diff --git a/CODEOWNERS b/CODEOWNERS index 519ba2eab300..3aee187f1d7f 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -39,7 +39,6 @@ /installation/resources/crds/monitoring @kyma-project/observability /installation/resources/crds/ory @kyma-project/goat /installation/resources/crds/serverless @kyma-project/Otters -/installation/resources/crds/telemetry @kyma-project/observability /resources/api-gateway @kyma-project/goat /resources/application-connector @kyma-project/Framefrog @@ -51,11 +50,9 @@ /resources/istio @kyma-project/goat /resources/istio-resources @kyma-project/goat /resources/istio-resources/files/dashboards @kyma-project/observability -/resources/logging @kyma-project/observability /resources/monitoring @kyma-project/observability /resources/ory @kyma-project/goat /resources/serverless @kyma-project/Otters -/resources/telemetry @kyma-project/observability /resources/btp-manager @kyma-project/gopher @@ -69,10 +66,7 @@ /tests/fast-integration/skr-nightly @kyma-project/gopher /tests/fast-integration/skr-test @kyma-project/gopher /tests/fast-integration/smctl @kyma-project/gopher -/tests/fast-integration/logging @kyma-project/observability /tests/fast-integration/monitoring @kyma-project/observability -/tests/fast-integration/telemetry-test @kyma-project/observability -/tests/fast-integration/tracing @kyma-project/observability /tests/fast-integration/prow @kyma-project/Jellyfish /tests/function-controller @kyma-project/Otters diff --git a/components/central-application-connectivity-validator/Dockerfile b/components/central-application-connectivity-validator/Dockerfile index 3db839b33331..8c521a1b2402 100644 --- a/components/central-application-connectivity-validator/Dockerfile +++ b/components/central-application-connectivity-validator/Dockerfile @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder ARG DOCK_PKG_DIR=/go/src/github.com/kyma-project/kyma/components/central-application-connectivity-validator WORKDIR $DOCK_PKG_DIR diff --git a/components/central-application-gateway/Dockerfile b/components/central-application-gateway/Dockerfile index 5ff7d5e6dd9a..022e947ae885 100644 --- a/components/central-application-gateway/Dockerfile +++ b/components/central-application-gateway/Dockerfile @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder ARG DOCK_PKG_DIR=/go/src/github.com/kyma-project/kyma/components/central-application-gateway WORKDIR $DOCK_PKG_DIR diff --git a/components/central-application-gateway/README.md b/components/central-application-gateway/README.md index 204a2875aeee..67aab542e9b0 100644 --- a/components/central-application-gateway/README.md +++ b/components/central-application-gateway/README.md @@ -55,6 +55,7 @@ Central Application Gateway has the following parameters: Central Application Gateway exposes: - an external API implementing a health endpoint for liveness and readiness probes - 2 internal APIs implementing a proxy handler accessible via a service of type `ClusterIP` +- an endpoint for changing the log level Application Gateway also supports redirects for the request flows in which the URL host remains unchanged. For more details, see [Response rewriting](../../docs/05-technical-reference/ac-01-application-gateway-details.md#response-rewriting). @@ -118,6 +119,14 @@ Invocation of endpoints with duplicate names results in a `400 Bad Request` fail - `400 Bad Request` - returned when an Application, service, or entry for the [Compass mode](https://kyma-project.io/#/01-overview/application-connectivity/README) is not specified in the path. - `504 Gateway Timeout` - returned when a call to the target API times out. +### Debugging + +The log level can be changed using `zap.AtomicLevel`. +The endpoint is exposed at `http://central-application-gateway.kyma-system:8081/v1/loglevel`. + +https://pkg.go.dev/go.uber.org/zap#AtomicLevel.ServeHTTP + + ## Development This section explains the development process. diff --git a/components/compass-runtime-agent/Dockerfile b/components/compass-runtime-agent/Dockerfile index 58abc7f9b0e5..6392ceeca688 100644 --- a/components/compass-runtime-agent/Dockerfile +++ b/components/compass-runtime-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder ARG DOCK_PKG_DIR=/compass-runtime-agent WORKDIR $DOCK_PKG_DIR diff --git a/components/eventing-controller/controllers/backend/reconciler_internal_integration_test.go b/components/eventing-controller/controllers/backend/reconciler_internal_integration_test.go index d704e8e02833..5026847a01fe 100644 --- a/components/eventing-controller/controllers/backend/reconciler_internal_integration_test.go +++ b/components/eventing-controller/controllers/backend/reconciler_internal_integration_test.go @@ -31,6 +31,7 @@ import ( kymalogger "github.com/kyma-project/kyma/common/logging/logger" eventingv1alpha1 "github.com/kyma-project/kyma/components/eventing-controller/api/v1alpha1" + "github.com/kyma-project/kyma/components/eventing-controller/internal/featureflags" "github.com/kyma-project/kyma/components/eventing-controller/logger" "github.com/kyma-project/kyma/components/eventing-controller/pkg/deployment" "github.com/kyma-project/kyma/components/eventing-controller/pkg/env" @@ -78,6 +79,8 @@ var _ = BeforeSuite(func(done Done) { _, err2 = rand.Read(newCABundle) Expect(err2).NotTo(HaveOccurred()) + featureflags.SetEventingWebhookAuthEnabled(false) + // setup dummy mutating webhook url := "https://eventing-controller.kyma-system.svc.cluster.local" sideEffectClassNone := admissionv1.SideEffectClassNone diff --git a/components/eventing-controller/internal/featureflags/featureflags.go b/components/eventing-controller/internal/featureflags/featureflags.go index 696805ec07f6..5ca4b5b03e67 100644 --- a/components/eventing-controller/internal/featureflags/featureflags.go +++ b/components/eventing-controller/internal/featureflags/featureflags.go @@ -2,7 +2,7 @@ package featureflags //nolint:gochecknoglobals // This is global only inside the package. var f = &flags{ - eventingWebhookAuthEnabled: false, + eventingWebhookAuthEnabled: true, } type flags struct { diff --git a/components/eventing-controller/pkg/backend/eventmesh/eventmesh_integration_test.go b/components/eventing-controller/pkg/backend/eventmesh/eventmesh_integration_test.go index 56c0282d2c1f..de049485d4a3 100644 --- a/components/eventing-controller/pkg/backend/eventmesh/eventmesh_integration_test.go +++ b/components/eventing-controller/pkg/backend/eventmesh/eventmesh_integration_test.go @@ -179,7 +179,7 @@ func Test_handleKymaSubModified(t *testing.T) { givenKymaSub: &eventingv1alpha2.Subscription{ Status: eventingv1alpha2.SubscriptionStatus{ Backend: eventingv1alpha2.Backend{ - Ev2hash: int64(-9219276050977208880), + EventMeshLocalHash: int64(-9219276050977208880), }, }, }, diff --git a/components/function-controller/cmd/webhook/main.go b/components/function-controller/cmd/webhook/main.go index 531b6c96741a..2ab0fb8ccef7 100644 --- a/components/function-controller/cmd/webhook/main.go +++ b/components/function-controller/cmd/webhook/main.go @@ -117,14 +117,8 @@ func main() { whs.CertName = resources.CertFile whs.KeyName = resources.KeyFile - defaultCfg, err := webhookCfg.ToDefaultingConfig() - if err != nil { - setupLog.Error(err, "while creating of defaulting configuration") - os.Exit(1) - } whs.Register(resources.FunctionDefaultingWebhookPath, &ctrlwebhook.Admission{ Handler: webhook.NewDefaultingWebhook( - &defaultCfg, mgr.GetClient(), logWithCtx.Named("defaulting-webhook")), }) diff --git a/components/function-controller/internal/webhook/defaulting_webhook.go b/components/function-controller/internal/webhook/defaulting_webhook.go index 24d99018b4e3..5c4d22d31ad0 100644 --- a/components/function-controller/internal/webhook/defaulting_webhook.go +++ b/components/function-controller/internal/webhook/defaulting_webhook.go @@ -16,17 +16,15 @@ import ( ) type DefaultingWebHook struct { - configAlphaV2 *serverlessv1alpha2.DefaultingConfig - client ctrlclient.Client - decoder *admission.Decoder - log *zap.SugaredLogger + client ctrlclient.Client + decoder *admission.Decoder + log *zap.SugaredLogger } -func NewDefaultingWebhook(configV1Alpha2 *serverlessv1alpha2.DefaultingConfig, client ctrlclient.Client, log *zap.SugaredLogger) *DefaultingWebHook { +func NewDefaultingWebhook(client ctrlclient.Client, log *zap.SugaredLogger) *DefaultingWebHook { return &DefaultingWebHook{ - configAlphaV2: configV1Alpha2, - client: client, - log: log, + client: client, + log: log, } } @@ -39,11 +37,6 @@ func (w *DefaultingWebHook) Handle(_ context.Context, req admission.Request) adm log.Debug("defaulting finished for function") return res } - if req.Kind.Kind == "GitRepository" { - res := w.handleGitRepoDefaulting() - log.Debug("defaulting finished for gitrepository") - return res - } log.Debug("request object invalid kind") return admission.Errored(http.StatusBadRequest, fmt.Errorf("invalid kind: %v", req.Kind.Kind)) @@ -63,7 +56,6 @@ func (w *DefaultingWebHook) handleFunctionDefaulting(req admission.Request) admi if err := w.decoder.Decode(req, fn); err != nil { return admission.Errored(http.StatusBadRequest, err) } - fn.Default(w.configAlphaV2) f = fn } default: @@ -76,7 +68,3 @@ func (w *DefaultingWebHook) handleFunctionDefaulting(req admission.Request) admi } return admission.PatchResponseFromRaw(req.Object.Raw, fBytes) } - -func (w *DefaultingWebHook) handleGitRepoDefaulting() admission.Response { - return admission.Allowed("") -} diff --git a/components/function-controller/internal/webhook/defaulting_webhook_test.go b/components/function-controller/internal/webhook/defaulting_webhook_test.go deleted file mode 100644 index 776fd9f99b15..000000000000 --- a/components/function-controller/internal/webhook/defaulting_webhook_test.go +++ /dev/null @@ -1,195 +0,0 @@ -package webhook - -import ( - "context" - "fmt" - "net/http" - "testing" - - "github.com/stretchr/testify/assert" - "go.uber.org/zap" - - serverlessv1alpha2 "github.com/kyma-project/kyma/components/function-controller/pkg/apis/serverless/v1alpha2" - "github.com/stretchr/testify/require" - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "k8s.io/apimachinery/pkg/runtime" - ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/fake" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" -) - -func TestDefaultingWebHook_Handle(t *testing.T) { - type fields struct { - configv1alpha2 *serverlessv1alpha2.DefaultingConfig - client ctrlclient.Client - decoder *admission.Decoder - } - type args struct { - ctx context.Context - req admission.Request - } - type want struct { - operationsCount int - statusCode int32 - } - scheme := runtime.NewScheme() - _ = serverlessv1alpha2.AddToScheme(scheme) - decoder, err := admission.NewDecoder(scheme) - require.NoError(t, err) - - tests := []struct { - name string - fields fields - args args - want want - }{ - { - name: "Set function defaults successfully v1alpha2", - fields: fields{ - configv1alpha2: &serverlessv1alpha2.DefaultingConfig{ - Function: serverlessv1alpha2.FunctionDefaulting{ - Resources: serverlessv1alpha2.FunctionResourcesDefaulting{ - DefaultPreset: "S", - Presets: map[string]serverlessv1alpha2.ResourcesPreset{ - "S": { - RequestCPU: "100m", - RequestMemory: "128Mi", - LimitCPU: "200m", - LimitMemory: "256Mi", - }, - }, - }, - }, - BuildJob: serverlessv1alpha2.BuildJobDefaulting{ - Resources: serverlessv1alpha2.BuildJobResourcesDefaulting{ - DefaultPreset: "normal", - Presets: map[string]serverlessv1alpha2.ResourcesPreset{ - "normal": { - RequestCPU: "700m", - RequestMemory: "700Mi", - LimitCPU: "1100m", - LimitMemory: "1100Mi", - }, - }, - }, - }, - }, - client: fake.NewClientBuilder().Build(), - decoder: decoder, - }, - args: args{ - ctx: context.Background(), - req: admission.Request{ - AdmissionRequest: v1.AdmissionRequest{ - Kind: metav1.GroupVersionKind{Kind: "Function", Version: serverlessv1alpha2.FunctionVersion}, - Object: runtime.RawExtension{ - Raw: []byte(`{ - "apiVersion": "serverless.kyma-project.io/v1alpha2", - "kind": "Function", - "metadata": { - "labels": { - "serverless.kyma-project.io/function-resources-preset": "S" - }, - "name": "testfunc", - "namespace": "default" - }, - "spec": { - "runtime": "python39", - "source": { - "inline": { - "source": "def main(event, context):\n return \"hello world\"\n" - } - } - } - }`), - }, - }, - }, - }, - want: want{ - // add /status - // add /metadata/creationTimestamp - operationsCount: 2, - }, - }, - { - name: "Bad request", - fields: fields{ - configv1alpha2: &serverlessv1alpha2.DefaultingConfig{}, - client: fake.NewClientBuilder().Build(), - decoder: decoder, - }, - args: args{ - ctx: context.Background(), - req: admission.Request{ - AdmissionRequest: v1.AdmissionRequest{ - Kind: metav1.GroupVersionKind{Kind: "Function", Version: serverlessv1alpha2.FunctionVersion}, - Object: runtime.RawExtension{ - Raw: []byte(`bad request`), - }, - }, - }, - }, - want: want{ - statusCode: http.StatusBadRequest, - }, - }, - { - name: "Fail on invalid kind", - fields: fields{ - - client: fake.NewClientBuilder().Build(), - decoder: decoder, - }, - args: args{ - ctx: context.Background(), - req: admission.Request{ - AdmissionRequest: v1.AdmissionRequest{ - Kind: metav1.GroupVersionKind{Kind: "Function", Version: serverlessv1alpha2.FunctionVersion}, - Object: runtime.RawExtension{ - Raw: []byte(`{ - "apiVersion": "serverless.kyma-project.io/v1alpha2", - "kind": "NotFunction", - "metadata": { - "labels": { - "serverless.kyma-project.io/function-resources-preset": "S" - }, - "name": "testfunc", - "namespace": "default" - }, - "spec": { - "runtime": "python39" - } - }`), - }, - }, - }, - }, - want: want{ - statusCode: http.StatusBadRequest, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - w := &DefaultingWebHook{ - configAlphaV2: tt.fields.configv1alpha2, - client: tt.fields.client, - decoder: tt.fields.decoder, - log: zap.NewNop().Sugar(), - } - got := w.Handle(tt.args.ctx, tt.args.req) - - if tt.want.operationsCount != 0 { - require.True(t, got.Allowed) - assert.Equal(t, tt.want.operationsCount, len(got.Patches), fmt.Sprintf("%+v", got.Patches)) - } - if tt.want.statusCode != 0 { - require.False(t, got.Allowed) - require.Equal(t, tt.want.statusCode, got.Result.Code) - } - }) - } -} diff --git a/components/function-controller/internal/webhook/webhook_config.go b/components/function-controller/internal/webhook/webhook_config.go index 040f6422690d..97acc2106a38 100644 --- a/components/function-controller/internal/webhook/webhook_config.go +++ b/components/function-controller/internal/webhook/webhook_config.go @@ -7,40 +7,20 @@ import ( "github.com/kyma-project/kyma/components/function-controller/pkg/apis/serverless/v1alpha2" "github.com/pkg/errors" "gopkg.in/yaml.v2" - "k8s.io/apimachinery/pkg/util/json" ) -type Replicas struct { - MinValue string `yaml:"minValue"` -} - -type ResourcePreset map[string]struct { - RequestCpu string `yaml:"requestCpu"` - RequestMemory string `yaml:"requestMemory"` - LimitMemory string `yaml:"limitMemory"` - LimitCpu string `yaml:"limitCpu"` -} - -type RuntimePreset map[string]string - type FunctionResources struct { - MinRequestCpu string `yaml:"minRequestCpu"` - MinRequestMemory string `yaml:"minRequestMemory"` - DefaultPreset string `yaml:"defaultPreset"` - Presets ResourcePreset `yaml:"presets"` - RuntimePresets RuntimePreset `yaml:"runtimePresets"` + MinRequestCpu string `yaml:"minRequestCpu"` + MinRequestMemory string `yaml:"minRequestMemory"` } type FunctionCfg struct { - Replicas Replicas `yaml:"replicas"` Resources FunctionResources `yaml:"resources"` } type BuildResources struct { - MinRequestCpu string `yaml:"minRequestCpu"` - MinRequestMemory string `yaml:"minRequestMemory"` - DefaultPreset string `yaml:"defaultPreset"` - Presets ResourcePreset `yaml:"presets"` + MinRequestCpu string `yaml:"minRequestCpu"` + MinRequestMemory string `yaml:"minRequestMemory"` } type BuildJob struct { @@ -55,12 +35,7 @@ type WebhookConfig struct { } func LoadWebhookCfg(path string) (WebhookConfig, error) { - cfg := WebhookConfig{ - DefaultRuntime: string(v1alpha2.NodeJs18), - Function: FunctionCfg{ - Resources: FunctionResources{DefaultPreset: "M"}}, - BuildJob: BuildJob{Resources: BuildResources{DefaultPreset: "normal"}}, - } + cfg := WebhookConfig{DefaultRuntime: string(v1alpha2.NodeJs18)} cleanPath := filepath.Clean(path) yamlFile, err := os.ReadFile(cleanPath) @@ -72,31 +47,6 @@ func LoadWebhookCfg(path string) (WebhookConfig, error) { return cfg, errors.Wrap(err, "while unmarshalling yaml") } -func (r *ResourcePreset) UnmarshalYAML(unmarshal func(interface{}) error) error { - rawPresets := "" - err := unmarshal(&rawPresets) - if err != nil { - return err - } - - if err := json.Unmarshal([]byte(rawPresets), r); err != nil { - return err - } - return nil -} - -func (rp *RuntimePreset) UnmarshalYAML(unmarshal func(interface{}) error) error { - rawPresets := "" - err := unmarshal(&rawPresets) - if err != nil { - return err - } - if err := json.Unmarshal([]byte(rawPresets), rp); err != nil { - return err - } - return nil -} - func (wc WebhookConfig) ToValidationConfig() v1alpha2.ValidationConfig { return v1alpha2.ValidationConfig{ ReservedEnvs: wc.ReservedEnvs, @@ -114,36 +64,3 @@ func (wc WebhookConfig) ToValidationConfig() v1alpha2.ValidationConfig { }, } } - -func (wc WebhookConfig) ToDefaultingConfig() (v1alpha2.DefaultingConfig, error) { - cfg := v1alpha2.DefaultingConfig{ - Runtime: v1alpha2.Runtime(wc.DefaultRuntime), - Function: v1alpha2.FunctionDefaulting{ - Resources: v1alpha2.FunctionResourcesDefaulting{ - DefaultPreset: wc.Function.Resources.DefaultPreset, - Presets: wc.Function.Resources.Presets.toDefaultingResourcePreset(), - RuntimePresets: