From 40fab876f94a35a6b682311b64b7060717572c15 Mon Sep 17 00:00:00 2001 From: Aleksei Larkov Date: Thu, 9 Jan 2025 15:20:38 +0200 Subject: [PATCH 1/3] Pick username for victoria metrics from secret --- charts/kof-storage/templates/victoria/vmuser.yaml | 7 +++++-- charts/kof-storage/values.yaml | 2 +- demo/cluster/aws-storage.yaml | 1 + 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/kof-storage/templates/victoria/vmuser.yaml b/charts/kof-storage/templates/victoria/vmuser.yaml index f23fb0d..ce64295 100644 --- a/charts/kof-storage/templates/victoria/vmuser.yaml +++ b/charts/kof-storage/templates/victoria/vmuser.yaml @@ -22,9 +22,12 @@ spec: - /vm/insert/.* static: url: http://vminsert-cluster.{{ .Release.Namespace }}.svc:8480 - username: {{ .Values.victoriametrics.vmauth.credentials.username | default "kof" }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.victoriametrics.vmauth.credentials.password_secret_name) }} +{{- if $secret }} + username: {{ index $secret.data .Values.victoriametrics.vmauth.credentials.username_key | b64dec | quote }} +{{- end }} passwordRef: - key: {{ .Values.victoriametrics.vmauth.credentials.password_key | default "password" }} + key: {{ .Values.victoriametrics.vmauth.credentials.password_key }} name: {{ .Values.victoriametrics.vmauth.credentials.password_secret_name }} {{- end }} {{- end }} diff --git a/charts/kof-storage/values.yaml b/charts/kof-storage/values.yaml index 2ec4385..bb0d572 100644 --- a/charts/kof-storage/values.yaml +++ b/charts/kof-storage/values.yaml @@ -27,7 +27,7 @@ victoriametrics: credentials: password_secret_name: grafana-admin-credentials password_key: "GF_SECURITY_ADMIN_PASSWORD" - username: kof + username_key: "GF_SECURITY_ADMIN_USER" ingress: host: vmauth.hmc0.example.net vmcluster: diff --git a/demo/cluster/aws-storage.yaml b/demo/cluster/aws-storage.yaml index 8de74e3..9396e56 100644 --- a/demo/cluster/aws-storage.yaml +++ b/demo/cluster/aws-storage.yaml @@ -42,6 +42,7 @@ spec: security: password_secret_name: grafana-admin-credentials password_key: "GF_SECURITY_ADMIN_PASSWORD" + username_key: "GF_SECURITY_ADMIN_USER" grafana: ingress: host: grafana.storage0.example.net From b09f5170616a9cb2dfb6a8f96baf02dd1d8d85a4 Mon Sep 17 00:00:00 2001 From: Aleksei Larkov Date: Mon, 13 Jan 2025 15:17:27 +0200 Subject: [PATCH 2/3] Add secrets propagation from management cluster to othres using ClusterProfile --- Makefile | 16 ++-- README.md | 21 ++--- charts/kof-collectors/Chart.yaml | 2 +- charts/kof-collectors/templates/_helpers.tpl | 2 +- charts/kof-collectors/values.yaml | 18 ++--- .../templates/grafana/logs-datasource.yaml | 6 +- .../templates/grafana/secret.yaml | 15 ++++ .../{hmc => kcm}/cert-manager/flux-helm.yaml | 0 .../{hmc => kcm}/cert-manager/svctmpl.yaml | 0 .../kof/flux-helm.yaml} | 0 .../kof-repo.yaml => kcm/kof/flux-repo.yaml} | 0 .../kof-svctmpl.yaml => kcm/kof/svctmpl.yaml} | 2 +- .../templates/kcm/sveltos/copy-template.yaml | 10 +++ .../templates/promxy/secret.yaml | 36 ++++++++- .../sveltos/copy-secrets-cluster-profile.yaml | 24 ++++++ charts/kof-mothership/values.yaml | 30 +++++-- charts/kof-storage/Chart.lock | 6 +- .../kof-storage/templates/grafana/secret.yaml | 15 ++++ .../templates/victoria/vmuser.yaml | 6 +- charts/kof-storage/values.yaml | 9 ++- demo/cluster/aws-managed.yaml | 81 ++++++++++--------- demo/cluster/aws-storage.yaml | 61 +++++++------- demo/demo-mothership-values.yaml | 5 +- 23 files changed, 241 insertions(+), 124 deletions(-) create mode 100644 charts/kof-mothership/templates/grafana/secret.yaml rename charts/kof-mothership/templates/{hmc => kcm}/cert-manager/flux-helm.yaml (100%) rename charts/kof-mothership/templates/{hmc => kcm}/cert-manager/svctmpl.yaml (100%) rename charts/kof-mothership/templates/{hmc/kof-flux-helm.yaml => kcm/kof/flux-helm.yaml} (100%) rename charts/kof-mothership/templates/{hmc/kof-repo.yaml => kcm/kof/flux-repo.yaml} (100%) rename charts/kof-mothership/templates/{hmc/kof-svctmpl.yaml => kcm/kof/svctmpl.yaml} (90%) create mode 100644 charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml create mode 100644 charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml create mode 100644 charts/kof-storage/templates/grafana/secret.yaml diff --git a/Makefile b/Makefile index a3ca101..e312c31 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,7 @@ dev: lint-chart-%: $(HELM) dependency update $(TEMPLATES_DIR)/$* - $(HELM) lint --strict $(TEMPLATES_DIR)/$* + $(HELM) lint --strict $(TEMPLATES_DIR)/$* --set global.lint=true package-chart-%: lint-chart-% $(HELM) package --destination $(CHARTS_PACKAGE_DIR) $(TEMPLATES_DIR)/$* @@ -105,8 +105,8 @@ dev-storage-deploy: dev ## Deploy kof-storage helm chart to the K8s cluster spec dev-ms-deploy-aws: dev ## Deploy Mothership helm chart to the K8s cluster specified in ~/.kube/config for a remote storage cluster cp -f $(TEMPLATES_DIR)/kof-mothership/values.yaml dev/mothership-values.yaml @$(YQ) eval -i '.kcm.installTemplates = true' dev/mothership-values.yaml - @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"credentials_secret_name": "grafana-admin-credentials"}}]' dev/mothership-values.yaml - @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"credentials_secret_name": "grafana-admin-credentials"}}]' dev/mothership-values.yaml + @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-aws-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"credentials_secret_name": "storage-vmuser-credentials", "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml + @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-aws-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"credentials_secret_name": "storage-vmuser-credentials", "create_secret": true, "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml @$(YQ) eval -i '.kcm.kof.charts.collectors.version = "$(COLLECTORS_VERSION)"' dev/mothership-values.yaml @$(YQ) eval -i '.kcm.kof.charts.storage.version = "$(STORAGE_VERSION)"' dev/mothership-values.yaml @@ -117,31 +117,31 @@ dev-ms-deploy-aws: dev ## Deploy Mothership helm chart to the K8s cluster specif else \ $(YQ) eval -i '.kcm.kof.repo.url = "$(REGISTRY_REPO)"' dev/mothership-values.yaml; \ fi; \ - $(HELM) upgrade -i kof ./charts/kof-mothership -n kof --create-namespace -f dev/mothership-values.yaml + $(HELM) upgrade -i kof-mothership ./charts/kof-mothership -n kof --create-namespace -f dev/mothership-values.yaml .PHONY: dev-storage-deploy-aws dev-storage-deploy-aws: dev ## Deploy Regional Managed cluster using KCM cp -f demo/cluster/aws-storage.yaml dev/aws-storage.yaml @$(YQ) eval -i '.metadata.name = "$(USER)-aws-storage"' dev/aws-storage.yaml - @$(YQ) '.spec.services[] | select(.name == "kof-storage") | .values' dev/aws-storage.yaml > dev/kof-storage-values.yaml + @$(YQ) '.spec.serviceSpec.services[] | select(.name == "kof-storage") | .values' dev/aws-storage.yaml > dev/kof-storage-values.yaml @$(YQ) eval -i '.["cert-manager"].email = "$(USER_EMAIL)"' dev/kof-storage-values.yaml @$(YQ) eval -i '.victoriametrics.vmauth.ingress.host = "vmauth.$(STORAGE_DOMAIN)"' dev/kof-storage-values.yaml @$(YQ) eval -i '.grafana.ingress.host = "grafana.$(STORAGE_DOMAIN)"' dev/kof-storage-values.yaml @$(YQ) eval -i '.["external-dns"].enabled = true' dev/kof-storage-values.yaml - @$(YQ) eval -i '(.spec.services[] | select(.name == "kof-storage")).values |= load_str("dev/kof-storage-values.yaml")' dev/aws-storage.yaml + @$(YQ) eval -i '(.spec.serviceSpec.services[] | select(.name == "kof-storage")).values |= load_str("dev/kof-storage-values.yaml")' dev/aws-storage.yaml kubectl apply -f dev/aws-storage.yaml .PHONY: dev-managed-deploy-aws dev-managed-deploy-aws: dev ## Deploy Regional Managed cluster using KCM cp -f demo/cluster/aws-managed.yaml dev/aws-managed.yaml @$(YQ) eval -i '.metadata.name = "$(MANAGED_CLUSTER_NAME)"' dev/aws-managed.yaml - @$(YQ) '.spec.services[] | select(.name == "kof-collectors") | .values' dev/aws-managed.yaml > dev/kof-managed-values.yaml + @$(YQ) '.spec.serviceSpec.services[] | select(.name == "kof-collectors") | .values' dev/aws-managed.yaml > dev/kof-managed-values.yaml @$(YQ) eval -i '.global.clusterName = "$(MANAGED_CLUSTER_NAME)"' dev/kof-managed-values.yaml @$(YQ) eval -i '.opencost.opencost.exporter.defaultClusterId = "$(MANAGED_CLUSTER_NAME)"' dev/kof-managed-values.yaml @$(YQ) eval -i '.opencost.opencost.prometheus.external.url = "https://vmauth.$(STORAGE_DOMAIN)/vm/select/0/prometheus"' dev/kof-managed-values.yaml @$(YQ) eval -i '.kof.logs.endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vls/insert/opentelemetry/v1/logs"' dev/kof-managed-values.yaml @$(YQ) eval -i '.kof.metrics.endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vm/insert/0/prometheus/api/v1/write"' dev/kof-managed-values.yaml - @$(YQ) eval -i '(.spec.services[] | select(.name == "kof-collectors")).values |= load_str("dev/kof-managed-values.yaml")' dev/aws-managed.yaml + @$(YQ) eval -i '(.spec.serviceSpec.services[] | select(.name == "kof-collectors")).values |= load_str("dev/kof-managed-values.yaml")' dev/aws-managed.yaml kubectl apply -f dev/aws-managed.yaml ## Tool Binaries diff --git a/README.md b/README.md index 564aae7..85a4d29 100644 --- a/README.md +++ b/README.md @@ -12,19 +12,14 @@ This repo contains 4 charts to deploy an observability stack using [k0rdent](htt ### Demo deployment In `demo/demo-mothership-values.yaml` set your target ingress names that you are going to use for your storage clusters, but they can always be changed after the fact -Create secrets for grafana admin user and storage clusters datasources endpoint access. By default the secret below be reused everywhere, but it is customizable. - -```yaml ---- -kind: Secret -apiVersion: v1 -metadata: - name: grafana-admin-credentials - namespace: kof -stringData: - GF_SECURITY_ADMIN_USER: username # Grafana username - GF_SECURITY_ADMIN_PASSWORD: password # Grafana password -type: Opaque +By default the secrets defined in the `values.yaml` are created automatically and propagated to managed clusters using Sveltos cluster profile. + +You can retrieve grafana password and username using the following command + +```bash +kubectl get secret grafana-admin-credentials -o jsonpath="{.data.GF_SECURITY_ADMIN_USER}" -n kof | base64 -d; echo + +kubectl get secret grafana-admin-credentials -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" -n kof | base64 -d; echo ``` ```bash diff --git a/charts/kof-collectors/Chart.yaml b/charts/kof-collectors/Chart.yaml index faf3b17..f500e8a 100644 --- a/charts/kof-collectors/Chart.yaml +++ b/charts/kof-collectors/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kof-collectors description: A Helm chart that deploys OpenTelemetryCollector resources -version: 0.0.1 +version: 0.0.2 appVersion: "1.0" dependencies: - name: prometheus-node-exporter diff --git a/charts/kof-collectors/templates/_helpers.tpl b/charts/kof-collectors/templates/_helpers.tpl index 