(dev-v2.6-archive) fixed logging cluster roles

(partially cherry picked from commit 6e70b85a5b)

packages/enterprise-cluster-manager/.helmignore

@@ -1 +0,0 @@
-tests

packages/enterprise-cluster-manager/charts/Chart.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-name: enterprise-cluster-manager-feature
-description: Install Enterprise Cluster Manager feature to manage Kubernetes clusters across providers.
-version: 0.1.100
-appVersion: 0.1.100
-home: https://rancher.com
-icon: https://github.com/rancher/ui/blob/master/public/assets/images/logos/welcome-cow.svg
-keywords:
-  - rancher
-maintainers:
-  - name: Rancher Labs
-    email: charts@rancher.com
-annotations:
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/namespace: cattle-system
-  catalog.cattle.io/release-name: enterprise-cluster-manager-feature

packages/enterprise-cluster-manager/charts/README.md

@@ -1,3 +0,0 @@
-# Enterprise Cluster Manager Feature
-
-This chart enabled the advanced multi-cluster management and authentication features of Rancher.

packages/enterprise-cluster-manager/charts/templates/feature.yaml

@@ -1,10 +0,0 @@
-apiVersion: management.cattle.io/v3
-kind: Feature
-metadata:
-  name: multi-cluster-management
-spec:
-  value: true
-status:
-  default: false
-  description: Multi-cluster provisioning and management of Kubernetes clusters.
-  dynamic: true

packages/rancher-istio/charts/Chart.yaml

@@ -9,5 +9,3 @@ annotations:
   catalog.cattle.io/namespace: istio-system
   catalog.cattle.io/release-name: rancher-istio
   catalog.cattle.io/ui-component: istio
-  catalog.cattle.io/requires-gvr: prometheuses.monitoring.coreos.com/v1
-  catalog.cattle.io/auto-install-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1

packages/rancher-istio/charts/README.md

@@ -1,19 +0,0 @@
-# Rancher Istio Installers
-
-A Rancher created chart that packages the istioctl binary to install via a helm chart.
-
-# Installation
-
-### pre-requisites
-
-This chart depends on the rancher-kiali-server-crd chart. 
-
-It also depends on rancher-monitoring being installed with default values for nameOverride, namespaceOverride, and the prometheus.service.port.
-If those values are modified on the rancher-monitoring deployment, please adjust the `kiali.external_services.prometheus` url settings:
-```
-http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
-```
-
-### installation
-
-helm install rancher-istio ./ --create-namespace -n cattle-istio-system

packages/rancher-istio/charts/configs/istio-base.yaml

@@ -4,14 +4,6 @@ spec:
   addonComponents:
     istiocoredns:
       enabled: {{ .Values.istiocoredns.enabled }}
-    prometheus:
-      enabled: false
-    grafana:
-      enabled: false
-    kiali:
-      enabled: false
-    tracing:
-      enabled: false
   components:
     base:
       enabled: {{ .Values.base.enabled }}
@@ -56,8 +48,6 @@ spec:
   profile: default
   tag: {{ .Values.tag }}
   revision: {{ .Values.revision }}
-  meshConfig:
-    enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }}
   values:
     gateways:
       istio-egressgateway:

packages/rancher-istio/charts/requirements.yaml

@@ -1,7 +0,0 @@
-dependencies:
-
-  - name: rancher-kiali-server
-    alias: kiali
-    condition: kiali.enabled
-    version: 1.22.0
-    repository: file://../../rancher-kiali-server/charts