wc.Function.Resources.RuntimePresets, - }, - }, - BuildJob: v1alpha2.BuildJobDefaulting{ - Resources: v1alpha2.BuildJobResourcesDefaulting{ - DefaultPreset: wc.BuildJob.Resources.DefaultPreset, - Presets: wc.BuildJob.Resources.Presets.toDefaultingResourcePreset(), - }, - }, - } - return cfg, nil -} - -func (rp ResourcePreset) toDefaultingResourcePreset() map[string]v1alpha2.ResourcesPreset { - out := map[string]v1alpha2.ResourcesPreset{} - for k, v := range rp { - out[k] = v1alpha2.ResourcesPreset{ - RequestCPU: v.RequestCpu, - RequestMemory: v.RequestMemory, - LimitCPU: v.LimitCpu, - LimitMemory: v.LimitMemory, - } - } - return out -} diff --git a/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults.go b/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults.go deleted file mode 100644 index 88802d1d02c7..000000000000 --- a/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults.go +++ /dev/null @@ -1,157 +0,0 @@ -package v1alpha2 - -import ( - "k8s.io/apimachinery/pkg/api/resource" - - corev1 "k8s.io/api/core/v1" -) - -const DefaultingConfigKey = "defaulting-config" - -type ResourcesPreset struct { - RequestCPU string - RequestMemory string - LimitCPU string - LimitMemory string -} - -type FunctionResourcesDefaulting struct { - DefaultPreset string - Presets map[string]ResourcesPreset - RuntimePresets map[string]string -} - -type BuildJobResourcesDefaulting struct { - DefaultPreset string - Presets map[string]ResourcesPreset -} - -type FunctionDefaulting struct { - Resources FunctionResourcesDefaulting -} - -type BuildJobDefaulting struct { - Resources BuildJobResourcesDefaulting -} - -type DefaultingConfig struct { - Function FunctionDefaulting - BuildJob BuildJobDefaulting - Runtime Runtime -} - -func (fn *Function) Default(config *DefaultingConfig) { -} - -func (spec *FunctionSpec) defaultFunctionResources(config *DefaultingConfig, fn *Function) { - var resources *corev1.ResourceRequirements - var profile string - if spec.ResourceConfiguration != nil && spec.ResourceConfiguration.Function != nil { - functionResourceCfg := *spec.ResourceConfiguration.Function - if functionResourceCfg.Resources != nil { - resources = functionResourceCfg.Resources - } - profile = functionResourceCfg.Profile - } - defaultingConfig := config.Function.Resources - calculatedResources := calculateResources(fn, resources, profile, FunctionResourcesPresetLabel, defaultingConfig.Presets, defaultingConfig.DefaultPreset, defaultingConfig.RuntimePresets) - setFunctionResources(spec, calculatedResources) -} - -func setFunctionResources(spec *FunctionSpec, resources *corev1.ResourceRequirements) { - - if spec.ResourceConfiguration == nil { - spec.ResourceConfiguration = &ResourceConfiguration{} - } - - if spec.ResourceConfiguration.Function == nil { - spec.ResourceConfiguration.Function = &ResourceRequirements{} - } - - spec.ResourceConfiguration.Function.Resources = resources -} - -func (spec *FunctionSpec) defaultBuildResources(config *DefaultingConfig, fn *Function) { - // if build resources are not set by the user we don't default them. - // However, if only a part is set or the preset label is set, we should correctly set missing defaults. - if shouldSkipBuildResourcesDefault(fn) { - return - } - - var buildResourceCfg ResourceRequirements - if spec.ResourceConfiguration != nil && spec.ResourceConfiguration.Build != nil { - buildResourceCfg = *spec.ResourceConfiguration.Build - } - - defaultingConfig := config.BuildJob.Resources - calculatedResources := calculateResources(fn, buildResourceCfg.Resources, buildResourceCfg.Profile, BuildResourcesPresetLabel, defaultingConfig.Presets, defaultingConfig.DefaultPreset, nil) - - setBuildResources(spec, calculatedResources) -} - -func setBuildResources(spec *FunctionSpec, resources *corev1.ResourceRequirements) { - - if spec.ResourceConfiguration == nil { - spec.ResourceConfiguration = &ResourceConfiguration{} - } - - if spec.ResourceConfiguration.Build == nil { - spec.ResourceConfiguration.Build = &ResourceRequirements{} - } - - spec.ResourceConfiguration.Build.Resources = resources -} - -func shouldSkipBuildResourcesDefault(fn *Function) bool { - resourceCfg := fn.Spec.ResourceConfiguration.Build - _, hasPresetLabel := fn.Labels[BuildResourcesPresetLabel] - if hasPresetLabel { - return false - } - - if resourceCfg != nil { - if resourceCfg.Profile != "" { - return false - } - if resourceCfg.Resources != nil { - return resourceCfg.Resources.Limits == nil && resourceCfg.Resources.Requests == nil - } - } - return true -} - -func calculateResources(fn *Function, resourceRequirements *corev1.ResourceRequirements, profile string, presetLabel string, presets map[string]ResourcesPreset, defaultPreset string, runtimePreset map[string]string) *corev1.ResourceRequirements { - // profile has the highest priority - preset := profile - // we can use profile from label (deprecated) instead of new profile - if preset == "" { - preset = fn.GetLabels()[presetLabel] - } - if preset != "" { - return presetsToRequirements(presets[preset]) - } - // when no profile we use user defined resources - if resourceRequirements != nil { - return resourceRequirements - } - // we use default preset only when no profile and no resources - rtmPreset, ok := runtimePreset[string(fn.Spec.Runtime)] - if ok { - return presetsToRequirements(presets[rtmPreset]) - } - return presetsToRequirements(presets[defaultPreset]) -} - -func presetsToRequirements(preset ResourcesPreset) *corev1.ResourceRequirements { - result := corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse(preset.LimitCPU), - corev1.ResourceMemory: resource.MustParse(preset.LimitMemory), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse(preset.RequestCPU), - corev1.ResourceMemory: resource.MustParse(preset.RequestMemory), - }, - } - return &result -} diff --git a/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults_test.go b/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults_test.go deleted file mode 100644 index fef1f7746dcb..000000000000 --- a/components/function-controller/pkg/apis/serverless/v1alpha2/function_defaults_test.go +++ /dev/null @@ -1,474 +0,0 @@ -package v1alpha2 - -import ( - "testing" - - "github.com/stretchr/testify/require" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -func TestSetDefaults(t *testing.T) { - // these tests are not working right now and there is no sense in refactoring them - // because in the near future tests will be refactored - t.Skip() - - zero := int32(0) - one := int32(1) - two := int32(2) - - MRuntimeResourcesBuilder := ResourceRequirementsBuilder{}.Limits("100m", "128Mi").Requests("50m", "64Mi") - SRuntimeResourcesBuilder := ResourceRequirementsBuilder{}.Limits("50m", "64Mi").Requests("25m", "32Mi") - LRuntimeResources := ResourceRequirementsBuilder{}.Limits("200m", "256Mi").Requests("100m", "128Mi").BuildCoreV1() - MRuntimeResources := MRuntimeResourcesBuilder.BuildCoreV1() - - slowBuildResourcesBuilder := ResourceRequirementsBuilder{}.Limits("700m", "700Mi").Requests("350m", "350Mi") - - for testName, testData := range map[string]struct { - givenFunc Function - expectedFunc Function - }{ - "Should do nothing": { - givenFunc: Function{ - Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - }, - }, - expectedFunc: Function{Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - - Replicas: &two, - }, - }, - }, - "Should not change runtime type": { - givenFunc: Function{ - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - }, - }, - expectedFunc: Function{ - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - Replicas: &two, - }, - }, - }, - "Should not change empty runtime type to default": { - givenFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - }, - }, - expectedFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("400m", "321Mi").Requests("374m", "300Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - Replicas: &two, - }, - }, - }, - "Should default minimal function": { - givenFunc: Function{}, - expectedFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: MRuntimeResourcesBuilder.Build(), - }, - Replicas: &one, - }, - }, - }, - "Should not fill missing resources": { - givenFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Requests("150m", "150Mi").Build(), - Build: ResourceRequirementsBuilder{}.Requests("1200m", "12000Mi").Build(), - }, - Replicas: &two, - }, - }, - expectedFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Requests("150m", "150Mi").Build(), - Build: ResourceRequirementsBuilder{}.Requests("1200m", "12000Mi").Build(), - }, - Replicas: &two, - }, - }, - }, - "should consider maxReplicas and limits": { - givenFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("15m", "15Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("800m", "800Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MaxReplicas: &zero, - }, - }, - }, - expectedFunc: Function{ - Spec: FunctionSpec{ - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Limits("15m", "15Mi").Build(), - Build: ResourceRequirementsBuilder{}.Limits("800m", "800Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &zero, - MaxReplicas: &zero, - }, - Replicas: &zero, - }, - }, - }, - } { - t.Run(testName, func(t *testing.T) { - // given - config := fixDefaultingConfig() - - // when - testData.givenFunc.Default(config) - - // then - require.EqualValues(t, testData.expectedFunc, testData.givenFunc) - }) - } - - testCases := map[string]struct { - givenFunc Function - expectedFunc Function - }{ - "Should properly set resources presets (using labels) - case with all fields": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "S", - BuildResourcesPresetLabel: "slow", - }, - }, - Spec: FunctionSpec{ - Runtime: NodeJs18, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "S", - BuildResourcesPresetLabel: "slow", - }, - }, Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: SRuntimeResourcesBuilder.Build(), - Build: slowBuildResourcesBuilder.Build(), - }, - Replicas: &one, - }, - }, - }, - "Should properly set resources presets (using ResourceConfiguration..Preset) - case with all fields": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Build: &ResourceRequirements{ - Profile: "slow", - }, - Function: &ResourceRequirements{ - Profile: "S", - }, - }, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: SRuntimeResourcesBuilder.Profile("S").Build(), - Build: slowBuildResourcesBuilder.Profile("slow").Build(), - }, - Replicas: &one, - }, - }, - }, - "Should overwrite custom resources by presets (using labels) - case with all fields": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "S", - BuildResourcesPresetLabel: "slow", - }, - }, - Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Requests("15m", "15Mi").Build(), - Build: ResourceRequirementsBuilder{}.Requests("250m", "250Mi").Build(), - }, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - }, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "S", - BuildResourcesPresetLabel: "slow", - }, - }, Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: SRuntimeResourcesBuilder.Build(), - Build: slowBuildResourcesBuilder.Build(), - }, - Replicas: &two, - ScaleConfig: &ScaleConfig{ - MinReplicas: &two, - MaxReplicas: &two, - }, - }, - }, - }, - "Should overwrite custom resources by presets (using ResourceConfiguration..Preset) - case with all fields": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Requests("15m", "15Mi").Profile("S").Build(), - Build: ResourceRequirementsBuilder{}.Requests("250m", "250Mi").Profile("slow").Build(), - }, - Replicas: &two, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: NodeJs18, - ResourceConfiguration: &ResourceConfiguration{ - Function: SRuntimeResourcesBuilder.Profile("S").Build(), - Build: slowBuildResourcesBuilder.Profile("slow").Build(), - }, - Replicas: &two, - }, - }, - }, - "Should set function profile to function presets M instead of default L value (using labels)": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "M", - }, - }, - Spec: FunctionSpec{ - Runtime: Python39, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{ - Labels: map[string]string{ - FunctionResourcesPresetLabel: "M", - }, - }, - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: &ResourceRequirements{ - Resources: &MRuntimeResources, - }, - }, - Replicas: &one, - }}, - }, - "Should set function profile to function presets M instead of default L value (using ResourceConfiguration..Preset)": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: ResourceRequirementsBuilder{}.Profile("M").Build(), - }, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: &ResourceRequirements{ - Profile: "M", - Resources: &MRuntimeResources, - }, - }, - Replicas: &one, - }}, - }, - "Should set function profile to function default preset L": { - givenFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: Python39, - }, - }, - expectedFunc: Function{ - ObjectMeta: v1.ObjectMeta{}, - Spec: FunctionSpec{ - Runtime: Python39, - ResourceConfiguration: &ResourceConfiguration{ - Function: &ResourceRequirements{ - Resources: &LRuntimeResources, - }, - }, - Replicas: &one, - }}, - }, - } - - for testName, testData := range testCases { - t.Run(testName, func(t *testing.T) { - // given - config := fixDefaultingConfig() - // when - testData.givenFunc.Default(config) - - // then - require.EqualValues(t, testData.expectedFunc, testData.givenFunc) - }) - } -} - -func fixDefaultingConfig() *DefaultingConfig { - return &DefaultingConfig{ - Function: FunctionDefaulting{ - Resources: FunctionResourcesDefaulting{ - DefaultPreset: "M", - Presets: map[string]ResourcesPreset{ - "S": {RequestCPU: "25m", RequestMemory: "32Mi", LimitCPU: "50m", LimitMemory: "64Mi"}, - "M": {RequestCPU: "50m", RequestMemory: "64Mi", LimitCPU: "100m", LimitMemory: "128Mi"}, - "L": {RequestCPU: "100m", RequestMemory: "128Mi", LimitCPU: "200m", LimitMemory: "256Mi"}, - }, - RuntimePresets: map[string]string{"python39": "L"}, - }, - }, - BuildJob: BuildJobDefaulting{ - Resources: BuildJobResourcesDefaulting{ - DefaultPreset: "normal", - Presets: map[string]ResourcesPreset{ - "slow": {RequestCPU: "350m", RequestMemory: "350Mi", LimitCPU: "700m", LimitMemory: "700Mi"}, - "normal": {RequestCPU: "700m", RequestMemory: "700Mi", LimitCPU: "1100m", LimitMemory: "1100Mi"}, - "fast": {RequestCPU: "1100m", RequestMemory: "1100Mi", LimitCPU: "1800m", LimitMemory: "1800Mi"}, - }, - }, - }, - } -} - -type ResourceRequirementsBuilder struct { - limitsCpu, limitsMemory, requestsCpu, requestsMemory, profile string -} - -func (b ResourceRequirementsBuilder) Limits(cpu, memory string) ResourceRequirementsBuilder { - b.limitsCpu = cpu - b.limitsMemory = memory - return b -} - -func (b ResourceRequirementsBuilder) Requests(cpu, memory string) ResourceRequirementsBuilder { - b.requestsCpu = cpu - b.requestsMemory = memory - return b -} - -func (b ResourceRequirementsBuilder) Profile(profile string) ResourceRequirementsBuilder { - b.profile = profile - return b -} - -func (b ResourceRequirementsBuilder) BuildCoreV1() corev1.ResourceRequirements { - limits := corev1.ResourceList{} - if b.limitsCpu != "" { - limits[corev1.ResourceCPU] = resource.MustParse(b.limitsCpu) - } - if b.limitsMemory != "" { - limits[corev1.ResourceMemory] = resource.MustParse(b.limitsMemory) - } - if len(limits) == 0 { - limits = nil - } - requests := corev1.ResourceList{} - if b.requestsCpu != "" { - requests[corev1.ResourceCPU] = resource.MustParse(b.requestsCpu) - } - if b.requestsMemory != "" { - requests[corev1.ResourceMemory] = resource.MustParse(b.requestsMemory) - } - if len(requests) == 0 { - requests = nil - } - return corev1.ResourceRequirements{ - Limits: limits, - Requests: requests, - } -} - -func (b ResourceRequirementsBuilder) Build() *ResourceRequirements { - res := b.BuildCoreV1() - return &ResourceRequirements{ - Resources: &res, - Profile: b.profile, - } -} diff --git a/components/function-controller/pkg/apis/serverless/v1alpha2/function_resources_test.go b/components/function-controller/pkg/apis/serverless/v1alpha2/function_resources_test.go new file mode 100644 index 000000000000..d16990fa5407 --- /dev/null +++ b/components/function-controller/pkg/apis/serverless/v1alpha2/function_resources_test.go @@ -0,0 +1,125 @@ +package v1alpha2_test + +import ( + serverlessv1alpha2 "github.com/kyma-project/kyma/components/function-controller/pkg/apis/serverless/v1alpha2" + "testing" + + "github.com/stretchr/testify/require" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" +) + +func Test_EffectiveResource(t *testing.T) { + + MRuntimeResourcesBuilder := ResourceRequirementsBuilder{}.Limits("100m", "128Mi").Requests("50m", "64Mi") + LRuntimeResources := ResourceRequirementsBuilder{}.Limits("200m", "256Mi").Requests("100m", "128Mi").BuildCoreV1() + MRuntimeResources := MRuntimeResourcesBuilder.BuildCoreV1() + + testCases := map[string]struct { + given *serverlessv1alpha2.ResourceRequirements + expected corev1.ResourceRequirements + }{ + "Should choose custom": { + given: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").Build(), + expected: ResourceRequirementsBuilder{}.Limits("150m", "158Mi").Requests("90m", "84Mi").BuildCoreV1(), + }, + "Should choose default profile": { + given: nil, + expected: MRuntimeResources, + }, + "Should choose declared profile ": { + given: &serverlessv1alpha2.ResourceRequirements{Profile: "L"}, + expected: LRuntimeResources, + }, + "Should choose default profile in case of not existing profile": { + given: &serverlessv1alpha2.ResourceRequirements{Profile: "NOT EXISTS"}, + expected: MRuntimeResources, + }, + } + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + // given + presets, defaultPreset := fixPresetsConfig() + + // when + effectiveResource := tc.given.EffectiveResource(defaultPreset, presets) + + // then + require.EqualValues(t, tc.expected, effectiveResource) + }) + } +} + +func fixPresetsConfig() (map[string]corev1.ResourceRequirements, string) { + return map[string]corev1.ResourceRequirements{ + "S": { + Limits: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("50m"), corev1.ResourceMemory: resource.MustParse("64Mi")}, + Requests: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("25m"), corev1.ResourceMemory: resource.MustParse("32Mi")}, + }, + "M": { + Limits: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("100m"), corev1.ResourceMemory: resource.MustParse("128Mi")}, + Requests: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("50m"), corev1.ResourceMemory: resource.MustParse("64Mi")}, + }, + "L": { + Limits: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("200m"), corev1.ResourceMemory: resource.MustParse("256Mi")}, + Requests: corev1.ResourceList{corev1.ResourceCPU: resource.MustParse("100m"), corev1.ResourceMemory: resource.MustParse("128Mi")}, + }, + }, "M" +} + +type ResourceRequirementsBuilder struct { + limitsCpu, limitsMemory, requestsCpu, requestsMemory, profile string +} + +func (b ResourceRequirementsBuilder) Limits(cpu, memory string) ResourceRequirementsBuilder { + b.limitsCpu = cpu + b.limitsMemory = memory + return b +} + +func (b ResourceRequirementsBuilder) Requests(cpu, memory string) ResourceRequirementsBuilder { + b.requestsCpu = cpu + b.requestsMemory = memory + return b +} + +func (b ResourceRequirementsBuilder) Profile(profile string) ResourceRequirementsBuilder { + b.profile = profile + return b +} + +func (b ResourceRequirementsBuilder) BuildCoreV1() corev1.ResourceRequirements { + limits := corev1.ResourceList{} + if b.limitsCpu != "" { + limits[corev1.ResourceCPU] = resource.MustParse(b.limitsCpu) + } + if b.limitsMemory != "" { + limits[corev1.ResourceMemory] = resource.MustParse(b.limitsMemory) + } + if len(limits) == 0 { + limits = nil + } + requests := corev1.ResourceList{} + if b.requestsCpu != "" { + requests[corev1.ResourceCPU] = resource.MustParse(b.requestsCpu) + } + if b.requestsMemory != "" { + requests[corev1.ResourceMemory] = resource.MustParse(b.requestsMemory) + } + if len(requests) == 0 { + requests = nil + } + return corev1.ResourceRequirements{ + Limits: limits, + Requests: requests, + } +} + +func (b ResourceRequirementsBuilder) Build() *serverlessv1alpha2.ResourceRequirements { + res := b.BuildCoreV1() + return &serverlessv1alpha2.ResourceRequirements{ + Resources: &res, + Profile: b.profile, + } +} diff --git a/components/function-controller/pkg/apis/serverless/v1alpha2/zz_generated.deepcopy.go b/components/function-controller/pkg/apis/serverless/v1alpha2/zz_generated.deepcopy.go index c559db327852..fe730d97137e 100644 --- a/components/function-controller/pkg/apis/serverless/v1alpha2/zz_generated.deepcopy.go +++ b/components/function-controller/pkg/apis/serverless/v1alpha2/zz_generated.deepcopy.go @@ -10,44 +10,6 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildJobDefaulting) DeepCopyInto(out *BuildJobDefaulting) { - *out = *in - in.Resources.DeepCopyInto(&out.Resources) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildJobDefaulting. -func (in *BuildJobDefaulting) DeepCopy() *BuildJobDefaulting { - if in == nil { - return nil - } - out := new(BuildJobDefaulting) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildJobResourcesDefaulting) DeepCopyInto(out *BuildJobResourcesDefaulting) { - *out = *in - if in.Presets != nil { - in, out := &in.Presets, &out.Presets - *out = make(map[string]ResourcesPreset, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildJobResourcesDefaulting. -func (in *BuildJobResourcesDefaulting) DeepCopy() *BuildJobResourcesDefaulting { - if in == nil { - return nil - } - out := new(BuildJobResourcesDefaulting) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Condition) DeepCopyInto(out *Condition) { *out = *in @@ -64,23 +26,6 @@ func (in *Condition) DeepCopy() *Condition { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DefaultingConfig) DeepCopyInto(out *DefaultingConfig) { - *out = *in - in.Function.DeepCopyInto(&out.Function) - in.BuildJob.DeepCopyInto(&out.BuildJob) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultingConfig. -func (in *DefaultingConfig) DeepCopy() *DefaultingConfig { - if in == nil { - return nil - } - out := new(DefaultingConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Function) DeepCopyInto(out *Function) { *out = *in @@ -108,22 +53,6 @@ func (in *Function) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FunctionDefaulting) DeepCopyInto(out *FunctionDefaulting) { - *out = *in - in.Resources.DeepCopyInto(&out.Resources) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FunctionDefaulting. -func (in *FunctionDefaulting) DeepCopy() *FunctionDefaulting { - if in == nil { - return nil - } - out := new(FunctionDefaulting) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FunctionList) DeepCopyInto(out *FunctionList) { *out = *in @@ -156,35 +85,6 @@ func (in *FunctionList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FunctionResourcesDefaulting) DeepCopyInto(out *FunctionResourcesDefaulting) { - *out = *in - if in.Presets != nil { - in, out := &in.Presets, &out.Presets - *out = make(map[string]ResourcesPreset, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.RuntimePresets != nil { - in, out := &in.RuntimePresets, &out.RuntimePresets - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FunctionResourcesDefaulting. -func (in *FunctionResourcesDefaulting) DeepCopy() *FunctionResourcesDefaulting { - if in == nil { - return nil - } - out := new(FunctionResourcesDefaulting) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FunctionSpec) DeepCopyInto(out *FunctionSpec) { *out = *in @@ -443,21 +343,6 @@ func (in *ResourceRequirements) DeepCopy() *ResourceRequirements { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourcesPreset) DeepCopyInto(out *ResourcesPreset) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcesPreset. -func (in *ResourcesPreset) DeepCopy() *ResourcesPreset { - if in == nil { - return nil - } - out := new(ResourcesPreset) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScaleConfig) DeepCopyInto(out *ScaleConfig) { *out = *in diff --git a/docs/01-overview/api-exposure/README.md b/docs/01-overview/api-exposure/README.md index 23a7b6acc473..9d0fc124165c 100644 --- a/docs/01-overview/api-exposure/README.md +++ b/docs/01-overview/api-exposure/README.md @@ -10,9 +10,8 @@ To make your service accessible outside the Kyma cluster, expose it using Kyma A API Gateway Controller allows you to secure the exposed services using JWT tokens issued by an OpenID Connect-compliant identity provider, or OAuth2 tokens issued by the Kyma OAuth2 server. You can secure the entire service, or secure the selected endpoints. Alternatively, you can leave the service unsecured. ->**CAUTION:** Since Kyma 2.2, Ory stack has been deprecated. For more information, read the blog posts explaining the [new architecture](https://blogs.sap.com/2023/02/10/sap-btp-kyma-runtime-api-gateway-future-architecture-based-on-istio/) and [Ory Hydra migration](https://blogs.sap.com/2023/06/06/sap-btp-kyma-runtime-ory-hydra-oauth2-client-migration/). See the [deprecation note](https://github.com/kyma-project/website/blob/main/content/blog-posts/2022-05-04-release-notes-2.2/index.md#ory-stack-deprecation-note). +>**CAUTION:** Since Kyma 2.2, Ory stack has been deprecated, and Ory Hydra was removed with Kyma 2.19. For more information, read the blog posts explaining the [new architecture](https://blogs.sap.com/2023/02/10/sap-btp-kyma-runtime-api-gateway-future-architecture-based-on-istio/) and [Ory Hydra migration](https://blogs.sap.com/2023/06/06/sap-btp-kyma-runtime-ory-hydra-oauth2-client-migration/). See the [deprecation note](https://github.com/kyma-project/website/blob/main/content/blog-posts/2022-05-04-release-notes-2.2/index.md#ory-stack-deprecation-note). -> **NOTE:** To learn more, read about the [Kyma OAuth2 server](../../04-operation-guides/security/sec-05-customization-operation.md). # API Gateway limitations @@ -53,7 +52,6 @@ If you're interested in learning more about API Exposure in Kyma, follow these l - Troubleshoot API Exposure-related issues when: - You [cannot connect to a service exposed by an APIRule](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md) - - You get the [`401 Unauthorized` or `403 Forbidden`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md) status code when you try to connect to a service exposed by an APIRule - You get the [`404 Not Found`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-03-404-not-found.md) status code when you try to connect to a service exposed by an APIRule - You get the [`500 Internal Server Error`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-04-500-server-error.md) status code when you try to connect to a service exposed by an APIRule - [Connection refused](../../04-operation-guides/troubleshooting/api-exposure/apix-02-dns-mgt/apix-02-01-dns-mgt-connection-refused.md) errors occur when you want to use your custom domain diff --git a/docs/01-overview/api-exposure/apix-01-api-gateway.md b/docs/01-overview/api-exposure/apix-01-api-gateway.md index 6d2b85d39546..dfd65f87c0de 100644 --- a/docs/01-overview/api-exposure/apix-01-api-gateway.md +++ b/docs/01-overview/api-exposure/apix-01-api-gateway.md @@ -6,6 +6,4 @@ To make your service accessible outside the Kyma cluster, expose it using Kyma A API Gateway Controller allows you to secure the exposed services using JWT tokens issued by an OpenID Connect-compliant identity provider, or OAuth2 tokens issued by the Kyma OAuth2 server. You can secure the entire service, or secure the selected endpoints. Alternatively, you can leave the service unsecured. ->**CAUTION:** Since Kyma 2.2, Ory stack has been deprecated. For more information, read the blog posts explaining the [new architecture](https://blogs.sap.com/2023/02/10/sap-btp-kyma-runtime-api-gateway-future-architecture-based-on-istio/) and [Ory Hydra migration](https://blogs.sap.com/2023/06/06/sap-btp-kyma-runtime-ory-hydra-oauth2-client-migration/). See the [deprecation note](https://github.com/kyma-project/website/blob/main/content/blog-posts/2022-05-04-release-notes-2.2/index.md#ory-stack-deprecation-note). - -> **NOTE:** To learn more, read about the [Kyma OAuth2 server](../../04-operation-guides/security/sec-05-customization-operation.md). +>**CAUTION:** Since Kyma 2.2, Ory stack has been deprecated, and Ory Hydra was removed with Kyma 2.19. For more information, read the blog posts explaining the [new architecture](https://blogs.sap.com/2023/02/10/sap-btp-kyma-runtime-api-gateway-future-architecture-based-on-istio/) and [Ory Hydra migration](https://blogs.sap.com/2023/06/06/sap-btp-kyma-runtime-ory-hydra-oauth2-client-migration/). See the [deprecation note](https://github.com/kyma-project/website/blob/main/content/blog-posts/2022-05-04-release-notes-2.2/index.md#ory-stack-deprecation-note). diff --git a/docs/01-overview/api-exposure/apix-02-useful-links.md b/docs/01-overview/api-exposure/apix-02-useful-links.md index 68ec5f0fdadd..c97aca221273 100644 --- a/docs/01-overview/api-exposure/apix-02-useful-links.md +++ b/docs/01-overview/api-exposure/apix-02-useful-links.md @@ -18,7 +18,6 @@ If you're interested in learning more about API Exposure in Kyma, follow these l - Troubleshoot API Exposure-related issues when: - You [cannot connect to a service exposed by an APIRule](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md) - - You get the [`401 Unauthorized` or `403 Forbidden`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md) status code when you try to connect to a service exposed by an APIRule - You get the [`404 Not Found`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-03-404-not-found.md) status code when you try to connect to a service exposed by an APIRule - You get the [`500 Internal Server Error`](../../04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-04-500-server-error.md) status code when you try to connect to a service exposed by an APIRule - [Connection refused](../../04-operation-guides/troubleshooting/api-exposure/apix-02-dns-mgt/apix-02-01-dns-mgt-connection-refused.md) errors occur when you want to use your custom domain diff --git a/docs/03-tutorials/00-api-exposure/apix-03-set-up-tls-gateway.md b/docs/03-tutorials/00-api-exposure/apix-03-set-up-tls-gateway.md index 4f1678e599ca..6319d7808542 100644 --- a/docs/03-tutorials/00-api-exposure/apix-03-set-up-tls-gateway.md +++ b/docs/03-tutorials/00-api-exposure/apix-03-set-up-tls-gateway.md @@ -66,13 +66,6 @@ To create a TLS Gateway in simple mode, run: tls: mode: MUTUAL credentialName: ${TLS_SECRET} - minProtocolVersion: TLSV1_2 - cipherSuites: - - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-SHA - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-SHA hosts: - '*.${DOMAIN_TO_EXPOSE_WORKLOADS}' - port: diff --git a/docs/04-operation-guides/operations/03-change-kyma-config-values.md b/docs/04-operation-guides/operations/03-change-kyma-config-values.md index 7790fb58b3f6..f911bde5dab0 100644 --- a/docs/04-operation-guides/operations/03-change-kyma-config-values.md +++ b/docs/04-operation-guides/operations/03-change-kyma-config-values.md @@ -15,7 +15,6 @@ You can use the `--values-file` and the `--value` flag. In the following example, `{VALUES_FILE_PATH}` is the path to a YAML file containing the desired configuration: - For `global`, the values of `images.istio_pilot.version`, `images.istio_pilot.directory` and `containerRegistry.path` will be overridden to `1.11.4`, `istio` and `docker.io` respectively. - - For `ory`, the values of `hydra.deployment.resources.limits.cpu` and `hydra.deployment.resources.requests.cpu` will be overridden to `153m` and `53m` respectively. - For `monitoring`, the values of `alertmanager.alertmanagerSpec.resources.limits.memory` and `alertmanager.alertmanagerSpec.resources.requests.memory` will be overridden to `304Mi` and `204Mi` respectively. ```yaml @@ -26,14 +25,6 @@ You can use the `--values-file` and the `--value` flag. istio_pilot: version: 1.11.4 directory: "istio" - ory: - hydra: - deployment: - resources: - limits: - cpu: 153m - requests: - cpu: 53m monitoring: alertmanager: alertmanagerSpec: @@ -55,8 +46,7 @@ You can use the `--values-file` and the `--value` flag. - Alternatively, you can specify single values instead of a file: ```bash - kyma deploy --value ory.hydra.deployment.resources.limits.cpu=153m \ - --value ory.hydra.deployment.resources.requests.cpu=53m \ + kyma deploy --value monitoring.alertmanager.alertmanagerSpec.resources.limits.memory=304Mi \ --value monitoring.alertmanager.alertmanagerSpec.resources.requests.memory=204Mi ``` diff --git a/docs/04-operation-guides/security/README.md b/docs/04-operation-guides/security/README.md index e8bf6d056213..097de894efb8 100644 --- a/docs/04-operation-guides/security/README.md +++ b/docs/04-operation-guides/security/README.md @@ -6,7 +6,7 @@ To ensure a stable and secure work environment, the Kyma security component uses - Predefined [Kubernetes RBAC roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to manage the user access to the functionality provided by Kyma - Istio Service Mesh with the global mTLS setup and ingress configuration to ensure secure service-to-service communication -- [ORY Oathkeeper](https://www.ory.sh/oathkeeper/docs/) and [ORY Hydra](https://www.ory.sh/hydra/docs/concepts/oauth2/) used by API Gateway to authorize HTTP requests and provide the OAuth2 server functionality. +- [ORY Oathkeeper](https://www.ory.sh/oathkeeper/docs/) used by API Gateway to authenticate, authorize, and mutate incoming HTTP requests. This is a complete list of security-related guides in Kyma: @@ -14,6 +14,5 @@ This is a complete list of security-related guides in Kyma: * [Authorization in Kyma](sec-02-authorization-in-kyma.md) * [Access Kyma securely](sec-03-access-kyma.md) * [Ingress and Egress traffic](https://kyma-project.io/#/istio/user/02-operation-guides/security/02-10-ingress-egress-traffic) -* [OAuth2 server customization and operations](sec-05-customization-operation.md) * [Access and Expose Grafana](sec-06-access-expose-grafana.md) * [Useful links](sec-07-useful-links.md) diff --git a/docs/04-operation-guides/security/_sidebar.md b/docs/04-operation-guides/security/_sidebar.md index 0f4cb546a66b..6eefea7e2c5b 100644 --- a/docs/04-operation-guides/security/_sidebar.md +++ b/docs/04-operation-guides/security/_sidebar.md @@ -6,6 +6,5 @@ * [Access Kyma securely](sec-03-access-kyma.md) * [Ingress and Egress traffic](/istio/user/02-operation-guides/security/02-10-ingress-egress-traffic.md) - * [OAuth2 server customization and operations](sec-05-customization-operation.md) * [Access and Expose Grafana](sec-06-access-expose-grafana.md) * [Useful links](sec-07-useful-links.md) \ No newline at end of file diff --git a/docs/04-operation-guides/security/assets/security-overview.svg b/docs/04-operation-guides/security/assets/security-overview.svg deleted file mode 100644 index 4f386cfc6e90..000000000000 --- a/docs/04-operation-guides/security/assets/security-overview.svg +++ /dev/null @@ -1,3 +0,0 @@ - - -
Kyma
Kyma
Istio service-mesh
Istio service-mesh
- mTLS
- Ingress/Egress
- mTLS...
ORY
Oathkeeper
Hydra
ORY...
- Oauth2 server
- API Gateway
- Oauth2 server...
Dex
Dex
- Local cluster identity provider
- Optional federated identity provider
- Local cluster id...
K8s RBAC
K8s RBAC
- User permissions
- User permissionsViewer does not support full SVG 1.1 \ No newline at end of file diff --git a/docs/04-operation-guides/security/sec-01-authentication-in-kyma.md b/docs/04-operation-guides/security/sec-01-authentication-in-kyma.md index 10a113ef6224..811bfe8bf208 100644 --- a/docs/04-operation-guides/security/sec-01-authentication-in-kyma.md +++ b/docs/04-operation-guides/security/sec-01-authentication-in-kyma.md @@ -41,4 +41,4 @@ As Kyma is built on top of Istio Service Mesh, service-to-service authentication ## User-to-service authentication -Kyma uses a custom [API Gateway](../../01-overview/api-exposure/apix-01-api-gateway.md) component that is built on top of [ORY Oathkeeper](https://www.ory.sh/oathkeeper/docs/). The API Gateway allows exposing user applications within the Kyma environment and secures them if necessary. You can then access the secured resources using [authentication options](../../05-technical-reference/00-architecture/apix-01-architecture-apigateway.md#request-flow). +Kyma uses a custom [API Gateway](../../01-overview/api-exposure/apix-01-api-gateway.md) component that is built on top of [ORY Oathkeeper](https://www.ory.sh/oathkeeper/docs/). The API Gateway allows exposing user applications within the Kyma environment and secures them if necessary. You can then access the secured resources using authentication options. diff --git a/docs/04-operation-guides/security/sec-02-authorization-in-kyma.md b/docs/04-operation-guides/security/sec-02-authorization-in-kyma.md index 7e974fabd688..bedb5f94d597 100644 --- a/docs/04-operation-guides/security/sec-02-authorization-in-kyma.md +++ b/docs/04-operation-guides/security/sec-02-authorization-in-kyma.md @@ -6,28 +6,8 @@ title: Authorization in Kyma Kyma uses the Kubernetes concept of roles. Assign roles to individual users or user groups to manage access to the cluster. If you want to access the system through Kyma Dashboard or using kubectl, you need a `kubeconfig` file with user context. User permissions are recognized depending on roles that are bound to this user and known from the `kubeconfig` context. -### Cluster-wide authorization - -Roles in Kyma are defined as ClusterRoles and use the Kubernetes mechanism of aggregation, which allows you to combine multiple ClusterRoles into a single ClusterRole. Kyma comes with a set of roles that are aggregated to the main end-user roles. You can use the aggregation mechanism to efficiently manage access to Kubernetes and Kyma-specific resources. - >**NOTE:** Read the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to learn more about the aggregation mechanism used to define Kyma roles. -The predefined end-user roles are: - -| Role | Description | -| --- | --- | -| **kyma-essentials** | The basic role required to allow the user to access Kyma Dashboard of the cluster. This role doesn't give the user rights to modify any resources. **Note that with Kyma 2.0, the kyma-essentials role becomes deprecated.** | -| **kyma-namespace-admin-essentials** | The role that allows the user to access Kyma Dashboard and create Namespaces, built on top of the **kyma-essentials** role. | -| **kyma-view** | The role for listing Kubernetes and Kyma-specific resources. | -| **kyma-edit** | The role for editing Kyma-specific resources. It's [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) by other roles. | -| **kyma-snapshots** | The role for managing VolumeSnapshot CR for backups. | -| **kyma-developer** | The role created for developers who build implementations using Kyma. It allows you to list, edit, and create Kubernetes and Kyma-specific resources. | -| **kyma-namespace-admin** | The role which gives access to a specific Namespace with administrative rights. | - -To learn more about the default roles and how they are constructed, see the [`rbac-roles.yaml`](https://github.com/kyma-project/kyma/blob/master/resources/cluster-users/templates/rbac-roles.yaml) file. - -After creating a Kyma cluster, you become an admin of this instance and the Kubernetes **cluster-admin** role is assigned to you by default. It is the role with the highest permission level which gives access to all Kubernetes and Kyma resources and components with administrative rights. As the **cluster-admin**, you can assign roles to other users. - ### Role binding Assigning roles in Kyma is based on the Kubernetes RBAC concept. You can assign any of the predefined roles to a user or to a group of users in the context of: diff --git a/docs/04-operation-guides/security/sec-05-customization-operation.md b/docs/04-operation-guides/security/sec-05-customization-operation.md deleted file mode 100644 index 8435e173edc4..000000000000 --- a/docs/04-operation-guides/security/sec-05-customization-operation.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: OAuth2 server customization and operations ---- - -## Credentials backup - -The `ory-hydra-credentials` Secret stores all the crucial data required to establish a connection with your database. Nevertheless, it is regenerated every time the ORY chart is upgraded and you may accidentally overwrite your credentials. For this reason, it is recommended to backup the Secret. Run this command to save the contents of the Secret to a file: - -```bash -kubectl get secret -n kyma-system ory-hydra-credentials -o yaml > ory-hydra-credentials-$(date +%Y%m%d).yaml -``` - -## Postgres password update - -If Hydra is installed with the default settings, a Postgres-based database is provided out-of-the-box. If no password was specified, one is generated and set for the Hydra user. This behavior may not always be desired, so in some cases you may want to modify this password. - -In order to set a custom password, provide the `.Values.global.postgresql.postgresqlPassword` override during installation. - -In order to update the password for an existing installation, provide the `.Values.global.postgresql.postgresqlPassword` override and perform the update procedure. However, this only changes the environmental setting for the database and does not modify the internal database data. In order to update the password in the database, please refer to the [Postgres documentation](https://www.postgresql.org/docs/11/sql-alteruser.html). diff --git a/docs/04-operation-guides/security/sec-07-useful-links.md b/docs/04-operation-guides/security/sec-07-useful-links.md index ecb8cf27b479..a52ccd849bad 100644 --- a/docs/04-operation-guides/security/sec-07-useful-links.md +++ b/docs/04-operation-guides/security/sec-07-useful-links.md @@ -10,9 +10,6 @@ If you're interested in learning more about Security in Kyma, follow these links - Troubleshoot Security-related issues when: - [Issues with certificates on Gardener](../troubleshooting/security/sec-01-certificates-gardener.md) come up -- Analyze configuration details for: - - [Cluster Users chart](../../05-technical-reference/00-configuration-parameters/sec-01-cluster-users.md) - - Secure workload with mTLS - [mTLS Gateway](../../03-tutorials/00-api-exposure/apix-03-set-up-tls-gateway.md) - [Expose and secure workload with certificates](../../03-tutorials/00-api-exposure/apix-05-expose-and-secure-a-workload/apix-05-05-expose-and-secure-workload-with-certificate.md) diff --git a/docs/04-operation-guides/troubleshooting/README.md b/docs/04-operation-guides/troubleshooting/README.md index d1bb3c2f9a30..80d61bacd72c 100644 --- a/docs/04-operation-guides/troubleshooting/README.md +++ b/docs/04-operation-guides/troubleshooting/README.md @@ -22,7 +22,6 @@ See the full list of Kyma troubleshooting guides: - Cannot connect to a service exposed by an APIRule - [Basic diagnostics](./api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md) - - [401 Unauthorized or 403 Forbidden](./api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md) - [404 Not Found](./api-exposure/apix-01-cannot-connect-to-service/apix-01-03-404-not-found.md) - [500 Internal Server Error](./api-exposure/apix-01-cannot-connect-to-service/apix-01-04-500-server-error.md) - External DNS management diff --git a/docs/04-operation-guides/troubleshooting/api-exposure/_sidebar.md b/docs/04-operation-guides/troubleshooting/api-exposure/_sidebar.md index 75ad18779759..e6034bf56cb4 100644 --- a/docs/04-operation-guides/troubleshooting/api-exposure/_sidebar.md +++ b/docs/04-operation-guides/troubleshooting/api-exposure/_sidebar.md @@ -5,7 +5,6 @@ * [API Exposure](/04-operation-guides/troubleshooting/api-exposure/README.md) * Cannot connect to a service exposed by an APIRule * [Basic diagnostics](/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md) - * [401 Unauthorized or 403 Forbidden](/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md) * [404 Not Found](/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-03-404-not-found.md) * [500 Internal Server Error](/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-04-500-server-error.md) * External DNS management diff --git a/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md b/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md index 1d2d63c97a1d..b96b772096be 100644 --- a/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md +++ b/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-01-apigateway-connect-api-rule.md @@ -8,8 +8,7 @@ API Gateway is a Kubernetes controller, which operates on APIRule custom resourc kubectl describe apirules.gateway.kyma-project.io -n {NAMESPACE} {APIRULE_NAME} ``` -If the status is `Error`, edit the APIRule and fix the issues described in the **.Status.APIRuleStatus.desc** field. If you still encounter issues, make sure that API Gateway, Hydra, and Oathkeeper are running, or take a look at one of the more specific troubleshooting guides: +If the status is `Error`, edit the APIRule and fix the issues described in the **.Status.APIRuleStatus.desc** field. If you still encounter issues, make sure that API Gateway and Oathkeeper are running, or take a look at one of the more specific troubleshooting guides: -- [Cannot connect to a service exposed by an APIRule - `401 Unauthorized` or `403 Forbidden`](./apix-01-02-401-unauthorized-403-forbidden.md) - [Cannot connect to a service exposed by an APIRule - `404 Not Found`](./apix-01-03-404-not-found.md) - [Cannot connect to a service exposed by an APIRule - `500 Internal Server Error`](./apix-01-04-500-server-error.md) \ No newline at end of file diff --git a/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md b/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md deleted file mode 100644 index 1df755c8a5f7..000000000000 --- a/docs/04-operation-guides/troubleshooting/api-exposure/apix-01-cannot-connect-to-service/apix-01-02-401-unauthorized-403-forbidden.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: 401 Unauthorized or 403 Forbidden ---- - -## Symptom - -When you try to reach your service, you get `401 Unauthorized` or `403 Forbidden` in response. - -## Remedy - -Make sure that the following conditions are met: - -- You are using an access token with proper scopes, and it is active: - - 1. Export the credentials of your OAuth2Client as environment variables: - - > **NOTE:** Export the **CLIENT_NAMESPACE** and **CLIENT_NAME** variables before you proceed with step 1. - - ```bash - export CLIENT_ID="$(kubectl get secret -n $CLIENT_NAMESPACE $CLIENT_NAME -o jsonpath='{.data.client_id}' | base64 --decode)" - export CLIENT_SECRET="$(kubectl get secret -n $CLIENT_NAMESPACE $CLIENT_NAME -o jsonpath='{.data.client_secret}' | base64 --decode)" - ``` - - 2. Encode your client credentials and export them as an environment variable: - - ```bash - export ENCODED_CREDENTIALS=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64) - ``` - - 3. Check the access token status: - - ```bash - curl -X POST "https://oauth2.{CLUSTER_DOMAIN}/oauth2/introspect" -H "Authorization: Basic $ENCODED_CREDENTIALS" -F "token={ACCESS_TOKEN}" - ``` - - 4. Generate a [new access token](../../../../03-tutorials/00-api-exposure/apix-05-expose-and-secure-a-workload/apix-05-01-expose-and-secure-workload-oauth2.md) if needed. - -- Your client from the OAuth2Client resource is registered properly in Hydra OAuth2 and the OpenID Connect server. You need to call the Hydra administrative endpoint `/client` from inside of the cluster. Follow these steps: - - 1. Fetch the Client ID from the Secret specified in the OAuth2Client resource: - - ```bash - kubectl get secrets {SECRET_NAME} -n {SECRET_NAMESPACE} -o jsonpath='{ .data.client_id }' | base64 --decode - ``` - - 2. Create a simple curl Pod: - - ```bash - cat < * [Technical Reference](/05-technical-reference/README.md) * [Architecture](/05-technical-reference/00-architecture/README.md) - * [API Gateway Architecture](/05-technical-reference/00-architecture/apix-01-architecture-apigateway.md) * [Application Connector components](/05-technical-reference/00-architecture/ac-01-application-connector-components.md) * [Application Gateway](/05-technical-reference/00-architecture/ac-03-application-gateway.md) * [Runtime Agent Architecture](/05-technical-reference/00-architecture/ra-01-runtime-agent-workflow.md) diff --git a/docs/05-technical-reference/00-architecture/apix-01-architecture-apigateway.md b/docs/05-technical-reference/00-architecture/apix-01-architecture-apigateway.md deleted file mode 100644 index 7fa4a29eb34e..000000000000 --- a/docs/05-technical-reference/00-architecture/apix-01-architecture-apigateway.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: API Gateway Architecture ---- - -This diagram illustrates the workflow that leads to exposing a service in Kyma: - -![service-exposure-flow](./assets/apix-api-gateway-flow.svg) - -- **API Gateway Controller** is a component responsible for exposing services. API Gateway Controller is an application deployed in the `kyma-system` Namespace, implemented according to the [Kubernetes Controller](https://book.kubebuilder.io/) principles. API Gateway Controller listens for newly created custom resources (CR) that follow the set `apirule.gateway.kyma-project.io` CustomResourceDefinition (CRD), which describes the details of exposing services in Kyma. - -- **Istio VirtualService** specifies the services visible outside the cluster. API Gateway Controller creates a VirtualService for the hostname defined in the `apirule.gateway.kyma-project.io` CRD. The convention is to create a hostname using the name of the service as the subdomain, and the domain of the Kyma cluster. To learn more about the Istio VirtualService concept, read this [Istio documentation](https://istio.io/latest/docs/reference/config/networking/virtual-service/). -To get the list of VirtualServices in Kyma, run: - - ```shell - kubectl get virtualservices.networking.istio.io --all-namespaces - ``` - -- **Oathkeeper Access Rule** allows operators to specify authentication requirements for a service. It is an optional resource, created only when the CR specifies the desired authentication method, the trusted token issuer, allowed methods and paths, and required scopes. To learn more, read about [ORY Oathkeeper Access Rules](https://www.ory.sh/oathkeeper/docs/api-access-rules). - - To get the list of Oathkeeper Access Rules created in Kyma, run: - - ```shell - kubectl get rules.oathkeeper.ory.sh --all-namespaces - ``` - -## Request flow - -This diagram illustrates the request flow for three cases: - - Accessing secured resources with an OAuth2 token - - Accessing secured resources with a JWT token - - Accessing unsecured resources without a token - -![request-flow](./assets/apix-api-gateway-request-flow.svg) - -### Accessing secured resources with an OAuth2 token - -The developer sends a request to access a secured resource with an OAuth2 access token issued for a registered client. The request is proxied by the Oathkeeper proxy. The proxy identifies the token as an OAuth2 access token and sends it to the registered Token Introspection endpoint in the Hydra OAuth2 server. The OAuth2 server validates the token and returns the outcome of the validation to Oathkeeper. If the validation is successful, Oathkeeper checks the token against the Access Rules that exist for the resource and authorizes the request. Upon successful authorization, the request is forwarded to the resource. - -### Accessing secured resources with a JWT token - -The developer sends a request to access a secured resource with a JWT token. The request is proxied by the Oathkeeper proxy. The proxy identifies the token as a JWT token and fetches the public keys required for token validation from the registered OpenID Connect-compliant identity provider. Oathkeeper uses these keys to validate the token. If the validation is successful, Oathkeeper checks the token against the Access Rules that exist for the resource and authorizes the request. Upon successful authorization, the request is forwarded to the resource. - -### Accessing unsecured resources without a token - -The developer sends a request to access a resource without a token. The request is proxied by the Oathkeeper proxy. The proxy checks if there are Access Rules created for the resource, and verifies if it can be accessed without a token. If the resource can be accessed without a token, the request is forwarded to the resource. diff --git a/docs/05-technical-reference/00-configuration-parameters/_sidebar.md b/docs/05-technical-reference/00-configuration-parameters/_sidebar.md index c2ccf25674e0..29f1adb7849f 100644 --- a/docs/05-technical-reference/00-configuration-parameters/_sidebar.md +++ b/docs/05-technical-reference/00-configuration-parameters/_sidebar.md @@ -7,6 +7,5 @@ * [ORY chart](/05-technical-reference/00-configuration-parameters/apix-02-ory-chart.md) * [Observability charts](/05-technical-reference/00-configuration-parameters/obsv-01-configpara-observability.md) * [Connection with Compass](/05-technical-reference/00-configuration-parameters/ra-01-connection-with-compass.md) - * [Cluster Users chart](/05-technical-reference/00-configuration-parameters/sec-01-cluster-users.md) * [Istio](/istio/user/03-technical-reference/configuration-parameters/01-10-istio-controller-parameters.md) \ No newline at end of file diff --git a/docs/05-technical-reference/00-configuration-parameters/apix-01-ory-limitations.md b/docs/05-technical-reference/00-configuration-parameters/apix-01-ory-limitations.md index e0a6f92cebea..351fcb0e475d 100644 --- a/docs/05-technical-reference/00-configuration-parameters/apix-01-ory-limitations.md +++ b/docs/05-technical-reference/00-configuration-parameters/apix-01-ory-limitations.md @@ -8,10 +8,6 @@ By default, the Ory components' resources have the following configuration: | Component | | CPU | Memory | |--------------------|----------|------|--------| -| Hydra | Limits | 500m | 1Gi | -| Hydra | Requests | 250m | 256Mi | -| Hydra maester | Limits | 400m | 1Gi | -| Hydra maester | Requests | 10m | 256Mi | | Oathkeeper | Limits | 500m | 512Mi | | Oathkeeper | Requests | 100m | 64Mi | | Oathkeeper Maester | Limits | 400m | 1Gi | @@ -25,6 +21,5 @@ The default configuration in terms of autoscaling of Ory components is as follow |--------------------|--------------------|--------------------| | Oathkeeper | 3 | 10 | | Oathkeeper Maester | Same as Oathkeeper | Same as Oathkeeper | -| Hydra | 2 | 5 | Oathkeeper Maester is set up as a separate container in the same Pod as Oathkeeper. Because of that, their autoscaling configuration is similar. diff --git a/docs/05-technical-reference/00-configuration-parameters/apix-02-ory-chart.md b/docs/05-technical-reference/00-configuration-parameters/apix-02-ory-chart.md index 9d2e6ff94eaa..9735de2e8876 100644 --- a/docs/05-technical-reference/00-configuration-parameters/apix-02-ory-chart.md +++ b/docs/05-technical-reference/00-configuration-parameters/apix-02-ory-chart.md @@ -12,20 +12,9 @@ This table lists the configurable parameters, their descriptions, and default va | Parameter | Description | Default value | |-------|-------|:--------:| -| **global.postgresql.postgresqlDatabase** | Specifies the name of the database saved in Hydra. | `db4hydra` | -| **global.postgresql.postgresqlUsername** | Specifies the username of the database saved in Hydra. | `hydra` | -| **global.istio.gateway.name** | Specifies the name of the Istio Gateway used in Hydra. | `kyma-gateway` | -| **global.istio.gateway.namespace** | Specifies the Namespace of the Istio Gateway used in Hydra. | `kyma-system` | | **global.ory.oathkeeper.maester.mode** | Specifies the mode in which ORY Oathkeeper Maester is expected to be deployed. | `sidecar` | -| **global.ory.hydra.persistence.enabled** | Sets persistence for Hydra. | `true`| -| **global.ory.hydra.persistence.postgresql.enabled** | Defines whether Hydra should initiate the deployment of an in-cluster database. Set to `false` to use a self-provided database. If set to `true`, Hydra always uses an in-cluster database and ignores the custom database details. | `true` | | **hpa.oathkeeper.minReplicas** | Defines the initial number of created Oathkeeper instances. | `1` | | **hpa.oathkeeper.maxReplicas** | Defines the maximum number of created Oathkeeper instances. | `3` | -| **hydra.deployment.resources.limits.cpu** | Defines limits for CPU resources. | `500m` | -| **hydra.deployment.resources.limits.memory** | Defines limits for memory resources. | `256Mi` | -| **hydra.deployment.resources.requests.cpu** | Defines requests for CPU resources. | `100m` | -| **hydra.deployment.resources.requests.memory** | Defines requests for memory resources. | `128Mi` | -| **hydra.hydra.existingSecret** | Specifies the name of an existing Kubernetes Secret containing credentials required for Hydra. A default Secret with random values is generated if this value is not provided. | `"ory-hydra-credentials"` | | **oathkeeper.deployment.resources.limits.cpu** | Defines limits for CPU resources. | `100m` | | **oathkeeper.deployment.resources.limits.memory** | Defines limits for memory resources.| `128Mi` | | **oathkeeper.deployment.resources.requests.cpu** | Defines requests for CPU resources. | `50m` | @@ -34,12 +23,6 @@ This table lists the configurable parameters, their descriptions, and default va | **oathkeeper.oathkeeper-maester.deployment.resources.limits.memory** | Defines limits for memory resources. | `50Mi` | | **oathkeeper.oathkeeper-maester.deployment.resources.requests.cpu** | Defines requests for CPU resources. | `50m` | | **oathkeeper.oathkeeper-maester.deployment.resources.requests.memory** | Defines requests for memory resources. | `20Mi` | -| **postgresql.resources.requests.memory** | Defines requests for memory resources. | `256Mi` | -| **postgresql.resources.requests.cpu** | Defines requests for CPU resources. | `250m` | -| **postgresql.resources.limits.memory** | Defines limits for memory resources.| `1024Mi` | -| **postgresql.resources.limits.cpu** | Defines limits for CPU resources. | `750m` | -| **postgresql.existingSecret** | Specifies the name of an existing secret to use for PostgreSQL passwords. | `"ory-hydra-credentials"` | -| **gcloud-sqlproxy.existingSecret** | Specifies the name of the Secret in the same Namespace as the proxy, that stores the database password. | `ory-hydra-credentials` | | **gcloud-sqlproxy.existingSecretKey** | Specifies the name of the key in the Secret that contains the [GCP service account JSON key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys). | `gcp-sa.json` | -> **TIP:** See the original [ORY](https://github.com/ory/k8s/tree/master/helm/charts), [ORY Oathkeeper](http://k8s.ory.sh/helm/oathkeeper.html), [PostgreSQL](https://github.com/helm/charts/tree/master/stable/postgresql), and [GCP SQL Proxy](https://github.com/rimusz/charts/tree/master/stable/gcloud-sqlproxy) helm charts for more configuration options. +> **TIP:** See the original [ORY](https://github.com/ory/k8s/tree/master/helm/charts) and [ORY Oathkeeper](http://k8s.ory.sh/helm/oathkeeper.html) helm charts for more configuration options. diff --git a/docs/05-technical-reference/00-configuration-parameters/sec-01-cluster-users.md b/docs/05-technical-reference/00-configuration-parameters/sec-01-cluster-users.md deleted file mode 100644 index 9c5874f7a18a..000000000000 --- a/docs/05-technical-reference/00-configuration-parameters/sec-01-cluster-users.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Cluster Users chart ---- - -To configure the Cluster Users chart, override the default values of its [`values.yaml`](https://github.com/kyma-project/kyma/blob/main/resources/cluster-users/values.yaml) file. This document describes parameters that you can configure. - ->**TIP:** See how to [change Kyma settings](../../04-operation-guides/operations/03-change-kyma-config-values.md). - -## Configurable parameters - -This table lists the configurable parameters, their descriptions, and default values: - -| Parameter | Description | Default value | -|-----------|-------------|---------------| -| **bindings.kymaEssentials.groups** | Specifies the array of groups used in ClusterRoleBinding to the **kyma-essentials** ClusterRole. | `[]` | -| **bindings.kymaView.groups** | Specifies the array of groups used in ClusterRoleBinding to the **kyma-view** ClusterRole. | `[]` | -| **bindings.kymaEdit.groups** | Specifies the array of groups used in ClusterRoleBinding to the **kyma-edit** ClusterRole. | `[]` | -| **bindings.kymaAdmin.groups** | Specifies the array of groups used in ClusterRoleBinding to the **kyma-admin** ClusterRole. | `[]` | -| **bindings.kymaDeveloper.groups** | Specifies the array of groups used in ClusterRoleBinding to the **kyma-developer** ClusterRole. | `[]` | -| **users.administrators** | Specifies the array of names used in ClusterRoleBinding to the **kyma-admin** ClusterRole. | `["admin@kyma.cx"]` | -| **users.adminGroup** | Specifies the name of the group used in ClusterRoleBinding to the **kyma-admin** ClusterRole. | `""` | diff --git a/docs/05-technical-reference/ac-01-application-gateway-details.md b/docs/05-technical-reference/ac-01-application-gateway-details.md index 327818e2a00f..fc76b5599091 100644 --- a/docs/05-technical-reference/ac-01-application-gateway-details.md +++ b/docs/05-technical-reference/ac-01-application-gateway-details.md @@ -52,4 +52,6 @@ In such a case, the `Location` header is modified so that the original target pa The modified `Location` header has the following format: `{APP_GATEWAY_URL}:{APP_GATEWAY_PORT}/{APP_NAME}/{SERVICE_NAME}/{SUB-PATH}`. This functionality makes the HTTP clients that originally called Application Gateway follow redirects through the Gateway, and not to the service directly. -This allows for passing authorization, custom headers, URL parameters, and the body without an issue. \ No newline at end of file +This allows for passing authorization, custom headers, URL parameters, and the body without an issue. + +Application Gateway also rewrites all the `5xx` status codes to a `502`. In such a case, the `Target-System-Status` header contains the original code returned by the target. diff --git a/installation/resources/components.yaml b/installation/resources/components.yaml index 4f2e46e84bc3..fbdef5cf7624 100644 --- a/installation/resources/components.yaml +++ b/installation/resources/components.yaml @@ -6,7 +6,6 @@ prerequisites: - name: "certificates" namespace: "istio-system" components: - - name: "telemetry" - name: "monitoring" - name: "eventing" - name: "ory" diff --git a/installation/resources/crds/api-gateway/apirules.gateway.crd.yaml b/installation/resources/crds/api-gateway/apirules.gateway.crd.yaml index 3913d3226eb4..823d1293986c 100644 --- a/installation/resources/crds/api-gateway/apirules.gateway.crd.yaml +++ b/installation/resources/crds/api-gateway/apirules.gateway.crd.yaml @@ -14,205 +14,8 @@ spec: plural: apirules singular: apirule scope: Namespaced - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: kyma-system - name: api-gateway-webhook-service - path: /convert - conversionReviewVersions: - - v1beta1 - - v1alpha1 preserveUnknownFields: false versions: - - deprecated: true - deprecationWarning: Since Kyma 2.5.X, APIRule in version v1alpha1 has been deprecated. - Consider using v1beta1. - name: v1alpha1 - schema: - openAPIV3Schema: - description: APIRule is the Schema for ApiRule APIs. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Defines the desired state of ApiRule. - properties: - gateway: - description: Specifies the Istio Gateway to be used. - pattern: ^[0-9a-z-_]+(\/[0-9a-z-_]+|(\.[0-9a-z-_]+)*)$ - type: string - rules: - description: Represents the array of Oathkeeper access rules to be - applied. - items: - properties: - accessStrategies: - description: Specifies the list of access strategies. All strategies - listed in [Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn) - are supported. - items: - description: Represents a handler that authenticates provided - credentials. See the corresponding type in the oathkeeper-maester - project. - properties: - config: - description: Configures the handler. Configuration keys - vary per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - jwks_urls: - description: Specifies the array of URLs from which Ory Oathkeeper can retrieve JSON Web Keys for validating JSON Web Token. - The value must begin with either `http://`, `https://`, or `file://`. - type: array - items: - type: string - pattern: ^(http://|https://|file://).*$ - trusted_issuers: - description: If the **trusted_issuers** field is set, the JWT must contain a value for the claim `iss` - that matches exactly (case-sensitive) one of the values of **trusted_issuers**. - The value must begin with either `http://`, `https://`, or `file://`. - type: array - items: - type: string - pattern: ^(http://|https://|file://).*$ - handler: - description: Specifies the name of the handler. - type: string - required: - - handler - type: object - minItems: 1 - type: array - methods: - description: Represents the list of allowed HTTP request methods - available for the **spec.rules.path**. - items: - type: string - minItems: 1 - type: array - mutators: - description: Specifies the list of [Ory Oathkeeper mutators](https://www.ory.sh/docs/oathkeeper/pipeline/mutator). - items: - description: Mutator represents a handler that transforms - the HTTP request before forwarding it. See the corresponding - in the oathkeeper-maester project. - properties: - config: - description: Configures the handler. Configuration keys - vary per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Specifies the name of the handler. - type: string - required: - - handler - type: object - type: array - path: - description: Specifies the path of the exposed service. - pattern: ^([0-9a-zA-Z./*()?!\\_-]+) - type: string - required: - - accessStrategies - - methods - - path - type: object - minItems: 1 - type: array - service: - description: Describes the service to expose. - properties: - external: - description: Specifies if the service is internal (in cluster) or - external. - type: boolean - host: - description: Specifies the URL of the exposed service. - maxLength: 256 - minLength: 3 - pattern: ^([a-zA-Z0-9][a-zA-Z0-9-_]*\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9]+$ - type: string - name: - description: Specifies the name of the exposed service. - type: string - port: - description: Specifies the communication port of the exposed service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - host - - name - - port - type: object - required: - - gateway - - rules - - service - type: object - status: - description: Describes the observed state of ApiRule. - properties: - APIRuleStatus: - description: Describes the status of APIRule. - properties: - code: - description: Status code describing APIRule. - type: string - desc: - description: Explains the status of APIRule. - type: string - type: object - accessRuleStatus: - description: Describes the status of ORY Oathkeeper Rule. - properties: - code: - description: Status code describing ORY Oathkeeper Rule. - type: string - desc: - description: Explains the status of ORY Oathkeeper Rule. - type: string - type: object - lastProcessedTime: - description: Indicates the timestamp when the API Gateway controller last processed APIRule. - format: date-time - type: string - observedGeneration: - description: Specifies the generation of the resource that was observed by the API Gateway controller. - format: int64 - type: integer - virtualServiceStatus: - description: Describes the status of Istio VirtualService. - properties: - code: - description: Status code describing Istio VirtualService. - type: string - desc: - description: Explains the status of Istio VirtualService. - type: string - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.APIRuleStatus.code name: Status diff --git a/installation/resources/crds/telemetry/logparsers.crd.yaml b/installation/resources/crds/telemetry/logparsers.crd.yaml deleted file mode 100644 index 3fe86ac61354..000000000000 --- a/installation/resources/crds/telemetry/logparsers.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: logparsers.telemetry.kyma-project.io -spec: - group: telemetry.kyma-project.io - names: - kind: LogParser - listKind: LogParserList - plural: logparsers - singular: logparser - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[-1].type - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: LogParser is the Schema for the logparsers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Defines the desired state of LogParser. - properties: - parser: - description: '[Fluent Bit Parsers](https://docs.fluentbit.io/manual/pipeline/parsers). - The parser specified here has no effect until it is referenced by - a [Pod annotation](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#kubernetes-annotations) - on your workload or by a [Parser Filter](https://docs.fluentbit.io/manual/pipeline/filters/parser) - defined in a pipeline''s filters section.' - type: string - type: object - status: - description: Shows the observed state of the LogParser. - properties: - conditions: - description: An array of conditions describing the status of the parser. - items: - properties: - lastTransitionTime: - description: An array of conditions describing the status of - the parser. - format: date-time - type: string - reason: - description: An array of conditions describing the status of - the parser. - type: string - type: - description: 'The possible transition types are:
- `Running`: - The parser is ready and usable.