3a10f5d..8b33823 100644 --- a/charts/kof-collectors/templates/_helpers.tpl +++ b/charts/kof-collectors/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{- define "basic_auth_extensions" -}} {{- range tuple "metrics" "logs" }} {{- $secret := (lookup "v1" "Secret" $.Release.Namespace (index $.Values "kof" . "credentials_secret_name")) }} -{{- if $secret }} +{{- if not $.Values.global.lint }} basicauth/{{ . }}: client_auth: username: {{ index $secret.data (index $.Values "kof" . "username_key") | b64dec | quote }} diff --git a/charts/kof-collectors/values.yaml b/charts/kof-collectors/values.yaml index e1a7ddf..28b97e6 100644 --- a/charts/kof-collectors/values.yaml +++ b/charts/kof-collectors/values.yaml @@ -4,14 +4,14 @@ global: kof: logs: endpoint: http://victoria-logs-single-server:9428/insert/opentelemetry/v1/logs - credentials_secret_name: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password metrics: endpoint: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write - credentials_secret_name: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password instrumentation: enabled: true prometheus-node-exporter: @@ -41,9 +41,9 @@ opencost: enabled: true opencost: prometheus: - existingSecretName: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD + existingSecretName: storage-vmuser-credentials + username_key: username + password_key: password external: enabled: true url: "https://vmauth.storage0.example.net/vm/select/0/prometheus" diff --git a/charts/kof-mothership/templates/grafana/logs-datasource.yaml b/charts/kof-mothership/templates/grafana/logs-datasource.yaml index 690b969..5fdb08b 100644 --- a/charts/kof-mothership/templates/grafana/logs-datasource.yaml +++ b/charts/kof-mothership/templates/grafana/logs-datasource.yaml @@ -1,5 +1,6 @@ {{- if .Values.grafana.enabled }} {{- range .Values.grafana.logSources }} +--- apiVersion: grafana.integreatly.org/v1beta1 kind: GrafanaDatasource metadata: @@ -12,12 +13,12 @@ spec: - targetPath: "basicAuthUser" valueFrom: secretKeyRef: - key: {{ .auth.username_key | default "GF_SECURITY_ADMIN_USER" }} + key: {{ .auth.username_key }} name: {{ .auth.credentials_secret_name }} - targetPath: "secureJsonData.basicAuthPassword" valueFrom: secretKeyRef: - key: {{ .auth.password_key | default "GF_SECURITY_ADMIN_PASSWORD" }} + key: {{ .auth.password_key }} name: {{ .auth.credentials_secret_name }} datasource: access: proxy @@ -30,6 +31,5 @@ spec: matchLabels: dashboards: grafana resyncPeriod: 5m ---- {{- end }} {{- end }} diff --git a/charts/kof-mothership/templates/grafana/secret.yaml b/charts/kof-mothership/templates/grafana/secret.yaml new file mode 100644 index 0000000..9bc8b93 --- /dev/null +++ b/charts/kof-mothership/templates/grafana/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.grafana.security.create_secret }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.grafana.security.credentials_secret_name) }} +{{- if not $secret }} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ .Values.grafana.security.credentials_secret_name }} + namespace: {{ .Release.Namespace }} +stringData: + GF_SECURITY_ADMIN_USER: {{ randAlpha (.Values.global.random_username_length | int) | quote }} # Grafana username + GF_SECURITY_ADMIN_PASSWORD: {{ randAlpha (.Values.global.random_password_length | int) | quote }} # Grafana password +type: Opaque +{{- end }} +{{- end }} diff --git a/charts/kof-mothership/templates/hmc/cert-manager/flux-helm.yaml b/charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml similarity index 100% rename from charts/kof-mothership/templates/hmc/cert-manager/flux-helm.yaml rename to charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml diff --git a/charts/kof-mothership/templates/hmc/cert-manager/svctmpl.yaml b/charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml similarity index 100% rename from charts/kof-mothership/templates/hmc/cert-manager/svctmpl.yaml rename to charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml diff --git a/charts/kof-mothership/templates/hmc/kof-flux-helm.yaml b/charts/kof-mothership/templates/kcm/kof/flux-helm.yaml similarity index 100% rename from charts/kof-mothership/templates/hmc/kof-flux-helm.yaml rename to charts/kof-mothership/templates/kcm/kof/flux-helm.yaml diff --git a/charts/kof-mothership/templates/hmc/kof-repo.yaml b/charts/kof-mothership/templates/kcm/kof/flux-repo.yaml similarity index 100% rename from charts/kof-mothership/templates/hmc/kof-repo.yaml rename to charts/kof-mothership/templates/kcm/kof/flux-repo.yaml diff --git a/charts/kof-mothership/templates/hmc/kof-svctmpl.yaml b/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml similarity index 90% rename from charts/kof-mothership/templates/hmc/kof-svctmpl.yaml rename to charts/kof-mothership/templates/kcm/kof/svctmpl.yaml index 90d6b99..310ff16 100644 --- a/charts/kof-mothership/templates/hmc/kof-svctmpl.yaml +++ b/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml @@ -5,7 +5,7 @@ apiVersion: hmc.mirantis.com/v1alpha1 kind: ServiceTemplate metadata: name: kof-{{ $name }} - namespace: hmc-system + namespace: {{ $.Values.kcm.namespace }} spec: helm: chartRef: diff --git a/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml b/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml new file mode 100644 index 0000000..4b66bc9 --- /dev/null +++ b/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: copy-resource-template + namespace: {{ $.Release.Namespace }} + annotations: + projectsveltos.io/template: "true" # add annotation to indicate Sveltos content is a template +data: + secret.yaml: | + {{` {{ copy "Resource" }} `}} diff --git a/charts/kof-mothership/templates/promxy/secret.yaml b/charts/kof-mothership/templates/promxy/secret.yaml index 7182c8e..e1ffe2c 100644 --- a/charts/kof-mothership/templates/promxy/secret.yaml +++ b/charts/kof-mothership/templates/promxy/secret.yaml @@ -1,4 +1,29 @@ +{{- /* Tracking secrets with the same name to avoid conflict during creation */}} +{{ $all_secrets := dict }} +{{- range .Values.promxy.config.serverGroups }} +{{- if .auth.create_secret }} +{{- /* Checking that the secret isn't created yet to avoid credentials regeneration */}} +{{- $secret := (lookup "v1" "Secret" $.Release.Namespace .auth.credentials_secret_name) }} +{{- if $secret }} +{{- $_ := set $all_secrets .auth.credentials_secret_name (dict "username" (index $secret.data .auth.username_key | b64dec) "password" (index $secret.data .auth.password_key | b64dec))}} +{{- end }} +{{- if and (not $secret) (not (hasKey $all_secrets .auth.credentials_secret_name)) }} +{{- $_ := set $all_secrets .auth.credentials_secret_name (dict "username" (randAlpha ($.Values.global.random_username_length | int)) "password" (randAlpha ($.Values.global.random_password_length | int)) )}} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ .auth.credentials_secret_name }} + namespace: {{ $.Release.Namespace }} +stringData: + {{ .auth.username_key}}: {{ index $all_secrets .auth.credentials_secret_name "username" | quote }} + {{ .auth.password_key}}: {{ index $all_secrets .auth.credentials_secret_name "password" | quote }} +type: Opaque +{{- end }} +{{- end }} +{{- end }} {{- if eq .Values.promxy.secret "" }} +--- apiVersion: v1 kind: Secret metadata: @@ -32,10 +57,15 @@ stringData: tls_config: insecure_skip_verify: true basic_auth: +{{- if not .auth.create_secret }} {{- $secret := (lookup "v1" "Secret" $.Release.Namespace .auth.credentials_secret_name) }} -{{- if $secret }} - username: {{ index $secret.data (.auth.username_key | default "GF_SECURITY_ADMIN_USER") | b64dec | quote }} - password: {{ index $secret.data (.auth.password_key | default "GF_SECURITY_ADMIN_PASSWORD") | b64dec | quote }} +{{- if not $.Values.global.lint }} + username: {{ index $secret.data .auth.username_key | b64dec | quote }} + password: {{ index $secret.data .auth.password_key | b64dec | quote }} +{{- end }} +{{- else }} + username: {{ index $all_secrets .auth.credentials_secret_name "username" | quote }} + password: {{ index $all_secrets .auth.credentials_secret_name "password" | quote }} {{- end }} labels: promxyCluster: {{ .clusterName | quote }} diff --git a/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml b/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml new file mode 100644 index 0000000..d7e5919 --- /dev/null +++ b/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml @@ -0,0 +1,24 @@ +{{- if .Values.kcm.kof.secrets_copy.secrets }} +{{- /* Distributing secrets to clusters automatically*/}} +--- +apiVersion: config.projectsveltos.io/v1beta1 +kind: ClusterProfile +metadata: + name: kof-secrets +spec: + clusterSelector: + matchLabels: {{ .Values.kcm.kof.secrets_copy.matchLabels | toYaml | nindent 6 }} + templateResourceRefs: +{{- range .Values.kcm.kof.secrets_copy.secrets }} + - resource: + apiVersion: v1 + kind: Secret + name: {{ . }} + namespace: {{ $.Release.Namespace }} + identifier: Resource +{{- end }} + policyRefs: + - kind: ConfigMap + name: copy-resource-template + namespace: {{ $.Release.Namespace }} +{{- end }} diff --git a/charts/kof-mothership/values.yaml b/charts/kof-mothership/values.yaml index b16bc41..56156f1 100644 --- a/charts/kof-mothership/values.yaml +++ b/charts/kof-mothership/values.yaml @@ -2,6 +2,8 @@ global: clusterLabel: clusterName storageClass: standard clusterName: mothership + random_username_length: 8 + random_password_length: 12 kcm: installTemplates: false kof: @@ -14,9 +16,14 @@ kcm: operators: version: 0.0.1 collectors: - version: 0.0.1 + version: 0.0.2 storage: - version: 0.1.2 + version: 0.1.4 + secrets_copy: + matchLabels: + k0rdent.mirantis.com/kof-storage-secrets: "true" + secrets: + - storage-vmuser-credentials victoriametrics: enabled: true vmcluster: @@ -38,14 +45,19 @@ grafana: url: https://vmauth.storage0.example.net/vls type: victoriametrics-logs-datasource auth: - credentials_secret_name: grafana-admin-credentials + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password - name: storage1-logs url: https://vmauth.storage1.example.net/vls type: victoriametrics-logs-datasource auth: - credentials_secret_name: grafana-admin-credentials + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password security: credentials_secret_name: grafana-admin-credentials + create_secret: true victoria-metrics-operator: enabled: true crds: @@ -103,9 +115,15 @@ promxy: targets: - vmauth.storage0.example.net:443 auth: - credentials_secret_name: grafana-admin-credentials + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password + create_secret: true - clusterName: storage1 targets: - vmauth.storage1.example.net:443 auth: - credentials_secret_name: grafana-admin-credentials + credentials_secret_name: storage-vmuser-credentials + username_key: username + password_key: password + create_secret: true diff --git a/charts/kof-storage/Chart.lock b/charts/kof-storage/Chart.lock index b920889..1746396 100644 --- a/charts/kof-storage/Chart.lock +++ b/charts/kof-storage/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: v5.15.1 - name: victoria-metrics-operator repository: https://victoriametrics.github.io/helm-charts/ - version: 0.40.3 + version: 0.40.4 - name: victoria-logs-single repository: https://victoriametrics.github.io/helm-charts/ version: 0.8.12 - name: external-dns repository: https://kubernetes-sigs.github.io/external-dns/ version: 1.15.0 -digest: sha256:765fa797ecae93345bb5eff857a8ab89803f9cfb0048e560625820a1d4567df0 -generated: "2025-01-06T15:31:00.919698+02:00" +digest: sha256:e4ba96403921fa721337ab6cb4a005fe205407c01badf77a91b7f9549dfb5737 +generated: "2025-01-13T15:11:53.857929+02:00" diff --git a/charts/kof-storage/templates/grafana/secret.yaml b/charts/kof-storage/templates/grafana/secret.yaml new file mode 100644 index 0000000..9bc8b93 --- /dev/null +++ b/charts/kof-storage/templates/grafana/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.grafana.security.create_secret }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.grafana.security.credentials_secret_name) }} +{{- if not $secret }} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ .Values.grafana.security.credentials_secret_name }} + namespace: {{ .Release.Namespace }} +stringData: + GF_SECURITY_ADMIN_USER: {{ randAlpha (.Values.global.random_username_length | int) | quote }} # Grafana username + GF_SECURITY_ADMIN_PASSWORD: {{ randAlpha (.Values.global.random_password_length | int) | quote }} # Grafana password +type: Opaque +{{- end }} +{{- end }} diff --git a/charts/kof-storage/templates/victoria/vmuser.yaml b/charts/kof-storage/templates/victoria/vmuser.yaml index ce64295..1b91d4f 100644 --- a/charts/kof-storage/templates/victoria/vmuser.yaml +++ b/charts/kof-storage/templates/victoria/vmuser.yaml @@ -22,12 +22,12 @@ spec: - /vm/insert/.* static: url: http://vminsert-cluster.{{ .Release.Namespace }}.svc:8480 -{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.victoriametrics.vmauth.credentials.password_secret_name) }} -{{- if $secret }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.victoriametrics.vmauth.credentials.credentials_secret_name) }} +{{- if not $.Values.global.lint }} username: {{ index $secret.data .Values.victoriametrics.vmauth.credentials.username_key | b64dec | quote }} {{- end }} passwordRef: key: {{ .Values.victoriametrics.vmauth.credentials.password_key }} - name: {{ .Values.victoriametrics.vmauth.credentials.password_secret_name }} + name: {{ .Values.victoriametrics.vmauth.credentials.credentials_secret_name }} {{- end }} {{- end }} diff --git a/charts/kof-storage/values.yaml b/charts/kof-storage/values.yaml index bb0d572..6cb5e7b 100644 --- a/charts/kof-storage/values.yaml +++ b/charts/kof-storage/values.yaml @@ -2,6 +2,8 @@ global: clusterLabel: clusterName storageClass: ebs-csi-default-sc clusterName: storage + random_username_length: 8 + random_password_length: 12 cert-manager: enabled: true email: mail@example.net @@ -25,9 +27,9 @@ victoriametrics: vmauth: enabled: true credentials: - password_secret_name: grafana-admin-credentials - password_key: "GF_SECURITY_ADMIN_PASSWORD" - username_key: "GF_SECURITY_ADMIN_USER" + username_key: username + password_key: password + credentials_secret_name: storage-vmuser-credentials ingress: host: vmauth.hmc0.example.net vmcluster: @@ -49,6 +51,7 @@ grafana: enabled: true security: credentials_secret_name: grafana-admin-credentials + create_secret: true ingress: enabled: true host: grafana.hmc0.example.net diff --git a/demo/cluster/aws-managed.yaml b/demo/cluster/aws-managed.yaml index a849e52..988b0a4 100644 --- a/demo/cluster/aws-managed.yaml +++ b/demo/cluster/aws-managed.yaml @@ -19,43 +19,46 @@ spec: worker: instanceType: t3.small workersNumber: 3 - template: aws-standalone-cp-0-0-4 - servicesPriority: 100 - services: - - template: cert-manager - name: cert-manager - namespace: kof - values: | - crds: - enabled: true - - template: kof-operators - name: kof-operators - namespace: kof - - template: kof-collectors - name: kof-collectors - namespace: kof - values: | - global: - clusterName: aws-managed0 - opencost: - enabled: true + clusterLabels: + k0rdent.mirantis.com/kof-storage-secrets: "true" + template: aws-standalone-cp-0-0-5 + serviceSpec: + priority: 100 + services: + - template: cert-manager + name: cert-manager + namespace: kof + values: | + crds: + enabled: true + - template: kof-operators + name: kof-operators + namespace: kof + - template: kof-collectors + name: kof-collectors + namespace: kof + values: | + global: + clusterName: aws-managed0 opencost: - prometheus: - existingSecretName: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD - external: - url: "https://vmauth.storage0.example.net/vm/select/0/prometheus" - exporter: - defaultClusterId: "aws-managed0" - kof: - logs: - credentials_secret_name: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD - endpoint: https://vmauth.storage0.example.net/vls/insert/opentelemetry/v1/logs - metrics: - credentials_secret_name: grafana-admin-credentials - username_key: GF_SECURITY_ADMIN_USER - password_key: GF_SECURITY_ADMIN_PASSWORD - endpoint: https://vmauth.storage0.example.net/vm/insert/0/prometheus/api/v1/write + enabled: true + opencost: + prometheus: + username_key: username + password_key: password + existingSecretName: storage-vmuser-credentials + external: + url: "https://vmauth.storage0.example.net/vm/select/0/prometheus" + exporter: + defaultClusterId: "aws-managed0" + kof: + logs: + username_key: username + password_key: password + credentials_secret_name: storage-vmuser-credentials + endpoint: https://vmauth.storage0.example.net/vls/insert/opentelemetry/v1/logs + metrics: + username_key: username + password_key: password + credentials_secret_name: storage-vmuser-credentials + endpoint: https://vmauth.storage0.example.net/vm/insert/0/prometheus/api/v1/write diff --git a/demo/cluster/aws-storage.yaml b/demo/cluster/aws-storage.yaml index 9396e56..2c0fe85 100644 --- a/demo/cluster/aws-storage.yaml +++ b/demo/cluster/aws-storage.yaml @@ -19,34 +19,37 @@ spec: worker: instanceType: t3.medium workersNumber: 3 - template: aws-standalone-cp-0-0-4 - servicesPriority: 100 - services: - - template: ingress-nginx-4-11-3 - name: ingress-nginx - namespace: ingress-nginx - - name: cert-manager - namespace: cert-manager - template: cert-manager - values: | - crds: - enabled: true - - name: kof-storage - namespace: kof - template: kof-storage - values: | - victoriametrics: - vmauth: + clusterLabels: + k0rdent.mirantis.com/kof-storage-secrets: "true" + template: aws-standalone-cp-0-0-5 + serviceSpec: + priority: 100 + services: + - template: ingress-nginx-4-11-3 + name: ingress-nginx + namespace: ingress-nginx + - name: cert-manager + namespace: cert-manager + template: cert-manager + values: | + crds: + enabled: true + - name: kof-storage + namespace: kof + template: kof-storage + values: | + victoriametrics: + vmauth: + ingress: + host: vmauth.storage0.example.net + security: + username_key: username + password_key: password + credentials_secret_name: storage-vmuser-credentials + grafana: ingress: host: vmauth.storage0.example.net - security: - password_secret_name: grafana-admin-credentials - password_key: "GF_SECURITY_ADMIN_PASSWORD" - username_key: "GF_SECURITY_ADMIN_USER" - grafana: - ingress: - host: grafana.storage0.example.net - security: - credentials_secret_name: grafana-admin-credentials - cert-manager: - email: mail@example.net + security: + credentials_secret_name: grafana-admin-credentials + cert-manager: + email: mail@example.net diff --git a/demo/demo-mothership-values.yaml b/demo/demo-mothership-values.yaml index 2337268..cac782d 100644 --- a/demo/demo-mothership-values.yaml +++ b/demo/demo-mothership-values.yaml @@ -25,7 +25,7 @@ grafana: url: https://vmauth.hmc0.example.net/vls type: victorialogs-datasource auth: - credentials_secret_name: vmauth-credentials + credentials_secret_name: storage-vmuser-credentials username_key: "username" password_key: "password" security: @@ -84,6 +84,7 @@ promxy: targets: - vmauth.hmc0.example.net:443 auth: - credentials_secret_name: vmauth-credentials + credentials_secret_name: storage-vmuser-credentials username_key: "username" password_key: "password" + create_secret: true From 7a554655df253371eef7d2660d96279dabc1e71c Mon Sep 17 00:00:00 2001 From: Aleksei Larkov Date: Mon, 13 Jan 2025 12:22:33 +0200 Subject: [PATCH 3/3] Rename hmc to k0rdent --- Makefile | 4 ++-- README.md | 8 ++++---- charts/kof-mothership/Chart.yaml | 2 +- .../templates/kcm/cert-manager/flux-helm.yaml | 10 +++++----- .../templates/kcm/cert-manager/svctmpl.yaml | 6 +++--- charts/kof-mothership/templates/kcm/kof/flux-helm.yaml | 4 ++-- charts/kof-mothership/templates/kcm/kof/flux-repo.yaml | 4 ++-- charts/kof-mothership/templates/kcm/kof/svctmpl.yaml | 4 ++-- charts/kof-mothership/values.yaml | 1 + charts/kof-storage/Chart.yaml | 2 +- charts/kof-storage/values.yaml | 4 ++-- demo/cluster/aws-credentials.yaml | 2 +- demo/cluster/aws-managed.yaml | 6 +++--- demo/cluster/aws-storage.yaml | 6 +++--- demo/demo-mothership-values.yaml | 8 ++++---- docs/DEV.md | 4 ++-- docs/otel.canvas | 6 +++--- 17 files changed, 41 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index e312c31..380d605 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ $(CHARTS_PACKAGE_DIR): | $(LOCALBIN) rm -rf $(CHARTS_PACKAGE_DIR) mkdir -p $(CHARTS_PACKAGE_DIR) -REGISTRY_NAME ?= hmc-local-registry +REGISTRY_NAME ?= kcm-local-registry REGISTRY_PORT ?= 5001 REGISTRY_REPO ?= oci://127.0.0.1:$(REGISTRY_PORT)/charts REGISTRY_IS_OCI = $(shell echo $(REGISTRY_REPO) | grep -q oci && echo true || echo false) @@ -72,7 +72,7 @@ helm-push: helm-package echo "REGISTRY_USERNAME and REGISTRY_PASSWORD must be populated to push the chart to an HTTPS repository"; \ exit 1; \ else \ - $(HELM) repo add hmc $(REGISTRY_REPO); \ + $(HELM) repo add kcm $(REGISTRY_REPO); \ echo "Pushing $$chart to $(REGISTRY_REPO)"; \ $(HELM) cm-push "$$chart" $(REGISTRY_REPO) --username $$REGISTRY_USERNAME --password $$REGISTRY_PASSWORD; \ fi; \ diff --git a/README.md b/README.md index 85a4d29..3ec0ac7 100644 --- a/README.md +++ b/README.md @@ -47,13 +47,13 @@ To deploy storage `clusterdeployment` configure desired ingress names for vmauth ```bash kubectl apply -f demo/cluster/aws-storage.yaml # you can check helm chart deployment status using ClusterSummary object: -kubectl get clustersummaries.config.projectsveltos.io -n hmc-system +kubectl get clustersummaries.config.projectsveltos.io -n kcm-system ``` Once the storage clusterdeploymet is ready - retrieve its kubeconfig and get loadbalancer IP/DNS name for your ingress-nginx service. ```bash -kubectl get secret -n hmc-system aws-storage-kubeconfig -o jsonpath={.data.value} | base64 -d > /tmp/hmc-aws-storage-kubeconfig.yaml -export KUBECONFIG=/tmp/hmc-aws-storage-kubeconfig.yaml +kubectl get secret -n kcm-system aws-storage-kubeconfig -o jsonpath={.data.value} | base64 -d > /tmp/kcm-aws-storage-kubeconfig.yaml +export KUBECONFIG=/tmp/kcm-aws-storage-kubeconfig.yaml kubectl get svc -n ingress-nginx ingress-nginx-controller ``` @@ -78,7 +78,7 @@ To deploy operators and collectors to a `clusterdeployment` configure ingress na ``` kubectl apply -f demo/cluster/aws-managed.yaml # you can check helm chart deployment status using ClusterSummary object: -kubectl get clustersummaries.config.projectsveltos.io -n hmc-system +kubectl get clustersummaries.config.projectsveltos.io -n kcm-system ``` Once your managed clusters are up, create secrets for storage cluster authentication, it should start pushing metrics and logs to your storage one, through ingress domain you've configured. diff --git a/charts/kof-mothership/Chart.yaml b/charts/kof-mothership/Chart.yaml index 96845bf..fd37018 100644 --- a/charts/kof-mothership/Chart.yaml +++ b/charts/kof-mothership/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kof-mothership description: A Helm chart that deploys Grafana, Promxy, and VictoriaMetrics. -version: 0.1.6 +version: 0.1.8 appVersion: "1.0" dependencies: - name: grafana-operator diff --git a/charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml b/charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml index a816b73..4eabfeb 100644 --- a/charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml +++ b/charts/kof-mothership/templates/kcm/cert-manager/flux-helm.yaml @@ -4,9 +4,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack - namespace: hmc-system + namespace: {{ .Values.kcm.namespace }} labels: - hmc.mirantis.com/managed: "true" + k0rdent.mirantis.com/managed: "true" spec: url: https://charts.jetstack.io --- @@ -14,9 +14,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart metadata: name: cert-manager - namespace: hmc-system + namespace: {{ .Values.kcm.namespace }} labels: - hmc.mirantis.com/managed: "true" + k0rdent.mirantis.com/managed: "true" spec: chart: cert-manager interval: 10m0s @@ -25,4 +25,4 @@ spec: kind: HelmRepository name: jetstack version: 1.16.1 -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml b/charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml index 514a5f8..123eb21 100644 --- a/charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml +++ b/charts/kof-mothership/templates/kcm/cert-manager/svctmpl.yaml @@ -1,15 +1,15 @@ {{- if .Values.kcm.installTemplates }} -apiVersion: hmc.mirantis.com/v1alpha1 +apiVersion: k0rdent.mirantis.com/v1alpha1 kind: ServiceTemplate metadata: name: cert-manager - namespace: hmc-system + namespace: {{ .Values.kcm.namespace }} spec: helm: chartRef: apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart name: cert-manager - namespace: hmc-system + namespace: {{ .Values.kcm.namespace }} providers: [] {{- end }} diff --git a/charts/kof-mothership/templates/kcm/kof/flux-helm.yaml b/charts/kof-mothership/templates/kcm/kof/flux-helm.yaml index 9f66545..d176e56 100644 --- a/charts/kof-mothership/templates/kcm/kof/flux-helm.yaml +++ b/charts/kof-mothership/templates/kcm/kof/flux-helm.yaml @@ -5,9 +5,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart metadata: name: kof-{{ $name }} - namespace: hmc-system + namespace: {{ $.Values.kcm.namespace }} labels: - hmc.mirantis.com/managed: "true" + k0rdent.mirantis.com/managed: "true" spec: chart: kof-{{ $name }} interval: 10m0s diff --git a/charts/kof-mothership/templates/kcm/kof/flux-repo.yaml b/charts/kof-mothership/templates/kcm/kof/flux-repo.yaml index d90b9bb..19c9e83 100644 --- a/charts/kof-mothership/templates/kcm/kof/flux-repo.yaml +++ b/charts/kof-mothership/templates/kcm/kof/flux-repo.yaml @@ -4,9 +4,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: {{ .Values.kcm.kof.repo.name }} - namespace: hmc-system + namespace: {{ .Values.kcm.namespace }} labels: - hmc.mirantis.com/managed: "true" + k0rdent.mirantis.com/managed: "true" spec: url: {{ .Values.kcm.kof.repo.url }} insecure: {{ .Values.kcm.kof.repo.insecure }} diff --git a/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml b/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml index 310ff16..8d733b6 100644 --- a/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml +++ b/charts/kof-mothership/templates/kcm/kof/svctmpl.yaml @@ -1,7 +1,7 @@ {{- if .Values.kcm.installTemplates }} {{- range $name, $values := .Values.kcm.kof.charts }} --- -apiVersion: hmc.mirantis.com/v1alpha1 +apiVersion: k0rdent.mirantis.com/v1alpha1 kind: ServiceTemplate metadata: name: kof-{{ $name }} @@ -12,7 +12,7 @@ spec: apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart name: kof-{{ $name }} - namespace: hmc-system + namespace: {{ $.Values.kcm.namespace }} providers: [] {{- end }} {{- end }} diff --git a/charts/kof-mothership/values.yaml b/charts/kof-mothership/values.yaml index 56156f1..87655e7 100644 --- a/charts/kof-mothership/values.yaml +++ b/charts/kof-mothership/values.yaml @@ -6,6 +6,7 @@ global: random_password_length: 12 kcm: installTemplates: false + namespace: kcm-system kof: repo: name: kof diff --git a/charts/kof-storage/Chart.yaml b/charts/kof-storage/Chart.yaml index 21298d8..0ac7f96 100644 --- a/charts/kof-storage/Chart.yaml +++ b/charts/kof-storage/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kof-storage description: A Helm chart that deploys Grafana, and VictoriaMetrics. -version: 0.1.2 +version: 0.1.4 appVersion: "1.0" dependencies: - name: grafana-operator diff --git a/charts/kof-storage/values.yaml