packages/rancher-istio/charts/templates/service-monitors.yaml

@@ -1,51 +0,0 @@
-{{- if .Values.kiali.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: envoy-stats-monitor
-  namespace: istio-system
-  labels:
-    monitoring: istio-proxies
-spec:
-  selector:
-    matchExpressions:
-    - {key: istio-prometheus-ignore, operator: DoesNotExist}
-  namespaceSelector:
-    any: true
-  jobLabel: envoy-stats
-  endpoints:
-  - path: /stats/prometheus
-    targetPort: 15090
-    interval: 15s
-    relabelings:
-    - sourceLabels: [__meta_kubernetes_pod_container_port_name]
-      action: keep
-      regex: '.*-envoy-prom'
-    - action: labeldrop
-      regex: "__meta_kubernetes_pod_label_(.+)"
-    - sourceLabels: [__meta_kubernetes_namespace]
-      action: replace
-      targetLabel: namespace
-    - sourceLabels: [__meta_kubernetes_pod_name]
-      action: replace
-      targetLabel: pod_name
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: istio-component-monitor
-  namespace: istio-system
-  labels:
-    monitoring: istio-components
-spec:
-  jobLabel: istio
-  targetLabels: [app]
-  selector:
-    matchExpressions:
-    - {key: istio, operator: In, values: [pilot]}
-  namespaceSelector:
-    any: true
-  endpoints:
-  - port: http-monitoring
-    interval: 15s
-{{- end -}}

packages/rancher-istio/charts/values.yaml

@@ -51,27 +51,3 @@ global:
     image: proxyv2
   proxy_init:
     image: proxyv2
-
-# this can be removed in 1.7 as it is default
-meshConfig:
-  enablePrometheusMerge: true
-
-# Kiali subchart from rancher-kiali-server
-kiali:
-  enabled: true
-  auth:
-    # todo: what auth strategy ?
-    # strategy: token # this is default, you can use a service-account or kubeconfig token
-    strategy: anonymous
-  deployment:
-    ingress_enabled: false
-  external_services:
-    prometheus:
-      custom_metrics_url: "http://monitoring-rancher-monitor-prometheus.monitoring-system.svc:9090"
-      url: "http://monitoring-rancher-monitor-prometheus.monitoring-system.svc:9090"
-    tracing:
-      enabled: false
-  # TODO : update images
-  # deployment:
-  #   image_name: "rancher..."
-  #   image_version: v1.....

packages/rancher-kiali-server/package.yaml

@@ -1,5 +0,0 @@
-url: https://kiali.org/helm-charts/kiali-server-1.22.0.tgz
-packageVersion: 01
-generateCRDChart:
-  enabled: true
-  providesGVR: monitoringdashboards.monitoring.kiali.io/v1alpha1

packages/rancher-kiali-server/rancher-kiali-server.patch

@@ -1,39 +0,0 @@
-diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-kiali-server/charts-original/Chart.yaml packages/rancher-kiali-server/charts/Chart.yaml
---- packages/rancher-kiali-server/charts-original/Chart.yaml
-+++ packages/rancher-kiali-server/charts/Chart.yaml
-@@ -1,20 +1,23 @@
- apiVersion: v2
- appVersion: v1.22.0
--description: Kiali is an open source project for service mesh observability, refer
--  to https://www.kiali.io for details.
-+description: Rancher chart based on Kiali Server, containing standard defaults. Installed as sub-chart with customized values in Rancher's Istio.
- home: https://github.com/kiali/kiali
- icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png
- keywords:
--- istio
--- kiali
-+  - istio
-+  - kiali
- maintainers:
--- email: kiali-users@googlegroups.com
--  name: Kiali
--  url: https://kiali.io
--name: kiali-server
-+  - email: kiali-users@googlegroups.com
-+    name: Kiali
-+    url: https://kiali.io
-+name: rancher-kiali-server
- sources:
--- https://github.com/kiali/kiali
--- https://github.com/kiali/kiali-ui
--- https://github.com/kiali/kiali-operator
--- https://github.com/kiali/helm-charts
-+  - https://github.com/kiali/kiali
-+  - https://github.com/kiali/kiali-ui
-+  - https://github.com/kiali/kiali-operator
-+  - https://github.com/kiali/helm-charts
- version: 1.22.0
-+annotations:
-+  catalog.cattle.io/requires-gvr: prometheuses.monitoring.coreos.com/v1
-+  catalog.rancher.io/namespace: cattle-istio-system
-+  catalog.rancher.io/release-name: rancher-kiali-server

packages/rancher-logging/overlay/templates/logging.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.elasticsearch.enabled }}
 apiVersion: logging.banzaicloud.io/v1beta1
 kind: Logging
 metadata:
@@ -10,4 +9,3 @@ spec:
   controlNamespace: {{ .Release.Namespace }}
   fluentbit: {}
   fluentd: {}
-{{- end }}