- `Pending`: The parser - is being activated.' - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/installation/resources/crds/telemetry/logpipelines.crd.yaml b/installation/resources/crds/telemetry/logpipelines.crd.yaml deleted file mode 100644 index 2bd0bedd7583..000000000000 --- a/installation/resources/crds/telemetry/logpipelines.crd.yaml +++ /dev/null @@ -1,351 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: logpipelines.telemetry.kyma-project.io -spec: - group: telemetry.kyma-project.io - names: - kind: LogPipeline - listKind: LogPipelineList - plural: logpipelines - singular: logpipeline - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[-1].type - name: Status - type: string - - jsonPath: .status.unsupportedMode - name: Unsupported-Mode - type: boolean - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: LogPipeline is the Schema for the logpipelines API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Defines the desired state of LogPipeline - properties: - files: - items: - description: Provides file content to be consumed by a LogPipeline - configuration - properties: - content: - type: string - name: - type: string - type: object - type: array - filters: - items: - description: Describes a filtering option on the logs of the pipeline. - properties: - custom: - description: 'Custom filter definition in the Fluent Bit syntax. - Note: If you use a `custom` filter, you put the LogPipeline - in unsupported mode.' - type: string - type: object - type: array - input: - description: Defines where to collect logs, including selector mechanisms. - properties: - application: - description: Configures in more detail from which containers application - logs are enabled as input. - properties: - containers: - description: Describes whether application logs from specific - containers are selected. The options are mutually exclusive. - properties: - exclude: - description: Specifies to exclude only the container logs - with the specified container names. - items: - type: string - type: array - include: - description: Specifies to include only the container logs - with the specified container names. - items: - type: string - type: array - type: object - dropLabels: - description: Defines whether to drop all Kubernetes labels. - The default is `false`. - type: boolean - keepAnnotations: - description: Defines whether to keep all Kubernetes annotations. - The default is `false`. - type: boolean - namespaces: - description: Describes whether application logs from specific - Namespaces are selected. The options are mutually exclusive. - System Namespaces are excluded by default from the collection. - properties: - exclude: - description: Exclude the container logs of the specified - Namespace names. - items: - type: string - type: array - include: - description: Include only the container logs of the specified - Namespace names. - items: - type: string - type: array - system: - description: Set to `true` if collecting from all Namespaces - must also include the system Namespaces like kube-system, - istio-system, and kyma-system. - type: boolean - type: object - type: object - type: object - output: - description: '[Fluent Bit output](https://docs.fluentbit.io/manual/pipeline/outputs) - where you want to push the logs. Only one output can be specified.' - properties: - custom: - description: 'Defines a custom output in the Fluent Bit syntax. - Note: If you use a `custom` output, you put the LogPipeline - in unsupported mode.' - type: string - grafana-loki: - description: Configures an output to the Kyma-internal Loki instance. - [Fluent Bit grafana-loki output](https://grafana.com/docs/loki/v2.2.x/clients/fluentbit/). - **Note:** This output is considered legacy and is only provided - for backward compatibility with the [deprecated](https://github.com/kyma-project/website/blob/main/content/blog-posts/2022-11-02-loki-deprecation/index.md) - in-cluster Loki instance. It might not be compatible with the - latest Loki versions. For integration with a custom Loki installation - use the `custom` output with the name `loki` instead, see also - [Installing a custom Loki stack in Kyma](https://github.com/kyma-project/examples/tree/main/loki). - properties: - labels: - additionalProperties: - type: string - description: Labels to set for each log record. - type: object - removeKeys: - description: Attributes to be removed from a log record. - items: - type: string - type: array - url: - description: Grafana Loki URL. - properties: - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, as - well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - type: object - http: - description: Configures an HTTP-based output compatible with the - Fluent Bit HTTP output plugin. - properties: - compress: - description: Defines the compression algorithm to use. - type: string - dedot: - description: Enables de-dotting of Kubernetes labels and annotations - for compatibility with ElasticSearch based backends. Dots - (.) will be replaced by underscores (_). Default is `false`. - type: boolean - format: - description: Data format to be used in the HTTP request body. - Default is `json`. - type: string - host: - description: Defines the host of the HTTP receiver. - properties: - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, as - well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - password: - description: Defines the basic auth password. - properties: - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, as - well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - port: - description: Defines the port of the HTTP receiver. Default - is 443. - type: string - tls: - description: Configures TLS for the HTTP target server. - properties: - disabled: - description: Indicates if TLS is disabled or enabled. - Default is `false`. - type: boolean - skipCertificateValidation: - description: If `true`, the validation of certificates - is skipped. Default is `false`. - type: boolean - type: object - uri: - description: Defines the URI of the HTTP receiver. Default - is "/". - type: string - user: - description: Defines the basic auth user. - properties: - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, as - well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - type: object - type: object - variables: - description: A list of mappings from Kubernetes Secret keys to environment - variables. Mapped keys are mounted as environment variables, so - that they are available as [Variables](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/variables) - in the sections. - items: - description: References a Kubernetes secret that should be provided - as environment variable to Fluent Bit - properties: - name: - description: Name of the variable to map. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must provide - `name` and `namespace` of the Secret, as well as the name - of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - type: array - type: object - status: - description: Shows the observed state of the LogPipeline - properties: - conditions: - description: An array of conditions describing the status of the pipeline. - items: - description: LogPipelineCondition contains details for the current - condition of this LogPipeline - properties: - lastTransitionTime: - description: An array of conditions describing the status of - the pipeline. - format: date-time - type: string - reason: - description: An array of conditions describing the status of - the pipeline. - type: string - type: - description: 'The possible transition types are:
- `Running`: - The instance is ready and usable.
- `Pending`: The pipeline - is being activated.' - type: string - type: object - type: array - unsupportedMode: - description: Is active when the LogPipeline uses a `custom` output - or filter; see [unsupported mode](https://kyma-project.io/#/telemetry-manager/user/02-logs?id=unsupported-mode). - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/installation/resources/crds/telemetry/tracepipelines.crd.yaml b/installation/resources/crds/telemetry/tracepipelines.crd.yaml deleted file mode 100644 index 387b0e133f33..000000000000 --- a/installation/resources/crds/telemetry/tracepipelines.crd.yaml +++ /dev/null @@ -1,305 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: tracepipelines.telemetry.kyma-project.io -spec: - group: telemetry.kyma-project.io - names: - kind: TracePipeline - listKind: TracePipelineList - plural: tracepipelines - singular: tracepipeline - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[-1].type - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TracePipeline is the Schema for the tracepipelines API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Defines the desired state of TracePipeline - properties: - output: - description: Defines a destination for shipping trace data. Only one - can be defined per pipeline. - properties: - otlp: - description: Configures the underlying Otel Collector with an - [OTLP exporter](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/otlpexporter/README.md). - If you switch `protocol`to `http`, an [OTLP HTTP exporter](https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter/otlphttpexporter) - is used. - properties: - authentication: - description: Defines authentication options for the OTLP output - properties: - basic: - description: Activates `Basic` authentication for the - destination providing relevant Secrets. - properties: - password: - description: Contains the basic auth password or a - Secret reference. - properties: - value: - description: Value that can contain references - to Secret values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. - You must provide `name` and `namespace` - of the Secret, as well as the name of the - `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - user: - description: Contains the basic auth username or a - Secret reference. - properties: - value: - description: Value that can contain references - to Secret values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. - You must provide `name` and `namespace` - of the Secret, as well as the name of the - `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - required: - - password - - user - type: object - type: object - endpoint: - description: Defines the host and port (:) of - an OTLP endpoint. - properties: - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, as - well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - headers: - description: Defines custom headers to be added to outgoing - HTTP or GRPC requests. - items: - properties: - name: - description: Defines the header name. - type: string - value: - description: Value that can contain references to Secret - values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You must - provide `name` and `namespace` of the Secret, - as well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - required: - - name - type: object - type: array - protocol: - default: grpc - description: Defines the OTLP protocol (http or grpc). Default - is GRPC. - enum: - - grpc - - http - minLength: 1 - type: string - tls: - description: Defines TLS options for the OTLP output. - properties: - ca: - description: Defines an optional CA certificate for server - certificate verification when using TLS. The certificate - needs to be provided in PEM format. - properties: - value: - description: Value that can contain references to - Secret values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You - must provide `name` and `namespace` of the Secret, - as well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - cert: - description: Defines a client certificate to use when - using TLS. The certificate needs to be provided in PEM - format. - properties: - value: - description: Value that can contain references to - Secret values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You - must provide `name` and `namespace` of the Secret, - as well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - insecure: - description: Defines whether to send requests using plaintext - instead of TLS. - type: boolean - insecureSkipVerify: - description: Defines whether to skip server certificate - verification when using TLS. - type: boolean - key: - description: Defines the client key to use when using - TLS. The key needs to be provided in PEM format. - properties: - value: - description: Value that can contain references to - Secret values. - type: string - valueFrom: - properties: - secretKeyRef: - description: Refers to a key in a Secret. You - must provide `name` and `namespace` of the Secret, - as well as the name of the `key`. - properties: - key: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - type: object - type: object - required: - - endpoint - type: object - required: - - otlp - type: object - required: - - output - type: object - status: - description: Shows the observed state of the TracePipeline - properties: - conditions: - items: - description: An array of conditions describing the status of the - pipeline. - properties: - lastTransitionTime: - description: An array of conditions describing the status of - the pipeline. - format: date-time - type: string - reason: - description: An array of conditions describing the status of - the pipeline. - type: string - type: - description: 'The possible transition types are:
- `Running`: - The instance is ready and usable.
