logging(LOG-5224): adds support for clusterset installations

deploy/resources/cluster-management-addon.yaml

@@ -1,43 +1,38 @@
 apiVersion: addon.open-cluster-management.io/v1alpha1
 kind: ClusterManagementAddOn
 metadata:
- name: multicluster-observability-addon
+  name: multicluster-observability-addon
+  annotations:
+    addon.open-cluster-management.io/lifecycle: addon-manager
 spec:
- addOnMeta:
-   displayName: Multi Cluster Observability Addon
-   description: "multicluster-observability-addon is the addon to configure spoke clusters to collect and forward logs/traces to a given set of outputs"
- supportedConfigs:
-   # Describes the general addon configuration applicable for all managed clusters. It includes:
-   # - Default subscription channel name for install the `Red Hat OpenShift Logging` operator on each managed cluster.
-   # - Default subscription channel name for install the `Red Hat OpenShift distributed tracing data collection` operator on each managed cluster.
-   - group: addon.open-cluster-management.io
-     resource: addondeploymentconfigs
-     defaultConfig:
-       name: multicluster-observability-addon
-       namespace: open-cluster-management
-
-   # Describe per managed cluster sensitive data per target forwarding location, currently supported:
-   # - TLS client certificates for mTLS communication with a log output / trace exporter.
-   # - Client credentials for password based authentication with a log output / trace exporter.
-   - resource: secrets
-
-   # Describe per managed cluster auxilliary config per log output / trace exporter.
-   - resource: configmaps
-
-   # Describes the default log forwarding outputs for each log type applied to all managed clusters.
-   - group: logging.openshift.io
-     resource: clusterlogforwarders
-     # The default config is the main stanza of a ClusterLogForwarder resource
-     # that describes where logs should be forwarded for all managed cluster.
-     defaultConfig:
-       name: instance
-       namespace: open-cluster-management
-
-   # Describes the default OpenTelemetryCollector type applied to all managed clusters.
-   - group: opentelemetry.io
-     resource: opentelemetrycollectors
-     # The default config is the main stanza of an OpenTelemetryCollector resource
-     # that describes where traces should be forwarded for all managed cluster.
-     defaultConfig:
-       name: spoke-otelcol
-       namespace: open-cluster-management
+  addOnMeta:
+    displayName: Multicluster Observability Addon
+    description: "multicluster-observability-addon is the addon to configure spoke clusters to collect and forward logs/traces to a given set of outputs"
+  supportedConfigs:
+    # Describes the general addon configuration applicable for all managed clusters. It includes:
+    # - Default subscription channel name for install the `Red Hat OpenShift Logging` operator on each managed cluster.
+    - group: addon.open-cluster-management.io
+      resource: addondeploymentconfigs
+      defaultConfig:
+        name: multicluster-observability-addon
+        namespace: open-cluster-management
+    # Describes the default log forwarding outputs for each log type applied to all managed clusters.
+    - group: logging.openshift.io
+      resource: clusterlogforwarders
+    # Describes the default OpenTelemetryCollector type applied to all managed clusters.
+    - group: opentelemetry.io
+      resource: opentelemetrycollectors
+  installStrategy:
+    type: Placements
+    placements:
+      - name: global
+        namespace: open-cluster-management-global-set
+        configs:
+          - group: logging.openshift.io
+            resource: clusterlogforwarders
+            name: instance
+            namespace: open-cluster-management
+          - group: opentelemetry.io
+            resource: opentelemetrycollectors
+            name: instance
+            namespace: open-cluster-management

go.mod

@@ -6,7 +6,6 @@ toolchain go1.21.9
 
 require (
 	github.com/ViaQ/logerr/v2 v2.1.0
-	github.com/cert-manager/cert-manager v1.13.3
 	github.com/imdario/mergo v0.3.16
 	github.com/open-telemetry/opentelemetry-operator v0.93.0
 	github.com/openshift/api v0.0.0-20240124164020-e2ce40831f2e // release-4.15
@@ -133,7 +132,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a // indirect
 	open-cluster-management.io/sdk-go v0.13.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
-	sigs.k8s.io/gateway-api v0.8.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect

go.sum

@@ -26,8 +26,6 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M=
-github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
@@ -409,8 +407,6 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2S
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y=
 sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s=
 sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s=
-sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg=
-sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=

hack/addon-install/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+description: A Helm chart to help testing the mcoa addon
+name: addon-testing
+version: 1.0.0
+appVersion: "1.0.0"

hack/addon-install/templates/aws-secret-default.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-credentials-default
+  namespace: open-cluster-management
+type: Opaque
+data:
+  access_key_id: {{ .Values.awsCredentials.accessKeyID | b64enc }}
+  access_key_secret: {{ .Values.awsCredentials.accessKeySecret | b64enc }}

hack/addon-install/templates/aws-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-credentials
+  namespace: {{ .Values.spokeClusterName }}
+type: Opaque
+data:
+  access_key_id: {{ .Values.awsCredentials.accessKeyID | b64enc }}
+  access_key_secret: {{ .Values.awsCredentials.accessKeySecret | b64enc }}

hack/addon-install/templates/clf-instance.yaml

@@ -0,0 +1,22 @@
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: open-cluster-management
+  annotations:
+    authentication.mcoa.openshift.io/cw: SecretReference
+spec:
+  outputs:
+   - cloudwatch:
+       region: eu-central-1
+       groupBy: logType
+     type: cloudwatch
+     name: cw
+     secret:
+       name: aws-credentials
+  pipelines:
+   - name: infra-cw
+     inputRefs:
+     - infrastructure
+     outputRefs:
+     - cw

hack/addon-install/templates/instance-default.yaml

@@ -0,0 +1,22 @@
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance-default
+  namespace: open-cluster-management
+  annotations:
+    authentication.mcoa.openshift.io/cw: SecretReference
+spec:
+  outputs:
+   - cloudwatch:
+       region: eu-central-1
+       groupBy: logType
+     type: cloudwatch
+     name: cw
+     secret:
+       name: aws-credentials-default
+  pipelines:
+   - name: infra-cw
+     inputRefs:
+     - infrastructure
+     outputRefs:
+     - cw

hack/addon-install/templates/otelcol-instance.yaml

@@ -0,0 +1,47 @@
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: instance
+  namespace: open-cluster-management
+  annotations:
+    authentication.mcoa.openshift.io/otlp: ExistingSecret
+spec:
+  config: |
+    exporters:
+      debug:
+      otlp:
+        endpoint: {{ .Values.hubCollector.route }}
+        headers:
+            x-scope-orgid: {{ .Values.spokeClusterName }}
+        tls:
+          ca_file: /tracing-otlp-auth/ca-bundle.crt
+          cert_file: /tracing-otlp-auth/tls.crt
+          insecure: false
+          key_file: /tracing-otlp-auth/tls.key
+    processors:
+    receivers:
+      jaeger:
+        protocols:
+            grpc:
+      otlp:
+        protocols:
+          grpc:
+          http:
+    service:
+      pipelines:
+        traces:
+          exporters:
+            - otlp
+            - debug
+          processors: []
+          receivers:
+            - jaeger
+            - otlp
+  mode: deployment
+  volumeMounts:
+  - mountPath: /tracing-otlp-auth
+    name: tracing-otlp-auth
+  volumes:
+  - name: tracing-otlp-auth
+    secret:
+      secretName: tracing-otlp-auth

hack/addon-install/values.yaml

@@ -0,0 +1,8 @@
+spokeClusterName: spoke-1
+
+awsCredentials:
+  accessKeyID: XXXXXXX
+  accessKeySecret: XXXXXX
+
+hubCollector:
+  route: XXXXXXX