From 354506647d65b0484332695abbbd58d91d9e7427 Mon Sep 17 00:00:00 2001 From: Tristan Holaday <40547442+TristanHoladay@users.noreply.github.com> Date: Tue, 23 Apr 2024 12:57:20 -0600 Subject: [PATCH] fix: loki s3 overrides (#365) ## Description Fixes the loki s3 setup by setting the proper overrides. ## Related Issue Fixes #343 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --- .github/bundles/uds-bundle.yaml | 14 +++++++++----- .github/bundles/uds-config.yaml | 7 ++----- tasks/iac.yaml | 7 ++----- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/.github/bundles/uds-bundle.yaml b/.github/bundles/uds-bundle.yaml index 1156216d2..fa0175a4a 100644 --- a/.github/bundles/uds-bundle.yaml +++ b/.github/bundles/uds-bundle.yaml @@ -26,9 +26,16 @@ packages: path: credentials.useSecret - name: VELERO_IRSA_ANNOTATION description: "IRSA ARN annotation to use for Velero" - path: serviceAccount.server.annotations + path: serviceAccount.server.annotations.irsa/role-arn loki: loki: + values: + - path: loki.storage.s3.endpoint + value: "" + - path: loki.storage.s3.secretAccessKey + value: "" + - path: loki.storage.s3.accessKeyId + value: "" variables: - name: LOKI_CHUNKS_BUCKET description: "The object storage bucket for Loki chunks" @@ -39,12 +46,9 @@ packages: - name: LOKI_ADMIN_BUCKET description: "The object storage bucket for Loki admin" path: loki.storage.bucketNames.admin - - name: LOKI_S3_ENDPOINT - description: "The S3 endpoint" - path: loki.storage.s3.endpoint - name: LOKI_S3_REGION description: "The S3 region" path: loki.storage.s3.region - name: LOKI_IRSA_ANNOTATION description: "The irsa role annotation" - path: loki.serviceAccount.annotations + path: serviceAccount.annotations.irsa/role-arn diff --git a/.github/bundles/uds-config.yaml b/.github/bundles/uds-config.yaml index eb2db3a58..722dd3689 100644 --- a/.github/bundles/uds-config.yaml +++ b/.github/bundles/uds-config.yaml @@ -8,12 +8,9 @@ variables: loki_ruler_bucket: ${ZARF_VAR_LOKI_S3_BUCKET} loki_admin_bucket: ${ZARF_VAR_LOKI_S3_BUCKET} loki_s3_region: ${ZARF_VAR_LOKI_S3_AWS_REGION} - loki_s3-endpoint: "" - loki_irsa_annotation: - eks.amazonaws.com/role-arn: ${ZARF_VAR_LOKI_S3_ROLE_ARN} + loki_irsa_annotation: ${ZARF_VAR_LOKI_S3_ROLE_ARN} velero_use_secret: false - velero_irsa_annotation: - eks.amazonaws.com/role-arn: "${ZARF_VAR_VELERO_S3_ROLE_ARN}" + velero_irsa_annotation: "${ZARF_VAR_VELERO_S3_ROLE_ARN}" velero_bucket: ${ZARF_VAR_VELERO_S3_BUCKET} velero_bucket_region: ${ZARF_VAR_VELERO_S3_AWS_REGION} velero_bucket_provider_url: "" diff --git a/tasks/iac.yaml b/tasks/iac.yaml index 031c0d7b4..c29f8a068 100644 --- a/tasks/iac.yaml +++ b/tasks/iac.yaml @@ -141,12 +141,9 @@ tasks: loki_ruler_bucket: ${LOKI_S3_BUCKET} loki_admin_bucket: ${LOKI_S3_BUCKET} loki_s3_region: ${LOKI_S3_AWS_REGION} - loki_s3-endpoint: "" - loki_irsa_annotation: - eks.amazonaws.com/role-arn: "${LOKI_S3_ROLE_ARN}" + loki_irsa_annotation: "${LOKI_S3_ROLE_ARN}" velero_use_secret: false - velero_irsa_annotation: - eks.amazonaws.com/role-arn: "${VELERO_S3_ROLE_ARN}" + velero_irsa_annotation: ${VELERO_S3_ROLE_ARN}" velero_bucket: ${VELERO_S3_BUCKET} velero_bucket_region: ${VELERO_S3_AWS_REGION} velero_bucket_provider_url: ""