diff --git a/stacks/observability/grafana-loki.yaml b/stacks/observability/grafana-loki.yaml index 0ba6bbc5..e046a22c 100644 --- a/stacks/observability/grafana-loki.yaml +++ b/stacks/observability/grafana-loki.yaml @@ -5,21 +5,64 @@ name: loki repo: name: loki url: https://grafana.github.io/helm-charts -version: 6.44.0 # 3.5.7 +# To find the latest version: +# helm repo add grafana https://grafana.github.io/helm-charts --force-update +# helm search repo grafana/loki +version: 6.45.2 # 3.5.7 options: + deploymentMode: SingleBinary + singleBinary: + replicas: 1 + + # Zero out replica counts of other deployment modes + backend: + replicas: 0 + read: + replicas: 0 + write: + replicas: 0 + + ingester: + replicas: 0 + querier: + replicas: 0 + queryFrontend: + replicas: 0 + queryScheduler: + replicas: 0 + distributor: + replicas: 0 + compactor: + replicas: 0 + indexGateway: + replicas: 0 + bloomCompactor: + replicas: 0 + bloomGateway: + replicas: 0 + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' - server: - http_tls_config: - cert_file: /etc/loki/certs/tls.crt - key_file: /etc/loki/certs/tls.key - readinessProbe: - httpGet: - scheme: HTTPS + bucketNames: + # Buckets names from: https://github.com/grafana/loki/blob/015be223bcd2c29952db3f5cf0748414acf57fd3/production/helm/loki/values.yaml#L3677-L3686 + chunks: chunks + ruler: ruler + admin: admin + schemaConfig: + # See: https://grafana.com/docs/loki/latest/operations/storage/schema/ + configs: + - from: "2024-04-01" + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: loki_index_ + period: 24h + monitoring: dashboards: enabled: false @@ -35,31 +78,7 @@ options: installOperator: false test: enabled: false + lokiCanary: + enabled: false gateway: enabled: false - singleBinary: - replicas: 1 - extraVolumeMounts: - # Mount the certificate generated by the secret-operator - - name: tls - mountPath: /etc/loki/certs/ - extraVolumes: - # Request a TLS certificate from the secret-operator - - name: tls - ephemeral: - volumeClaimTemplate: - metadata: - annotations: - secrets.stackable.tech/class: tls - # Add the service loki to the - # distinguished names because this service is used - # by opentelemetry-collector. - secrets.stackable.tech/scope: |- - service=loki - spec: - storageClassName: secrets.stackable.tech - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1 diff --git a/stacks/observability/grafana-tempo.yaml b/stacks/observability/grafana-tempo.yaml index 8258f6c9..4f5e27da 100644 --- a/stacks/observability/grafana-tempo.yaml +++ b/stacks/observability/grafana-tempo.yaml @@ -6,49 +6,17 @@ repo: name: tempo url: https://grafana.github.io/helm-charts # Watch out for https://github.com/grafana/helm-charts/issues/3417 -# and https://github.com/grafana/helm-charts/pull/3503! +# Workaround at: https://github.com/grafana/helm-charts/issues/3660#issuecomment-3007113458 +# To find the latest version: +# helm repo add grafana https://grafana.github.io/helm-charts --force-update +# helm search repo grafana/tempo version: 1.24.0 # 2.9.0 options: tempo: - server: - http_tls_config: - cert_file: /etc/tempo/certs/tls.crt - key_file: /etc/tempo/certs/tls.key receivers: otlp: protocols: grpc: endpoint: "0.0.0.0:4317" - tls: - cert_file: /etc/tempo/certs/tls.crt - key_file: /etc/tempo/certs/tls.key - extraVolumeMounts: - # Mount the certificate generated by the secret-operator - - name: tls - mountPath: /etc/tempo/certs/ tempoQuery: enabled: true - extraVolumeMounts: - # Mount the certificate generated by the secret-operator - - name: tls - mountPath: /etc/tempo/certs/ - extraVolumes: - # Request a TLS certificate from the secret-operator - - name: tls - ephemeral: - volumeClaimTemplate: - metadata: - annotations: - secrets.stackable.tech/class: tls - # Add the service loki to the - # distinguished names because this service is used - # by opentelemetry-collector. - secrets.stackable.tech/scope: |- - service=tempo - spec: - storageClassName: secrets.stackable.tech - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1 diff --git a/stacks/observability/grafana.yaml b/stacks/observability/grafana.yaml index 7915dcd2..399f4f0a 100644 --- a/stacks/observability/grafana.yaml +++ b/stacks/observability/grafana.yaml @@ -6,34 +6,34 @@ name: grafana repo: name: grafana url: https://grafana.github.io/helm-charts -version: 10.1.2 # 12.2.0 +# To find the latest version: +# helm repo add grafana https://grafana.github.io/helm-charts --force-update +# helm search repo grafana/grafana +version: 10.1.4 # 12.2.1 options: admin: existingSecret: grafana-admin-credentials service: type: NodePort + port: 443 datasources: datasources.yaml: apiVersion: 1 datasources: - name: Loki type: loki - url: https://loki.default.svc.cluster.local:3100 + url: http://loki:3100 access: proxy isDefault: false jsonData: - tlsAuthWithCACert: true - secureJsonData: - tlsCACert: $__file{/etc/grafana/certs/ca.crt} + tlsAuthWithCACert: false - name: Tempo type: tempo - url: https://tempo.default.svc.cluster.local:3100 + url: http://tempo:3100 access: proxy isDefault: false jsonData: - tlsAuthWithCACert: true - secureJsonData: - tlsCACert: $__file{/etc/grafana/certs/ca.crt} + tlsAuthWithCACert: false readinessProbe: httpGet: scheme: HTTPS @@ -74,16 +74,3 @@ options: volumeAttributes: secrets.stackable.tech/class: tls secrets.stackable.tech/scope: node,pod,service=grafana - # ephemeral: - # volumeClaimTemplate: - # metadata: - # annotations: - # secrets.stackable.tech/class: tls - # secrets.stackable.tech/scope: pod #,service=grafana - # spec: - # storageClassName: secrets.stackable.tech - # accessModes: - # - ReadWriteOnce - # resources: - # requests: - # storage: 1 diff --git a/stacks/observability/jaeger.yaml b/stacks/observability/jaeger.yaml index 85504ff8..107f15f7 100644 --- a/stacks/observability/jaeger.yaml +++ b/stacks/observability/jaeger.yaml @@ -6,6 +6,9 @@ name: jaeger repo: name: jaeger url: https://jaegertracing.github.io/helm-charts +# To find the latest version: +# helm repo add jaegertracing https://jaegertracing.github.io/helm-charts --force-update +# helm search repo jaegertracing/jaeger version: 3.4.1 # 1.53.0 options: # labels: diff --git a/stacks/observability/opentelemetry-collector-deployment.yaml b/stacks/observability/opentelemetry-collector-deployment.yaml index c7978492..f7c6ce2c 100644 --- a/stacks/observability/opentelemetry-collector-deployment.yaml +++ b/stacks/observability/opentelemetry-collector-deployment.yaml @@ -9,10 +9,11 @@ metadata: spec: mode: deployment # See: https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector-contrib/versions?filters%5Bversion_type%5D=tagged + # See: https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector-contrib/550448680?tag=latest # Using the contrib image so we get all of the useful plugins - image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.97.0 + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.138.0 config: - # Configure the collector to receove via OTLP, and export to various "sinks". + # Configure the collector to receive via OTLP, and export to various "sinks". # For configuration structure, see: https://opentelemetry.io/docs/collector/configuration/ # # A receiver for logs/metrics/traces via OTLP @@ -20,7 +21,7 @@ spec: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver receivers: - otlp/insecure: + otlp: protocols: grpc: # In sidecar mode, we don't want, nor need the sidecar to be @@ -28,26 +29,26 @@ spec: # TLS on the receiver(s) because only containers in the same pod can # connect, and so network traffic will not leave the host. endpoint: 0.0.0.0:4317 - # Exporters to separate logs/metrics/taces + # Exporters to separate logs/metrics/traces # See all available exporters: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter exporters: # When added to a logs/metrics/traces pipeline, the collector will print to stdout. - debug: + debug: {} # verbosity: detailed - otlp/jaeger-insecure: + otlp/jaeger: endpoint: jaeger-collector:4317 tls: insecure: true otlp/tempo: - endpoint: tempo.default.svc.cluster.local:4317 + endpoint: tempo:4317 tls: - ca_file: /certs/ca.crt - loki: - endpoint: https://loki.default.svc.cluster.local:3100/loki/api/v1/push + insecure: true + otlphttp/loki: + endpoint: http://loki:3100/otlp tls: - ca_file: /certs/ca.crt + insecure: true # auth: # authenticator: basicauth/loki # Processors to enrich logs/metrics/traces. For example, adding Kubernetes node/pod/deployment information @@ -98,7 +99,7 @@ spec: # See all available extensions: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/extension # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension - extensions: + extensions: {} # basicauth/loki: # client_auth: # username: loki @@ -108,16 +109,17 @@ spec: # extensions: [basicauth/loki] pipelines: traces: - receivers: [otlp/insecure] + receivers: [otlp] processors: - memory_limiter - batch/every-second - resourcedetection/env exporters: + # - otlp/jaeger - otlp/tempo # - debug logs: - receivers: [otlp/insecure] + receivers: [otlp] processors: - memory_limiter - batch/every-second @@ -125,11 +127,11 @@ spec: - resource/logs - attributes/logs exporters: - - loki + - otlphttp/loki # - debug # Set the log level of the opentelemetry-collector application. # You can also expose the collector metrcics (separate from the metrics receivers/exporters). - telemetry: + telemetry: {} # logs: # level: DEBUG # metrics: @@ -142,22 +144,3 @@ spec: requests: cpu: 250m memory: 64Mi - volumeMounts: - # We mount a certificate from the secret-operator so that we have the CA - # cert for exporters to trust what they connect to. - - name: tls - mountPath: /certs - volumes: - - name: tls - ephemeral: - volumeClaimTemplate: - metadata: - annotations: - secrets.stackable.tech/class: tls - spec: - storageClassName: secrets.stackable.tech - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1 diff --git a/stacks/observability/opentelemetry-collector-sidecar.yaml b/stacks/observability/opentelemetry-collector-sidecar.yaml index 07c5b964..80be1944 100644 --- a/stacks/observability/opentelemetry-collector-sidecar.yaml +++ b/stacks/observability/opentelemetry-collector-sidecar.yaml @@ -7,10 +7,11 @@ metadata: spec: mode: sidecar # See: https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector-contrib/versions?filters%5Bversion_type%5D=tagged + # See: https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector-contrib/550448680?tag=latest # Using the contrib image so we get all of the useful plugins - image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.97.0 + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.138.0 config: - # Configure the collector to receove via OTLP, and export to various "sinks". + # Configure the collector to receive via OTLP, and export to various "sinks". # For configuration structure, see: https://opentelemetry.io/docs/collector/configuration/ # # A receiver for logs/metrics/traces via OTLP @@ -18,7 +19,7 @@ spec: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver receivers: - otlp/insecure: + otlp: protocols: grpc: # In sidecar mode, we don't want, nor need the sidecar to be @@ -26,26 +27,26 @@ spec: # TLS on the receiver(s) because only containers in the same pod can # connect, and so network traffic will not leave the host. endpoint: 127.0.0.1:4317 - # Exporters to separate logs/metrics/taces + # Exporters to separate logs/metrics/traces # See all available exporters: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter exporters: # When added to a logs/metrics/traces pipeline, the collector will print to stdout. - debug: + debug: {} # verbosity: detailed - otlp/jaeger-insecure: + otlp/jaeger: endpoint: jaeger-collector:4317 tls: insecure: true otlp/tempo: - endpoint: tempo.default.svc.cluster.local:4317 + endpoint: tempo:4317 tls: - ca_file: /certs/ca.crt - loki: - endpoint: https://loki.default.svc.cluster.local:3100/loki/api/v1/push + insecure: true + otlphttp/loki: + endpoint: http://loki:3100/otlp tls: - ca_file: /certs/ca.crt + insecure: true # auth: # authenticator: basicauth/loki # Processors to enrich logs/metrics/traces. For example, adding Kubernetes node/pod/deployment information @@ -96,7 +97,7 @@ spec: # See all available extensions: # - https://github.com/open-telemetry/opentelemetry-collector/tree/main/extension # - https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension - extensions: + extensions: {} # basicauth/loki: # client_auth: # username: loki @@ -106,17 +107,17 @@ spec: # extensions: [basicauth/loki] pipelines: traces: - receivers: [otlp/insecure] + receivers: [otlp] processors: - memory_limiter - batch/every-second - resourcedetection/env exporters: - - otlp/jaeger-insecure + - otlp/jaeger - otlp/tempo # - debug logs: - receivers: [otlp/insecure] + receivers: [otlp] processors: - memory_limiter - batch/every-second @@ -124,11 +125,11 @@ spec: - resource/logs - attributes/logs exporters: - - loki + - otlphttp/loki # - debug # Set the log level of the opentelemetry-collector application. # You can also expose the collector metrcics (separate from the metrics receivers/exporters). - telemetry: + telemetry: {} # logs: # level: DEBUG # metrics: @@ -141,22 +142,3 @@ spec: requests: cpu: 250m memory: 64Mi - volumeMounts: - # We mount a certificate from the secret-operator so that we have the CA - # cert for exporters to trust what they connect to. - - name: tls - mountPath: /certs - volumes: - - name: tls - ephemeral: - volumeClaimTemplate: - metadata: - annotations: - secrets.stackable.tech/class: tls - spec: - storageClassName: secrets.stackable.tech - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1 diff --git a/stacks/observability/opentelemetry-operator.yaml b/stacks/observability/opentelemetry-operator.yaml index d4118ddd..1ddb7a1a 100644 --- a/stacks/observability/opentelemetry-operator.yaml +++ b/stacks/observability/opentelemetry-operator.yaml @@ -5,7 +5,8 @@ name: opentelemetry-operator repo: name: opentelemetry-operator url: https://open-telemetry.github.io/opentelemetry-helm-charts -version: 0.98.0 # 0.137.0 +# Find the newest chart at https://github.com/open-telemetry/opentelemetry-helm-charts/releases +version: 0.99.0 # 0.138.0 options: admissionWebhooks: certManager: