From 706c22e9e40b0156031f214b63dc6ed4e210abc1 Mon Sep 17 00:00:00 2001 From: Jasper <44026484+jasperjonker@users.noreply.github.com> Date: Thu, 10 Nov 2022 15:09:30 +0100 Subject: [PATCH 1/6] Loki: Add querier config to loki helm (#7627) add the ability to update querier config using `values.yaml` file --- docs/sources/installation/helm/reference.md | 9 +++++++++ production/helm/loki/Chart.yaml | 2 +- production/helm/loki/README.md | 2 +- production/helm/loki/values.yaml | 8 ++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/docs/sources/installation/helm/reference.md b/docs/sources/installation/helm/reference.md index d8710129b6d3..0c64710293a9 100644 --- a/docs/sources/installation/helm/reference.md +++ b/docs/sources/installation/helm/reference.md @@ -1312,6 +1312,15 @@ null "runAsUser": 10001 } + + +
+{}
+
clusterProxy
ClusterProxy enables usage of the proxy variables set in the proxy resource. +More details: https://docs.openshift.com/container-platform/4.11/networking/enable-cluster-wide-proxy.html#enable-cluster-wide-proxy
diff --git a/operator/go.mod b/operator/go.mod index d9250c1988c4..cddd7bfc07d5 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -26,6 +26,7 @@ require ( github.com/google/go-cmp v0.5.8 github.com/grafana/loki v1.6.2-0.20220718071907-6bd05c9a4399 github.com/openshift/library-go v0.0.0-20220622115547-84d884f4c9f6 + github.com/operator-framework/operator-lib v0.11.0 github.com/prometheus/prometheus v1.8.2-0.20220303173753-edfe657b5405 gopkg.in/yaml.v2 v2.4.0 k8s.io/apiserver v0.25.0 diff --git a/operator/go.sum b/operator/go.sum index c21b90bfdff3..1c165fdc4629 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -1017,6 +1017,8 @@ github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NH github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= +github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/operator/internal/manifests/compactor.go b/operator/internal/manifests/compactor.go index c32a76fa6549..0eb66aea9c63 100644 --- a/operator/internal/manifests/compactor.go +++ b/operator/internal/manifests/compactor.go @@ -115,6 +115,8 @@ func NewCompactorStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/indexgateway.go b/operator/internal/manifests/indexgateway.go index 49ed7afdd7ec..53498266536a 100644 --- a/operator/internal/manifests/indexgateway.go +++ b/operator/internal/manifests/indexgateway.go @@ -115,6 +115,8 @@ func NewIndexGatewayStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/ingester.go b/operator/internal/manifests/ingester.go index 1eb5e5ec4ef9..1fdfa361bc62 100644 --- a/operator/internal/manifests/ingester.go +++ b/operator/internal/manifests/ingester.go @@ -127,6 +127,8 @@ func NewIngesterStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/querier.go b/operator/internal/manifests/querier.go index e3023d72c23e..32341a406e3f 100644 --- a/operator/internal/manifests/querier.go +++ b/operator/internal/manifests/querier.go @@ -116,6 +116,8 @@ func NewQuerierDeployment(opts Options) *appsv1.Deployment { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } + podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) + if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/var.go b/operator/internal/manifests/var.go index e6eff29f4b7b..1d8a039f9a53 100644 --- a/operator/internal/manifests/var.go +++ b/operator/internal/manifests/var.go @@ -3,8 +3,11 @@ package manifests import ( "fmt" "path" + "strings" + lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" "github.com/grafana/loki/operator/internal/manifests/openshift" + "github.com/operator-framework/operator-lib/proxy" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" @@ -528,3 +531,55 @@ func podSecurityContext(withSeccompProfile bool) *corev1.PodSecurityContext { return &context } + +func addProxyEnvVar(clusterProxy *lokiv1.ClusterProxy, podSpec corev1.PodSpec) corev1.PodSpec { + if clusterProxy == nil { + return podSpec + } + + podSpec = resetProxyVar(podSpec, "HTTP_PROXY") + podSpec = resetProxyVar(podSpec, "HTTPS_PROXY") + podSpec = resetProxyVar(podSpec, "NO_PROXY") + if clusterProxy.ReadVarsFromEnv { + for i, container := range podSpec.Containers { + podSpec.Containers[i].Env = append(container.Env, proxy.ReadProxyVarsFromEnv()...) + } + } else { + for i, container := range podSpec.Containers { + podSpec.Containers[i].Env = append(container.Env, + corev1.EnvVar{ + Name: "HTTP_PROXY", + Value: clusterProxy.HTTPProxy, + }, + corev1.EnvVar{ + Name: "HTTPS_PROXY", + Value: clusterProxy.HTTPSProxy, + }, + corev1.EnvVar{ + Name: "NO_PROXY", + Value: clusterProxy.NoProxy, + }) + } + } + return podSpec +} + +func resetProxyVar(podSpec corev1.PodSpec, name string) corev1.PodSpec { + for i, container := range podSpec.Containers { + found, index := getEnvVar(name, container.Env) + if found { + podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...) + } + } + return podSpec +} + +// getEnvVar matches the given name with the envvar name +func getEnvVar(name string, envVars []corev1.EnvVar) (bool, int) { + for i, env := range envVars { + if env.Name == name || env.Name == strings.ToLower(name) { + return true, i + } + } + return false, 0 +}