diff --git a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml index 94acb8354..803d40b4f 100644 --- a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml @@ -195,6 +195,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy index 7b575b994..bf2b530cb 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy @@ -6,7 +6,6 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" - tenant_id = "" bearer_token = "my-bearer-token" } external_labels = { diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy index 9da3ee16f..d5cf3788e 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy @@ -15,9 +15,6 @@ prometheus.remote_write "prometheus" { } tls_config { insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } send_native_histograms = false queue_config { diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy index 751f81a69..625f0d0fa 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy @@ -15,9 +15,6 @@ prometheus.remote_write "prometheus" { } tls_config { insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } send_native_histograms = false queue_config { @@ -53,7 +50,6 @@ otelcol.exporter.loki "loki" { loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" - tenant_id = "" bearer_token = "my-bearer-token" } external_labels = { @@ -92,14 +88,10 @@ otelcol.exporter.otlp "tempo" { client { endpoint = "http://tempo.tempo.svc:4317" headers = { - "X-Scope-OrgID" = "", } tls { insecure = false insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } } } diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml index c13ebdc05..adb2ad836 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml @@ -72,9 +72,6 @@ data: } tls_config { insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } send_native_histograms = false queue_config { @@ -183,6 +180,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge @@ -209,7 +208,6 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" - tenant_id = "" bearer_token = "my-bearer-token" } external_labels = { @@ -359,9 +357,6 @@ data: } tls_config { insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } send_native_histograms = false queue_config { @@ -397,7 +392,6 @@ data: loki.write "loki" { endpoint { url = "http://loki.loki.svc:3100/loki/api/v1/push" - tenant_id = "" bearer_token = "my-bearer-token" } external_labels = { @@ -436,14 +430,10 @@ data: client { endpoint = "http://tempo.tempo.svc:4317" headers = { - "X-Scope-OrgID" = "", } tls { insecure = false insecure_skip_verify = false - ca_pem = "" - cert_pem = "" - key_pem = "" } } } diff --git a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml index 000bd0ea1..03e751e73 100644 --- a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml @@ -188,6 +188,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml b/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml index c9067af3d..6307fa2f4 100644 --- a/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml @@ -399,6 +399,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/autoscaling/output.yaml b/charts/k8s-monitoring/docs/examples/autoscaling/output.yaml index 8db86cf9a..e43bdd517 100644 --- a/charts/k8s-monitoring/docs/examples/autoscaling/output.yaml +++ b/charts/k8s-monitoring/docs/examples/autoscaling/output.yaml @@ -375,6 +375,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml index eeb740325..90f324224 100644 --- a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml +++ b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml @@ -391,6 +391,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml index c25b0428f..864b7e64a 100644 --- a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml +++ b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml @@ -536,6 +536,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml index 29a94de9d..1dd2ca511 100644 --- a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml @@ -299,6 +299,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml index 65553c8b0..53748d1e3 100644 --- a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml @@ -299,6 +299,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/applicaiton-observability/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/applicaiton-observability/default/output.yaml index 43f2b3966..e338f4d07 100644 --- a/charts/k8s-monitoring/docs/examples/features/applicaiton-observability/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/applicaiton-observability/default/output.yaml @@ -214,6 +214,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml index 56b670aa0..f7a549904 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml @@ -626,6 +626,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml index 9f10a65f8..540c8c57b 100644 --- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml @@ -375,6 +375,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml index b17f4d1b6..085593bee 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml @@ -389,6 +389,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml index 7d67538da..93964e914 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml @@ -130,6 +130,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml index 5b16c1ff9..a92c96d08 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml @@ -129,6 +129,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml index 0c2a4f667..44ee251f2 100644 --- a/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml @@ -143,6 +143,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml b/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml index 005d2d1e0..e10491af8 100644 --- a/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml +++ b/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml @@ -586,6 +586,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml index b66db894f..94f6126b2 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml @@ -487,6 +487,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml index 642e2e7ec..f3b5709e5 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml @@ -437,6 +437,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml index 6d31ff0a6..3f4d9b1ea 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml @@ -437,6 +437,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml index eaba68441..a0221d3aa 100644 --- a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml +++ b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml @@ -541,6 +541,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml b/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml index 5fe53f931..09e0e15e8 100644 --- a/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml +++ b/charts/k8s-monitoring/docs/examples/private-image-registries/output.yaml @@ -397,6 +397,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/proxies/output.yaml b/charts/k8s-monitoring/docs/examples/proxies/output.yaml index ea39d5000..686ea6c98 100644 --- a/charts/k8s-monitoring/docs/examples/proxies/output.yaml +++ b/charts/k8s-monitoring/docs/examples/proxies/output.yaml @@ -521,6 +521,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/remote-config/README.md b/charts/k8s-monitoring/docs/examples/remote-config/README.md new file mode 100644 index 000000000..68a641c20 --- /dev/null +++ b/charts/k8s-monitoring/docs/examples/remote-config/README.md @@ -0,0 +1,22 @@ + +# Example: remote-config/values.yaml + +## Values + +```yaml +cluster: + name: remote-config-example-cluster + +alloy-metrics: + enabled: true + remoteConfig: + enabled: true + url: "https://remote-config.example.com/alloy" + auth: + type: "basic" + username: "my-remote-cfg-user" + password: "my-remote-cfg-password" +``` diff --git a/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy new file mode 100644 index 000000000..eb8cc235b --- /dev/null +++ b/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy @@ -0,0 +1,16 @@ + + + +remotecfg { + url = "https://remote-config.example.com/alloy" + basic_auth { + username = nonsensitive(remote.kubernetes.secret.alloy_metrics_remote_cfg.data["username"]) + password = remote.kubernetes.secret.alloy_metrics_remote_cfg.data["password"] + } + id = "remote-config-example-cluster-default-" + constants.hostnamepoll_frequency = "5m" + attributes = { + "cluster" = "remote-config-example-cluster", + "platform" = "kubernetes", + "workloadType": "statefulset", + } +} diff --git a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml index e69de29bb..bcbac49aa 100644 --- a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml +++ b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml @@ -0,0 +1,331 @@ +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ko-alloy-metrics + namespace: default + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy + app.kubernetes.io/component: rbac +--- +# Source: k8s-monitoring/templates/alloy-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ko-alloy-metrics + namespace: default +data: + config.alloy: |- + + + + remotecfg { + url = "https://remote-config.example.com/alloy" + basic_auth { + username = nonsensitive(remote.kubernetes.secret.alloy_metrics_remote_cfg.data["username"]) + password = remote.kubernetes.secret.alloy_metrics_remote_cfg.data["password"] + } + id = "remote-config-example-cluster-default-" + constants.hostnamepoll_frequency = "5m" + attributes = { + "cluster" = "remote-config-example-cluster", + "platform" = "kubernetes", + "workloadType": "statefulset", + } + } +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ko-alloy-metrics + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy + app.kubernetes.io/component: rbac +rules: + # Rules which allow discovery.kubernetes to function. + - apiGroups: + - "" + - "discovery.k8s.io" + - "networking.k8s.io" + resources: + - endpoints + - endpointslices + - ingresses + - nodes + - nodes/proxy + - nodes/metrics + - pods + - services + verbs: + - get + - list + - watch + # Rules which allow loki.source.kubernetes and loki.source.podlogs to work. + - apiGroups: + - "" + resources: + - pods + - pods/log + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "monitoring.grafana.com" + resources: + - podlogs + verbs: + - get + - list + - watch + # Rules which allow mimir.rules.kubernetes to work. + - apiGroups: ["monitoring.coreos.com"] + resources: + - prometheusrules + verbs: + - get + - list + - watch + - nonResourceURLs: + - /metrics + verbs: + - get + # Rules for prometheus.kubernetes.* + - apiGroups: ["monitoring.coreos.com"] + resources: + - podmonitors + - servicemonitors + - probes + verbs: + - get + - list + - watch + # Rules which allow eventhandler to work. + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + # needed for remote.kubernetes.