@ -0,0 +1 @@ +*.tgz \ No newline at end of file diff --git a/dp-terraform/helm/rhacs-terraform/Chart.lock b/dp-terraform/helm/rhacs-terraform/Chart.lock new file mode 100644 index 0000000000..b13ae0ade3 --- /dev/null +++ b/dp-terraform/helm/rhacs-terraform/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: cloudwatch + repository: "" + version: 0.1.0 +- name: observability + repository: "" + version: 0.1.0 +- name: logging + repository: "" + version: 0.1.0 +- name: vector + repository: https://helm.vector.dev + version: 0.21.1 +digest: sha256:b7a38cdf9e620cb5a3d1b8df74108a395061aaae1c34ec910047a9d3eaeca718 +generated: "2023-05-16T10:17:55.96889856+02:00" diff --git a/dp-terraform/helm/rhacs-terraform/Chart.yaml b/dp-terraform/helm/rhacs-terraform/Chart.yaml index dc20bc993b..ba986763d7 100644 --- a/dp-terraform/helm/rhacs-terraform/Chart.yaml +++ b/dp-terraform/helm/rhacs-terraform/Chart.yaml @@ -26,8 +26,15 @@ appVersion: "0.4.0" # List of sub-charts and other dependencies dependencies: - name: cloudwatch + version: "0.1.0" condition: cloudwatch.enabled - name: observability + version: "0.1.0" condition: observability.enabled - name: logging + version: "0.1.0" condition: logging.enabled + - name: vector + version: "0.21.1" + repository: "https://helm.vector.dev" + condition: vector.enabled diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 2b99b1dc1e..9c1c89ff72 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -157,7 +157,12 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set observability.observatorium.metricsClientId="${OBSERVABILITY_OBSERVATORIUM_METRICS_CLIENT_ID}" \ --set observability.observatorium.metricsSecret="${OBSERVABILITY_OBSERVATORIUM_METRICS_SECRET}" \ --set observability.pagerduty.key="${OBSERVABILITY_PAGERDUTY_ROUTING_KEY}" \ - --set observability.deadMansSwitch.url="${OBSERVABILITY_DEAD_MANS_SWITCH_URL}" + --set observability.deadMansSwitch.url="${OBSERVABILITY_DEAD_MANS_SWITCH_URL}" \ + --set vector.enabled=true \ + --set vector.secrets.generic.awsAccessKeyId="${LOGGING_AWS_ACCESS_KEY_ID}" \ + --set vector.secrets.generic.awsSecretAccessKey="${LOGGING_AWS_SECRET_ACCESS_KEY}" \ + --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ + --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" # To uninstall an existing release: # helm uninstall rhacs-terraform --namespace rhacs diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index 07b21ac924..ec7bb66d3f 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -33,7 +33,7 @@ fleetshardSync: securityGroup: "" performanceInsights: true aws: - region: "us-east-1" # TODO(2023-05-01): Remove the default value here as we now set it explicitly + region: "us-east-1" # TODO(2023-05-01): Remove the default value here as we now set it explicitly roleARN: "" telemetry: storage: @@ -91,3 +91,45 @@ logging: aws: accessKeyId: "" secretAccessKey: "" + +vector: + role: "Stateless-Aggregator" + service: + annotations: + rhacs.redhat.com/cluster-name: "" + rhacs.redhat.com/environment: "" + serviceHeadless: + enabled: false + customConfig: + sources: + http_server: + type: "http_server" + address: "0.0.0.0:8888" + decoding: + codec: "json" + sinks: + aws_s3: + type: "aws_s3" + region: "us-east-1" + bucket: "rox-14547-test-vector-us-east-1" + key_prefix: '{{ "{{" }} .tenant_id {{ "}}" }}/%F/' + inputs: ["http_server"] + compression: none + filename_extension: "json" + batch: + timeout_secs: 10 + encoding: + codec: "json" + auth: + region: "us-east-1" + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: cloudwatch + key: aws_access_key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: cloudwatch + key: aws_secret_access_key diff --git a/scripts/lib/helm.sh b/scripts/lib/helm.sh index 0f3cc23273..aa56d92e2d 100644 --- a/scripts/lib/helm.sh +++ b/scripts/lib/helm.sh @@ -6,6 +6,9 @@ function invoke_helm() { local -r release="${1}" shift + # Build the external dependencies like the vector helm chart bundle. + helm dependencies build + if [[ "${ENVIRONMENT}" == "dev" ]]; then # Dev env is special, as there is no real dev cluster. Instead # we just run lint to smoke test the chart. From 10efdc252ca859f108180bcaf9e3204649e9d2bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Tue, 16 May 2023 17:54:23 +0200 Subject: [PATCH 02/11] reuse values from the cloudwatch secret --- dp-terraform/helm/rhacs-terraform/terraform_cluster.