packages/rancher-logging/overlay/templates/outputs/elasticsearch/flow.yaml

@@ -2,7 +2,7 @@
 apiVersion: logging.banzaicloud.io/v1beta1
 kind: ClusterFlow
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ .Release.Name }}-elasticsearch
   labels:
 {{ include "logging-operator.labels" . | indent 4 }}
 spec:

packages/rancher-logging/overlay/templates/outputs/kafka/flow.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.kafka.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterFlow
+metadata:
+  name: {{ .Release.Name }}-kafka
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+spec:
+  outputRefs:
+    - {{ .Release.Name }}-kafka
+  {{- end }}

packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml

@@ -0,0 +1,57 @@
+{{- if .Values.kafka.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterOutput
+metadata:
+  name: {{ .Release.Name }}-kafka
+spec:
+  kafka:
+    brokers: {{ .Values.kafka.brokers }}
+    default_topic: {{ .Values.kafka.default_topic }}
+    sasl_over_ssl: {{ .Values.kafka.sasl_over_ssl }}
+    scram_mechanism: {{ .Values.kafka.scram_mechanism }}
+    format:
+      type: json
+
+  {{- if .Values.kakfa.username }}
+    username:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "username"
+  {{- end }}
+  {{- if .Values.kakfa.password }}
+    password:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "password"
+  {{- end }}
+  {{- if .Values.kakfa.ssl_ca_cert }}
+    ssl_ca_cert:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "ssl_ca_cert"
+  {{- end }}
+  {{- if .Values.kakfa.ssl_client_cert }}
+    ssl_client_cert:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "ssl_client_cert"
+  {{- end }}
+  {{- if .Values.kakfa.ssl_client_cert_chain }}
+    ssl_client_cert_chain:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "ssl_client_cert_chain"
+  {{- end }}
+  {{- if .Values.kakfa.ssl_client_cert_key }}
+    ssl_client_cert_key:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-kafka
+          key: "ssl_client_cert_key"
+  {{- end }}
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.kafka.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-kafka
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+type: Opaque
+data:
+{{- if .Values.kafka.username }}
+  username: {{ .Values.kafka.username }}
+{{- end }}
+{{- if .Values.kafka.password }}
+  password: {{ .Values.kafka.password }}
+{{- end }}
+{{- if .Values.kafka.ssl_ca_cert }}
+  ssl_ca_cert: {{ .Values.kafka.ssl_ca_cert }}
+{{- end }}
+{{- if .Values.kafka.ssl_client_cert }}
+  ssl_client_cert: {{ .Values.kafka.ssl_client_cert }}
+{{- end }}
+{{- if .Values.kafka.ssl_client_cert_chain }}
+  ssl_client_cert_chain: {{ .Values.kafka.ssl_client_cert_chain }}
+{{- end }}
+{{- if .Values.kafka.ssl_client_cert_key }}
+  ssl_client_cert_key: {{ .Values.kafka.ssl_client_cert_key }}
+{{- end }}
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/splunk/flow.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.splunk.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterFlow
+metadata:
+  name: {{ .Release.Name }}-splunk
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+spec:
+  outputRefs:
+    - {{ .Release.Name }}-splunk
+  {{- end }}

packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.splunk.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterOutput
+metadata:
+  name: {{ .Release.Name }}-splunk
+spec:
+  splunkHec:
+    hec_host: {{ .Values.splunk.host }}
+    hec_port: {{ .Values.splunk.port }}
+    protocol: {{ .Values.splunk.protocol }}
+{{- if .Values.splunk.index }}
+    hec_token:
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-splunk
+          key: "hec_token"
+  {{- end }}
+{{- if .Values.splunk.index }}
+    index: {{ .Values.splunk.index }}
+{{- end }}
+{{- if .Values.splunk.client_cert }}
+    client_cert: {{ .Values.splunk.client_cert }}
+{{- end }}
+{{- if .Values.splunk.client_key }}
+    client_key: {{ .Values.splunk.client_key }}
+{{- end }}
+{{- if .Values.splunk.insecure_ssl }}
+    insecure_ssl: {{ .Values.splunk.insecure_ssl }}
+{{- end }}
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.splunk.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-splunk
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+type: Opaque
+data:
+  hec_token: {{ .Values.splunk.token | b64enc | quote }}
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/syslog/deployment.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.syslog.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-fluentbit-syslog-forwarder
+  labels:
+    output: syslog
+{{ include "logging-operator.labels" . | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+      output: syslog
+  template:
+    metadata:
+      labels:
+        output: syslog
+    spec:
+      containers:
+      - name: fluentbit
+        image: paynejacob/fluent-bit-out-syslog:latest
+        ports:
+          - containerPort: 24224
+        volumeMounts:
+          - mountPath: "/fluent-bit/etc/"
+            name: configuration
+      volumes:
+      - name: configuration
+        secret:
+          secretName: "{{ .Release.Name }}-syslog"
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/syslog/flow.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.syslog.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterFlow
+metadata:
+  name: {{ .Release.Name }}-syslog
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+spec:
+  outputRefs:
+    - {{ .Release.Name }}-syslog
+  {{- end }}