* + - apiGroups: [""] + resources: + - "configmaps" + - "secrets" + verbs: + - get + - list + - watch + # needed for otelcol.processor.k8sattributes + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ko-alloy-metrics + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy + app.kubernetes.io/component: rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ko-alloy-metrics +subjects: + - kind: ServiceAccount + name: ko-alloy-metrics + namespace: default +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/cluster_service.yaml +apiVersion: v1 +kind: Service +metadata: + name: ko-alloy-metrics-cluster + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy + app.kubernetes.io/component: networking +spec: + type: ClusterIP + clusterIP: 'None' + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + ports: + # Do not include the -metrics suffix in the port name, otherwise metrics + # can be double-collected with the non-headless Service if it's also + # enabled. + # + # This service should only be used for clustering, and not metric + # collection. + - name: http + port: 12345 + targetPort: 12345 + protocol: "TCP" +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: ko-alloy-metrics + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy + app.kubernetes.io/component: networking +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + internalTrafficPolicy: Cluster + ports: + - name: http-metrics + port: 12345 + targetPort: 12345 + protocol: "TCP" +--- +# Source: k8s-monitoring/charts/alloy-metrics/templates/controllers/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ko-alloy-metrics + labels: + helm.sh/chart: alloy-metrics-0.9.1 + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + + app.kubernetes.io/version: "v1.4.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: alloy +spec: + replicas: 1 + podManagementPolicy: Parallel + minReadySeconds: 10 + serviceName: ko-alloy-metrics + selector: + matchLabels: + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: alloy + k8s.grafana.com/logs.job: integrations/alloy + labels: + app.kubernetes.io/name: alloy-metrics + app.kubernetes.io/instance: ko + spec: + serviceAccountName: ko-alloy-metrics + containers: + - name: alloy + image: docker.io/grafana/alloy:v1.4.2 + imagePullPolicy: IfNotPresent + args: + - run + - /etc/alloy/config.alloy + - --storage.path=/tmp/alloy + - --server.http.listen-addr=0.0.0.0:12345 + - --server.http.ui-path-prefix=/ + - --cluster.enabled=true + - --cluster.join-addresses=ko-alloy-metrics-cluster + - --cluster.name="alloy-metrics" + - --stability.level=generally-available + env: + - name: ALLOY_DEPLOY_MODE + value: "helm" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 12345 + name: http-metrics + readinessProbe: + httpGet: + path: /-/ready + port: 12345 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - SETPCAP + - NET_BIND_SERVICE + - NET_RAW + - SYS_CHROOT + - MKNOD + - AUDIT_WRITE + - SETFCAP + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: config + mountPath: /etc/alloy + - name: config-reloader + image: ghcr.io/jimmidyson/configmap-reload:v0.12.0 + args: + - --volume-dir=/etc/alloy + - --webhook-url=http://localhost:12345/-/reload + volumeMounts: + - name: config + mountPath: /etc/alloy + resources: + requests: + cpu: 1m + memory: 5Mi + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + volumes: + - name: config + configMap: + name: ko-alloy-metrics diff --git a/charts/k8s-monitoring/templates/collectors/_collector_common.tpl b/charts/k8s-monitoring/templates/collectors/_collector_common.tpl index 2868c8199..9da44151f 100644 --- a/charts/k8s-monitoring/templates/collectors/_collector_common.tpl +++ b/charts/k8s-monitoring/templates/collectors/_collector_common.tpl @@ -3,10 +3,10 @@ {{- define "collectors.logging.alloy" }} {{- with (index .Values .collectorName).logging }} {{- if or (ne .level "info" ) (ne .format "logfmt") }} - logging { - level = "{{ .level }}" - format = "{{ .format }}" - } +logging { + level = "{{ .level }}" + format = "{{ .format }}" +} {{- end }} {{- end }} {{- end }} @@ -16,9 +16,9 @@ {{- define "collectors.liveDebugging.alloy" }} {{- with (index .Values .collectorName).liveDebugging }} {{- if .enabled }} - livedebugging { - enabled = {{ .enabled }} - } +livedebugging { + enabled = {{ .enabled }} +} {{- end }} {{- end }} {{- end }} diff --git a/charts/k8s-monitoring/templates/collectors/_collector_extraConfig.tpl b/charts/k8s-monitoring/templates/collectors/_collector_extraConfig.tpl index 3e7d02d6a..85aa8dc9e 100644 --- a/charts/k8s-monitoring/templates/collectors/_collector_extraConfig.tpl +++ b/charts/k8s-monitoring/templates/collectors/_collector_extraConfig.tpl @@ -1,5 +1,5 @@ {{- define "collectors.extraConfig.alloy" -}} {{- if (index .Values .collectorName).extraConfig }} - {{ (index .Values .collectorName).extraConfig | trim }} +{{ (index .Values .collectorName).extraConfig | trim }} {{- end }} {{- end -}} diff --git a/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl b/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl index cddbc483f..4c9045826 100644 --- a/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl +++ b/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl @@ -1,12 +1,13 @@ {{- define "collectors.remoteConfig.alloy" -}} -{{- with (index .Values .collectorName).remoteConfig }} +{{- $remoteConfigValues := (index .Values .collectorName).remoteConfig }} +{{- with merge $remoteConfigValues (dict "type" "remoteConfig" "name" (printf "%s-remote-cfg" .collectorName)) }} {{- if .enabled }} remotecfg { url = {{ .url | quote }} -{{- if eq .auth.type "basic" }} +{{- if eq (include "secrets.authType" .) "basic" }} basic_auth { - username = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.username" "nonsensitive" true) }} - password = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.password") }} + username = {{ include "secrets.read" (dict "object" . "key" "auth.username" "nonsensitive" true) }} + password = {{ include "secrets.read" (dict "object" . "key" "auth.password") }} } {{- end -}} {{- if .id }} @@ -21,14 +22,14 @@ remotecfg { "workloadType": {{ (index $.Values $.collectorName).controller.type | quote }}, {{- range $key, $value := .extraAttributes }} {{ $key | quote }} = {{ $value | quote }}, -{{- end -}} +{{- end }} } } {{- end -}} {{- end -}} {{- end -}} -{{- define "collectors.remoteConfig.secrets" -}} +{{- define "secrets.list.remoteConfig" -}} - auth.username - auth.password {{- end -}} diff --git a/charts/k8s-monitoring/templates/destination_secret.yaml b/charts/k8s-monitoring/templates/destination_secret.yaml index f52e20305..8cd808827 100644 --- a/charts/k8s-monitoring/templates/destination_secret.yaml +++ b/charts/k8s-monitoring/templates/destination_secret.yaml @@ -1,18 +1,18 @@ {{- range $destination := $.Values.destinations }} -{{- if eq (include "destinations.secret.create_k8s_secret" $destination ) "true" }} -{{ $secrets := include (printf "destinations.