From 982669ed4a9da3d86f35021502a9293808bc9e8d Mon Sep 17 00:00:00 2001 From: shockrah Date: Fri, 12 Dec 2025 14:41:29 -0800 Subject: [PATCH] Cleaning up the logging namespace and resource as they are not getting value --- .../chart/kubernetes-dashboard/values.yaml | 382 ++++++++++++++++++ infra/vultr-kubernetes/fluent-bit.tf | 10 - infra/vultr-kubernetes/namespaces.tf | 8 - infra/vultr-kubernetes/observe.yaml | 73 ---- infra/vultr-kubernetes/open-observe.tf | 105 ----- infra/vultr-kubernetes/volumes.tf | 16 - 6 files changed, 382 insertions(+), 212 deletions(-) create mode 100644 infra/vultr-kubernetes/chart/kubernetes-dashboard/values.yaml delete mode 100644 infra/vultr-kubernetes/fluent-bit.tf delete mode 100644 infra/vultr-kubernetes/observe.yaml delete mode 100644 infra/vultr-kubernetes/open-observe.tf diff --git a/infra/vultr-kubernetes/chart/kubernetes-dashboard/values.yaml b/infra/vultr-kubernetes/chart/kubernetes-dashboard/values.yaml new file mode 100644 index 0000000..59ca623 --- /dev/null +++ b/infra/vultr-kubernetes/chart/kubernetes-dashboard/values.yaml @@ -0,0 +1,382 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# General configuration shared across resources +app: + # Mode determines if chart should deploy a full Dashboard with all containers or just the API. + # - dashboard - deploys all the containers + # - api - deploys just the API + mode: 'dashboard' + image: + pullPolicy: IfNotPresent + pullSecrets: [] + scheduling: + # Node labels for pod assignment + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + nodeSelector: {} + security: + # Allow overriding csrfKey used by API/Auth containers. + # It has to be base64 encoded random 256 bytes string. + # If empty, it will be autogenerated. + csrfKey: ~ + # SecurityContext to be added to pods + # To disable set the following configuration to null: + # securityContext: null + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + # ContainerSecurityContext to be added to containers + # To disable set the following configuration to null: + # containerSecurityContext: null + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + capabilities: + drop: ["ALL"] + # Pod Disruption Budget configuration + # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + podDisruptionBudget: + enabled: false + minAvailable: 0 + maxUnavailable: 0 + networkPolicy: + enabled: false + ingressDenyAll: false + # Raw network policy spec that overrides predefined spec + # Example: + # spec: + # egress: + # - ports: + # - port: 123 + spec: {} + + # Common labels & annotations shared across all deployed resources + labels: {} + annotations: {} + # Common priority class used for all deployed resources + priorityClassName: null + settings: + ## Global dashboard settings + global: + # # Cluster name that appears in the browser window title if it is set + clusterName: "Athens Cluster" + # # Max number of items that can be displayed on each list page + # itemsPerPage: 10 + # # Max number of labels that are displayed by default on most views. + # labelsLimit: 3 + # # Number of seconds between every auto-refresh of logs + # logsAutoRefreshTimeInterval: 5 + # # Number of seconds between every auto-refresh of every resource. Set 0 to disable + # resourceAutoRefreshTimeInterval: 10 + # # Hide all access denied warnings in the notification panel + # disableAccessDeniedNotifications: false + # # Hide all namespaces option in namespace selection dropdown to avoid accidental selection in large clusters thus preventing OOM errors + # hideAllNamespaces: false + # # Namespace that should be selected by default after logging in. + defaultNamespace: playground + # # Enable/Disable namespace isolation mode. When enabled users without cluster-wide permissions will + # # only see resources within their own namespaces. + namespaceIsolation: false + # # List of namespaces that should be presented to user without namespace list privileges. + # namespaceFallbackList: + # - default + ## Pinned resources that will be displayed in dashboard's menu + pinnedResources: [] + # - kind: customresourcedefinition + # # Fully qualified name of a CRD + # name: prometheus.monitoring.coreos.com + # # Display name + # displayName: Prometheus + # # Is this CRD namespaced? + # namespaced: true + ingress: + enabled: false + hosts: + # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on: + # https://localhost:8443 + - localhost + # - kubernetes.dashboard.domain.com + ingressClassName: internal-nginx + # Use only if your ingress controllers support default