[Helm] configStorageType value support (#8526)

**What this PR does / why we need it**: Adds `loki.configStorageType` & `loki.externalConfigSecretName` values and associated helpers and templates to support choosing either `ConfigMap` or `Secret` as config medium types. **Which issue(s) this PR fixes**: Fixes #8268 **Special notes for your reviewer**: **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [x] Documentation added - [ ] Tests updated - [x] `CHANGELOG.md` updated - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/upgrading/_index.md` --------- Signed-off-by: garcia.ryan <garcia.ryan@solute.us> Co-authored-by: Stefan Büringer <4662360+sbueringer@users.noreply.github.com> Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
grafana · May 26, 2023 · 028c12f · 028c12f
1 parent 41c19ec
commit 028c12f
Show file tree

Hide file tree

Showing 11 changed files with 80 additions and 23 deletions.
diff --git a/docs/sources/installation/helm/reference.md b/docs/sources/installation/helm/reference.md
@@ -1760,6 +1760,15 @@ true
 			<td><pre lang="">
 See values.yaml
 </pre>
+</td>
+		</tr>
+		<tr>
+			<td>loki.configStorageType</td>
+			<td>string</td>
+			<td>Defines what kind of object stores the configuration, a ConfigMap or a Secret. In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration). Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables).</td>
+			<td><pre lang="json">
+"ConfigMap"
+</pre>
 </td>
 		</tr>
 		<tr>
@@ -1795,6 +1804,15 @@ true
 			<td><pre lang="json">
 ""
 </pre>
+</td>
+		</tr>
+		<tr>
+			<td>loki.externalConfigSecretName</td>
+			<td>string</td>
+			<td>Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal).</td>
+			<td><pre lang="json">
+"{{ include \"loki.name\" . }}"
+</pre>
 </td>
 		</tr>
 		<tr>

diff --git a/production/helm/loki/CHANGELOG.md b/production/helm/loki/CHANGELOG.md
@@ -13,6 +13,10 @@ Entries should include a reference to the pull request that introduced the chang
 
 [//]: # (<AUTOMATED_UPDATES_LOCATOR> : do not remove this line. This locator is used by the CI pipeline to automatically create a changelog entry for each new Loki release. Add other chart versions and respective changelog entries bellow this line.)
 
+## 5.5.9
+
+- [FEATURE] Add `loki.configStorageType` & `loki.externalConfigSecretName` values to chart and templates.
+
 ## 5.5.8
 
 - [CHANGE] Add support for annotations on all Deployments and StatefulSets
@@ -41,6 +45,7 @@ Entries should include a reference to the pull request that introduced the chang
 
 - [BUGFIX] Use $.Release.Namespace consistently
 - [CHANGE] Add clusterLabelOverride for alert label overrides.
+- [BUGFIX] Use $.Release.Namespace consistently
 
 ## 5.5.1
 

diff --git a/production/helm/loki/Chart.yaml b/production/helm/loki/Chart.yaml
@@ -3,7 +3,7 @@ name: loki
 description: Helm chart for Grafana Loki in simple, scalable mode
 type: application
 appVersion: 2.8.2
-version: 5.5.8
+version: 5.5.9
 home: https://grafana.github.io/helm-charts
 sources:
   - https://github.com/grafana/loki

diff --git a/production/helm/loki/README.md b/production/helm/loki/README.md
@@ -1,6 +1,6 @@
 # loki
 
-![Version: 5.5.8](https://img.shields.io/badge/Version-5.5.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.8.2](https://img.shields.io/badge/AppVersion-2.8.2-informational?style=flat-square)
+![Version: 5.5.9](https://img.shields.io/badge/Version-5.5.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.8.2](https://img.shields.io/badge/AppVersion-2.8.2-informational?style=flat-square)
 
 Helm chart for Grafana Loki in simple, scalable mode
 

diff --git a/production/helm/loki/templates/_helpers.tpl b/production/helm/loki/templates/_helpers.tpl
@@ -353,6 +353,29 @@ ruler:
 {{- end }}
 {{- end }}
 
