helm: Add GEM federation-frontend resources (#9673)

* Add federation-frontend resources Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Add CHANGELOG.md entry Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Remove noop sections Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Simplify fed-frontend config Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Add validation for FF Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Remove extra extra volume mounts Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Update values file docs Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Document extraEnvFrom Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> * Move comments to within the `if` for the minio job Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com> --------- Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov@grafana.com>
grafana · Nov 11, 2024 · 18ba216 · 18ba216
1 parent 8706a45
commit 18ba216
Show file tree

Hide file tree

Showing 58 changed files with 3,167 additions and 39 deletions.
diff --git a/operations/helm/charts/mimir-distributed/CHANGELOG.md b/operations/helm/charts/mimir-distributed/CHANGELOG.md
@@ -29,6 +29,7 @@ Entries should include a reference to the Pull Request that introduced the chang
 
 ## main / unreleased
 
+* [FEATURE] Add support for GEM's federation-frontend. See the `federation_frontend` section in the values file. #9673
 * [ENHANCEMENT] Add support for setting type and internal traffic policy for Kubernetes service. Set `internalTrafficPolicy=Cluster` by default in all services with type `ClusterIP`. #9619
 * [ENHANCEMENT] Add the possibility to create a dedicated serviceAccount for the `alertmanager` component by setting `alertmanager.serviceAcount.create` to true in the values. #9781
 * [BUGFIX] Fix PVC template in AlertManager to not show diff in ArgoCD. #9774

diff --git a/.../helm/charts/mimir-distributed/ci/offline/test-enterprise-federation-frontend-values.yaml b/.../helm/charts/mimir-distributed/ci/offline/test-enterprise-federation-frontend-values.yaml
@@ -0,0 +1,80 @@
+# Enable enterprise features (required for federation-frontend)
+enterprise:
+  enabled: true
+
+# Enable and configure federation-frontend
+federation_frontend:
+  enabled: true
+  replicas: 2
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1
+      memory: 256Mi
+
+mimir:
+  structuredConfig:
+    auth:
+      type: trust
+    instrumentation:
+      enabled: false
+    # The federation-frontend doesn't handle auth. Disabling multi-tenant means the FF doesn't need to check for the X-Scope-OrgID header
+    # and will use the auth material from the proxy_targets configuration.
+    # If using the federation-frontend.
+    multitenancy_enabled: false
+    federation:
+      proxy_targets:
+        - name: "mimir-distributed-1"
+          url: "http://mimir-query-frontend.real-deployment.svc.cluster.local:8080/prometheus"
+        - name: "mimir-distributed-2"
+          url: "http://mimir-query-frontend.real-deployment.svc.cluster.local:8080/prometheus"
+
+# Disable all other components
+distributor:
+  replicas: 0
+admin_api:
+  replicas: 0
+alertmanager:
+  enabled: false
+ingester:
+  replicas: 0
+gateway:
+  replicas: 0
+querier:
+  replicas: 0
+query_frontend:
+  replicas: 0
+query_scheduler:
+  enabled: false
+compactor:
+  replicas: 0
+store_gateway:
+  replicas: 0
+ruler:
+  enabled: false
+overrides_exporter:
+  enabled: false
+
+# Disable all caches
+admin-cache:
+  enabled: false
+chunks-cache:
+  enabled: false
+index-cache:
+  enabled: false
+metadata-cache:
+  enabled: false
+results-cache:
+  enabled: false
+
+# Keep using minio to allow setting up the admin bucket
+minio:
+  enabled: false
+
+rollout_operator:
+  enabled: true
+
+tokengenJob:
+  enable: false
diff --git a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl
@@ -444,6 +444,7 @@ Examples:
   "compactor" "compactor"
   "continuous-test" "continuous_test"
   "distributor" "distributor"
+  "federation-frontend" "federation_frontend"
   "gateway" "gateway"
   "gr-aggr-cache" "gr-aggr-cache"
   "gr-metricname-cache" "gr-metricname-cache"
@@ -452,8 +453,8 @@ Examples:
   "index-cache" "index-cache"
   "ingester" "ingester"
   "memcached" "memcached"
-  "metadata-cache" "metadata-cache"
   "meta-monitoring" "metaMonitoring.grafanaAgent"
+  "metadata-cache" "metadata-cache"
   "nginx" "nginx"
   "overrides-exporter" "overrides_exporter"
   "querier" "querier"