%s.secrets" $destination.type) . | fromYamlArray }} +{{- if eq (include "secrets.shouldCreateKubernetesSecret" $destination ) "true" }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "destinations.secret.k8s_secret_name" (dict "destination" $destination "Release" $.Release "Chart" $.Chart) | quote }} - namespace: {{ include "destinations.secret.k8s_secret_namespace" (dict "destination" $destination "Release" $.Release) | quote }} + name: {{ include "secrets.kubernetesSecretName" (deepCopy $ | merge (dict "object" $destination)) | quote }} + namespace: {{ include "secrets.kubernetesSecretNamespace" (deepCopy $ | merge (dict "object" $destination)) | quote }} type: Opaque data: +{{- $secrets := include (printf "secrets.list.%s" $destination.type) . | fromYamlArray }} {{- range $secret := $secrets }} - {{- $value := include "destinations.secret.value" (dict "destination" $destination "key" $secret) -}} + {{- $value := include "secrets.getSecretValue" (dict "object" $destination "key" $secret) -}} {{- if $value }} - {{ include "destinations.secret.key" (dict "destination" $destination "key" $secret) }}: {{ $value | b64enc | quote }} + {{ include "secrets.getSecretKey" (dict "object" $destination "key" $secret) }}: {{ $value | b64enc | quote }} {{- end }} {{- end }} {{- end -}} diff --git a/charts/k8s-monitoring/templates/destinations/_config.alloy.tpl b/charts/k8s-monitoring/templates/destinations/_config.alloy.tpl index 66a49c38a..acc702749 100644 --- a/charts/k8s-monitoring/templates/destinations/_config.alloy.tpl +++ b/charts/k8s-monitoring/templates/destinations/_config.alloy.tpl @@ -16,10 +16,10 @@ {{- range $destination := .Values.destinations }} {{- if (has $destination.name $.names ) }} // Destination: {{ $destination.name }} ({{ $destination.type }}) -{{- include (printf "destinations.%s.alloy" $destination.type) (dict "destination" $destination "clusterName" $.Values.cluster.name "Files" $.Files) | indent 0 }} +{{- include (printf "destinations.%s.alloy" $destination.type) (deepCopy $ | merge (dict "destination" $destination)) | indent 0 }} -{{- if eq (include "destinations.secret.uses_k8s_secret" $destination) "true" }} - {{- include "destinations.secret.alloy" (dict "destination" $destination "Release" $.Release "Chart" $.Chart) | nindent 0 }} +{{- if eq (include "secrets.usesKubernetesSecret" $destination) "true" }} + {{- include "secret.alloy" (deepCopy $ | merge (dict "object" $destination)) | nindent 0 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl b/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl index f3627e9b7..b35ae1533 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl @@ -12,8 +12,8 @@ loki.write {{ include "helper.alloy_name" .name | quote }} { {{- else }} url = {{ .url | quote }} {{- end }} -{{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tenantId")) "true" }} - tenant_id = {{ include "destinations.secret.read" (dict "destination" . "key" "tenantId" "nonsensitive" true) }} +{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + tenant_id = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }} {{- end }} {{- if or .extraHeaders .extraHeadersFrom }} headers = { @@ -25,18 +25,18 @@ loki.write {{ include "helper.alloy_name" .name | quote }} { {{- end }} } {{- end }} -{{- if eq (include "destinations.auth.type" .) "basic" }} +{{- if eq (include "secrets.authType" .) "basic" }} basic_auth { - username = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.username" "nonsensitive" true) }} - password = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.password") }} + username = {{ include "secrets.read" (dict "object" . "key" "auth.username" "nonsensitive" true) }} + password = {{ include "secrets.read" (dict "object" . "key" "auth.password") }} } -{{- else if eq (include "destinations.auth.type" .) "bearerToken" }} - bearer_token = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.bearerToken") }} +{{- else if eq (include "secrets.authType" .) "bearerToken" }} + bearer_token = {{ include "secrets.read" (dict "object" . "key" "auth.bearerToken") }} {{- end }} } external_labels = { - cluster = {{ $.clusterName | quote }}, - "k8s_cluster_name" = {{ $.clusterName | quote }}, + cluster = {{ $.Values.cluster.name | quote }}, + "k8s_cluster_name" = {{ $.Values.cluster.name | quote }}, {{- if .extraLabels }} {{- range $k, $v := .extraLabels }} {{ $k }} = {{ $v | quote }}, @@ -52,7 +52,7 @@ loki.write {{ include "helper.alloy_name" .name | quote }} { {{- end }} {{- end }} -{{- define "destinations.loki.secrets" -}} +{{- define "secrets.list.loki" -}} - tenantId - auth.username - auth.password diff --git a/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl b/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl index 26b8b83fc..517439415 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl @@ -15,14 +15,14 @@ otelcol.receiver.loki {{ include "helper.alloy_name" .name | quote }} { } } {{- end }} -{{- if eq (include "destinations.auth.type" .) "basic" }} +{{- if eq (include "secrets.authType" .) "basic" }} otelcol.auth.basic {{ include "helper.alloy_name" .name | quote }} { - username = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.username" "nonsensitive" true) }} - password = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.password") }} + username = {{ include "secrets.read" (dict "object" . "key" "auth.username" "nonsensitive" true) }} + password = {{ include "secrets.read" (dict "object" . "key" "auth.password") }} } -{{- else if eq (include "destinations.auth.type" .) "bearerToken" }} +{{- else if eq (include "secrets.authType" .) "bearerToken" }} otelcol.auth.bearer {{ include "helper.alloy_name" .name | quote }} { - token = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.bearerToken") }} + token = {{ include "secrets.read" (dict "object" . "key" "auth.bearerToken") }} } {{- end }} @@ -30,15 +30,15 @@ otelcol.processor.transform {{ include "helper.alloy_name" .name | quote }} { error_mode = "ignore" metric_statements { context = "resource" - statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.clusterName }}\") where attributes[\"k8s.cluster.name\"] == nil"] + statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.Values.cluster.name }}\") where attributes[\"k8s.cluster.name\"] == nil"] } log_statements { context = "resource" - statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.clusterName }}\") where attributes[\"k8s.cluster.name\"] == nil"] + statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.Values.cluster.name }}\") where attributes[\"k8s.cluster.name\"] == nil"] } trace_statements { context = "resource" - statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.clusterName }}\") where attributes[\"k8s.cluster.name\"] == nil"] + statements = ["set(attributes[\"k8s.cluster.name\"], \"{{ $.Values.cluster.name }}\") where attributes[\"k8s.cluster.name\"] == nil"] } output { @@ -71,8 +71,8 @@ otelcol.exporter.otlphttp {{ include "helper.alloy_name" .name | quote }} { auth = otelcol.auth.bearer.{{ include "helper.alloy_name" .name }}.handler {{- end }} headers = { -{{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tenantId")) "true" }} - "X-Scope-OrgID" = {{ include "destinations.secret.read" (dict "destination" . "key" "tenantId" "nonsensitive" true) }}, +{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }}, {{- end }} {{- range $key, $value := .extraHeaders }} {{ $key | quote }} = {{ $value | quote }}, @@ -92,14 +92,14 @@ otelcol.exporter.otlphttp {{ include "helper.alloy_name" .name | quote }} { tls { insecure = {{ .tls.insecure | default false }} insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.ca")) "true" }} - ca_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.ca" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.cert")) "true" }} - cert_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.cert" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.key")) "true" }} - key_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.key") }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }} {{- end }} } {{- end }} @@ -108,7 +108,7 @@ otelcol.exporter.otlphttp {{ include "helper.alloy_name" .name | quote }} { {{- end }} {{- end }} -{{- define "destinations.otlp.secrets" -}} +{{- define "secrets.list.otlp" -}} - tenantId - auth.username - auth.password diff --git a/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl b/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl index 48b63f550..0e11bb862 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl @@ -13,9 +13,9 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { url = {{ .url | quote }} {{- end }} headers = { -{{- if ne (include "destinations.auth.type" .) "sigv4" }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tenantId")) "true" }} - "X-Scope-OrgID" = {{ include "destinations.secret.read" (dict "destination" . "key" "tenantId" "nonsensitive" true) }}, +{{- if ne (include "secrets.authType" .) "sigv4" }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }}, {{- end }} {{- end }} {{- range $key, $value := .extraHeaders }} @@ -28,16 +28,16 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { {{- if .proxyURL }} proxy_url = {{ .proxyURL | quote }} {{- end }} -{{- if eq (include "destinations.auth.type" .) "basic" }} +{{- if eq (include "secrets.authType" .) "basic" }} basic_auth { - username = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.username" "nonsensitive" true) }} - password = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.password") }} + username = {{ include "secrets.read" (dict "object" . "key" "auth.username" "nonsensitive" true) }} + password = {{ include "secrets.read" (dict "object" . "key" "auth.password") }} } -{{- else if eq (include "destinations.auth.type" .) "bearerToken" }} - bearer_token = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.bearerToken") }} -{{- else if eq (include "destinations.auth.type" .) "sigv4" }} +{{- else if eq (include "secrets.authType" .) "bearerToken" }} + bearer_token = {{ include "secrets.read" (dict "object" . "key" "auth.bearerToken") }} +{{- else if eq (include "secrets.authType" .) "sigv4" }} sigv4 { - access_key = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.sigv4.accessKey" "nonsensitive" true) }} + access_key = {{ include "secrets.read" (dict "object" . "key" "auth.sigv4.accessKey" "nonsensitive" true) }} {{- if .auth.sigv4.profile }} profile = {{ .auth.sigv4.profile | quote }} {{- end }} @@ -47,21 +47,21 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { {{- if .auth.sigv4.roleArn }} role_arn = {{ .auth.sigv4.roleArn | quote }} {{- end }} - secret_key = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.sigv4.secretKey") }} + secret_key = {{ include "secrets.read" (dict "object" . "key" "auth.sigv4.secretKey") }} } {{- end }} {{- if .tls }} tls_config { insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.ca")) "true" }} - ca_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.ca" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.cert")) "true" }} - cert_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.cert" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.key")) "true" }} - key_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.key") }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }} {{- end }} } {{- end }} @@ -82,13 +82,13 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { write_relabel_config { source_labels = ["cluster"] regex = "" - replacement = {{ $.clusterName | quote }} + replacement = {{ $.Values.cluster.name | quote }} target_label = "cluster" } write_relabel_config { source_labels = ["k8s.cluster.name"] regex = "" - replacement = {{ $.clusterName | quote }} + replacement = {{ $.Values.cluster.name | quote }} target_label = "cluster" } {{- if .metricProcessingRules }} @@ -109,7 +109,7 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { {{- end }} {{- end }} -{{- define "destinations.prometheus.secrets" -}} +{{- define "secrets.list.prometheus" -}} - tenantId - auth.username - auth.password diff --git a/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl b/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl index a34fa9276..7d71be6b9 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl @@ -9,8 +9,8 @@ pyroscope.write {{ include "helper.alloy_name" .name | quote }} { url = {{ .url | quote }} {{- end }} headers = { -{{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tenantId")) "true" }} - "X-Scope-OrgID" = {{ include "destinations.secret.read" (dict "destination" . "key" "tenantId" "nonsensitive" true) }}, +{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }}, {{- end }} {{- range $key, $value := .extraHeaders }} {{ $key | quote }} = {{ $value | quote }}, @@ -20,39 +20,39 @@ pyroscope.write {{ include "helper.alloy_name" .name | quote }} { {{- end }} } -{{- if eq (include "destinations.auth.type" .) "basic" }} +{{- if eq (include "secrets.authType" .) "basic" }} basic_auth { - username = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.username" "nonsensitive" true) }} - password = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.password") }} + username = {{ include "secrets.read" (dict "object" . "key" "auth.username" "nonsensitive" true) }} + password = {{ include "secrets.read" (dict "object" . "key" "auth.password") }} } -{{- else if eq (include "destinations.auth.type" .) "bearerToken" }} - bearer_token = {{ include "destinations.secret.read" (dict "destination" . "key" "auth.bearerToken") }} +{{- else if eq (include "secrets.authType" .) "bearerToken" }} + bearer_token = {{ include "secrets.read" (dict "object" . "key" "auth.bearerToken") }} {{- end }} {{- if .tls }} tls_config { insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.ca")) "true" }} - ca_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.ca" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.cert")) "true" }} - cert_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.cert" "nonsensitive" true) }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }} {{- end }} - {{- if eq (include "destinations.secret.uses_secret" (dict "destination" . "key" "tls.key")) "true" }} - key_pem = {{ include "destinations.secret.read" (dict "destination" . "key" "tls.key") }} + {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }} {{- end }} } {{- end }} } external_labels = { - cluster = {{ $.clusterName | quote }}, + cluster = {{ $.Values.cluster.name | quote }}, } } {{- end }} {{- end }} -{{- define "destinations.pyroscope.secrets" -}} +{{- define "secrets.list.pyroscope" -}} - tenantId - auth.username - auth.password diff --git a/charts/k8s-monitoring/templates/destinations/_destination_secret.tpl b/charts/k8s-monitoring/templates/destinations/_destination_secret.tpl deleted file mode 100644 index 286857619..000000000 --- a/charts/k8s-monitoring/templates/destinations/_destination_secret.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{/* This builds the remote.kubernetes.secret component for this destination */}} -{{/* Inputs: destination (destination definition) Release (Release object) Chart (Chart object) */}} -{{ define "destinations.secret.alloy" }} -remote.kubernetes.secret {{ include "helper.alloy_name" .destination.name | quote }} { - name = {{ include "destinations.secret.k8s_secret_name" (dict "destination" .destination "Release" .Release "Chart" .Chart) | quote }} - namespace = {{ include "destinations.secret.k8s_secret_namespace" (dict "destination" .destination "Release" .Release) | quote }} -} -{{ end }} diff --git a/charts/k8s-monitoring/templates/destinations/_helpers.tpl b/charts/k8s-monitoring/templates/destinations/_helpers.tpl deleted file mode 100644 index 790b466c5..000000000 --- a/charts/k8s-monitoring/templates/destinations/_helpers.tpl +++ /dev/null @@ -1,144 +0,0 @@ -{{/*Helper function to return the auth type, defaulting to none*/}} -{{/*Inputs: . (destination definition)*/}} -{{- define "destinations.auth.type" }} -{{- if hasKey . "auth" }}{{ .auth.type | default "none" }}{{ else }}none{{ end }} -{{- end }} - -{{/*Helper function to determine the secret type*/}} -{{/*Inputs: . (destination definition)*/}} -{{- define "destinations.secret.type" }} -{{- if hasKey . "secret" }} - {{- if .secret.embed -}}embedded - {{- else if eq .secret.create false -}}external - {{- end }} -{{- else -}} -create -{{- end }} -{{- end }} - -{{/*Determine if a ___From field has been defined for a secret value*/}} -{{/*Inputs: destination (destination definition), key (path to secret value)*/}} -{{- define "destinations.secret.from" -}} -{{- $value := .destination -}} -{{- range $pathPart := (regexSplit "\\." (printf "%sFrom" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordFrom"] */}} -{{- if hasKey $value $pathPart -}} - {{- $value = (index $value $pathPart) -}} -{{- else -}} - {{- $value = "" -}} - {{- break -}} -{{- end -}} -{{- end -}} -{{- $value -}} -{{- end -}} - -{{/*Determine the key to access a secret value within a secret component*/}} -{{/*Inputs: destination (destination definition), key (path to secret value)*/}} -{{- define "destinations.secret.key" -}} -{{- $defaultKey := (( regexSplit "\\." .key -1) | last) -}} {{/* "path.to.auth.password" --> "password" */}} -{{- $value := .destination -}} -{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}} -{{- if hasKey $value $pathPart -}} - {{- $value = (index $value $pathPart) -}} -{{- else -}} - {{- $value = $defaultKey -}} - {{- break -}} -{{- end -}} -{{- end -}} -{{- $value -}} -{{- end -}} - -{{/*Determine the path to the secret value*/}} -{{/*Inputs: destination (destination definition), key (path to secret value)*/}} -{{- define "destinations.secret.value" }} -{{- $value := .destination -}} -{{- range $pathPart := (regexSplit "\\." .key -1) -}} -{{- if hasKey $value $pathPart -}} - {{- $value = (index $value $pathPart) -}} -{{- else -}} - {{- $value = "" -}} - {{- break -}} -{{- end -}} -{{- end -}} -{{- $value -}} -{{- end }} - -{{/*Build the alloy command to read a secret value*/}} -{{/*Inputs: destination (destination definition), key (path to secret value), nonsensitive*/}} -{{- define "destinations.secret.read" }} -{{- $credRef := include "destinations.secret.from" . -}} -{{- if $credRef -}} -{{ $credRef }} -{{- else if eq (include "destinations.secret.type" .destination) "embedded" -}} -{{ include "destinations.secret.value" (dict "destination" .destination "key" .key) | quote }} -{{- else if eq (include "destinations.secret.uses_k8s_secret" .destination) "true" -}} -{{- $credKey := include "destinations.secret.key" (dict "destination" .destination "key" .key) -}} -{{- if .nonsensitive -}} -nonsensitive(remote.kubernetes.secret.{{ include "helper.alloy_name" .destination.name }}.data[{{ $credKey | quote }}]) -{{- else -}} -remote.kubernetes.secret.{{ include "helper.alloy_name" .destination.name }}.data[{{ $credKey | quote }}] -{{- end -}} -{{- end -}} -{{- end -}} - -{{/*Determines if the destination will reference a secret value*/}} -{{/*Inputs: destination (destination definition), key (path to secret value), nonsensitive*/}} -{{- define "destinations.secret.uses_secret" -}} -{{- if eq (include "destinations.secret.read" .) "" }}false{{- else -}}true{{- end -}} -{{- end -}} - -{{/*Determines if the destination will reference a Kubernetes secret*/}} -{{/*Inputs: . (destination definition)*/}} -{{- define "destinations.secret.uses_k8s_secret" -}} -{{- $secretType := (include "destinations.secret.type" .) }} -{{- if eq $secretType "embedded" -}}false -{{- else -}} - {{- $usesK8sSecret := false }} - {{- range $secret := include (printf "destinations.%s.secrets" .type) . | fromYamlArray }} - {{- $ref := include "destinations.secret.from" (dict "destination" $ "key" $secret) -}} - {{- $key := include "destinations.secret.key" (dict "destination" $ "key" $secret) -}} - {{- $value := include "destinations.secret.value" (dict "destination" $ "key" $secret) -}} - {{- if or (and (eq $secretType "external") $key) (and $value (not $ref)) }} - {{- $usesK8sSecret = true }} - {{- end }} - {{- end }} -{{- $usesK8sSecret }} -{{- end -}} -{{- end -}} - -{{/*Determines if the destination will create a Kubernetes secret*/}} -{{/*Inputs: . (destination definition)*/}} -{{- define "destinations.secret.create_k8s_secret" -}} -{{- if eq (include "destinations.secret.uses_k8s_secret" .) "false" }}false -{{- else if and (hasKey . "secret") (hasKey .secret "create") -}} -{{ .secret.create }} -{{- else -}} -true -{{- end -}} -{{- end -}} - -{{/* This returns the Kubernetes Secret name for this destination */}} -{{/* Inputs: destination (destination definition) Release (Release object) Chart (Chart object) */}} -{{- define "destinations.secret.k8s_secret_name" -}} - -{{- if and (hasKey .destination "secret") (hasKey .destination.secret "name") (not (empty .destination.secret.name)) -}} -{{ .destination.secret.name }} -{{- else -}} - -{{- if contains .Chart.Name .Release.Name }} -{{- printf "%s-%s" .destination.name .Release.Name | trunc 63 | trimSuffix "-" | lower -}} -{{- else }} -{{- printf "%s-%s-%s" .destination.name .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" | lower -}} -{{- end }} - -{{- end }} -{{- end }} - -{{/* This returns the Kubernetes Secret namespace for this destination */}} -{{/* Inputs: destination (destination definition) Release (Release object) */}} -{{- define "destinations.secret.k8s_secret_namespace" -}} -{{- if and (hasKey .destination "secret") (hasKey .destination.secret "namespace") (not (empty .destination.secret.namespace)) -}} -{{- .destination.secret.namespace -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end }} -{{- end }} diff --git a/charts/k8s-monitoring/templates/secrets/_helpers.tpl b/charts/k8s-monitoring/templates/secrets/_helpers.tpl new file mode 100644 index 000000000..9c9196746 --- /dev/null +++ b/charts/k8s-monitoring/templates/secrets/_helpers.tpl @@ -0,0 +1,143 @@ +{{/* Helper function to return the auth type, defaulting to none */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.authType" }} +{{- if hasKey . "auth" }}{{ .auth.type | default "none" }}{{ else }}none{{ end }} +{{- end }} + +{{/* Helper function to determine the secret type */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.secretType" }} +{{- if hasKey . "secret" }} + {{- if .secret.embed -}}embedded + {{- else if eq .secret.create false -}}external + {{- end }} +{{- else -}} +create +{{- end }} +{{- end }} + +{{/* Determine if a ___From field has been defined for a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretFromRef" -}} +{{- $value := .object -}} +{{- range $pathPart := (regexSplit "\\." (printf "%sFrom" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordFrom"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = "" -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end -}} + +{{/*Determine the key to access a secret value within a secret component*/}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretKey" -}} +{{- $value := .object -}} +{{- $defaultKey := (( regexSplit "\\." .key -1) | last) -}} {{/* "path.to.auth.password" --> "password" */}} +{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = $defaultKey -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end -}} + +{{/*Determine the path to the secret value*/}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretValue" }} +{{- $value := .object -}} +{{- range $pathPart := (regexSplit "\\." .key -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "password"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = "" -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end }} + +{{/* Build the alloy command to read a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}} +{{- define "secrets.read" }} +{{- $credRef := include "secrets.getSecretFromRef" . -}} +{{- if $credRef -}} +{{ $credRef }} +{{- else if eq (include "secrets.secretType" .object) "embedded" -}} +{{ include "secrets.getSecretValue" (dict "object" .object "key" .key) | quote }} +{{- else if eq (include "secrets.usesKubernetesSecret" .object) "true" -}} +{{- $credKey := include "secrets.getSecretKey" (dict "object" .object "key" .key) -}} +{{- if .nonsensitive -}} +nonsensitive(remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}]) +{{- else -}} +remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}] +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Determines if the object will reference a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}} +{{- define "secrets.usesSecret" -}} +{{- if eq (include "secrets.read" .) "" }}false{{- else -}}true{{- end -}} +{{- end -}} + +{{/* Determines if the object will reference a Kubernetes secret */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.usesKubernetesSecret" -}} +{{- $secretType := (include "secrets.secretType" .) }} +{{- if eq $secretType "embedded" -}}false +{{- else -}} + {{- $usesK8sSecret := false }} + {{- range $secret := include (printf "secrets.list.%s" .type) . | fromYamlArray }} + {{- $ref := include "secrets.getSecretFromRef" (dict "object" $ "key" $secret) -}} + {{- $key := include "secrets.getSecretKey" (dict "object" $ "key" $secret) -}} + {{- $value := include "secrets.getSecretValue" (dict "object" $ "key" $secret) -}} + {{- if or (and (eq $secretType "external") $key) (and $value (not $ref)) }} + {{- $usesK8sSecret = true }} + {{- end }} + {{- end }} +{{- $usesK8sSecret -}} +{{- end -}} +{{- end -}} + +{{/* Determines if the object will need to create a Kubernetes secret */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.shouldCreateKubernetesSecret" -}} +{{- if eq (include "secrets.usesKubernetesSecret" .) "false" }}false +{{- else if and (hasKey . "secret") (hasKey .secret "create") -}} +{{ .secret.create }} +{{- else -}} +true +{{- end -}} +{{- end -}} + +{{/* This returns the Kubernetes Secret name for this destination */}} +{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.kubernetesSecretName" -}} +{{- if and (hasKey .object "secret") (hasKey .object.secret "name") (not (empty .object.secret.name)) -}} +{{ .object.secret.name }} +{{- else -}} + +{{- if contains .Chart.Name .Release.Name }} +{{- printf "%s-%s" .object.name .Release.Name | trunc 63 | trimSuffix "-" | lower -}} +{{- else }} +{{- printf "%s-%s-%s" .object.name .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" | lower -}} +{{- end }} + +{{- end }} +{{- end }} + +{{/* This returns the Kubernetes Secret namespace for this destination */}} +{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.kubernetesSecretNamespace" -}} +{{- if and (hasKey .object "secret") (hasKey .object.secret "namespace") (not (empty .object.secret.namespace)) -}} +{{- .object.secret.namespace -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end }} +{{- end }} diff --git a/charts/k8s-monitoring/templates/secrets/_secret.alloy.tpl b/charts/k8s-monitoring/templates/secrets/_secret.alloy.tpl new file mode 100644 index 000000000..6a002fe44 --- /dev/null +++ b/charts/k8s-monitoring/templates/secrets/_secret.alloy.tpl @@ -0,0 +1,8 @@ +{{/* This builds the remote.kubernetes.secret component for this destination */}} +{{/* Inputs: $ (top level object) object (user of the secret, needs name, secret, auth) */}} +{{ define "secret.alloy" }} +remote.kubernetes.secret {{ include "helper.alloy_name" .object.name | quote }} { + name = {{ include "secrets.kubernetesSecretName" . | quote }} + namespace = {{ include "secrets.kubernetesSecretNamespace" . | quote }} +} +{{ end }} diff --git a/charts/k8s-monitoring/values.schema.json b/charts/k8s-monitoring/values.schema.json index fc6036624..1a15cc177 100644 --- a/charts/k8s-monitoring/values.schema.json +++ b/charts/k8s-monitoring/values.schema.json @@ -296,9 +296,6 @@ } } }, - "type": { - "type": "string" - }, "url": { "type": "string" }