ingress classes. + # If set to true ingressClassName will be ignored and not added to the Ingress resources. + # It should fall back to using IngressClass marked as the default. + useDefaultIngressClass: false + # This will append our Ingress with annotations required by our default configuration. + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + useDefaultAnnotations: true + pathType: ImplementationSpecific + # If path is not the default (/), rewrite-target annotation will be added to the Ingress. + # It allows serving Kubernetes Dashboard on a sub-path. Make sure that the configured path + # does not conflict with gateway route configuration. + path: / + issuer: + name: selfsigned + # Scope determines what kind of issuer annotation will be used on ingress resource + # - default - adds 'cert-manager.io/issuer' + # - cluster - adds 'cert-manager.io/cluster-issuer' + # - disabled - disables cert-manager annotations + scope: default + tls: + enabled: true + # If provided it will override autogenerated secret name + secretName: "" + labels: {} + annotations: {} + # Use the following toleration if Dashboard can be deployed on a tainted control-plane nodes + # - key: node-role.kubernetes.io/control-plane + # effect: NoSchedule + tolerations: [] + affinity: {} + +auth: + role: auth + image: + repository: docker.io/kubernetesui/dashboard-auth + tag: 1.4.0 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + service: + type: ClusterIP + extraSpec: ~ + containers: + ports: + - name: auth + containerPort: 8000 + protocol: TCP + args: [] + env: [] + volumeMounts: + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations for Auth related resources + labels: {} + annotations: {} + serviceLabels: {} + serviceAnnotations: {} + +# API deployment configuration +api: + role: api + image: + repository: docker.io/kubernetesui/dashboard-api + tag: 1.14.0 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + service: + type: ClusterIP + extraSpec: ~ + containers: + ports: + - name: api + containerPort: 8000 + protocol: TCP + # Additional container arguments + # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md + # args: + # - --system-banner="Welcome to the Kubernetes Dashboard" + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store exec logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations for API related resources + labels: {} + annotations: {} + serviceLabels: {} + serviceAnnotations: {} + +# WEB UI deployment configuration +web: + role: web + image: + repository: docker.io/kubernetesui/dashboard-web + tag: 1.7.0 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + service: + type: ClusterIP + extraSpec: ~ + containers: + ports: + - name: web + containerPort: 8000 + protocol: TCP + # Additional container arguments + # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md + # args: + # - --system-banner="Welcome to the Kubernetes Dashboard" + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations for WEB UI related resources + labels: {} + annotations: {} + serviceLabels: {} + serviceAnnotations: {} + +### Metrics Scraper +### Container to scrape, store, and retrieve a window of time from the Metrics Server. +### refs: https://github.com/kubernetes/dashboard/tree/master/modules/metrics-scraper +metricsScraper: + enabled: true + role: metrics-scraper + image: + repository: docker.io/kubernetesui/dashboard-metrics-scraper + tag: 1.2.2 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + service: + type: ClusterIP + extraSpec: ~ + containers: + ports: + - containerPort: 8000 + protocol: TCP + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations for Metrics Scraper related resources + labels: {} + annotations: {} + serviceLabels: {} + serviceAnnotations: {} + +## Optional Metrics Server sub-chart configuration +## Enable this if you don't already have metrics-server enabled on your cluster and +## want to use it with dashboard metrics-scraper +## refs: +## - https://github.com/kubernetes-sigs/metrics-server +## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server +metrics-server: + enabled: false + args: + - --kubelet-preferred-address-types=InternalIP + - --kubelet-insecure-tls \ No newline at end of file diff --git a/infra/vultr-kubernetes/fluent-bit.tf b/infra/vultr-kubernetes/fluent-bit.tf deleted file mode 100644 index a10b286..0000000 --- a/infra/vultr-kubernetes/fluent-bit.