diff --git a/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-dep.yaml b/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-dep.yaml
@@ -0,0 +1,142 @@
+{{- if and .Values.enterprise.enabled .Values.federation_frontend.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mimir.resourceName" (dict "ctx" . "component" "federation-frontend") }}
+  labels:
+    {{- include "mimir.labels" (dict "ctx" . "component" "federation-frontend") | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.federation_frontend.annotations | nindent 4 }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  replicas: {{ .Values.federation_frontend.replicas }}
+  selector:
+    matchLabels:
+      {{- include "mimir.selectorLabels" (dict "ctx" . "component" "federation-frontend" "memberlist" true) | nindent 6 }}
+  strategy:
+    {{- toYaml .Values.federation_frontend.strategy | nindent 4 }}
+  template:
+    metadata:
+      labels:
+        {{- include "mimir.podLabels" (dict "ctx" . "component" "federation-frontend" "memberlist" true) | nindent 8 }}
+      annotations:
+        {{- include "mimir.podAnnotations" (dict "ctx" . "component" "federation-frontend") | nindent 8 }}
+    spec:
+      serviceAccountName: {{ template "mimir.serviceAccountName" . }}
+      {{- if .Values.federation_frontend.priorityClassName }}
+      priorityClassName: {{ .Values.federation_frontend.priorityClassName }}
+      {{- end }}
+      securityContext:
+        {{- include "mimir.lib.podSecurityContext" (dict "ctx" . "component" "federation-frontend") | nindent 8 }}
+      {{- with .Values.federation_frontend.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.image.pullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.image.pullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      containers:
+        - name: federation-frontend
+          image: {{ include "mimir.imageReference" . | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - "-target=federation-frontend"
+            - "-config.expand-env=true"
+            - "-config.file=/etc/mimir/mimir.yaml"
+            {{- range $key, $value := .Values.federation_frontend.extraArgs }}
+            - "-{{ $key }}={{ $value }}"
+            {{- end }}
+          volumeMounts:
+            {{- if .Values.federation_frontend.extraVolumeMounts }}
+              {{ toYaml .Values.federation_frontend.extraVolumeMounts | nindent 12}}
+            {{- end }}
+            {{- if .Values.global.extraVolumeMounts }}
+              {{ toYaml .Values.global.extraVolumeMounts | nindent 12}}
+            {{- end }}
+            - name: config
+              mountPath: /etc/mimir
+            - name: license
+              mountPath: /license
+            - name: runtime-config
+              mountPath: /var/{{ include "mimir.name" . }}
+            - name: active-queries
+              mountPath: /active-query-tracker
+          ports:
+            - name: http-metrics
+              containerPort: {{ include "mimir.serverHttpListenPort" . }}
+              protocol: TCP
+            - name: grpc
+              containerPort: {{ include "mimir.serverGrpcListenPort" . }}
+              protocol: TCP
+            - name: memberlist
+              containerPort: {{ include "mimir.memberlistBindPort" . }}
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .Values.federation_frontend.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.federation_frontend.readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .Values.federation_frontend.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.federation_frontend.containerSecurityContext | nindent 12 }}
+          {{- $jaeger_queue_size := dig "jaegerReporterMaxQueueSize" nil .Values.federation_frontend }}
+          {{- if or .Values.global.extraEnv .Values.federation_frontend.env $jaeger_queue_size }}
+          env:
+            {{- with .Values.global.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{- with .Values.federation_frontend.env }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{- if $jaeger_queue_size }}
+              - name: "JAEGER_REPORTER_MAX_QUEUE_SIZE"
+                value: {{$jaeger_queue_size | toString | toYaml }}
+             {{- end }}
+          {{- end }}
+          {{- if or .Values.global.extraEnvFrom .Values.federation_frontend.extraEnvFrom }}
+          envFrom:
+            {{- with .Values.global.extraEnvFrom }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{- with .Values.federation_frontend.extraEnvFrom }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- end }}
