Skip to content

Commit

Permalink
add admin api
Browse files Browse the repository at this point in the history 
Signed-off-by: Edward Welch <[email protected]>
  • Loading branch information
@slim-bean
slim-bean committed Mar 5, 2024
1 parent d88877e commit 7fa517d
Show file tree
Hide file tree
Showing 4 changed files with 295 additions and 0 deletions.
24 changes: 24 additions & 0 deletions production/helm/loki/templates/admin-api/_helpers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{{/*
adminApi fullname
*/}}
{{- define "enterprise-logs.adminApiFullname" -}}
{{ include "loki.fullname" . }}-admin-api
{{- end }}

{{/*
adminApi common labels
*/}}
{{- define "enterprise-logs.adminApiLabels" -}}
{{ include "loki.labels" . }}
app.kubernetes.io/component: admin-api
target: admin-api
{{- end }}

{{/*
adminApi selector labels
*/}}
{{- define "enterprise-logs.adminApiSelectorLabels" -}}
{{ include "loki.selectorLabels" . }}
app.kubernetes.io/component: admin-api
target: admin-api
{{- end }}
173 changes: 173 additions & 0 deletions production/helm/loki/templates/admin-api/deployment-admin-api.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
{{- if .Values.enterprise.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "enterprise-logs.adminApiFullname" . }}
labels:
{{- include "enterprise-logs.adminApiLabels" . | nindent 4 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.adminApi.replicas }}
selector:
matchLabels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.adminApi.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 8 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- if .Values.useExternalConfig }}
checksum/config: {{ .Values.externalConfigVersion }}
{{- else }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- end}}
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "loki.serviceAccountName" . }}
{{- if .Values.adminApi.priorityClassName }}
priorityClassName: {{ .Values.adminApi.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.adminApi.podSecurityContext | nindent 8 }}
initContainers:
# Taken from
# https://github.com/minio/charts/blob/a5c84bcbad884728bff5c9c23541f936d57a13b3/minio/templates/post-install-create-bucket-job.yaml
{{- if .Values.minio.enabled }}
- name: minio-mc
image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}"
imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: {{ .Release.Name }}-minio
- name: MINIO_PORT
value: {{ .Values.minio.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.minio.configPathmc }}certs
{{ end }}
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.adminApi.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: admin-api
image: "{{ template "loki.image" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- -target=admin-api
- -config.file=/etc/loki/config/config.yaml
{{- if .Values.minio.enabled }}
- -admin.client.backend-type=s3
- -admin.client.s3.endpoint={{ template "loki.minio" . }}
- -admin.client.s3.bucket-name=enterprise-logs-admin
- -admin.client.s3.access-key-id={{ .Values.minio.accessKey }}
- -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }}
- -admin.client.s3.insecure=true
{{- end }}
{{- range $key, $value := .Values.adminApi.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: license
mountPath: /etc/enterprise-logs/license
- name: storage
mountPath: /data
{{- if .Values.adminApi.extraVolumeMounts }}
{{ toYaml .Values.adminApi.extraVolumeMounts | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
readinessProbe:
{{- toYaml .Values.adminApi.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.adminApi.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.adminApi.containerSecurityContext | nindent 12 }}
env:
{{- if .Values.adminApi.env }}
{{ toYaml .Values.adminApi.env | nindent 12 }}
{{- end }}
{{- with .Values.adminApi.extraContainers }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.adminApi.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.adminApi.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.adminApi.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.adminApi.terminationGracePeriodSeconds }}
volumes:
- name: config
secret:
{{- if .Values.useExternalConfig }}
secretName: {{ .Values.externalConfigName }}
{{- else }}
secretName: enterprise-logs-config
{{- end }}
- name: license
secret:
{{- if .Values.useExternalLicense }}
secretName: {{ .Values.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
- name: storage
emptyDir: {}
{{- if .Values.adminApi.extraVolumes }}
{{ toYaml .Values.adminApi.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.minio.enabled }}
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ .Release.Name }}-minio
- secret:
name: {{ .Release.Name }}-minio
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.minio.tls.certSecret }}
items:
- key: {{ .Values.minio.tls.publicCrt }}
path: CAs/public.crt
{{- end }}
{{- end }}
{{- end }}
28 changes: 28 additions & 0 deletions production/helm/loki/templates/admin-api/service-admin-api.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{{- if .Values.enterprise.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "enterprise-logs.adminApiFullname" . }}
labels:
{{- include "enterprise-logs.adminApiLabels" . | nindent 4 }}
{{- with .Values.adminApi.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.adminApi.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
protocol: TCP
targetPort: http-metrics
- name: grpc
port: 9095
protocol: TCP
targetPort: grpc
selector:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 4 }}
{{- end }}
70 changes: 70 additions & 0 deletions production/helm/loki/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -720,6 +720,76 @@ memberlist:
service:
publishNotReadyAddresses: false

######################################################################################################################
#
# adminAPI configuration, enterprise only.
#
######################################################################################################################

# -- Configuration for the `admin-api` target
adminApi:
# -- Define the amount of instances
replicas: 1
# -- hostAliases to add
hostAliases: []
# - ip: 1.2.3.4
# hostnames:
# - domain.tld
# -- Additional CLI arguments for the `admin-api` target
extraArgs: {}
# -- Additional labels for the `admin-api` Deployment
labels: {}
# -- Additional annotations for the `admin-api` Deployment
annotations: {}
# -- Additional labels and annotations for the `admin-api` Service
service:
labels: {}
annotations: {}
# -- Run container as user `enterprise-logs(uid=10001)`
# `fsGroup` must not be specified, because these security options are applied
# on container level not on Pod level.
podSecurityContext:
runAsNonRoot: true
runAsGroup: 10001
runAsUser: 10001
containerSecurityContext:
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
# -- Update strategy
strategy:
type: RollingUpdate
# -- Readiness probe
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 45
# -- Request and limit Kubernetes resources
# -- Values are defined in small.yaml and large.yaml
resources: {}
# -- Configure optional environment variables
env: [ ]
# -- Configure optional initContainers
initContainers: []
# -- Conifgure optional extraContainers
extraContainers: []
# -- Additional volumes for Pods
extraVolumes: []
# -- Additional volume mounts for Pods
extraVolumeMounts: []
# -- Affinity for admin-api Pods
affinity: {}
# -- Node selector for admin-api Pods
nodeSelector: {}
# -- Tolerations for admin-api Pods
tolerations: []
# -- Grace period to allow the admin-api to shutdown before it is killed
terminationGracePeriodSeconds: 60


######################################################################################################################
#
# Gateway and Ingress
Expand Down

0 comments on commit 7fa517d

Please sign in to comment.