- `Pending`: The pipeline - is being activated.' - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/resources/api-gateway/Chart.yaml b/resources/api-gateway/Chart.yaml index 80a8a2773599..981148d96f44 100644 --- a/resources/api-gateway/Chart.yaml +++ b/resources/api-gateway/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 description: Kyma component 'api-gateway' name: api-gateway -version: 1.8.0 +version: 1.9.0 home: https://kyma-project.io icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/api-gateway/files/api-gateway-tests.sh b/resources/api-gateway/files/api-gateway-tests.sh deleted file mode 100644 index 287e55720c2f..000000000000 --- a/resources/api-gateway/files/api-gateway-tests.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -sleep 10 - -./app.test -exit_code=$? - -curl -XPOST http://127.0.0.1:15020/quitquitquit -sleep 5 - -exit $exit_code diff --git a/resources/api-gateway/templates/deployment.yaml b/resources/api-gateway/templates/deployment.yaml index 5327cb1eb13b..892600fbe882 100644 --- a/resources/api-gateway/templates/deployment.yaml +++ b/resources/api-gateway/templates/deployment.yaml @@ -21,19 +21,10 @@ spec: kyma-project.io/component: controller {{ include "api-gateway.labels" . | indent 8 }} spec: - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: {{ include "api-gateway.fullname" . }}-webhook-server-cert containers: - name: {{ .Chart.Name }} image: "{{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.api_gateway_controller) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true command: - /manager args: diff --git a/resources/api-gateway/templates/rbac.yaml b/resources/api-gateway/templates/rbac.yaml index 41fcb9d0438e..793e8006e907 100644 --- a/resources/api-gateway/templates/rbac.yaml +++ b/resources/api-gateway/templates/rbac.yaml @@ -5,12 +5,6 @@ metadata: name: {{ include "api-gateway.name" . }}-account namespace: {{ .Release.Namespace }} --- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "api-gateway.name" . }}-certificates-account - namespace: {{ .Release.Namespace }} ---- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -44,25 +38,6 @@ rules: resources: ["configmaps"] verbs: ["create", "get", "patch", "list", "watch", "update"] --- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "api-gateway.name" . }}-certificates-role -rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "patch", "list", "watch", "update"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "api-gateway.name" . }}-certificates-secrets-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "patch", "list", "watch", "update"] ---- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -74,31 +49,4 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "api-gateway.name" . }}-role ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "api-gateway.name" . }}-certificates-role-binding -subjects: - - kind: ServiceAccount - name: {{ include "api-gateway.name" . }}-certificates-account # Service account assigned to the controller pod. - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "api-gateway.name" . }}-certificates-role ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "api-gateway.name" . }}-certificates-secrets-role-binding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ include "api-gateway.name" . }}-certificates-account - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "api-gateway.name" . }}-certificates-secrets-role \ No newline at end of file + name: {{ include "api-gateway.name" . }}-role \ No newline at end of file diff --git a/resources/api-gateway/templates/webhook-certificates.yaml b/resources/api-gateway/templates/webhook-certificates.yaml deleted file mode 100644 index 00056439fbe3..000000000000 --- a/resources/api-gateway/templates/webhook-certificates.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "api-gateway.fullname" . }}-init - labels: - app: {{ include "api-gateway.name" . }}-init -spec: - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - spec: - securityContext: - runAsUser: 65534 - runAsGroup: 65534 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - restartPolicy: Never - containers: - - name: init-certificates - image: "{{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.api_gateway_webhook_certificates) }}" - imagePullPolicy: IfNotPresent - env: - - name: CRD_NAME - value: {{ .Values.webhook.crdName }} - - name: SERVICE_NAME - value: {{ include "api-gateway.fullname" . }}-webhook-service - - name: SECRET_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAME - value: {{ include "api-gateway.fullname" . }}-webhook-server-cert - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - serviceAccountName: {{ include "api-gateway.name" . }}-certificates-account ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "api-gateway.fullname" . }}-certifates-cronjob - labels: - app: {{ include "api-gateway.name" . }}-certifates-cronjob -spec: - # Run cronjob two times per week on Sunday and on Thursday - schedule: "0 0 * * 0,4" - jobTemplate: - spec: - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - spec: - restartPolicy: Never - containers: - - name: init-certificates - image: "{{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.api_gateway_webhook_certificates) }}" - imagePullPolicy: IfNotPresent - env: - - name: CRD_NAME - value: {{ .Values.webhook.crdName }} - - name: SERVICE_NAME - value: {{ include "api-gateway.fullname" . }}-webhook-service - - name: SECRET_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAME - value: {{ include "api-gateway.fullname" . }}-webhook-server-cert - serviceAccountName: {{ include "api-gateway.name" . }}-certificates-account diff --git a/resources/api-gateway/templates/webhook-service.yaml b/resources/api-gateway/templates/webhook-service.yaml deleted file mode 100644 index 8d0653370994..000000000000 --- a/resources/api-gateway/templates/webhook-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "api-gateway.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 443 - name: https-convert - protocol: TCP - targetPort: 9443 - selector: -{{ include "api-gateway.labels" . | indent 4 }} diff --git a/resources/api-gateway/values.yaml b/resources/api-gateway/values.yaml index 1da4008924c7..8c35d09d42ed 100644 --- a/resources/api-gateway/values.yaml +++ b/resources/api-gateway/values.yaml @@ -104,9 +104,6 @@ tests: runAsNonRoot: true runAsGroup: 65534 -webhook: - crdName: "apirules.gateway.kyma-project.io" - global: domainName: kyma.example.com containerRegistry: @@ -114,9 +111,5 @@ global: images: api_gateway_controller: name: "api-gateway-controller" - version: "1.8.0" - directory: "prod" - api_gateway_webhook_certificates: - name: "api-gateway-webhook-certificates" - version: "1.8.0" + version: "1.9.0" directory: "prod" diff --git a/resources/application-connector/values.yaml b/resources/application-connector/values.yaml index 379ba5233d75..9385d18dfc4b 100644 --- a/resources/application-connector/values.yaml +++ b/resources/application-connector/values.yaml @@ -31,12 +31,12 @@ global: images: central_application_connectivity_validator: name: "central-application-connectivity-validator" - version: "v20230818-dad1db65" + version: "v20230922-56ec8afc" directory: "prod" central_application_gateway: name: "central-application-gateway" - version: "PR-18016" - directory: "dev" + version: "v20230922-56ec8afc" + directory: "prod" busybox: name: "busybox" version: "1.34.1-v1" diff --git a/resources/cluster-essentials/README.md b/resources/cluster-essentials/README.md deleted file mode 100644 index 0d7254cb9c48..000000000000 --- a/resources/cluster-essentials/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Cluster Essentials - -## Overview - -The `cluster-essentials` folder contains a chart with essential resources for the installation of all components in Kyma. -The `files` subfolder contains CustomResourceDefinitions (CRDs) of Kyma components. diff --git a/resources/cluster-users/README.md b/resources/cluster-users/README.md deleted file mode 100644 index fe2e03d72f73..000000000000 --- a/resources/cluster-users/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Cluster Users - -The `cluster-users` chart uses Role-Based Access Control (RBAC) to define roles and access permissions in Kyma. diff --git a/resources/compass-runtime-agent/values.yaml b/resources/compass-runtime-agent/values.yaml index 8a9015000479..180abed1b041 100644 --- a/resources/compass-runtime-agent/values.yaml +++ b/resources/compass-runtime-agent/values.yaml @@ -5,7 +5,7 @@ global: images: compass_runtime_agent: name: "compass-runtime-agent" - version: "v20230804-8c6b9d6f" + version: "v20230922-56ec8afc" directory: "prod" istio: gateway: diff --git a/resources/eventing/charts/controller/templates/oauth2-client.yaml b/resources/eventing/charts/controller/templates/oauth2-client.yaml index 6e1eeb87b08a..adcb433dd044 100644 --- a/resources/eventing/charts/controller/templates/oauth2-client.yaml +++ b/resources/eventing/charts/controller/templates/oauth2-client.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.eventingWebhookAuth.enabled}} # Used by controller for BEB backend apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client @@ -11,3 +12,4 @@ spec: metadata: null scope: read write beb uaa.resource secretName: {{ include "controller.fullname" . }}{{ .Values.bebSecret.nameSuffix }} +{{ end }} diff --git a/resources/eventing/values.yaml b/resources/eventing/values.yaml index 779b2033a8e1..832ce2f9fbfb 100644 --- a/resources/eventing/values.yaml +++ b/resources/eventing/values.yaml @@ -5,13 +5,13 @@ global: images: eventing_controller: name: eventing-controller - version: PR-18183 - directory: dev + version: v20230915-13242b5f + directory: prod pullPolicy: "IfNotPresent" publisher_proxy: name: event-publisher-proxy - version: PR-18100 - directory: dev + version: v20230908-cec11ad9 + directory: prod certHandler: name: eventing-webhook-certificates version: 1.7.0 diff --git a/resources/istio-resources/README.md b/resources/istio-resources/README.md deleted file mode 100644 index b66a4e449c42..000000000000 --- a/resources/istio-resources/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# Istio Resources - -## Overview - -[Istio](https://istio.io/) is an open-source service mesh providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies, and aggregate telemetry data. - -The Istio Resources Helm chart includes Kyma configuration of Istio and consists of: - -- Istio monitoring configuration details providing Grafana dashboards specification -- Istio Ingress Gateway configuring incoming traffic to Kyma -- Mutual TLS (mTLS) configuration enabling mTLS cluster-wide in the STRICT mode -- Istio [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/) informing whether Istio is up and running - -## Prerequisites - -Installation of Istio Resources chart requires Kyma prerequisties, namely [`cluster essentials`](../cluster-essentials),[`istio`](../istio), and [`certificates`](../certificates), to be installed first. - -## Installation - -To install Istio Resources, run: - -```bash -kyma deploy --component istio-resources -``` - -For more details regarding the installation of Istio itself in Kyma, see the [Istio chart](../istio/README.md). diff --git a/resources/serverless/charts/webhook/values.yaml b/resources/serverless/charts/webhook/values.yaml index ecb7067c1f69..e36380f6532c 100644 --- a/resources/serverless/charts/webhook/values.yaml +++ b/resources/serverless/charts/webhook/values.yaml @@ -107,71 +107,9 @@ values: resources: minRequestCpu: "10m" minRequestMemory: "16Mi" - defaultPreset: "L" - presets: |- - { - "XS": { - "requestCpu": "50m", - "requestMemory": "64Mi", - "limitCpu": "100m", - "limitMemory": "128Mi" - }, - "S": { - "requestCpu": "100m", - "requestMemory": "128Mi", - "limitCpu": "200m", - "limitMemory": "256Mi" - }, - "M": { - "requestCpu": "200m", - "requestMemory": "256Mi", - "limitCpu": "400m", - "limitMemory": "512Mi" - }, - "L": { - "requestCpu": "400m", - "requestMemory": "512Mi", - "limitCpu": "800m", - "limitMemory": "1024Mi" - }, - "XL": { - "requestCpu": "800m", - "requestMemory": "1024Mi", - "limitCpu": "1600m", - "limitMemory": "2048Mi" - } - } - runtimePresets: "{}" buildJob: resources: minRequestCpu: "200m" minRequestMemory: "200Mi" - defaultPreset: "fast" - presets: |- - { - "local-dev": { - "requestCpu": "200m", - "requestMemory": "200Mi", - "limitCpu": "400m", - "limitMemory": "400Mi" - }, - "slow": { - "requestCpu": "200m", - "requestMemory": "200Mi", - "limitCpu": "700m", - "limitMemory": "700Mi" - }, - "normal": { - "requestCpu": "700m", - "requestMemory": "700Mi", - "limitCpu": "1100m", - "limitMemory": "1100Mi" - }, - "fast": { - "requestCpu": "1100m", - "requestMemory": "1100Mi", - "limitCpu": "1700m", - "limitMemory": "1100Mi" - } - } + diff --git a/resources/serverless/templates/busola-serverless-extension.yaml b/resources/serverless/templates/busola-serverless-extension.yaml index 910c5db1892a..0d2082b799cf 100644 --- a/resources/serverless/templates/busola-serverless-extension.yaml +++ b/resources/serverless/templates/busola-serverless-extension.yaml @@ -471,7 +471,7 @@ data: code.replicas: Replicas of the Function code.source: Source code.dependencies: Dependencies - code.gitRepository.url: Url + code.gitRepository.url: URL code.gitRepository.reference: Reference code.gitRepository.baseDir: Base Directory code.gitRepository.auth: Auth diff --git a/resources/serverless/values.yaml b/resources/serverless/values.yaml index 70591748c6c3..13bf66c95465 100644 --- a/resources/serverless/values.yaml +++ b/resources/serverless/values.yaml @@ -82,15 +82,15 @@ global: directory: "prod" function_controller: name: "function-controller" - version: "PR-18202" + version: "PR-18164" directory: "dev" function_webhook: name: "function-webhook" - version: "PR-18202" + version: "PR-18164" directory: "dev" function_build_init: name: "function-build-init" - version: "PR-18202" + version: "PR-18164" directory: "dev" function_registry_gc: name: "function-registry-gc" diff --git a/resources/telemetry/.helmignore b/resources/telemetry/.helmignore deleted file mode 100644 index 0e8a0eb36f4c..000000000000 --- a/resources/telemetry/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/resources/telemetry/Chart.yaml b/resources/telemetry/Chart.yaml deleted file mode 100644 index 5dc439c9f7aa..000000000000 --- a/resources/telemetry/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: telemetry -description: Kyma component 'telemetry' -version: 0.2.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/telemetry/charts/operator/.helmignore b/resources/telemetry/charts/operator/.helmignore deleted file mode 100644 index 0e8a0eb36f4c..000000000000 --- a/resources/telemetry/charts/operator/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/resources/telemetry/charts/operator/Chart.yaml b/resources/telemetry/charts/operator/Chart.yaml deleted file mode 100644 index 6e695ce11953..000000000000 --- a/resources/telemetry/charts/operator/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: operator -description: A Helm chart for 'telemetry-operator' -version: 0.2.0 diff --git a/resources/telemetry/charts/operator/dashboards/fluent-bit.json b/resources/telemetry/charts/operator/dashboards/fluent-bit.json deleted file mode 100644 index 3fe7ac0ec3ce..000000000000 --- a/resources/telemetry/charts/operator/dashboards/fluent-bit.json +++ /dev/null @@ -1,1626 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "7.2.1" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "stat", - "name": "Stat", - "version": "" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "${DS_PROMETHEUS}", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Inspired by https://grafana.com/grafana/dashboards/7752", - "editable": true, - "gnetId": 7752, - "graphTooltip": 1, - "id": null, - "iteration": 1612355253484, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 45, - "panels": [], - "title": "Cluster Status", - "type": "row" - }, - { - "cacheTimeout": null, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "#d44a3a", - "value": null - }, - { - "color": "#299c46", - "value": 0 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 19, - "x": 0, - "y": 1 - }, - "id": 6, - "interval": null, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "", - "targets": [ - { - "expr": "sum(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"})", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Active Fluent-bit", - "refId": "A" - }, - { - "expr": "sum(kube_node_status_condition{condition=\"Ready\",status=\"true\"})", - "interval": "", - "legendFormat": "Ready Nodes", - "refId": "B" - }, - { - "expr": "sum(kube_node_status_condition{condition!=\"Ready\",status=\"true\"})", - "interval": "", - "legendFormat": "Non-Ready Nodes", - "refId": "C" - } - ], - "transparent": true, - "type": "stat" - }, - { - "cacheTimeout": null, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "displayName": "Unsupported Mode", - "mappings": [ - { - "from": "1", - "id": 1, - "text": "1", - "to": "10", - "type": 2 - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 19, - "y": 1 - }, - "id": 58, - "interval": null, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "", - "targets": [ - { - "exemplar": true, - "expr": "telemetry_unsupported_logpipelines{service=\"telemetry-operator-metrics\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A" - } - ], - "transparent": true, - "type": "stat" - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 4 - }, - "id": 43, - "panels": [], - "title": "FluentBit metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 5, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_input_bytes_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Input Bytes Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 5, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_output_proc_bytes_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Output Bytes Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 5, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 11 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_input_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Input Records Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 5, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 11 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_output_proc_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Output Record Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 17 - }, - "hiddenSeries": false, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_output_retries_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}} Retries to {{"{{"}} name {{"}}"}}", - "refId": "A" - }, - { - "expr": "sum(rate(fluentbit_output_retries_failed_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}} Failed Retries to {{"{{"}} name {{"}}"}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Output Retry/Failed Rates", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 17 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_output_errors_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Output Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "errors/sec", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 23 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_filter_drop_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} / {{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filter Drop", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:832", - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:833", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 23 - }, - "hiddenSeries": false, - "id": 48, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(fluentbit_filter_add_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", - "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} / {{"{{"}} name {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filter Add", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "unit": "decbytes" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "telemetry_fsbuffer_usage_bytes{pod=~\"$pod\"}", - "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} - {{"{{"}} directory {{"}}"}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filesystem Buffer Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:106", - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:107", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 31 - }, - "hiddenSeries": false, - "id": 57, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "increase(fluentbit_input_files_opened_total{pod=~\"$pod\"}[1m])", - "interval": "", - "legendFormat": "Opened Files - {{"{{"}} pod {{"}}"}}", - "refId": "A" - }, - { - "exemplar": true, - "expr": "increase(fluentbit_input_files_closed_total{pod=~\"$pod\"}[1m])", - "hide": false, - "interval": "", - "legendFormat": "Closed Files - {{"{{"}} pod {{"}}"}}", - "refId": "B" - }, - { - "exemplar": true, - "expr": "increase(fluentbit_input_files_rotated_total{pod=~\"$pod\"}[1m])", - "hide": false, - "interval": "", - "legendFormat": "Rotated Files - {{"{{"}} pod {{"}}"}}", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Open/Closed/Rotated Files", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:106", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:107", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 53, - "panels": [], - "title": "Kubernetes metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 51, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:272", - "alias": "/.* request/", - "color": "#F2CC0C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "container_memory_working_set_bytes{pod=~\"$pod\", image!=\"\", container!=\"POD\", container!=\"\"}\n", - "interval": "", - "legendFormat": "{{"{{"}} container {{"}}"}} - {{"{{"}} pod {{"}}"}}", - "refId": "A" - }, - { - "exemplar": true, - "expr": "sum(kube_pod_container_resource_limits{pod=~\"$pod\", resource=\"memory\"}) by (pod)", - "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} limits", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:281", - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:282", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 50, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:736", - "alias": "/.* request/", - "color": "#F2CC0C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{pod=~\"$pod\",container!=\"POD\",container!=\"\"}) by (container, pod)", - "interval": "", - "legendFormat": "{{"{{"}} container {{"}}"}} - {{"{{"}} pod {{"}}"}}", - "refId": "A" - }, - { - "exemplar": true, - "expr": "sum(kube_pod_container_resource_limits{pod=~\"$pod\", resource=\"cpu\"}) by (pod)", - "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} limits", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:745", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:746", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 27, - "style": "dark", - "tags": ["kyma", "telemetry"], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "Prometheus" - }, - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$DS_PROMETHEUS", - "definition": "label_values(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"}, pod)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "pod", - "multi": false, - "name": "pod", - "options": [], - "query": "label_values(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"}, pod)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Kyma / Telemetry / Fluent Bit", - "uid": "{{ include "fluent-bit.fullname" . }}", - "version": 2 - } diff --git a/resources/telemetry/charts/operator/templates/_helpers.tpl b/resources/telemetry/charts/operator/templates/_helpers.tpl deleted file mode 100644 index cf70aa11acf8..000000000000 --- a/resources/telemetry/charts/operator/templates/_helpers.tpl +++ /dev/null @@ -1,122 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "fullname" -}} -{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "operator.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "operator.labels" -}} -helm.sh/chart: {{ include "operator.chart" . }} -{{ include "operator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "operator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "operator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -kyma-project.io/component: controller -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "operator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "operator.