Added loki as grafana datasource

.pre-commit-config.yaml

@@ -21,7 +21,9 @@ repos:
     hooks:
       - id: kubeconform
 
-  - repo: https://github.com/tarioch/flux-check-hook
+  # Linting does not work with external values.yaml
-    rev: v0.8.0
+  # TODO: Include url to schema in values.yaml and validate based on that?
-    hooks:
+  # - repo: https://github.com/tarioch/flux-check-hook
-      - id: check-flux-helm-values
+  #   rev: v0.8.0
+  #   hooks:
+  #     - id: check-flux-helm-values

apps/grafana/release.yaml

@@ -65,6 +65,12 @@ spec:
       enabled: true
       existingSecret: grafana-ldap-toml
 
+    sidecar:
+      datasources:
+        enabled: true
+        searchNamespace: ALL
+        labelValue: "1"
+
     extraSecretMounts:
       - name: postgres-app-mount
         secretName: postgres-app

clusters/titan.lan.huizinga.dev/apps/siranga.yaml

@@ -4,7 +4,7 @@ metadata:
   name: siranga
   namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 15m0s
   url: oci://git.huizinga.dev/dreaded_x/siranga/manifests
   ref:
     tag: latest
@@ -36,6 +36,20 @@ spec:
     secretRef:
       name: sops-gpg
 ---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: siranga
+  namespace: flux-system
+spec:
+  type: generic
+  secretRef:
+    name: receiver
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1beta2
+      kind: OCIRepository
+      name: siranga
+---
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

clusters/titan.lan.huizinga.dev/infra/kustomization.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./../../../infra/akri
+  - ./../../../infra/authelia
+  - ./../../../infra/cert-manager
+  - ./../../../infra/cnpg
+  - ./../../../infra/descheduler.yaml
+  - ./../../../infra/dragonflydb.yaml
+  - ./../../../infra/external-snapshotter.yaml
+  - ./../../../infra/intel-device-plugins.yaml
+  - ./../../../infra/kube-vip
+  - ./../../../infra/kyverno
+  - ./../../../infra/lldap
+  - ./../../../infra/loki
+  - ./../../../infra/node-feature-discovery
+  - ./../../../infra/rook-ceph
+  - ./../../../infra/topolvm
+  - ./../../../infra/traefik
+  - ./../../../infra/velero

infra/akri/akri.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/akri
+  path: ./infra/akri/akri
   prune: true
   timeout: 2m
   sourceRef:

infra/akri/akri/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: akri
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: akri-values
+    files:
+      - ./values.yaml

infra/akri/kustomization.yaml

@@ -1,15 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: akri
 resources:
-  - ./namespace.yaml
+  - ./akri.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: akri-values
-    files:
-      - ./values.yaml

infra/authelia/authelia-controller.yaml

@@ -4,7 +4,7 @@ metadata:
   name: authelia-controller
   namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 15m0s
   url: oci://git.huizinga.dev/dreaded_x/authelia-controller/manifests
   ref:
     tag: edge
@@ -23,6 +23,20 @@ spec:
     name: authelia-controller
   wait: true
 ---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: authelia-controller
+  namespace: flux-system
+spec:
+  type: generic
+  secretRef:
+    name: receiver
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1beta2
+      kind: OCIRepository
+      name: authelia-controller
+---
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

infra/authelia/authelia.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/authelia
+  path: ./infra/authelia/authelia
   dependsOn:
     - name: traefik
     - name: cnpg

infra/authelia/authelia/kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: authelia
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+  - ./service-user.yaml
+  - ../../../common/postgres
+  - ../../../common/dragonflydb
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: authelia-values
+    files:
+      - ./values.yaml

infra/authelia/kustomization.yaml

@@ -1,18 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: authelia
 resources:
-  - ./namespace.yaml
+  - ./authelia-controller.yaml
-  - ./helm-repository.yaml
+  - ./authelia.yaml
-  - ./helm-release.yaml
-  - ./service-user.yaml
-  - ../../common/postgres
-  - ../../common/dragonflydb
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: authelia-values
-    files:
-      - ./values.yaml

infra/cert-manager/cert-manager.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/cert-manager
+  path: ./infra/cert-manager/cert-manager
   prune: true
   timeout: 2m
   sourceRef:

infra/cert-manager/cert-manager/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cert-manager
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cert-manager-values
+    files:
+      - ./values.yaml

infra/cert-manager/kustomization.yaml

@@ -1,15 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: cert-manager
 resources:
-  - ./namespace.yaml
+  - ./cert-manager.yaml
-  - ./helm-repository.yaml
+  - ./letsencrypt.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: cert-manager-values
-    files:
-      - ./values.yaml

infra/cert-manager/letsencrypt.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/letsencrypt
+  path: ./infra/cert-manager/letsencrypt
   dependsOn:
     - name: cert-manager
   prune: true

infra/cnpg/cnpg.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/cnpg
+  path: ./infra/cnpg/cnpg
   dependsOn:
     - name: topolvm
   prune: true

