WIP

Signed-off-by: Pete Wall <[email protected]>

Author: petewall

charts/k8s-monitoring/charts/feature-pod-logs/values.yaml

@@ -89,16 +89,32 @@ kubernetesApiGathering:
 
 lokiReceiver:
   # -- Enable receiving logs using the Loki protocol.
+  # @section -- Loki Receiver
   enabled: false
 
   # -- The port to listen on for logs.
+  # @section -- Loki Receiver
   port: 3100
 
-  openShiftClusterLogForwarder:
-    enabled: false
 
+openShiftClusterLogForwarder:
+  # -- Enable receiving logs with the OpenShift ClusterLogForwarder.
+  # @section -- OpenShift ClusterLogForwarder
+  enabled: false
+
+  application:
+    # -- Enable receiving application logs.
+    # @section -- OpenShift ClusterLogForwarder: Application Logs
+    enabled: true
+    # -- The namespaces to receive application logs from.
+    # @section -- OpenShift ClusterLogForwarder: Application Logs
     namespaces: []
 
+  infrastructure:
+    # -- Enable receiving infrastructure logs.
+    # @section -- OpenShift ClusterLogForwarder: Infrastructure Logs
+    enabled: false
+
 # -- Log labels to set with values copied from the Kubernetes Pod labels.
 # Format: `<log_label>: <kubernetes_label>`.
 # @section -- Log Processing

charts/k8s-monitoring/templates/platform_specific/openshift/clusterlogforwarder.yaml

@@ -1,31 +1,72 @@
-{{- if and (eq .Values.global.platform "openshift") .Values.podLogs.lokiReceiver.enabled .Values.podLogs.lokiReceiver.openShiftClusterLogForwarder.enabled }}
-{{/* https://docs.openshift.com/container-platform/4.17/observability/logging/logging-6.1/log6x-clf-6.1.html */}}
+{{- if and (eq .Values.global.platform "openshift") .Values.podLogs.lokiReceiver.enabled .Values.podLogs.openShiftClusterLogForwarder.enabled }}
+{{- /* https://docs.openshift.com/container-platform/4.17/observability/logging/logging-6.1/log6x-clf-6.1.html */}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "helper.fullname" . }}-clf
+  namespace: openshift-logging
+{{- if .Values.podLogs.openShiftClusterLogForwarder.application.enabled }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "helper.fullname" . }}-clf-application-logs
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: collect-application-logs
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "helper.fullname" . }}-clf
+    namespace: openshift-logging
+{{- end }}
+{{- if .Values.podLogs.openShiftClusterLogForwarder.infrastructure.enabled }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "helper.fullname" . }}-clf-infrastructure-logs
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: collect-infrastructure-logs
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "helper.fullname" . }}-clf
+    namespace: openshift-logging
+{{- end }}
 ---
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
   name: {{ include "helper.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: openshift-logging
 spec:
-{{- if .Values.podLogs.lokiReceiver.openShiftClusterLogForwarder.namespaces }}
+  serviceAccountName: {{ include "helper.fullname" . }}-clf
   inputs:
-    - name: application-from-namespaces
+{{- if .Values.podLogs.openShiftClusterLogForwarder.application.enabled }}
+    - name: application-logs
       application:
-        namespaces: {{ .Values.podLogs.lokiReceiver.openShiftClusterLogForwarder.namespaces | toYaml | nindent 10 }}
+        {{- if .Values.podLogs.openShiftClusterLogForwarder.application.namespaces }}
+        namespaces: {{ .Values.podLogs.openShiftClusterLogForwarder.application.namespaces | toYaml | nindent 10 }}
+        {{- end }}
 {{- end }}
   outputs:
     - name: {{ include "helper.fullname" . }}
       type: loki
-      url: {{ include "features.podLogs.receiver.loki" . }}
+      url: {{ include "features.podLogs.receiver.loki" . | trim }}
+      labelKeys
+        - log_type
   pipelines:
-    - name: application-logs
+    - name: {{ include "helper.fullname" . }}
       inputRefs:
-{{- if .Values.podLogs.lokiReceiver.openShiftClusterLogForwarder.namespaces }}
-        - application-from-namespaces
-{{- else }}
-        - application
+{{- if .Values.podLogs.openShiftClusterLogForwarder.applicationLogs.enabled }}
+        - application-logs
 {{- end }}
+{{- if .Values.podLogs.openShiftClusterLogForwarder.infrastructureLogs.enabled }}
         - infrastructure
+{{- end }}
       outputRefs:
         - {{ include "helper.fullname" . }}
 {{- end }}