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - - -{{/* -Create fluentbit full name -*/}} -{{- define "fluent-bit.fullname" -}} -{{- if .Values.fluentbit.fullnameOverride -}} -{{- .Values.fluentbit.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Fluent-bit labels -*/}} -{{- define "fluent-bit.labels" -}} -helm.sh/chart: {{ include "fluent-bit.chart" . }} -{{ include "fluent-bit.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Fluent-bit service account name -*/}} -{{- define "fluent-bit.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "fluent-bit.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Fluent-bit selector labels -*/}} -{{- define "fluent-bit.selectorLabels" -}} -app.kubernetes.io/name: {{ printf "fluent-bit"}} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Fluent-bit chart name -*/}} -{{- define "fluent-bit.chart" -}} -{{- printf "fluent-bit-1.9.5" | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/configmap-opentelemetry-dashboard.yaml b/resources/telemetry/charts/operator/templates/configmap-opentelemetry-dashboard.yaml deleted file mode 100644 index ecb9bd501642..000000000000 --- a/resources/telemetry/charts/operator/templates/configmap-opentelemetry-dashboard.yaml +++ /dev/null @@ -1,795 +0,0 @@ -{{- if .Values.controllers.tracing.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: telemetry-otel-collector-grafana-dashboard - labels: - grafana_dashboard: "1" -data: - opentelemetry-dashboard.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "Provides information about the status of the OpenTelemetry Collector", - "editable": true, - "gnetId": 12553, - "graphTooltip": 0, - "iteration": 1671613496016, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 23, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "refId": "A" - } - ], - "title": "Receivers / Processors", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Rate of spans successfully accepted vs refused per second", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 28, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_receiver_accepted_spans{receiver=~\"$receiver\"}[1m])) by (receiver)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{receiver}}`}} spans accepted / sec", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_receiver_refused_spans{receiver=~\"$receiver\"}[1m])) by (receiver)", - "interval": "", - "legendFormat": "{{`{{ receiver }}`}} spans refused /sec", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Spans Accepted vs Refused /Second", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_processor_received_spans{processor=~\"$processor\"}[1m])) by (processor)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{processor}}`}} | received", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_processor_dropped_spans{processor=~\"$processor\"}[1m])) by (processor)", - "interval": "", - "legendFormat": "{{`{{processor}}`}} | dropped", - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_processor_accepted_spans{processor=~\"$processor\"}[1m])) by (processor)", - "interval": "", - "legendFormat": "{{`{{processor}}`}} | accepted", - "refId": "C" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_processor_refused_spans{processor=~\"$processor\"}[1m])) by (processor)", - "interval": "", - "legendFormat": "{{`{{processor}}`}} | refused", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processor Spans Received, Dropped, Accepted, Refused/Second", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 25, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "refId": "A" - } - ], - "title": "Exporters", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Rate of spans successfully exported vs Failed per second", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "hiddenSeries": false, - "id": 30, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_exporter_sent_spans{exporter=~\"$exporter\"}[1m])) by (exporter)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{exporter}}`}} sent / sec", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "expr": "sum(rate(otelcol_exporter_send_failed_spans{exporter=~\"$exporter\"}[1m])) by (exporter)", - "interval": "", - "legendFormat": "{{`{{ exporter }}`}} failed /sec", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Spans Exported vs Failed / Second", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "exemplar": true, - "expr": "max(otelcol_exporter_queue_capacity)", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Queue Capacity", - "refId": "A" - }, - { - "exemplar": true, - "expr": "max(otelcol_exporter_queue_size)", - "hide": false, - "interval": "", - "legendFormat": "Queue Size", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Queued Retry Max Queue / Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "exemplar": true, - "expr": "sum(rate(otelcol_exporter_sent_spans{exporter=~\"$exporter\"}[1m])) by (exporter)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{exporter}}`}} sent spans", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "webstore-metrics" - }, - "exemplar": true, - "expr": "sum(rate(otelcol_exporter_send_failed_spans{exporter=~\"$exporter\"}[1m])) by (exporter)", - "interval": "", - "legendFormat": "{{`{{exporter}}`}} failed spans", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "QueuedRetry Successful vs Failed Sent/Second", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "refresh": "10s", - "schemaVersion": 27, - "style": "dark", - "tags": [ - "kyma", - "telemetry" - ], - "templating": { - "list": [ - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": null, - "definition": "label_values(receiver)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "receiver", - "multi": true, - "name": "receiver", - "options": [], - "query": { - "query": "label_values(receiver)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": null, - "definition": "label_values(exporter)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "exporter", - "multi": true, - "name": "exporter", - "options": [], - "query": { - "query": "label_values(exporter)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": null, - "definition": "label_values(processor)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "processor", - "multi": true, - "name": "processor", - "options": [], - "query": { - "query": "label_values(processor)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Kyma / Telemetry / Trace Collector", - "uid": "Dzc-UHcVz", - "version": 6 - } -{{- end }} \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/deployment.yaml b/resources/telemetry/charts/operator/templates/deployment.yaml deleted file mode 100644 index 157c0ed5b6b4..000000000000 --- a/resources/telemetry/charts/operator/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "operator.fullname" . }} - labels: - {{- include "operator.labels" . | nindent 4 }} - {{- toYaml .Values.extraLabels | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "operator.selectorLabels" . | nindent 6 }} - {{- toYaml .Values.extraLabels | nindent 6 }} - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - {{- include "operator.selectorLabels" . | nindent 8 }} - {{- toYaml .Values.extraLabels | nindent 8 }} - spec: - serviceAccountName: {{ include "operator.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - command: - - /manager - args: - - --cert-dir=/tmp - - --manager-namespace=$(MY_POD_NAMESPACE) - - --fluent-bit-filesystem-buffer-limit={{ .Values.filesystemBufferLimit }} - - --fluent-bit-cpu-limit={{ .Values.fluentbit.resources.limits.cpu }} - - --fluent-bit-memory-limit={{ .Values.fluentbit.resources.limits.memory }} - - --fluent-bit-cpu-request={{ .Values.fluentbit.resources.requests.cpu }} - - --fluent-bit-memory-request={{ .Values.fluentbit.resources.requests.memory }} - - --fluent-bit-denied-filter-plugins={{ join "," .Values.deniedPlugins.filter}} - - --fluent-bit-denied-output-plugins={{ join "," .Values.deniedPlugins.output}} - - --fluent-bit-max-pipelines={{.Values.maxLogPipelines}} - - --fluent-bit-image={{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.fluent_bit) }} - - --fluent-bit-exporter-image={{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.directory_size_exporter) }} - - --validating-webhook-enabled={{ .Values.webhook.enabled }} - - --enable-telemetry-manager-module=false -{{- if .Values.highPriorityClassName }} - - --fluent-bit-priority-class-name={{ .Values.highPriorityClassName }} -{{- end }} -{{- if not .Values.controllers.logging.enabled }} - - --enable-logging=false -{{- end }} -{{- if not .Values.controllers.tracing.enabled }} - - --enable-tracing=false -{{- else }} - - --enable-tracing=true - - --trace-collector-image={{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.telemetry_otel_collector) }} -{{- if .Values.priorityClassName }} - - --trace-collector-priority-class={{ .Values.priorityClassName }} -{{- end }} -{{- end }} -{{- if not .Values.controllers.metrics.enabled }} - - --enable-metrics=false -{{- else }} -{{- if .Values.priorityClassName }} - - --metric-gateway-priority-class={{ .Values.priorityClassName }} -{{- end }} -{{- end }} - name: manager - ports: - - containerPort: 9443 - protocol: TCP - name: webook - - containerPort: 8081 - protocol: TCP - name: health - - containerPort: 8080 - protocol: TCP - name: metrics - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.telemetry_operator) }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - env: - - name: APP_LOG_LEVEL - value: {{ .Values.global.log.level | quote }} - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace diff --git a/resources/telemetry/charts/operator/templates/fluent-bit/configmap-dashboards.yaml b/resources/telemetry/charts/operator/templates/fluent-bit/configmap-dashboards.yaml deleted file mode 100644 index 5e5cf6dba3f9..000000000000 --- a/resources/telemetry/charts/operator/templates/fluent-bit/configmap-dashboards.yaml +++ /dev/null @@ -1,23 +0,0 @@ - -{{- if .Values.fluentbit.dashboards.enabled -}} -{{- range $path, $_ := .Files.Glob "dashboards/*.json" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }} - {{- with $.Values.fluentbit.dashboards.namespace }} - namespace: {{ . }} - {{- end }} - {{- with $.Values.fluentbit.dashboards.annotations }} - annotations: - {{- toYaml . | nindent 4 -}} - {{- end }} - labels: - {{- include "fluent-bit.labels" $ | nindent 4 }} - {{ $.Values.fluentbit.dashboards.labelKey }}: "1" -data: - {{ base $path }}: | - {{- tpl ($.Files.Get $path) $ | nindent 4 }} ---- -{{- end }} -{{- end -}} diff --git a/resources/telemetry/charts/operator/templates/leader-election-role-binding.yaml b/resources/telemetry/charts/operator/templates/leader-election-role-binding.yaml deleted file mode 100644 index db47bf96053f..000000000000 --- a/resources/telemetry/charts/operator/templates/leader-election-role-binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "operator.fullname" . }}-leader-election-rolebinding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "operator.fullname" . }}-leader-election-role -subjects: -- kind: ServiceAccount - name: {{ include "operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/resources/telemetry/charts/operator/templates/leader-election-role.yaml b/resources/telemetry/charts/operator/templates/leader-election-role.yaml deleted file mode 100644 index 2ac55e46e9ad..000000000000 --- a/resources/telemetry/charts/operator/templates/leader-election-role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "operator.fullname" . }}-leader-election-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/logparser_busola_extension_cm.yaml b/resources/telemetry/charts/operator/templates/logparser_busola_extension_cm.yaml deleted file mode 100644 index b388894f6081..000000000000 --- a/resources/telemetry/charts/operator/templates/logparser_busola_extension_cm.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: telemetry-logparsers - busola.io/extension: resource - busola.io/extension-version: "0.5" - name: telemetry-logparsers - namespace: kyma-system -data: - details: |- - header: - - source: status.conditions[-1].type - name: Status - widget: Badge - body: - - source: spec.parser - widget: CodeViewer - language: "'plaintext'" - form: |- - - widget: CodeEditor - path: spec.parser - simple: true - language: "'plaintext'" - general: |- - resource: - kind: LogParser - group: telemetry.kyma-project.io - version: v1alpha1 - name: Log Parsers - category: Observability - urlPath: logparsers - scope: cluster - description: >- - {{"{{[LogParser](https://kyma-project.io/#/telemetry-manager/user/resources/03-logparser)}}"}} configures a custom Log Parser. - list: |- - - source: status.conditions[-1].type - name: Status - widget: Badge diff --git a/resources/telemetry/charts/operator/templates/logpipeline_busola_extension_cm.yaml b/resources/telemetry/charts/operator/templates/logpipeline_busola_extension_cm.yaml deleted file mode 100644 index 66c3c44c22e4..000000000000 --- a/resources/telemetry/charts/operator/templates/logpipeline_busola_extension_cm.yaml +++ /dev/null @@ -1,320 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: telemetry-logpipelines - busola.io/extension: resource - busola.io/extension-version: "0.5" - name: telemetry-logpipelines - namespace: kyma-system -data: - details: |- - header: - - source: >- - $each(spec.output, function($v, $k) {$v.url.value or - $v.url.valueFrom.secretKeyRef.name or $v.host.value or - $v.host.valueFrom.secretKeyRef.name ? $k}) - placeholder: custom - type: string - name: Type - isSelected: true - widget: Text - - name: Unsupported-Mode - source: status.unsupportedMode - widget: Badge - highlights: - positive: - - 'false' - negative: - - 'true' - - source: status.conditions[-1].type - name: Status - widget: Badge - body: - - widget: Panel - name: Applications - children: - - widget: Panel - name: Namespaces - children: - - name: Include - widget: JoinedArray - source: spec.input.application.namespaces.include - separator: ', ' - - name: Exclude - widget: JoinedArray - source: spec.input.application.namespaces.exclude - separator: ', ' - - name: System Namespaces - source: spec.input.application.namespaces.system - - widget: Panel - name: Containers - children: - - name: Include - widget: JoinedArray - source: spec.input.application.containers.include - separator: ', ' - - name: Exclude - widget: JoinedArray - source: spec.input.application.containers.exclude - separator: ', ' - - widget: Panel - name: Other Settings - children: - - name: Keep Annotations - source: spec.input.application.keepAnnotations - - name: Drop Labels - source: spec.input.application.dropLabels - - widget: Panel - name: Output - children: - - name: Custom - widget: CodeViewer - language: '''plaintext''' - source: spec.output.custom - visibility: $exists(spec.output.custom) - - name: Grafana-Loki - widget: Panel - visibility: $not($exists(spec.output.custom) or $exists(spec.output.http)) - children: - - name: URL - source: spec.output.`grafana-loki`.url.value - - name: Labels - widget: Labels - source: spec.output.`grafana-loki`.labels - - name: Remove keys - widget: JoinedArray - separator: ',' - source: spec.output.`grafana-loki`.removeKeys - - name: HTTP - widget: Panel - visibility: $exists(spec.output.http) - children: - - name: Host - widget: Panel - children: - - name: Value - source: spec.output.http.host.value - visibility: $exists(spec.output.http.host.value) - - name: Value From Secret - widget: ResourceRefs - source: spec.output.http.host.valueFrom.secretKeyRef - kind: Secret - visibility: $exists(spec.output.http.host.valueFrom.secretKeyRef.name) - - name: User - widget: Panel - children: - - name: Value - source: spec.output.http.user.value - visibility: $exists(spec.output.http.user.value) - - name: Value From Secret - widget: ResourceRefs - source: spec.output.http.user.valueFrom.secretKeyRef - kind: Secret - visibility: $exists(spec.output.http.user.valueFrom.secretKeyRef.name) - - name: Password - widget: Panel - children: - - name: Value - source: spec.output.http.password.value - visibility: $exists(spec.output.http.password.value) - - name: Value From Secret - widget: ResourceRefs - source: spec.output.http.password.valueFrom.secretKeyRef - kind: Secret - visibility: $exists(spec.output.http.password.valueFrom.secretKeyRef.name) - - name: TLS Settings - widget: Panel - children: - - name: Disabled - source: spec.output.http.tls.disabled - placeholder: 'false' - - name: Skip certificate validation - source: spec.output.http.tls.skipCertificateValidation - placeholder: 'false' - - name: Other Settings - widget: Panel - children: - - name: Compression - source: spec.output.http.compress - - name: De-dot - source: spec.output.http.dedot - placeholder: 'false' - - name: Format - source: spec.output.http.format - placeholder: json - - name: Port - source: spec.output.http.port - placeholder: '443' - - name: URI - source: spec.output.http.uri - form: | - - path: spec.input - widget: FormGroup - defaultExpanded: true - simple: true - children: - - name: Include Namespaces - widget: SimpleList - path: application.namespaces.include - defaultExpanded: true - inputInfo: Include container logs from selected namespaces - children: - - path: '[]' - widget: Resource - resource: - scope: cluster - kind: Namespace - version: v1 - - name: Exclude Namespaces - widget: SimpleList - path: application.namespaces.exclude - children: - - path: '[]' - widget: Resource - resource: - scope: cluster - kind: Namespace - version: v1 - - name: Include System Namespaces - path: application.namespaces.system - - name: Include Containers - widget: SimpleList - path: application.containers.include - - name: Exclude Containers - widget: SimpleList - path: application.containers.exclude - - name: Keep Annotations - path: application.keepAnnotations - - name: Drop Labels - path: application.dropLabels - - name: Filters - widget: SimpleList - path: spec.filters - children: - - widget: FormGroup - path: '[]' - children: - - widget: CodeEditor - path: custom - - path: spec.output - widget: FormGroup - defaultExpanded: true - simple: true - children: - - name: Custom - path: custom - widget: CodeEditor - advanced: true - inputInfo: >- - Note: If you use a custom output, you put the LogPipeline in unsupported - mode - (https://kyma-project.io/#/telemetry-manager/user/02-logs?id=unsupported-mode) - - name: HTTP - path: http - widget: FormGroup - defaultExpanded: true - simple: true - children: - - name: Host - path: host - widget: FormGroup - children: - - name: Value - path: value - widget: Text - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - resource: - kind: secret - version: v1 - children: - - path: key - enum: $keys($secret.data) - - name: User - path: user - widget: FormGroup - children: - - name: Value - path: value - widget: Text - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - resource: - kind: secret - version: v1 - children: - - path: key - enum: $keys($secret.data) - - name: Password - path: password - widget: FormGroup - children: - - name: Value - path: value - widget: Text - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - resource: - kind: secret - version: v1 - children: - - path: key - enum: $keys($secret.data) - - name: TLS - widget: FormGroup - path: tls - children: - - name: Disabled - path: disabled - - name: Skip Certificate Validation - path: skipCertificateValidation - - name: URI - path: uri - widget: Text - - name: Port - path: port - widget: Text - - name: Compress - path: compress - widget: Text - - name: Format - path: format - widget: Text - - name: Dedot - path: dedot - general: |- - resource: - kind: LogPipeline - group: telemetry.kyma-project.io - version: v1alpha1 - name: Log Pipelines - category: Observability - urlPath: logpipelines - scope: cluster - description: >- - {{"{{[LogPipeline](https://kyma-project.io/#/telemetry-manager/user/resources/02-logpipeline)}}"}} configures log selection, filters, and outputs. - list: |- - - source: >- - $each(spec.output, function($v, $k) {$v.url.value or - $v.url.valueFrom.secretKeyRef.name or $v.host.value or - $v.host.valueFrom.secretKeyRef.name ? $k}) - placeholder: custom - type: string - name: Type - isSelected: true - widget: Text - - name: Unsupported-Mode - source: status.unsupportedMode - widget: Badge - highlights: - positive: - - 'false' - negative: - - 'true' - - source: status.conditions[-1].type - name: Status - widget: Badge diff --git a/resources/telemetry/charts/operator/templates/networkpolicy.yaml b/resources/telemetry/charts/operator/templates/networkpolicy.yaml deleted file mode 100644 index 47ad5752592b..000000000000 --- a/resources/telemetry/charts/operator/templates/networkpolicy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: telemetry-operator-pprof-deny-ingress -spec: - podSelector: - matchLabels: - {{- include "operator.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - ingress: - - from: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - protocol: TCP - port: 8080 - - protocol: TCP - port: 8081 - - protocol: TCP - port: 9443 -{{- end }} \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/priority-class-high.yaml b/resources/telemetry/charts/operator/templates/priority-class-high.yaml deleted file mode 100644 index 17bd74dff832..000000000000 --- a/resources/telemetry/charts/operator/templates/priority-class-high.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ .Values.highPriorityClassName }} -value: 2100000 -globalDefault: false -description: "Global scheduling priority of Telemetry DaemonSet components. Must not be blocked by unschedulable non-daemonset workloads." \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/priority-class.yaml b/resources/telemetry/charts/operator/templates/priority-class.yaml deleted file mode 100644 index 399436482b1e..000000000000 --- a/resources/telemetry/charts/operator/templates/priority-class.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ .Values.priorityClassName }} -value: 2000000 -globalDefault: false -description: "Global (default) scheduling priority of Kyma components. Must not be blocked by unschedulable user workloads." \ No newline at end of file diff --git a/resources/telemetry/charts/operator/templates/role-binding.yaml b/resources/telemetry/charts/operator/templates/role-binding.yaml deleted file mode 100644 index d32bc1c7f90d..000000000000 --- a/resources/telemetry/charts/operator/templates/role-binding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "operator.fullname" . }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "operator.fullname" . }}-manager-role -subjects: -- kind: ServiceAccount - name: {{ include "operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "operator.fullname" . }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "operator.fullname" . }}-manager-role -subjects: -- kind: ServiceAccount - name: {{ include "operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/resources/telemetry/charts/operator/templates/role.yaml b/resources/telemetry/charts/operator/templates/role.yaml deleted file mode 100644 index 37ce30147967..000000000000 --- a/resources/telemetry/charts/operator/templates/role.yaml +++ /dev/null @@ -1,239 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "operator.fullname" . }}-manager-role - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - telemetry.kyma-project.io - resources: - - logparsers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - telemetry.kyma-project.io - resources: - - logparsers/finalizers - verbs: - - update -- apiGroups: - - telemetry.kyma-project.io - resources: - - logparsers/status - verbs: - - get - - patch - - update -- apiGroups: - - telemetry.kyma-project.io - resources: - - logpipelines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - telemetry.kyma-project.io - resources: - - logpipelines/finalizers - verbs: - - update -- apiGroups: - - telemetry.kyma-project.io - resources: - - logpipelines/status - verbs: - - get - - patch - - update -- apiGroups: - - telemetry.kyma-project.io - resources: - - tracepipelines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - telemetry.kyma-project.io - resources: - - tracepipelines/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "operator.fullname" . }}-manager-role - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - patch - - update -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - create - - delete - - patch - - update diff --git a/resources/telemetry/charts/operator/templates/service.yaml b/resources/telemetry/charts/operator/templates/service.yaml deleted file mode 100644 index 679243cad365..000000000000 --- a/resources/telemetry/charts/operator/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "operator.fullname" . }}-metrics - labels: - {{- include "operator.selectorLabels" . | nindent 4 }} - {{- toYaml .Values.extraLabels | nindent 4 }} - annotations: - {{- toYaml .Values.service.annotations | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} - protocol: TCP - name: {{ .Values.service.portName }} - selector: - {{- include "operator.selectorLabels" . | nindent 6 }} - {{- toYaml .Values.extraLabels | nindent 6 }} diff --git a/resources/telemetry/charts/operator/templates/serviceaccount.yaml b/resources/telemetry/charts/operator/templates/serviceaccount.yaml deleted file mode 100644 index d19c2c3318ae..000000000000 --- a/resources/telemetry/charts/operator/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "operator.serviceAccountName" . }} - labels: - {{- include "operator.