infra/cnpg/cnpg/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cnpg-system
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cnpg-values
+    files:
+      - ./values.yaml

infra/cnpg/kustomization.yaml

@@ -1,14 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: cnpg-system
 resources:
-  - ./namespace.yaml
+  - ./cnpg.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: cnpg-values
-    files:
-      - ./values.yaml

infra/kube-vip/kube-vip.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kube-vip
+  path: ./infra/kube-vip/kube-vip
   dependsOn:
     - name: kyverno-policies
   prune: true

infra/kube-vip/kube-vip/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - ./service-account.yaml
+  - ./cluster-role.yaml
+  - ./cluster-role-binding.yaml
+  - ./daemon-set.yaml
+
+  - https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/refs/tags/v0.0.11/manifest/kube-vip-cloud-controller.yaml
+  - ./config-map-kubevip.yaml

infra/kube-vip/kustomization.yaml

@@ -1,11 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: kube-system
 resources:
-  - ./service-account.yaml
+  - ./kube-vip.yaml
-  - ./cluster-role.yaml
-  - ./cluster-role-binding.yaml
-  - ./daemon-set.yaml
-
-  - https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/refs/tags/v0.0.11/manifest/kube-vip-cloud-controller.yaml
-  - ./config-map-kubevip.yaml

infra/kyverno/kustomization.yaml

@@ -1,15 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: kyverno
 resources:
-  - ./namespace.yaml
+  - ./kyverno-policies.yaml
-  - ./helm-repository.yaml
+  - ./kyverno.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: kyverno-values
-    files:
-      - ./values.yaml

infra/kyverno/kyverno-policies.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kyverno-policies
+  path: ./infra/kyverno/kyverno-policies
   dependsOn:
     - name: kyverno
   prune: true

infra/kyverno/kyverno.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kyverno
+  path: ./infra/kyverno/kyverno
   prune: true
   timeout: 2m
   sourceRef:

infra/kyverno/kyverno/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kyverno
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: kyverno-values
+    files:
+      - ./values.yaml

infra/lldap/kustomization.yaml

@@ -1,10 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: lldap
 resources:
-  - ./namespace.yaml
+  - ./lldap-controller.yaml
-  - ./secret-lldap-credentials.yaml
+  - ./lldap.yaml
-  - ./deployment.yaml
-  - ./service.yaml
-  - ./ingress-route.yaml
-  - ../../common/postgres

infra/lldap/lldap-controller.yaml

@@ -4,7 +4,7 @@ metadata:
   name: lldap-controller
   namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 15m0s
   url: oci://git.huizinga.dev/dreaded_x/lldap-controller/manifests
   ref:
     tag: edge
@@ -23,6 +23,20 @@ spec:
     name: lldap-controller
   wait: true
 ---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: lldap-controller
+  namespace: flux-system
+spec:
+  type: generic
+  secretRef:
+    name: receiver
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1beta2
+      kind: OCIRepository
+      name: lldap-controller
+---
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

infra/lldap/lldap.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/lldap
+  path: ./infra/lldap/lldap
   dependsOn:
     - name: traefik
     - name: cnpg

infra/lldap/lldap/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: lldap
+resources:
+  - ./namespace.yaml
+  - ./secret-lldap-credentials.yaml
+  - ./deployment.yaml
+  - ./service.yaml
+  - ./ingress-route.yaml
+  - ../../../common/postgres

infra/loki/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./loki.yaml
+  - ./promtail.yaml

infra/loki/loki.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: loki
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/loki/loki
+  dependsOn:
+    - name: rook-ceph
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true

infra/loki/loki/helm-release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: loki
+spec:
+  chart:
+    spec:
+      chart: loki
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+      version: 6.29.0
+  interval: 15m
+  timeout: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: loki-values

infra/loki/loki/helm-repository.yaml

@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grafana
+spec:
+  interval: 15m
+  url: https://grafana.github.io/helm-charts

infra/loki/loki/kustomization.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: loki
+resources:
+  - ./namespace.yaml
+  - ./object-bucket-claim.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: loki-values
+    files:
+      - ./values.yaml
+  - name: grafana-datasource
+    options:
+      labels:
+        grafana_datasource: "1"
+    files:
+      - ./loki-datasource.yaml

infra/loki/loki/loki-datasource.yaml

@@ -0,0 +1,8 @@
+apiVersion: 1
+datasources:
+  - name: Loki
+    type: loki
+    access: proxy
+    url: http://loki-gateway.loki.svc.cluster.local
+    uid: "loki"
+    jsonData: {}

infra/loki/loki/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: loki

infra/loki/loki/object-bucket-claim.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: loki-bucket
+spec:
+  generateBucketName: loki
+  storageClassName: ceph-bucket