+{{/*
+Calculate the config from structured and unstructred text input
+*/}}
+{{- define "loki.calculatedConfig" -}}
+{{ tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . }}
+{{- end }}
+
+{{/*
+The volume to mount for loki configuration
+*/}}
+{{- define "loki.configVolume" -}}
+{{- if eq .Values.loki.configStorageType "Secret" -}}
+secret:
+  secretName: {{ tpl .Values.loki.externalConfigSecretName . }}
+{{- else if eq .Values.loki.configStorageType "ConfigMap" -}}
+configMap:
+  name: {{ tpl .Values.loki.externalConfigSecretName . }}
+  items:
+    - key: "config.yaml"
+      path: "config.yaml"
+{{- end -}}
+{{- end -}}
+
 {{/*
 Memcached Docker image
 */}}

diff --git a/production/helm/loki/templates/backend/statefulset-backend.yaml b/production/helm/loki/templates/backend/statefulset-backend.yaml
@@ -41,7 +41,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
         {{- with .Values.loki.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -148,8 +148,7 @@ spec:
           secret:
             secretName: {{ .Values.loki.existingSecretForConfig }}
           {{- else }}
-          configMap:
-            name: {{ include "loki.name" . }}
+          {{- include "loki.configVolume" . | nindent 10 }}
           {{- end }}
         - name: runtime-config
           configMap:

diff --git a/production/helm/loki/templates/config.yaml b/production/helm/loki/templates/config.yaml
@@ -0,0 +1,20 @@
+{{- if not .Values.loki.existingSecretForConfig -}}
+apiVersion: v1
+{{- if eq .Values.loki.configStorageType "Secret" }}
+kind: Secret
+{{- else }}
+kind: ConfigMap
+{{- end }}
+metadata:
+  name: {{ tpl .Values.loki.externalConfigSecretName . }}
+  labels:
+    {{- include "loki.labels" . | nindent 4 }}
+{{- if eq .Values.loki.configStorageType "Secret" }}
+data:
+  config.yaml: {{ include "loki.calculatedConfig" . | b64enc }}
+{{- else }}
+data:
+  config.yaml: |
+    {{ include "loki.calculatedConfig" . | nindent 4 }}
+{{- end -}}
+{{- end }}
diff --git a/production/helm/loki/templates/configmap.yaml b/production/helm/loki/templates/configmap.yaml
diff --git a/production/helm/loki/templates/read/deployment-read.yaml b/production/helm/loki/templates/read/deployment-read.yaml
@@ -31,7 +31,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
         {{- with .Values.loki.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -135,8 +135,7 @@ spec:
           secret:
             secretName: {{ .Values.loki.existingSecretForConfig }}
           {{- else }}
-          configMap:
-            name: {{ include "loki.name" . }}
+          {{- include "loki.configVolume" . | nindent 10 }}
           {{- end }}
         - name: runtime-config
           configMap:

diff --git a/production/helm/loki/templates/write/statefulset-write.yaml b/production/helm/loki/templates/write/statefulset-write.yaml
@@ -40,7 +40,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config: {{ include (print .Template.BasePath "/config.yaml") . | sha256sum }}
         {{- with .Values.loki.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -153,8 +153,7 @@ spec:
           secret:
             secretName: {{ .Values.loki.existingSecretForConfig }}
           {{- else }}
-          configMap:
-            name: {{ include "loki.name" . }}
+          {{- include "loki.configVolume" . | nindent 10 }}
           {{- end }}
         - name: runtime-config
           configMap:

diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml
@@ -75,6 +75,12 @@ loki:
   enableServiceLinks: true
   # -- Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config`
   existingSecretForConfig: ""
+  # -- Defines what kind of object stores the configuration, a ConfigMap or a Secret.
+  # In order to move sensitive information (such as credentials) from the ConfigMap/Secret to a more secure location (e.g. vault), it is possible to use [environment variables in the configuration](https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration).
+  # Such environment variables can be then stored in a separate Secret and injected via the global.extraEnvFrom value. For details about environment injection from a Secret please see [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables).
+  configStorageType: ConfigMap
+  # -- Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal).
+  externalConfigSecretName: '{{ include "loki.name" . }}'
   # -- Config file contents for Loki
   # @default -- See values.yaml
   config: |