feat: switch loki to simple scalable

bundles/k3d-standard/README.md

@@ -8,26 +8,76 @@ This bundle is used for demonstration, development, and testing of UDS Core. In
 - [MetalLB](https://metallb.universe.tf/) - Provides type: LoadBalancer for cluster resources and Istio Gateways
 - [HAProxy](https://www.haproxy.org/) - Utilizes k3d host port mapping to bind ports 80 and 443, facilitating local FQDN-based routing through ACLs to MetalLB load balancer backends for Istio Gateways serving *.uds.dev, keycloak.uds.dev, and *.admin.uds.dev.
 
-## Configuration
+## Available Overrides
+### Package: uds-k3d
+##### uds-dev-stack (minio)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `BUCKETS` | Set Minio Buckets | buckets |
+| `SVCACCTS` | Minio Service Accounts | svcaccts |
+| `USERS` | Minio Users | users |
+| `POLICIES` | Minio policies | policies |
 
-### Minio
 
-You can customize the Minio setup at deploy time via your ```uds-config.yaml```.
+### Package: core
+##### loki (loki)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `LOKI_CHUNKS_BUCKET` | The object storage bucket for Loki chunks | loki.storage.bucketNames.chunks |
+| `LOKI_RULER_BUCKET` | The object storage bucket for Loki ruler | loki.storage.bucketNames.ruler |
+| `LOKI_ADMIN_BUCKET` | The object storage bucket for Loki admin | loki.storage.bucketNames.admin |
+| `LOKI_S3_ENDPOINT` | The S3 endpoint | loki.storage.s3.endpoint |
+| `LOKI_S3_REGION` | The S3 region | loki.storage.s3.region |
+| `LOKI_S3_ACCESS_KEY_ID` | The S3 Access Key ID | loki.storage.s3.accessKeyId |
+| `LOKI_S3_SECRET_ACCESS_KEY` | The S3 Secret Access Key | loki.storage.s3.secretAccessKey |
 
-Example:
+##### istio-admin-gateway (uds-istio-config)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `ADMIN_TLS_CERT` | The TLS cert for the admin gateway (must be base64 encoded) | tls.cert |
+| `ADMIN_TLS_KEY` | The TLS key for the admin gateway (must be base64 encoded) | tls.key |
+
+##### istio-tenant-gateway (uds-istio-config)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert |
+| `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key |
+
+
+## Override Examples:
+
+### Minio Customization
+
+You can customize the Minio deployed with uds-k3d at deploy time via your ```uds-config.yaml```.
 
 ```yaml
 variables:
   uds-k3d-dev:
-    set:
-      buckets:
-        - name: "myfavoritebucket"
-          policy: "public"
-          purge: false
-      users:
-        - accessKey: console
-          secretKey: "console-secret"
-          policy: consoleAdmin
+    BUCKETS:
+      - name: "myfavoritebucket"
+        policy: "public"
+        purge: false
+    USERS:
+      - accessKey: console
+        secretKey: "console-secret"
+        policy: consoleAdmin
 ```
 
 For more details on how to customize the Minio deployment, please see [Configuring Minio](https://github.com/defenseunicorns/uds-k3d/blob/main/docs/MINIO.md).
+
+### Loki example using AWS S3
+By default Loki will be configured to use the uds-k3d built in Minio, but variables are exposed with this bundle to configure external object storage
+
+You can customize the Loki setup at deploy time via ```uds-config.yaml```
+
+```yaml
+variables:
+  core:
+    LOKI_CHUNKS_BUCKET: loki
+    LOKI_RULES_BUCKET: loki
+    LOKI_ADMIN_BUCKET: loki
+    LOKI_S3_ENDPOINT: loki.s3.us-east-1.amazonaws.com
+    LOKI_S3_REGION: us-east-1
+    LOKI_S3_ACCESS_KEY_ID: <ACCESS_KEY_ID>
+    LOKI_S3_SECRET_ACCESS_KEY: <SECRET_ACCESS_KEY>
+```

bundles/k3d-standard/uds-bundle.yaml

@@ -15,16 +15,16 @@ packages:
       uds-dev-stack:
         minio:
           variables:
-            - name: buckets
+            - name: BUCKETS
               description: "Set Minio Buckets"
               path: buckets
-            - name: svcaccts
+            - name: SVCACCTS
               description: "Minio Service Accounts"
               path: svcaccts
-            - name: users
+            - name: USERS
               description: "Minio Users"
               path: users
-            - name: policies
+            - name: POLICIES
               description: "Minio policies"
               path: policies
 