b/charts/kof-storage/values.yaml index 6cb5e7b..2fd6e71 100644 --- a/charts/kof-storage/values.yaml +++ b/charts/kof-storage/values.yaml @@ -31,7 +31,7 @@ victoriametrics: password_key: password credentials_secret_name: storage-vmuser-credentials ingress: - host: vmauth.hmc0.example.net + host: vmauth.kcm0.example.net vmcluster: enabled: true vmalert: @@ -54,7 +54,7 @@ grafana: create_secret: true ingress: enabled: true - host: grafana.hmc0.example.net + host: grafana.kcm0.example.net autoinstrumentation: enabled: true victoria-metrics-operator: diff --git a/demo/cluster/aws-credentials.yaml b/demo/cluster/aws-credentials.yaml index c85d6c8..d681d2e 100644 --- a/demo/cluster/aws-credentials.yaml +++ b/demo/cluster/aws-credentials.yaml @@ -21,7 +21,7 @@ stringData: SecretAccessKey: ${AWS_SECRET_ACCESS_KEY} SessionToken: ${AWS_SESSION_TOKEN} --- -apiVersion: hmc.mirantis.com/v1alpha1 +apiVersion: k0rdent.mirantis.com/v1alpha1 kind: Credential metadata: name: aws-cluster-identity-cred diff --git a/demo/cluster/aws-managed.yaml b/demo/cluster/aws-managed.yaml index 988b0a4..eef71eb 100644 --- a/demo/cluster/aws-managed.yaml +++ b/demo/cluster/aws-managed.yaml @@ -1,8 +1,8 @@ -apiVersion: hmc.mirantis.com/v1alpha1 +apiVersion: k0rdent.mirantis.com/v1alpha1 kind: ClusterDeployment metadata: name: aws-managed0 - namespace: hmc-system + namespace: kcm-system labels: kof: "collector" spec: @@ -10,7 +10,7 @@ spec: config: clusterIdentity: name: aws-cluster-identity - namespace: hmc-system + namespace: kcm-system controlPlane: instanceType: t3.large controlPlaneNumber: 1 diff --git a/demo/cluster/aws-storage.yaml b/demo/cluster/aws-storage.yaml index 2c0fe85..5ca1c12 100644 --- a/demo/cluster/aws-storage.yaml +++ b/demo/cluster/aws-storage.yaml @@ -1,8 +1,8 @@ -apiVersion: hmc.mirantis.com/v1alpha1 +apiVersion: k0rdent.mirantis.com/v1alpha1 kind: ClusterDeployment metadata: name: aws-storage0 - namespace: hmc-system + namespace: kcm-system labels: kof: "storage" spec: @@ -10,7 +10,7 @@ spec: config: clusterIdentity: name: aws-cluster-identity - namespace: hmc-system + namespace: kcm-system controlPlane: instanceType: t3.large controlPlaneNumber: 1 diff --git a/demo/demo-mothership-values.yaml b/demo/demo-mothership-values.yaml index cac782d..7a95dee 100644 --- a/demo/demo-mothership-values.yaml +++ b/demo/demo-mothership-values.yaml @@ -21,8 +21,8 @@ grafana: alerts: enabled: true logSources: - - name: hmc0-logs - url: https://vmauth.hmc0.example.net/vls + - name: storage0-logs + url: https://vmauth.kcm0.example.net/vls type: victorialogs-datasource auth: credentials_secret_name: storage-vmuser-credentials @@ -80,9 +80,9 @@ promxy: config: remoteWriteUrl: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write serverGroups: - - clusterName: hmc0 + - clusterName: kcm0 targets: - - vmauth.hmc0.example.net:443 + - vmauth.kcm0.example.net:443 auth: credentials_secret_name: storage-vmuser-credentials username_key: "username" diff --git a/docs/DEV.md b/docs/DEV.md index 9576623..f99a3b8 100644 --- a/docs/DEV.md +++ b/docs/DEV.md @@ -50,13 +50,13 @@ Install "mothership" helm chart into your "mothership" cluster make dev-ms-deploy-aws ``` -Create "storage" managed cluster using HMC +Create "storage" managed cluster using KCM ```bash make dev-storage-deploy-aws ``` -Create "managed" managed cluster using HMC +Create "managed" managed cluster using KCM ```bash make dev-managed-deploy-aws diff --git a/docs/otel.canvas b/docs/otel.canvas index b1e4ac4..b141500 100644 --- a/docs/otel.canvas +++ b/docs/otel.canvas @@ -1,13 +1,13 @@ { "nodes":[ {"id":"bfb5b9ca6d6173a2","type":"group","x":-2300,"y":-480,"width":1194,"height":1232,"label":"Azure - West Europe - Netherlands"}, - {"id":"8e43733fc60f6285","type":"group","x":-960,"y":-996,"width":920,"height":1234,"label":"HMC Management Cluster"}, + {"id":"8e43733fc60f6285","type":"group","x":-960,"y":-996,"width":920,"height":1234,"label":"KCM Management Cluster"}, {"id":"c90038fee416518d","type":"group","x":-2300,"y":-1139,"width":1194,"height":617,"label":"AWS eu-central"}, {"id":"c6eb697ae5a678d0","type":"group","x":-918,"y":-299,"width":858,"height":512,"label":"Mothership stack"}, {"id":"bea4f3a4119c09db","type":"group","x":-2274,"y":-422,"width":571,"height":552,"label":"ManagedCluster - azure-nl-0"}, {"id":"cffd281f4d05978c","type":"group","x":-2274,"y":171,"width":571,"height":552,"label":"ManagedCluster - azure-nl-1"}, {"id":"327c8d02308940c7","type":"group","x":-2274,"y":-1089,"width":571,"height":552,"label":"ManagedCluster - aws-eu-central-0"}, - {"id":"4201a84061be9489","type":"group","x":-918,"y":-927,"width":571,"height":552,"label":"HMC CAPI stack"}, + {"id":"4201a84061be9489","type":"group","x":-918,"y":-927,"width":571,"height":552,"label":"KCM CAPI stack"}, {"id":"6ad3921b1970c1b2","type":"group","x":-1614,"y":-73,"width":437,"height":371,"label":"k0s azure-nl-0-storage"}, {"id":"782718b4a48faebe","type":"group","x":-1622,"y":-984,"width":437,"height":342,"label":"k0s aws-eu-central-0-storage"}, {"id":"d3a6a85b665e3a5b","type":"group","x":-1606,"y":-16,"width":421,"height":310,"label":"Metrics + Logs + Traces"}, @@ -112,4 +112,4 @@ {"id":"2b53eb80984fb5b1","fromNode":"82a9870d78bfde09","fromSide":"right","toNode":"fe85ebb84757f2d6","toSide":"top"}, {"id":"be91a9edd5321fe0","fromNode":"fe85ebb84757f2d6","fromSide":"left","toNode":"f3574dc5e8bd1c15","toSide":"right","color":"4"} ] -} +} \ No newline at end of file