charts/k8s-monitoring/tests/platform/openshift/Makefile

@@ -1,7 +1,11 @@
-.PHONY: all clean run-test
-all: deployments/test-variables.yaml deployments/grafana-cloud-credentials.yaml flux-manifest.yaml
+.PHONY: all clean run-test console
+all: deployments/okderators.yaml deployments/test-variables.yaml deployments/grafana-cloud-credentials.yaml flux-manifest.yaml
 clean:
-	rm -f deployments/test-variables.yaml deployments/grafana-cloud-credentials.yaml flux-manifest.yaml
+	rm -f deployments/okderators.yaml deployments/test-variables.yaml deployments/grafana-cloud-credentials.yaml flux-manifest.yaml
+
+deployments/okderators.yaml:
+	echo "---" > $@
+	curl https://raw.githubusercontent.com/okd-project/okderators-catalog-index/refs/heads/main/install/okderators.catalogsource.yml >> $@
 
 deployments/test-variables.yaml:
 	echo "---" > $@
@@ -31,3 +35,10 @@ flux-manifest.yaml:
 
 run-test:
 	../../../../../scripts/run-cluster-test.sh .
+
+CLUSTER_NAME_PREFIX := $(shell yq eval '.cluster.name' values.yaml)
+CLUSTER_NAME := $(CLUSTER_NAME_PREFIX)-$(shell echo $$RANDOM_NUMBER)
+console:
+	@echo "URL:      $(shell grep --color=never 'Access the OpenShift web-console here' "$(CLUSTER_NAME)-installer-files/.openshift_install.log" | sed -e 's/.*Access the OpenShift web-console here: \(https:.*\)"/\1/')"
+	@echo "Username: $(shell grep --color=never 'Login to the console with user:' "$(CLUSTER_NAME)-installer-files/.openshift_install.log" | sed -e 's/.*Login to the console with user: \\"\([-a-zA-Z0-9]*\)\\", and password: \\"\([-a-zA-Z0-9]*\)\\""/\1/')"
+	@echo "Password: $(shell grep --color=never 'Login to the console with user:' "$(CLUSTER_NAME)-installer-files/.openshift_install.log" | sed -e 's/.*Login to the console with user: \\"\([-a-zA-Z0-9]*\)\\", and password: \\"\([-a-zA-Z0-9]*\)\\""/\2/')"

charts/k8s-monitoring/tests/platform/openshift/deployments/okderators.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: okderators
+  namespace: openshift-marketplace
+spec:
+  displayName: OKDerators
+  image: 'quay.io/okderators/catalog-index:latest'
+  publisher: OKD Community
+  updateStrategy:
+    registryPoll:
+      interval: 10m
+  priority: -100 # Prefer default/manual CatalogSources
+  sourceType: grpc
+  grpcPodConfig:
+    nodeSelector:
+      kubernetes.io/os: linux
+      node-role.kubernetes.io/master: ''
+    priorityClassName: system-cluster-critical
+    securityContextConfig: restricted
+    tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoExecute
+        key: node.kubernetes.io/unreachable
+        operator: Exists
+        tolerationSeconds: 120
+      - effect: NoExecute
+        key: node.kubernetes.io/not-ready
+        operator: Exists
+        tolerationSeconds: 120

charts/k8s-monitoring/tests/platform/openshift/values.yaml

@@ -49,23 +49,35 @@ clusterEvents:
 
 podLogs:
   enabled: true
+  collector: alloy-receiver
+  volumeGathering:
+    enabled: false
+  lokiReceiver:
+    enabled: true
+    openShiftClusterLogForwarder:
+      enabled: true
 
 integrations:
   alloy:
     instances:
       - name: alloy
         labelSelectors:
-          app.kubernetes.io/name: [alloy-metrics, alloy-singleton, alloy-logs]
+          app.kubernetes.io/name: [alloy-metrics, alloy-singleton, alloy-receiver]
 
 alloy-metrics:
   enabled: true
 
 alloy-singleton:
   enabled: true
 
-alloy-logs:
+alloy-receiver:
   enabled: true
-  global:
-    podSecurityContext:
-      seLinuxOptions:
-        type: container_logreader_t
+  liveDebugging:
+    enabled: true
+  alloy:
+    stabilityLevel: experimental
+    extraPorts:
+      - name: loki
+        port: 3100
+        targetPort: 3100
+        protocol: TCP