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 9c1c89ff72..135e915b39 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -159,8 +159,6 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set observability.pagerduty.key="${OBSERVABILITY_PAGERDUTY_ROUTING_KEY}" \ --set observability.deadMansSwitch.url="${OBSERVABILITY_DEAD_MANS_SWITCH_URL}" \ --set vector.enabled=true \ - --set vector.secrets.generic.awsAccessKeyId="${LOGGING_AWS_ACCESS_KEY_ID}" \ - --set vector.secrets.generic.awsSecretAccessKey="${LOGGING_AWS_SECRET_ACCESS_KEY}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" From 65033b6d45eea49cb8679d67c834e9e523a80541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Tue, 16 May 2023 18:14:22 +0200 Subject: [PATCH 03/11] helm repo add vector, style --- dp-terraform/helm/rhacs-terraform/.gitignore | 3 ++- scripts/lib/helm.sh | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/dp-terraform/helm/rhacs-terraform/.gitignore b/dp-terraform/helm/rhacs-terraform/.gitignore index 9e30eb9b79..7c2f4cd7b7 100644 --- a/dp-terraform/helm/rhacs-terraform/.gitignore +++ b/dp-terraform/helm/rhacs-terraform/.gitignore @@ -1 +1,2 @@ -*.tgz \ No newline at end of file +# Ignore downloaded external Helm bundles, built with `helm dependencies build`. +*.tgz diff --git a/scripts/lib/helm.sh b/scripts/lib/helm.sh index aa56d92e2d..820fb5dd8f 100644 --- a/scripts/lib/helm.sh +++ b/scripts/lib/helm.sh @@ -6,6 +6,8 @@ function invoke_helm() { local -r release="${1}" shift + helm repo add vector "https://helm.vector.dev" + # Build the external dependencies like the vector helm chart bundle. helm dependencies build From 9748e962574a2ca71ae201205833dec9655f802e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Wed, 17 May 2023 10:18:41 +0200 Subject: [PATCH 04/11] vector aws region and backet parameters --- dp-terraform/helm/rhacs-terraform/terraform_cluster.sh | 4 +++- dp-terraform/helm/rhacs-terraform/values.yaml | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 135e915b39..2ee715900a 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -160,7 +160,9 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set observability.deadMansSwitch.url="${OBSERVABILITY_DEAD_MANS_SWITCH_URL}" \ --set vector.enabled=true \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ - --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" + --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" \ + --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION:-us-east-1}" \ + --set vector.customConfig.sinks.aws_s3.bucket="${AWS_VECTOR_BUCKET:-rox-14547-test-vector-us-east-1}" # To uninstall an existing release: # helm uninstall rhacs-terraform --namespace rhacs diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index ec7bb66d3f..42c3fbb7ae 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -110,8 +110,8 @@ vector: sinks: aws_s3: type: "aws_s3" - region: "us-east-1" - bucket: "rox-14547-test-vector-us-east-1" + region: "" + bucket: "" key_prefix: '{{ "{{" }} .tenant_id {{ "}}" }}/%F/' inputs: ["http_server"] compression: none @@ -120,8 +120,6 @@ vector: timeout_secs: 10 encoding: codec: "json" - auth: - region: "us-east-1" env: - name: AWS_ACCESS_KEY_ID valueFrom: From 692a7d988fddfd91743cf4cdb77928e5e338b9a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Wed, 17 May 2023 16:25:06 +0200 Subject: [PATCH 05/11] separate aws credentials for vector --- dp-terraform/helm/rhacs-terraform/terraform_cluster.sh | 6 ++++-- dp-terraform/helm/rhacs-terraform/values.yaml | 9 +++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 2ee715900a..a8a7a86592 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -161,8 +161,10 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set vector.enabled=true \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" \ - --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION:-us-east-1}" \ - --set vector.customConfig.sinks.aws_s3.bucket="${AWS_VECTOR_BUCKET:-rox-14547-test-vector-us-east-1}" + --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION}" \ + --set vector.customConfig.sinks.aws_s3.bucket="${VECTOR_AWS_BUCKET}" \ + --set vector.secrets.generic.aws_access_key_id="${VECTOR_AWS_ACCESS_KEY_ID}" \ + --set vector.secrets.generic.aws_secret_access_key="${VECTOR_AWS_SECRET_ACCESS_KEY}" # To uninstall an existing release: # helm uninstall rhacs-terraform --namespace rhacs diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index 42c3fbb7ae..bcabe3c97d 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -120,14 +120,19 @@ vector: timeout_secs: 10 encoding: codec: "json" + fullnameOverride: rhacs-vector + secrets: + generic: + aws_access_key_id: "" + aws_secret_access_key: "" env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: cloudwatch + name: rhacs-vector key: aws_access_key_id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: cloudwatch + name: rhacs-vector key: aws_secret_access_key From f6fad561bf2900579d2c9dd943ff18d58845e365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Wed, 17 May 2023 18:20:28 +0200 Subject: [PATCH 06/11] tls --- dp-terraform/helm/rhacs-terraform/values.yaml | 35 +++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index bcabe3c97d..aa92d4c9d7 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -93,13 +93,37 @@ logging: secretAccessKey: "" vector: - role: "Stateless-Aggregator" + role: "Aggregator" service: annotations: rhacs.redhat.com/cluster-name: "" rhacs.redhat.com/environment: "" - serviceHeadless: - enabled: false + service.beta.openshift.io/serving-cert-secret-name: rhacs-vector-tls-secret + topologyKeys: + - "topology.kubernetes.io/zone" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - vector + topologyKey: "topology.kubernetes.io/zone" + persistence: + enabled: true + replicas: 3 + extraVolumes: + - name: service-tls-secret + projected: + sources: + - secret: + name: rhacs-vector-tls-secret + extraVolumeMounts: + - name: service-tls-secret + mountPath: /etc/vector/tls + readOnly: true customConfig: sources: http_server: @@ -107,6 +131,11 @@ vector: address: "0.0.0.0:8888" decoding: codec: "json" + tls: + enabled: true + ca_file: "/etc/vector/tls/service-ca.crt" + crt_file: "/etc/vector/tls/tls.crt" + key_file: "/etc/vector/tls/tls.key" sinks: aws_s3: type: "aws_s3" From 886a955f32a827dff0eb207878d56b654e2dde71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Wed, 17 May 2023 18:26:03 +0200 Subject: [PATCH 07/11] avoid vector unbound variables error --- dp-terraform/helm/rhacs-terraform/terraform_cluster.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index a8a7a86592..2eef9c68b2 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -162,9 +162,9 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" \ --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION}" \ - --set vector.customConfig.sinks.aws_s3.bucket="${VECTOR_AWS_BUCKET}" \ - --set vector.secrets.generic.aws_access_key_id="${VECTOR_AWS_ACCESS_KEY_ID}" \ - --set vector.secrets.generic.aws_secret_access_key="${VECTOR_AWS_SECRET_ACCESS_KEY}" + --set vector.customConfig.sinks.aws_s3.bucket="${VECTOR_AWS_BUCKET:-}" \ + --set vector.secrets.generic.aws_access_key_id="${VECTOR_AWS_ACCESS_KEY_ID:-}" \ + --set vector.secrets.generic.aws_secret_access_key="${VECTOR_AWS_SECRET_ACCESS_KEY:-}" # To uninstall an existing release: # helm uninstall rhacs-terraform --namespace rhacs From bd9b9edecbf811ea6c56511fef41bfe986751cf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Mon, 22 May 2023 15:22:51 +0200 Subject: [PATCH 08/11] disable healthcheck as buckets are write-only --- dp-terraform/helm/rhacs-terraform/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index aa92d4c9d7..f747751aa0 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -99,8 +99,6 @@ vector: rhacs.redhat.com/cluster-name: "" rhacs.redhat.com/environment: "" service.beta.openshift.io/serving-cert-secret-name: rhacs-vector-tls-secret - topologyKeys: - - "topology.kubernetes.io/zone" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -133,7 +131,7 @@ vector: codec: "json" tls: enabled: true - ca_file: "/etc/vector/tls/service-ca.crt" + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" crt_file: "/etc/vector/tls/tls.crt" key_file: "/etc/vector/tls/tls.key" sinks: @@ -145,6 +143,8 @@ vector: inputs: ["http_server"] compression: none filename_extension: "json" + healthcheck: + enabled: false batch: timeout_secs: 10 encoding: From 08d00c3708775f8af72d21d11bddaf1b6069fd0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Mon, 