infra/loki/loki/values.yaml

@@ -0,0 +1,75 @@
+loki:
+  auth_enabled: false
+
+  schemaConfig:
+    configs:
+      - from: "2024-04-01"
+        store: tsdb
+        object_store: s3
+        schema: v13
+        index:
+          prefix: index_
+          period: 24h
+
+  limits_config:
+    split_queries_by_interval: "1h"
+    retention_period: 672h # 28 days retention
+  query_scheduler:
+    max_outstanding_requests_per_tenant: 2048
+
+  storage:
+    type: s3
+    bucketNames:
+      chunks: "${BUCKET_NAME}"
+      ruler: "${BUCKET_NAME}"
+      admin: "${BUCKET_NAME}"
+    s3:
+      # s3 URL can be used to specify the endpoint, access key, secret key, and bucket name this works well for S3 compatible storages or if you are hosting Loki on-premises and want to use S3 as the storage backend. Either use the s3 URL or the individual fields below (AWS endpoint, region, secret).
+      # s3: s3://access_key:secret_access_key@custom_endpoint/bucket_name
+      # AWS endpoint URL
+      endpoint: "${BUCKET_HOST}"
+      # AWS region where the S3 bucket is located
+      region: "${BUCKET_REGION}"
+      # AWS secret access key
+      secretAccessKey: "${AWS_SECRET_ACCESS_KEY}"
+      # AWS access key ID
+      accessKeyId: "${AWS_ACCESS_KEY_ID}"
+      # AWS signature version (e.g., v2 or v4)
+      # signatureVersion: <your-signature-version>
+      # Forces the path style for S3 (true/false)
+      s3ForcePathStyle: true
+      # Allows insecure (HTTP) connections (true/false)
+      insecure: true
+      # HTTP configuration settings
+      # http_config: {}
+
+backend:
+  replicas: 2
+
+  extraArgs:
+    - -config.expand-env=true
+  extraEnvFrom:
+    - secretRef:
+        name: loki-bucket
+    - configMapRef:
+        name: loki-bucket
+read:
+  replicas: 2
+
+  extraArgs:
+    - -config.expand-env=true
+  extraEnvFrom:
+    - secretRef:
+        name: loki-bucket
+    - configMapRef:
+        name: loki-bucket
+write:
+  replicas: 2
+
+  extraArgs:
+    - -config.expand-env=true
+  extraEnvFrom:
+    - secretRef:
+        name: loki-bucket
+    - configMapRef:
+        name: loki-bucket

infra/loki/promtail.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: promtail
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/loki/promtail
+  dependsOn:
+    - name: loki
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true

infra/loki/promtail/helm-release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: promtail
+spec:
+  chart:
+    spec:
+      chart: promtail
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+      version: 6.16.6
+  interval: 15m
+  timeout: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: promtail-values

infra/loki/promtail/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: loki
+resources:
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: promtail-values
+    files:
+      - ./values.yaml

infra/loki/promtail/values.yaml

@@ -0,0 +1,14 @@
+initContainer:
+  # -- Specifies whether the init container for setting inotify max user instances is to be enabled
+  - name: init
+    # -- Docker registry, image and tag for the init container image
+    image: docker.io/busybox:1.33
+    # -- Docker image pull policy for the init container image
+    imagePullPolicy: IfNotPresent
+    # -- The inotify max user instances to configure
+    command:
+      - sh
+      - -c
+      - sysctl -w fs.inotify.max_user_instances=512
+    securityContext:
+      privileged: true

infra/node-feature-discovery/kustomization.yaml

@@ -1,15 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: node-feature-discovery
 resources:
-  - ./namespace.yaml
+  - ./node-feature-discovery-rules.yaml
-  - ./helm-repository.yaml
+  - ./node-feature-discovery.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: nfd-values
-    files:
-      - ./values.yaml

infra/node-feature-discovery/node-feature-discovery-rules.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/node-feature-discovery-rules
+  path: ./infra/node-feature-discovery/node-feature-discovery-rules
   prune: true
   timeout: 2m
   sourceRef:

infra/node-feature-discovery/node-feature-discovery.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/node-feature-discovery
+  path: ./infra/node-feature-discovery/node-feature-discovery
   prune: true
   timeout: 2m
   sourceRef:

infra/node-feature-discovery/node-feature-discovery/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: node-feature-discovery
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: nfd-values
+    files:
+      - ./values.yaml

infra/rook-ceph/kustomization.yaml

@@ -1,7 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: rook-ceph
 resources:
-  - ./namespace.yaml
+  - ./rook-ceph.yaml
-  - ./helm-repository.yaml
+  - ./rook-ceph-cluster.yaml
-  - ./helm-release.yaml

infra/rook-ceph/rook-ceph-cluster.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/rook-ceph-cluster
+  path: ./infra/rook-ceph/rook-ceph-cluster
   dependsOn:
     - name: rook-ceph
   prune: true

infra/rook-ceph/rook-ceph-cluster/kustomization.yaml

@@ -6,7 +6,7 @@ resources:
   - ./access-control-rule.yaml
 
 configurations:
-  - ../../common/name-reference/helm-release.yaml
+  - ../../../common/name-reference/helm-release.yaml
 
 configMapGenerator:
   - name: rook-cepth-cluster-values