@@ -39,6 +39,42 @@ packages:
     ref: 0.17.0
     # x-release-please-end
     overrides:
+      loki:
+        loki:
+          variables:
+            - name: LOKI_CHUNKS_BUCKET
+              description: "The object storage bucket for Loki chunks"
+              path: loki.storage.bucketNames.chunks
+            - name: LOKI_RULER_BUCKET
+              description: "The object storage bucket for Loki ruler"
+              path: loki.storage.bucketNames.ruler
+            - name: LOKI_ADMIN_BUCKET
+              description: "The object storage bucket for Loki admin"
+              path: loki.storage.bucketNames.admin
+            - name: LOKI_S3_ENDPOINT
+              description: "The S3 endpoint"
+              path: loki.storage.s3.endpoint
+            - name: LOKI_S3_REGION
+              description: "The S3 region"
+              path: loki.storage.s3.region
+            - name: LOKI_S3_ACCESS_KEY_ID
+              description: "The S3 Access Key ID"
+              path: loki.storage.s3.accessKeyId
+            - name: LOKI_S3_SECRET_ACCESS_KEY
+              path: loki.storage.s3.secretAccessKey
+              description: "The S3 Secret Access Key"
+            - name: LOKI_WRITE_REPLICAS
+              path: write.replicas
+              description: "Loki write replicas"
+              default: "1"
+            - name: LOKI_READ_REPLICAS
+              path: read.replicas
+              description: "Loki read replicas"
+              default: "1"
+            - name: LOKI_BACKEND_REPLICAS
+              path: backend.replicas
+              description: "Loki backend replicas"
+              default: "1"
       istio-admin-gateway:
         uds-istio-config:
           variables:

src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.scalable }}
+{{- if .Capabilities.APIVersions.Has "security.istio.io/v1beta1" }}
 apiVersion: "security.istio.io/v1beta1"
 kind: PeerAuthentication
 metadata:

src/loki/chart/values.yaml

@@ -1 +0,0 @@
-scalable: false

src/loki/values/values.yaml

@@ -5,11 +5,28 @@ fullnameOverride: loki
 # -- Overrides the chart's cluster label
 clusterLabelOverride: null
 
+# Prevent startup issues with service existence/resolution
+memberlist:
+  service:
+    publishNotReadyAddresses: true
+
 loki:
   storage:
-    type: "filesystem"
+    bucketNames:
+      chunks: uds
+      ruler: uds
+      admin: uds
+    type: s3
+    s3:
+      endpoint: http://minio.uds-dev-stack.svc.cluster.local:9000
+      secretAccessKey: uds-secret
+      accessKeyId: uds
+      s3ForcePathStyle: true
+      insecure: false
   commonConfig:
     replication_factor: 1
+  extraMemberlistConfig:
+    rejoin_interval: 120s
   # Should authentication be enabled
   auth_enabled: false
   # -- Additional storage config
@@ -48,29 +65,11 @@ rbac:
 # -- Section for configuring optional Helm test
 test:
   enabled: false
-# Configuration for the write pod(s)
-write:
-  resources:
-    limits:
-      cpu: 300m
-      memory: 2Gi
-    requests:
-      cpu: 300m
-      memory: 2Gi
-# Configuration for the read pod(s)
-read:
-  # -- Resource requests and limits for the read
-  resources:
-    limits:
-      cpu: 300m
-      memory: 2Gi
-    requests:
-      cpu: 300m
-      memory: 2Gi
+
 # Configuration for the single binary node(s)
 singleBinary:
   # -- Number of replicas for the single binary
-  replicas: 1
+  replicas: 0
   # -- Resource requests and limits for the single binary
   resources:
     limits:
@@ -118,5 +117,17 @@ monitoring:
     enabled: false
 gateway:
   enabled: true
-  # Remove default anti-affinity since this is a 1-replica setup
+  # Remove default anti-affinity to support single node
+  affinity: ""
+
+read:
+  # Remove default anti-affinity to support single node
+  affinity: ""
+
+write:
+  # Remove default anti-affinity to support single node
+  affinity: ""
+
+backend:
+  # Remove default anti-affinity to support single node
   affinity: ""

src/loki/zarf.yaml

@@ -21,7 +21,7 @@ components:
 
   - name: loki
     required: true
-    description: "Install Loki using Chainguard images"
+    description: "Install Loki using registry1 images"
     only:
       flavor: "registry1"
     import:

tasks/create.yaml

@@ -13,7 +13,7 @@ tasks:
       - task: pepr-build
 
       - description: "Create the UDS Core Standard Zarf Package"
-        cmd: "uds zarf package create packages/standard --confirm --flavor ${FLAVOR}"
+        cmd: "uds zarf package create packages/standard --confirm --no-progress --flavor ${FLAVOR}"
 
   - name: k3d-standard-bundle
     description: "Create the K3d-UDS Core Bundle"
@@ -41,10 +41,10 @@ tasks:
       - task: pepr-build
 
       - description: "Create the Pepr Zarf Package, if it exists"
-        cmd: "uds zarf package create dist --confirm"
+        cmd: "uds zarf package create dist --confirm --no-progress"
 
       - description: "Create the requested Zarf Package (must set UDS_PKG environment variable)"
-        cmd: "uds zarf package create src/${UDS_PKG} --confirm --flavor ${FLAVOR}"
+        cmd: "uds zarf package create src/${UDS_PKG} --confirm --no-progress --flavor ${FLAVOR}"
 
   - name: pepr-build
     description: "Build the UDS Core Pepr Module"