packages/rancher-logging/overlay/templates/outputs/syslog/output.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.syslog.enabled }}
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: ClusterOutput
+metadata:
+  name: {{ .Release.Name }}-syslog
+spec:
+  forward:
+    servers:
+      - host: "{{ .Release.Name }}-syslog-forwarder"
+    require_ack_response: false
+    ignore_network_errors_at_startup: true
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/syslog/secret.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.syslog.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-syslog
+  labels:
+{{ include "logging-operator.labels" . | indent 4 }}
+type: Opaque
+stringData:
+  fluent-bit.conf: |
+    [INPUT]
+        Name              forward
+        Port              24224
+
+    [OUTPUT]
+        Name              syslog
+        InstanceName      syslog-output
+        Match             *
+        Addr              {{ .Values.syslog.address }}
+        Cluster           {{ .Values.syslog.cluster }}
+        Buffer_Chunk_Size 64000
+    {{- if .Values.syslog.root_ca }}
+        TLSConfig         {"root_ca":"/fluent-bit/etc/root.ca"}
+    {{- end }}
+  {{- if .Values.syslog.root_ca }}
+  root.ca: {{ .Values.syslog.root_ca }}
+  {{- end }}
+{{- end }}

packages/rancher-logging/overlay/templates/outputs/syslog/service.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.syslog.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-syslog-forwarder
+spec:
+  selector:
+    output: syslog
+  ports:
+    - protocol: TCP
+      port: 24224
+      targetPort: 24224
+{{- end }}

packages/rancher-logging/overlay/templates/userroles.yaml

@@ -6,8 +6,7 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
   - apiGroups:
-      - "flows.logging.banzaicloud.io"
-      - "outputs.logging.banzaicloud.io"
+      - "logging.banzaicloud.io"
     resources:
       - flows
       - outputs
@@ -22,8 +21,7 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
 rules:
   - apiGroups:
-      - "flows.logging.banzaicloud.io"
-      - "outputs.logging.banzaicloud.io"
+      - "logging.banzaicloud.io"
     resources:
       - flows
       - outputs
@@ -38,8 +36,7 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
   - apiGroups:
-      - "flows.logging.banzaicloud.io"
-      - "outputs.logging.banzaicloud.io"
+      - "logging.banzaicloud.io"
     resources:
       - flows
       - outputs

packages/rancher-logging/rancher-logging.patch

@@ -27,7 +27,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
  
  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
-@@ -76,4 +76,14 @@
+@@ -76,4 +76,44 @@
  monitoring:
    # Create a Prometheus Operator ServiceMonitor object
    serviceMonitor:
@@ -44,3 +44,34 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
 +  client_cert: ""
 +  client_key: ""
 +  client_key_pass: ""
++
++kafka:
++  enabled: false
++  brokers: ""
++  default_topic: "fluentd"
++  sasl_over_ssl: false
++  scram_mechanism: "PLAIN"
++  username: ""
++  password: ""
++  ssl_ca_cert: ""
++  ssl_client_cert: ""
++  ssl_client_cert_chain: ""
++  ssl_client_cert_key: ""
++
++splunk:
++  enabled: false
++  host: ""
++  port: 8088
++  protocol: http
++  index: rancher
++  token: ""
++  client_cert: ""
++  client_key: ""
++  insecure_ssl: false
++
++syslog:
++  enabled: false
++  address: ""
++  cluster: true
++  root_ca: ""
+\ No newline at end of file