22 May 2023 16:04:21 +0200 Subject: [PATCH 09/11] 100Mi persistent volumes --- dp-terraform/helm/rhacs-terraform/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index f747751aa0..8c5a3c2d00 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -111,6 +111,7 @@ vector: topologyKey: "topology.kubernetes.io/zone" persistence: enabled: true + size: 100Mi replicas: 3 extraVolumes: - name: service-tls-secret From 50fb447bd69a7688d26cd868a224d17735647d43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Mon, 5 Jun 2023 09:38:45 +0200 Subject: [PATCH 10/11] load vector config variables, enable PV use --- .../helm/rhacs-terraform/terraform_cluster.sh | 8 +++++--- dp-terraform/helm/rhacs-terraform/values.yaml | 13 ++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 2eef9c68b2..45e135c541 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -112,6 +112,8 @@ if [[ "${OPERATOR_USE_UPSTREAM}" == "true" ]]; then OPERATOR_SOURCE="rhacs-operators" fi +load_external_config "audit-logs--${CLUSTER_NAME}" VECTOR_ + # TODO(ROX-16771): Move this to env-specific values.yaml files # TODO(ROX-16645): set acsOperator.enabled to false invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ @@ -162,9 +164,9 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" \ --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION}" \ - --set vector.customConfig.sinks.aws_s3.bucket="${VECTOR_AWS_BUCKET:-}" \ - --set vector.secrets.generic.aws_access_key_id="${VECTOR_AWS_ACCESS_KEY_ID:-}" \ - --set vector.secrets.generic.aws_secret_access_key="${VECTOR_AWS_SECRET_ACCESS_KEY:-}" + --set vector.customConfig.sinks.aws_s3.bucket="${VECTOR_BUCKET:-}" \ + --set vector.secrets.generic.aws_access_key_id="${VECTOR_ACCESSKEY:-}" \ + --set vector.secrets.generic.aws_secret_access_key="${VECTOR_SECRETACCESSKEY:-}" # To uninstall an existing release: # helm uninstall rhacs-terraform --namespace rhacs diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index 8c5a3c2d00..2a00fbf058 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -99,19 +99,21 @@ vector: rhacs.redhat.com/cluster-name: "" rhacs.redhat.com/environment: "" service.beta.openshift.io/serving-cert-secret-name: rhacs-vector-tls-secret + podLabels: + app: rhacs-vector affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - - key: app.kubernetes.io/name + - key: app operator: In values: - vector topologyKey: "topology.kubernetes.io/zone" persistence: enabled: true - size: 100Mi + size: 300Mi replicas: 3 extraVolumes: - name: service-tls-secret @@ -147,7 +149,12 @@ vector: healthcheck: enabled: false batch: - timeout_secs: 10 + timeout_secs: 60 + max_size: 2621440 + buffer: + type: disk + max_size: 283115520 + when_full: block encoding: codec: "json" fullnameOverride: rhacs-vector From 731b341636da76ee17c3578cd70ee9c910a57ec2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Petrov?= Date: Thu, 15 Jun 2023 11:58:14 +0200 Subject: [PATCH 11/11] fix app label, disable vector for now --- dp-terraform/helm/rhacs-terraform/terraform_cluster.sh | 2 +- dp-terraform/helm/rhacs-terraform/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh index 45e135c541..cd43addc5a 100755 --- a/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh +++ b/dp-terraform/helm/rhacs-terraform/terraform_cluster.sh @@ -160,7 +160,7 @@ invoke_helm "${SCRIPT_DIR}" rhacs-terraform \ --set observability.observatorium.metricsSecret="${OBSERVABILITY_OBSERVATORIUM_METRICS_SECRET}" \ --set observability.pagerduty.key="${OBSERVABILITY_PAGERDUTY_ROUTING_KEY}" \ --set observability.deadMansSwitch.url="${OBSERVABILITY_DEAD_MANS_SWITCH_URL}" \ - --set vector.enabled=true \ + --set vector.enabled=false \ --set vector.service.annotations.rhacs\\.redhat\\.com/cluster-name="${CLUSTER_NAME}" \ --set vector.service.annotations.rhacs\\.redhat\\.com/environment="${ENVIRONMENT}" \ --set vector.customConfig.sinks.aws_s3.region="${CLUSTER_REGION}" \ diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml index 2a00fbf058..662aeb31fe 100644 --- a/dp-terraform/helm/rhacs-terraform/values.yaml +++ b/dp-terraform/helm/rhacs-terraform/values.yaml @@ -109,7 +109,7 @@ vector: - key: app operator: In values: - - vector + - rhacs-vector topologyKey: "topology.kubernetes.io/zone" persistence: enabled: true