+{{- if .Values.federation_frontend.extraContainers }}
+{{ toYaml .Values.federation_frontend.extraContainers | nindent 8 }}
+{{- end }}
+      {{- with .Values.federation_frontend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.federation_frontend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- include "mimir.lib.topologySpreadConstraints" (dict "ctx" . "component" "federation-frontend") | nindent 6 }}
+      {{- with .Values.federation_frontend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.federation_frontend.terminationGracePeriodSeconds }}
+      volumes:
+        - name: config
+          {{- include "mimir.configVolume" . | nindent 10 }}
+        - name: license
+          secret:
+            secretName: {{ tpl .Values.license.secretName . }}
+        - name: runtime-config
+          configMap:
+            name: {{ template "mimir.fullname" . }}-runtime
+        {{- if .Values.federation_frontend.extraVolumes }}
+        {{- toYaml .Values.federation_frontend.extraVolumes | nindent 8 }}
+        {{- end }}
+        {{- if .Values.global.extraVolumes }}
+        {{ toYaml .Values.global.extraVolumes | nindent 8}}
+        {{- end }}
+        - name: active-queries
+          emptyDir: {}
+{{- end }}
diff --git a/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-pdb.yaml b/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-pdb.yaml
@@ -0,0 +1,3 @@
+{{- if and .Values.enterprise.enabled .Values.federation_frontend.enabled }}
+{{- include "mimir.lib.podDisruptionBudget" (dict "ctx" $ "component" "federation-frontend" "memberlist" true) }}
+{{- end }}
diff --git a/...m/charts/mimir-distributed/templates/federation-frontend/federation-frontend-servmon.yaml b/...m/charts/mimir-distributed/templates/federation-frontend/federation-frontend-servmon.yaml
@@ -0,0 +1,3 @@
+{{- if and .Values.enterprise.enabled .Values.federation_frontend.enabled }}
+{{- include "mimir.lib.serviceMonitor" (dict "ctx" $ "component" "federation-frontend" "memberlist" true) }}
+{{- end }}
diff --git a/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-svc.yaml b/.../helm/charts/mimir-distributed/templates/federation-frontend/federation-frontend-svc.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.enterprise.enabled .Values.federation_frontend.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mimir.resourceName" (dict "ctx" . "component" "federation-frontend") }}
+  labels:
+    {{- include "mimir.labels" (dict "ctx" . "component" "federation-frontend" "memberlist" true) | nindent 4 }}
+    {{- with .Values.federation_frontend.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- toYaml .Values.federation_frontend.service.annotations | nindent 4 }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ include "mimir.serverHttpListenPort" . }}
+      protocol: TCP
+      name: http-metrics
+      targetPort: http-metrics
+    - port: {{ include "mimir.serverGrpcListenPort" . }}
+      protocol: TCP
+      name: grpc
+      targetPort: grpc
+  selector:
+    {{- include "mimir.selectorLabels" (dict "ctx" . "component" "federation-frontend" "memberlist" true) | nindent 4 }}
+{{- end }}
diff --git a/operations/helm/charts/mimir-distributed/templates/minio/create-bucket-job.yaml b/operations/helm/charts/mimir-distributed/templates/minio/create-bucket-job.yaml
@@ -1,9 +1,9 @@
+{{- if .Values.minio.enabled }}
+{{- if .Values.minio.buckets }}
 # Minio provides post-install hook to create bucket
 # however the hook won't be executed if helm install is run
 # with --wait flag. Hence this job is a workaround for that.
 # See https://github.com/grafana/mimir/issues/2464
-{{- if .Values.minio.enabled }}
-{{- if .Values.minio.buckets }}
 apiVersion: batch/v1
 kind: Job
 metadata:

diff --git a/operations/helm/charts/mimir-distributed/templates/validate.yaml b/operations/helm/charts/mimir-distributed/templates/validate.yaml
@@ -264,3 +264,7 @@
 {{- if and .Values.ingress.enabled .Values.gateway.ingress.enabled -}}
 {{- fail "You have selected both ingress.enabled and gateway.ingress.enabled, you must select either ingress or gateway but not both" -}}
 {{- end -}}
+
+{{- if and (not .Values.enterprise.enabled) .Values.federation_frontend.enabled -}}
+{{- fail "You have federation_frontend.enabled=true, but enterprise.enabled=false. Federation Frontend is an enterprise-only feature and requires enterprise mode to be enabled." }}
+{{- end -}}