Adding dependencies, binary autostart

2024-12-16 14:55:43 +01:00
parent 5e1503f0bc
commit 10b01fdc40
318 changed files with 47355 additions and 1 deletions
--- a/opencloud/charts/loki/templates/tokengen/_helpers.yaml
+++ b/opencloud/charts/loki/templates/tokengen/_helpers.yaml
@@ -0,0 +1,22 @@
+{{/*
+tokengen fullname
+*/}}
+{{- define "enterprise-logs.tokengenFullname" -}}
+{{ include "loki.name" . }}-tokengen
+{{- end }}
+
+{{/*
+tokengen common labels
+*/}}
+{{- define "enterprise-logs.tokengenLabels" -}}
+{{ include "loki.labels" . }}
+app.kubernetes.io/component: tokengen
+{{- end }}
+
+{{/*
+tokengen selector labels
+*/}}
+{{- define "enterprise-logs.tokengenSelectorLabels" -}}
+{{ include "loki.selectorLabels" . }}
+app.kubernetes.io/component: tokengen
+{{- end }}
--- a/opencloud/charts/loki/templates/tokengen/clusterrole-tokengen.yaml
+++ b/opencloud/charts/loki/templates/tokengen/clusterrole-tokengen.yaml
@@ -0,0 +1,21 @@
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
+metadata:
+  name: {{ template "enterprise-logs.tokengenFullname" . }}
+  labels:
+    {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.tokengen.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.tokengen.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": post-install
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["create", "get", "patch"]
+{{- end }}
--- a/opencloud/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
+++ b/opencloud/charts/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
@@ -0,0 +1,25 @@
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}RoleBinding
+metadata:
+  name: {{ template "enterprise-logs.tokengenFullname" . }}
+  labels:
+    {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.tokengen.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.tokengen.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": post-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
+  name: {{ template "enterprise-logs.tokengenFullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "enterprise-logs.tokengenFullname" . }}
+    namespace: {{ $.Release.Namespace }}
+{{- end }}
--- a/opencloud/charts/loki/templates/tokengen/job-tokengen.yaml
+++ b/opencloud/charts/loki/templates/tokengen/job-tokengen.yaml
@@ -0,0 +1,143 @@
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "enterprise-logs.tokengenFullname" . }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.tokengen.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.tokengen.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "10"
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        {{- include "enterprise-logs.tokengenSelectorLabels" . | nindent 8 }}
+        {{- with .Values.enterprise.tokengen.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- with .Values.enterprise.tokengen.annotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.enterprise.tokengen.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.enterprise.tokengen.securityContext | nindent 8 }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+      {{- end }}
+      initContainers:
+        - name: loki
+          image: {{ template "loki.image" . }}
+          imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
+          args:
+            # The shared emptyDir exists only while the job is running, and is deleted once the job is completed.
+            # The tokengen generates a new admin token in case the 'token-file' file doesn't exist.
+            # As a result, subsequent executions of this tokengen job will generate new admin tokens.
+            # Note that previously generated tokens remain valid, as these remain present in the object storage.
+            - -config.file=/etc/loki/config/config.yaml
+            - -target={{ .Values.enterprise.tokengen.targetModule }}
+            - -tokengen.token-file=/shared/admin-token
+            {{- with .Values.enterprise.tokengen.extraArgs }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          volumeMounts:
+            {{- if .Values.enterprise.tokengen.extraVolumeMounts }}
+              {{ toYaml .Values.enterprise.tokengen.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+            - name: shared
+              mountPath: /shared
+            - name: config
+              mountPath: /etc/loki/config
+            - name: runtime-config
+              mountPath: /etc/loki/runtime-config
+            - name: license
+              mountPath: /etc/loki/license
+          env:
+            {{- if .Values.enterprise.tokengen.env }}
+              {{ toYaml .Values.enterprise.tokengen.env | nindent 12 }}
+            {{- end }}
+          {{- with .Values.enterprise.tokengen.extraEnvFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      containers:
+        - name: create-secret
+          image: {{ include "loki.kubectlImage" . }}
+          imagePullPolicy: {{ .Values.kubectlImage.pullPolicy }}
+          command:
+            - /bin/bash
+            - -euc
+            - |
+              # Create or update admin token secrets generated by tokengen job
+              kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" \
+                --from-file=token=/shared/admin-token \
+                --dry-run=client -o yaml \
+                | kubectl apply -f -
+              {{- with .Values.enterprise.adminToken.additionalNamespaces }}
+              {{- range . }}
+              kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" \
+                --from-file=token=/shared/admin-token \
+                --dry-run=client -o yaml \
+                | kubectl apply -f -
+              {{- end }}
+              {{- end }}
+          volumeMounts:
+            {{- if .Values.enterprise.tokengen.extraVolumeMounts }}
+              {{ toYaml .Values.enterprise.tokengen.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+            - name: shared
+              mountPath: /shared
+            - name: config
+              mountPath: /etc/loki/config
+            - name: license
+              mountPath: /etc/loki/license
+      restartPolicy: OnFailure
+      serviceAccount: {{ template "enterprise-logs.tokengenFullname" . }}
+      serviceAccountName: {{ template "enterprise-logs.tokengenFullname" . }}
+      {{- with .Values.enterprise.tokengen.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterprise.tokengen.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterprise.tokengen.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          {{- include "loki.configVolume" . | nindent 10 }}
+        - name: runtime-config
+          configMap:
+            name: {{ template "loki.name" . }}-runtime
+        - name: license
+          secret:
+          {{- if .Values.enterprise.useExternalLicense }}
+            secretName: {{ .Values.enterprise.externalLicenseName }}
+          {{- else }}
+            secretName: enterprise-logs-license
+          {{- end }}
+        - name: shared
+          emptyDir: {}
+        {{- if .Values.enterprise.tokengen.extraVolumes }}
+        {{ toYaml .Values.enterprise.tokengen.extraVolumes | nindent 8 }}
+        {{- end }}
+{{- end }}
--- a/opencloud/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml
+++ b/opencloud/charts/loki/templates/tokengen/serviceaccount-tokengen.yaml
@@ -0,0 +1,18 @@
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "enterprise-logs.tokengenFullname" . }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.tokengen.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.tokengen.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": post-install
+{{- end }}