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource helm_release "fluent_bit" { - name = "fluent-bit" - repository = "https://fluent.github.io/helm-charts" - chart = "fluent-bit" - namespace = kubernetes_namespace.logging.metadata[0].name - - values = [ - file("${path.module}/chart/fluent-bit/values.yaml") - ] -} \ No newline at end of file diff --git a/infra/vultr-kubernetes/namespaces.tf b/infra/vultr-kubernetes/namespaces.tf index 37b60fc..e88418e 100644 --- a/infra/vultr-kubernetes/namespaces.tf +++ b/infra/vultr-kubernetes/namespaces.tf @@ -16,11 +16,3 @@ resource kubernetes_namespace openobserve { } } -resource kubernetes_namespace logging { - metadata { - annotations = { - names = "logging" - } - name = "logging" - } -} \ No newline at end of file diff --git a/infra/vultr-kubernetes/observe.yaml b/infra/vultr-kubernetes/observe.yaml deleted file mode 100644 index c905e40..0000000 --- a/infra/vultr-kubernetes/observe.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# This yaml file is a sample file used to setup open observe bu tdoesn't contain any relevant data -apiVersion: v1 -kind: Service -metadata: - name: openobserve - namespace: openobserve -spec: - clusterIP: None - selector: - app: openobserve - ports: - - name: http - port: 5080 - targetPort: 5080 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: openobserve - namespace: openobserve - labels: - name: openobserve -spec: - serviceName: openobserve - replicas: 1 - selector: - matchLabels: - name: openobserve - app: openobserve - template: - metadata: - labels: - name: openobserve - app: openobserve - spec: - securityContext: - fsGroup: 2000 - runAsUser: 10000 - runAsGroup: 3000 - runAsNonRoot: true - containers: - - name: openobserve - image: o2cr.ai/openobserve/openobserve-enterprise:v0.15.3 - env: - - name: ZO_ROOT_USER_EMAIL - value: root@example.com - - name: ZO_ROOT_USER_PASSWORD - value: Complexpass#123 - - name: ZO_DATA_DIR - value: /data - imagePullPolicy: Always - resources: - limits: - cpu: 4096m - memory: 2048Mi - requests: - cpu: 256m - memory: 50Mi - ports: - - containerPort: 5080 - name: http - volumeMounts: - - name: data - mountPath: /data - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi diff --git a/infra/vultr-kubernetes/open-observe.tf b/infra/vultr-kubernetes/open-observe.tf deleted file mode 100644 index 828eacd..0000000 --- a/infra/vultr-kubernetes/open-observe.tf +++ /dev/null @@ -1,105 +0,0 @@ -resource random_password root_password { - length = 24 - special = true -} - -output openobserve_root_password { - value = random_password.root_password.result - sensitive = true - -} - -resource kubernetes_stateful_set openobserve { - metadata { - name = "openobserve" - namespace = "logging" - labels = { - "name" = "openobserve" - } - } - spec { - service_name = "openobserve" - replicas = 1 - selector { - match_labels = { - "name" = "openobserve" - "app" = "openobserve" - } - } - template { - metadata { - labels = { - "name" = "openobserve" - "app" = "openobserve" - } - } - spec { - security_context { - fs_group = 2000 - run_as_user = 10000 - run_as_group = 3000 - run_as_non_root = true - } - container { - name = "openobserve" - image = "o2cr.ai/openobserve/openobserve-enterprise:v0.15.3" - env { - name = "ZO_ROOT_USER_EMAIL" - value = "dev@shockrah.xyz" - } - env { - name = "ZO_ROOT_USER_PASSWORD" - value = random_password.root_password.result - } - env { - name = "ZO_DATA_DIR" - value = "/data" - } - image_pull_policy = "Always" - resources { - limits = { - "cpu" = "1000m" - "memory" = "2048Mi" - } - requests = { - "cpu" = "256m" - "memory" = "50Mi" - } - } - port { - container_port = 5080 - name = "http" - } - volume_mount { - name = "openobserve-data" - mount_path = "/data" - } - } - volume { - name = "openobserve-data" - persistent_volume_claim { - claim_name = kubernetes_persistent_volume_claim_v1.openobserve.metadata[0].name - } - } - } - } - } -} - -resource kubernetes_service openobserve { - metadata { - name = "openobserve" - namespace = "logging" - } - spec { - selector = { - "app" = "openserve" - } - port { - name = "http" - port = 5080 - target_port = 5080 - } - } -} - diff --git a/infra/vultr-kubernetes/volumes.tf b/infra/vultr-kubernetes/volumes.tf index 6fc2ac8..636ad4c 100644 --- a/infra/vultr-kubernetes/volumes.tf +++ b/infra/vultr-kubernetes/volumes.tf @@ -30,19 +30,3 @@ resource kubernetes_persistent_volume_claim_v1 gitea { } } } - -resource kubernetes_persistent_volume_claim_v1 openobserve { - metadata { - name = "openobserve-data" - namespace = "logging" - } - spec { - volume_mode = "Filesystem" - access_modes = [ "ReadWriteOnce"] - resources { - requests = { - storage = "10Gi" - } - } - } -}