fix: vendor observability charts

2026-05-04 10:49:46 +00:00
parent f5473a9bec
commit a04b8ad865
325 changed files with 46640 additions and 40 deletions
@@ -0,0 +1,32 @@
+{{/*
+provisioner fullname
+*/}}
+{{- define "enterprise-logs.provisionerFullname" -}}
+{{ include "loki.name" . }}-provisioner
+{{- end }}
+
+{{/*
+provisioner common labels
+*/}}
+{{- define "enterprise-logs.provisionerLabels" -}}
+{{ include "loki.labels" . }}
+app.kubernetes.io/component: provisioner
+{{- end }}
+
+{{/*
+provisioner selector labels
+*/}}
+{{- define "enterprise-logs.provisionerSelectorLabels" -}}
+{{ include "loki.selectorLabels" . }}
+app.kubernetes.io/component: provisioner
+{{- end }}
+
+{{/*
+provisioner image name
+*/}}
+{{- define "enterprise-logs.provisionerImage" -}}
+{{- $dict := dict "service" .Values.enterprise.provisioner.image "global" .Values.global.image "defaultVersion" "latest" -}}
+{{- include "loki.baseImage" $dict -}}
+{{- end -}}
+
+
@@ -0,0 +1,120 @@
+{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "enterprise-logs.provisionerFullname" . }}
+  namespace: {{ include "loki.namespace" . }}
+  labels:
+    {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.provisioner.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.provisioner.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": {{ .Values.enterprise.provisioner.hookType | quote }}
+    "helm.sh/hook-weight": "15"
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        {{- include "enterprise-logs.provisionerSelectorLabels" . | nindent 8 }}
+        {{- with .Values.enterprise.provisioner.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.enterprise.provisioner.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- with .Values.enterprise.provisioner.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      {{- if and (semverCompare ">=1.33-0" (include "loki.kubeVersion" .)) (kindIs "bool" .Values.enterprise.provisioner.hostUsers) }}
+      hostUsers: {{ .Values.enterprise.provisioner.hostUsers }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.enterprise.provisioner.securityContext | nindent 8 }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: provisioner
+          image: {{ template "enterprise-logs.provisionerImage" . }}
+          imagePullPolicy: {{ .Values.enterprise.provisioner.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -exuc
+            - |
+              echo "================================================================================"
+              echo "Starting provisioner. Tokens will be displayed below."
+              echo "Copy these tokens and create secrets manually for each tenant."
+              echo "================================================================================"
+              {{- range .Values.enterprise.provisioner.additionalTenants }}
+              echo "\nProvisioning tenant: {{ .name }}..."
+              /usr/bin/provisioner \
+                -cluster-name={{ include "loki.clusterName" $ }} \
+                -api-url={{ tpl $.Values.enterprise.provisioner.apiUrl $ }} \
+                -tenant={{ .name }} \
+                -access-policy=write-{{ .name }}:{{ .name }}:logs:write \
+                -access-policy=read-{{ .name }}:{{ .name }}:logs:read \
+                -token=write-{{ .name }} \
+                -token=read-{{ .name }}
+              {{- end -}}
+
+              {{- with .Values.monitoring.selfMonitoring.tenant }}
+              echo "\nProvisioning self-monitoring tenant: {{ .name }}..."
+              /usr/bin/provisioner \
+                -cluster-name={{ include "loki.clusterName" $ }} \
+                -api-url={{ tpl $.Values.enterprise.provisioner.apiUrl $ }} \
+                -tenant={{ .name }} \
+                -access-policy=self-monitoring:{{ .name }}:logs:write,logs:read \
+                -token=self-monitoring
+              {{- end }}
+              echo "\n================================================================================"
+              echo "Provisioning complete. Please create secrets using the tokens above."
+              echo "================================================================================"
+          volumeMounts:
+            {{- with .Values.enterprise.provisioner.extraVolumeMounts }}
+              {{ toYaml . | nindent 12 }}
+            {{- end }}
+            - name: admin-token
+              mountPath: /bootstrap/token
+              subPath: token
+          {{- with .Values.enterprise.provisioner.env }}
+          env:
+            {{ toYaml . | nindent 12 }}
+          {{- end }}
+          securityContext: {{- toYaml .Values.enterprise.provisioner.containerSecurityContext | nindent 12 }}
+      {{- with .Values.enterprise.provisioner.affinity }}
+      affinity:
+        {{- tpl ( . | toYaml) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterprise.provisioner.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterprise.provisioner.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: OnFailure
+      serviceAccount: {{ include "enterprise-logs.provisionerFullname" . }}
+      serviceAccountName: {{ include "enterprise-logs.provisionerFullname" . }}
+      volumes:
+        - name: admin-token
+          secret:
+            secretName: "{{ include "enterprise-logs.adminTokenSecret" . }}"
+        {{- if .Values.enterprise.provisioner.extraVolumes }}
+        {{- toYaml .Values.enterprise.provisioner.extraVolumes | nindent 8 }}
+        {{- end }}
+        {{- if .Values.global.extraVolumes }}
+        {{- toYaml .Values.global.extraVolumes | nindent 8 }}
+        {{- end }}
+{{- end }}
@@ -0,0 +1,21 @@
+{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
+metadata:
+  name: {{ template "enterprise-logs.provisionerFullname" . }}
+  namespace: {{ include "loki.namespace" . }}
+  labels:
+    {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.provisioner.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.provisioner.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": {{ .Values.enterprise.provisioner.hookType | quote }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["create"]
+{{- end }}
@@ -0,0 +1,26 @@
+{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}RoleBinding
+metadata:
+  name: {{ template "enterprise-logs.provisionerFullname" . }}
+  namespace: {{ include "loki.namespace" . }}
+  labels:
+    {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.provisioner.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.provisioner.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": {{ .Values.enterprise.provisioner.hookType | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
+  name: {{ template "enterprise-logs.provisionerFullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "enterprise-logs.provisionerFullname" . }}
+    namespace: {{ include "loki.namespace" $ }}
+{{- end }}
@@ -0,0 +1,18 @@
+{{ if and .Values.enterprise.provisioner.enabled .Values.enterprise.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "enterprise-logs.provisionerFullname" . }}
+  namespace: {{ include "loki.namespace" . }}
+  labels:
+    {{- include "enterprise-logs.provisionerLabels" . | nindent 4 }}
+    {{- with .Values.enterprise.provisioner.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterprise.provisioner.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    "helm.sh/hook": {{ .Values.enterprise.provisioner.hookType | quote }}
+{{- end }}