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/telemetry/charts/operator/templates/tracepipeline_busola_extension_cm.yaml b/resources/telemetry/charts/operator/templates/tracepipeline_busola_extension_cm.yaml deleted file mode 100644 index b19188a2fa2d..000000000000 --- a/resources/telemetry/charts/operator/templates/tracepipeline_busola_extension_cm.yaml +++ /dev/null @@ -1,256 +0,0 @@ -{{- if .Values.controllers.tracing.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: telemetry-tracepipelines - busola.io/extension: resource - busola.io/extension-version: "0.5" - name: telemetry-tracepipelines - namespace: kyma-system -data: - details: |- - header: - - source: >- - $each(spec.output, function($v, $k) {$v.endpoint.value or - $v.endpoint.valueFrom.secretKeyRef.name ? $k}) - placeholder: custom - type: string - name: Type - isSelected: true - widget: Text - - source: status.conditions[-1].type - name: Status - widget: Badge - body: - - widget: Panel - name: Output - children: - - name: OTLP - widget: Panel - visibility: $exists(spec.output.otlp) - children: - - name: Endpoint - widget: Panel - visibility: $exists(spec.output.otlp.endpoint) - children: - - name: Value - source: spec.output.otlp.endpoint.value - visibility: $exists(spec.output.otlp.endpoint.value) - - name: Value From Secret - widget: ResourceRefs - source: spec.output.otlp.endpoint.valueFrom.secretKeyRef - kind: Secret - visibility: $exists(spec.output.otlp.endpoint.valueFrom.secretKeyRef.name) - - name: Authentication - widget: Panel - visibility: $exists(spec.output.otlp.authentication) - children: - - name: User - widget: Panel - visibility: $exists(spec.output.otlp.authentication.basic.user) - children: - - name: Value - source: spec.output.otlp.authentication.basic.user.value - visibility: $exists(spec.output.otlp.authentication.basic.user.value) - - name: Value From Secret - widget: ResourceRefs - source: >- - spec.output.otlp.authentication.basic.user.valueFrom.secretKeyRef - kind: Secret - visibility: >- - $exists(spec.output.otlp.authentication.basic.user.valueFrom.secretKeyRef.name) - - name: Password - widget: Panel - visibility: $exists(spec.output.otlp.authentication.basic.password) - children: - - name: Value - source: spec.output.otlp.authentication.basic.password.value - visibility: >- - $exists(spec.output.otlp.authentication.basic.password.value) - - name: Value From Secret - widget: ResourceRefs - source: >- - spec.output.otlp.authentication.basic.password.valueFrom.secretKeyRef - kind: Secret - visibility: >- - $exists(spec.output.otlp.authentication.basic.password.valueFrom.secretKeyRef.name) - - name: Headers - widget: Panel - visibility: $exists(spec.output.otlp.headers) - children: - - name: Header - widget: Panel - visibility: $exists(spec.output.otlp.headers[].name) - source: spec.output.otlp.headers[] - children: - - name: Name - source: name - visibility: $exists(name) - - name: Value - source: value - visibility: $exists(value) - - name: Value From Secret - widget: ResourceRefs - source: valueFrom.secretKeyRef - kind: Secret - visibility: $exists(valueFrom.secretKeyRef.name) - - widget: Panel - name: Other Settings - children: - - name: Protocol - source: spec.output.otlp.protocol - form: | - - path: spec.output - widget: FormGroup - defaultExpanded: true - simple: true - children: - - name: OTLP - path: otlp - widget: FormGroup - defaultExpanded: true - simple: true - children: - - name: Endpoint - path: endpoint - widget: FormGroup - simple: true - children: - - name: Value - path: value - widget: Text - simple: true - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - simple: true - resource: - kind: secret - version: v1 - children: - - simple: true - path: key - enum: $keys($secret.data) - - name: Protocol - path: protocol - simple: true - widget: FormGroup - children: - - name: Value - widget: Text - - name: Authentication - path: authentication - widget: FormGroup - simple: true - children: - - name: User - path: basic.user - widget: FormGroup - simple: true - children: - - name: Value - path: value - widget: Text - simple: true - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - resource: - kind: secret - version: v1 - simple: true - children: - - simple: true - path: key - enum: $keys($secret.data) - - name: Password - path: basic.password - widget: FormGroup - simple: true - children: - - name: Value - path: value - widget: Text - simple: true - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - resource: - kind: secret - version: v1 - simple: true - children: - - simple: true - path: key - enum: $keys($secret.data) - - name: Headers - path: headers[] - widget: FormGroup - simple: true - children: - - name: Name - path: name - widget: Text - simple: true - - name: Value - path: value - widget: Text - simple: true - - name: Secret Reference - path: valueFrom.secretKeyRef - widget: ResourceRef - simple: true - resource: - kind: secret - version: v1 - children: - - simple: true - path: key - enum: $keys($secret.data) - - name: TLS - widget: FormGroup - path: tls - children: - - name: Disabled - path: disabled - - name: Skip Certificate Validation - path: skipCertificateValidation - - name: URI - path: uri - widget: Text - - name: Port - path: port - widget: Text - - name: Compress - path: compress - widget: Text - - name: Format - path: format - widget: Text - - name: Dedot - path: dedot - general: |- - resource: - kind: TracePipeline - group: telemetry.kyma-project.io - version: v1alpha1 - name: Trace Pipelines - category: Observability - urlPath: tracepipelines - scope: cluster - description: >- - {{"{{[TracePipeline](https://kyma-project.io/#/telemetry-manager/user/resources/04-tracepipeline)}}"}} configures a custom Trace Pipeline - list: |- - - source: >- - $each(spec.output, function($v, $k) {$v.endpoint.value or - $v.endpoint.valueFrom.secretKeyRef.name ? $k}) - placeholder: custom - type: string - name: Type - isSelected: true - widget: Text - - source: status.conditions[-1].type - name: Status - widget: Badge -{{- end }} diff --git a/resources/telemetry/charts/operator/templates/validation_webhook.yaml b/resources/telemetry/charts/operator/templates/validation_webhook.yaml deleted file mode 100644 index b972a9d1a21b..000000000000 --- a/resources/telemetry/charts/operator/templates/validation_webhook.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - {{- include "operator.labels" . | nindent 4 }} - {{- toYaml .Values.extraLabels | nindent 4 }} - name: {{ .Values.webhook.name }} -webhooks: -- admissionReviewVersions: - - v1beta1 - - v1 - clientConfig: - service: - name: {{ include "operator.fullname" . }}-webhook - namespace: {{ .Release.Namespace }} - path: /validate-logpipeline - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: validation.logpipelines.telemetry.kyma-project.io - rules: - - apiGroups: - - telemetry.kyma-project.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - logpipelines - scope: '*' - sideEffects: None - timeoutSeconds: {{ .Values.webhook.timeout }} -- admissionReviewVersions: - - v1beta1 - - v1 - clientConfig: - service: - name: {{ include "operator.fullname" . }}-webhook - namespace: {{ .Release.Namespace }} - path: /validate-logparser - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: validation.logparsers.telemetry.kyma-project.io - rules: - - apiGroups: - - telemetry.kyma-project.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - logparsers - scope: '*' - sideEffects: None - timeoutSeconds: {{ .Values.webhook.timeout }} diff --git a/resources/telemetry/charts/operator/templates/webhook-service.yaml b/resources/telemetry/charts/operator/templates/webhook-service.yaml deleted file mode 100644 index 8c64abd4c1fe..000000000000 --- a/resources/telemetry/charts/operator/templates/webhook-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "operator.fullname" . }}-webhook - labels: - {{- include "operator.selectorLabels" . | nindent 4 }} - {{- toYaml .Values.extraLabels | nindent 4 }} -spec: - ports: - - port: {{ .Values.webhook.service.port }} - name: {{ .Values.webhook.service.portName }} - protocol: {{ .Values.webhook.service.protocol }} - targetPort: {{ .Values.webhook.service.targetPort }} - selector: - {{- include "operator.selectorLabels" . | nindent 6 }} - {{- toYaml .Values.extraLabels | nindent 6 }} diff --git a/resources/telemetry/charts/operator/values.yaml b/resources/telemetry/charts/operator/values.yaml deleted file mode 100644 index 49e3408e5d29..000000000000 --- a/resources/telemetry/charts/operator/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Default values for operator. - -replicaCount: 1 - -image: - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - -securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - capabilities: - drop: - - ALL - -highPriorityClassName: "telemetry-priority-class-high" -priorityClassName: "telemetry-priority-class" - -livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - -readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - -fluentbit: - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 100m - memory: 50Mi - fullnameOverride: telemetry-fluent-bit - dashboards: - enabled: true - labelKey: grafana_dashboard - annotations: {} - namespace: "" - rbac: - create: true - podSecurityPolicy: - create: true - -resources: - limits: - cpu: 100m - memory: 384Mi - requests: - cpu: 5m - memory: 100Mi - -terminationGracePeriodSeconds: 10 - -extraLabels: - control-plane: telemetry-operator - -service: - type: ClusterIP - port: 8080 - portName: http-metrics - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8080" - -webhook: - enabled: true - name: validation.webhook.telemetry.kyma-project.io - timeout: 15 - service: - portName: https-webhook - port: 443 - protocol: TCP - targetPort: 9443 - -logProcessor: fluent-bit - -deniedPlugins: - filter: - - kubernetes - - rewrite_tag - - multiline - output: [] - -controllers: - logging: - enabled: true - tracing: - enabled: true - metrics: - enabled: false - -networkPolicy: - enabled: true - -syncPeriod: 1h -maxLogPipelines: 5 - -filesystemBufferLimit: 1G - -nodeSelector: {} - -tolerations: [] - -affinity: {} - diff --git a/resources/telemetry/templates/_helpers.tpl b/resources/telemetry/templates/_helpers.tpl deleted file mode 100644 index d6bc31535dd2..000000000000 --- a/resources/telemetry/templates/_helpers.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* -Create a URL for container images -*/}} -{{- define "imageurl" -}} -{{- $registry := default $.reg.path $.img.containerRegistryPath -}} -{{- $path := ternary (print $registry) (print $registry "/" $.img.directory) (empty $.img.directory) -}} -{{- $version := ternary (print ":" $.img.version) (print "@sha256:" $.img.sha) (empty $.img.sha) -}} -{{- print $path "/" $.img.name $version -}} -{{- end -}} diff --git a/resources/telemetry/values.yaml b/resources/telemetry/values.yaml deleted file mode 100644 index 574d7b12f449..000000000000 --- a/resources/telemetry/values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -global: - containerRegistry: - path: europe-docker.pkg.dev/kyma-project - images: - directory_size_exporter: - name: "directory-size-exporter" - version: "v20230824-2d68935f" - directory: "prod" - telemetry_operator: - name: "telemetry-manager" - version: "v20230825-38957505" - directory: "prod" - telemetry_otel_collector: - name: "otel-collector" - version: "0.83.0-da21e9f9" - directory: "prod/tpi" - fluent_bit: - name: "fluent-bit" - version: "2.1.8-da21e9f9" - directory: "prod/tpi" - log: - level: "info" diff --git a/tests/components/application-connector/Dockerfile.compass-runtime-agent b/tests/components/application-connector/Dockerfile.compass-runtime-agent index 422d69b3b4ff..bba4fd508ec4 100644 --- a/tests/components/application-connector/Dockerfile.compass-runtime-agent +++ b/tests/components/application-connector/Dockerfile.compass-runtime-agent @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder WORKDIR /compass-test/ diff --git a/tests/components/application-connector/Dockerfile.connectivity-validator b/tests/components/application-connector/Dockerfile.connectivity-validator index 5f0d88e9e721..fed98b1bc80c 100644 --- a/tests/components/application-connector/Dockerfile.connectivity-validator +++ b/tests/components/application-connector/Dockerfile.connectivity-validator @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder WORKDIR /validator-test/ diff --git a/tests/components/application-connector/Dockerfile.gateway b/tests/components/application-connector/Dockerfile.gateway index d26201250175..300a1c0e20a9 100644 --- a/tests/components/application-connector/Dockerfile.gateway +++ b/tests/components/application-connector/Dockerfile.gateway @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder WORKDIR /gateway-test/ diff --git a/tests/components/application-connector/Dockerfile.mockapp b/tests/components/application-connector/Dockerfile.mockapp index 2da2f68b3d99..3f12a5499d33 100644 --- a/tests/components/application-connector/Dockerfile.mockapp +++ b/tests/components/application-connector/Dockerfile.mockapp @@ -1,4 +1,4 @@ -FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.20.6-alpine3.18 as builder +FROM europe-docker.pkg.dev/kyma-project/prod/external/golang:1.21.0-alpine3.18 as builder WORKDIR /mock-app/ diff --git a/tests/components/application-connector/resources/charts/application-connectivity-validator-test/values.yaml b/tests/components/application-connector/resources/charts/application-connectivity-validator-test/values.yaml index 2e0d9026425e..033fe1d0d1b3 100644 --- a/tests/components/application-connector/resources/charts/application-connectivity-validator-test/values.yaml +++ b/tests/components/application-connector/resources/charts/application-connectivity-validator-test/values.yaml @@ -9,7 +9,7 @@ global: images: validatorTest: name: "connectivity-validator-test" - version: "v20230818-dad1db65" + version: "v20230922-56ec8afc" directory: "prod" namespace: "test" diff --git a/tests/components/application-connector/resources/charts/compass-runtime-agent-test/values.yaml b/tests/components/application-connector/resources/charts/compass-runtime-agent-test/values.yaml index 564899e16d16..c39526489ff8 100644 --- a/tests/components/application-connector/resources/charts/compass-runtime-agent-test/values.yaml +++ b/tests/components/application-connector/resources/charts/compass-runtime-agent-test/values.yaml @@ -11,7 +11,7 @@ containerRegistry: images: compassTest: name: "compass-runtime-agent-test" - version: "v20230818-dad1db65" + version: "v20230922-56ec8afc" directory: "prod" compassCredentials: diff --git a/tests/components/application-connector/resources/charts/gateway-test/values.yaml b/tests/components/application-connector/resources/charts/gateway-test/values.yaml index 9a6829beaeda..7af8ed549e30 100644 --- a/tests/components/application-connector/resources/charts/gateway-test/values.yaml +++ b/tests/components/application-connector/resources/charts/gateway-test/values.yaml @@ -5,12 +5,11 @@ global: images: gatewayTest: name: "gateway-test" - version: "PR-18016" - directory: "dev" - + version: "v20230922-56ec8afc" + directory: "prod" mockApplication: name: "mock-app" - version: "v20230818-dad1db65" + version: "v20230922-56ec8afc" directory: "prod" serviceAccountName: "test-account" diff --git a/tests/fast-integration/Makefile b/tests/fast-integration/Makefile index a9d9cd1b81fc..34466eeafa2c 100644 --- a/tests/fast-integration/Makefile +++ b/tests/fast-integration/Makefile @@ -68,8 +68,3 @@ ci-test-eventing-provision-skr: ci-test-eventing-deprovision-skr: npm ci npm run test-eventing-deprovision-skr - -.PHONY: telemetry -telemetry: - npm install - npm run test-telemetry diff --git a/tests/fast-integration/eventing-test/common/common.js b/tests/fast-integration/eventing-test/common/common.js index c4dfdc37fd5c..5c0a688344dd 100644 --- a/tests/fast-integration/eventing-test/common/common.js +++ b/tests/fast-integration/eventing-test/common/common.js @@ -3,23 +3,10 @@ const eventMeshSecretFilePath = process.env.EVENTMESH_SECRET_FILE || ''; const natsBackend = 'nats'; const bebBackend = 'beb'; const kymaSystem = 'kyma-system'; -const jaegerEndpoint = 'tracing-jaeger-collector'; const conditionReady = { condition: 'Ready', status: 'True', }; -const telemetryOperatorLabel = { - key: 'control-plane', - value: 'telemetry-operator', -}; -const jaegerLabel = { - key: 'app', - value: 'jaeger', -}; -const jaegerOperatorLabel = { - key: 'app.kubernetes.io/name', - value: 'tracing-jaeger-operator', -}; // returns the EventMesh namespace from the secret. function getEventMeshNamespace() { @@ -41,9 +28,5 @@ module.exports = { natsBackend, bebBackend, kymaSystem, - jaegerLabel, - jaegerOperatorLabel, - jaegerEndpoint, conditionReady, - telemetryOperatorLabel, }; diff --git a/tests/fast-integration/eventing-test/eventing-test-prep.js b/tests/fast-integration/eventing-test/eventing-test-prep.js index 63250cc10816..9f0d7a667c29 100644 --- a/tests/fast-integration/eventing-test/eventing-test-prep.js +++ b/tests/fast-integration/eventing-test/eventing-test-prep.js @@ -1,8 +1,5 @@ const axios = require('axios'); const https = require('https'); -const fs = require('fs'); -const path = require('path'); -const k8s = require('@kubernetes/client-node'); const httpsAgent = new https.Agent({ rejectUnauthorized: false, // curl -k @@ -39,18 +36,9 @@ const { info, debug, createEventingBackendK8sSecret, - deployJaeger, } = require('../utils'); const {expect} = require('chai'); -const jaegerYaml = fs.readFileSync( - path.join(__dirname, '../test/fixtures/jaeger/jaeger.yaml'), - { - encoding: 'utf8', - }, -); - - describe('Eventing tests preparation', function() { this.timeout(timeoutTime); this.slow(slowTime); @@ -128,13 +116,6 @@ describe('Eventing tests preparation', function() { await deployV1Alpha2Subscriptions(); }); - it('Should deploy jaeger', async function() { - if (isSKR || isUpgradeJob) { - this.skip(); - } - await deployJaeger(k8s.loadAllYaml(jaegerYaml)); - }); - afterEach(async function() { // if the test preparation failed, perform the cleanup if (this.currentTest.state === 'failed') { diff --git a/tests/fast-integration/eventing-test/eventing-test.js b/tests/fast-integration/eventing-test/eventing-test.js index 40d984e2a301..2631578d8bc7 100644 --- a/tests/fast-integration/eventing-test/eventing-test.js +++ b/tests/fast-integration/eventing-test/eventing-test.js @@ -12,10 +12,7 @@ const { waitForNamespace, switchEventingBackend, debug, - error, createK8sConfigMap, - waitForEndpoint, - waitForPodWithLabelAndCondition, createApiRuleForService, deleteApiRule, k8sApply, @@ -44,7 +41,6 @@ const { checkEventDelivery, waitForV1Alpha1Subscriptions, waitForV1Alpha2Subscriptions, - checkEventTracing, saveJetStreamDataForRecreateTest, jsRecreatedTestConfigMapName, getConfigMapWithRetries, @@ -68,10 +64,6 @@ const { natsBackend, getEventMeshNamespace, kymaSystem, - telemetryOperatorLabel, - conditionReady, - jaegerLabel, - jaegerEndpoint, } = require('./common/common'); const { expect, @@ -93,24 +85,12 @@ describe('Eventing tests', function() { await waitForNamespace(testNamespace); }); - before('Ensure tracing is ready', async function() { - console.log('Checking for jaeger in default namespace'); - if (isSKR || isUpgradeJob) { - return; - } - await waitForPodWithLabelAndCondition(jaegerLabel.key, jaegerLabel.value, 'default', conditionReady.condition, - conditionReady.status); - await waitForEndpoint(jaegerEndpoint, 'default'); - }); - before('Expose Grafana', async function() { if (isUpgradeJob) { return; } await exposeGrafana(); this.test.retries(3); - await waitForPodWithLabelAndCondition( telemetryOperatorLabel.key, telemetryOperatorLabel.value, kymaSystem, - conditionReady.condition, conditionReady.status, 60_000); }); before('Create an ApiRule for NATS', async () => { @@ -222,25 +202,6 @@ describe('Eventing tests', function() { }); } - // eventingTracingTestSuite - Runs Eventing tracing tests - function eventingTracingTestSuiteV2(isSKR, isUpgradeJob) { - // Only run tracing tests on OSS - if (isSKR || isUpgradeJob) { - debug('Skipping eventing tracing test'); - return; - } - - it('In-cluster event should have correct tracing spans', async function() { - try { - await checkEventTracing(clusterHost, subscriptionsTypes[0].type, subscriptionsTypes[0].source, testNamespace); - } catch (e) { - debugBanner('[FAILED] Tracing tests failed! Ignoring the test!'); - error(e); - this.skip(); - } - }); - } - function jsTestStreamConsumerNotRecreatedTestSuite(upgradeStage='pre') { // The test scenario is: // 1. Before upgrade, save the stream and consumer creation timestamp in a configMap. @@ -460,9 +421,6 @@ describe('Eventing tests', function() { // Running Eventing end-to-end event delivery tests eventDeliveryTestSuite(natsBackend); - // Running Eventing tracing tests [v2] - eventingTracingTestSuiteV2(isSKR, isUpgradeJob); - // Running Eventing monitoring tests. eventingMonitoringTestSuite(natsBackend, isSKR, isUpgradeJob); @@ -516,9 +474,6 @@ describe('Eventing tests', function() { // Running Eventing end-to-end event delivery tests eventDeliveryTestSuite(natsBackend); - // Running Eventing tracing tests [v2] - eventingTracingTestSuiteV2(isSKR, isUpgradeJob); - // Running Eventing monitoring tests. eventingMonitoringTestSuite(natsBackend, isSKR, isUpgradeJob); diff --git a/tests/fast-integration/eventing-test/utils.js b/tests/fast-integration/eventing-test/utils.js index 1263c176e05c..fe358c83e8c4 100644 --- a/tests/fast-integration/eventing-test/utils.js +++ b/tests/fast-integration/eventing-test/utils.js @@ -1,7 +1,6 @@ const { cleanMockTestFixture, generateTraceParentHeader, - checkTrace, } = require('../test/fixtures/commerce-mock'); const { @@ -19,7 +18,6 @@ const { waitForSubscription, eventingSubscriptionV1Alpha2, convertAxiosError, - sleep, getConfigMap, createK8sConfigMap, namespaceObj, @@ -314,33 +312,6 @@ async function checkFunctionUnreachable(name, namespace, host) { }); } -async function checkEventTracing(proxyHost, eventType, eventSource, namespace) { - // first send an event and verify if it was delivered - const result = await checkEventDelivery(proxyHost, 'binary', eventType, eventSource); - expect(result).to.have.nested.property('traceParentId'); - expect(result.traceParentId).to.not.be.empty; - expect(result.response).to.have.nested.property('data.metadata.podName'); - expect(result.response.data.metadata.podName).to.not.be.empty; - - // Define expected trace data - const podName = result.response.data.metadata.podName; - const correctTraceProcessSequence = [ - // We are sending the in-cluster event from inside the eventing sink pod - 'istio-ingressgateway.istio-system', - `${eventingSinkName}-${podName.split('-')[2]}.${namespace}`, - 'eventing-publisher-proxy.kyma-system', - 'eventing-controller.kyma-system', - `${eventingSinkName}-${podName.split('-')[2]}.${namespace}`, - ]; - - // wait sometime for jaeger to complete tracing data. - // Arrival of traces might be delayed by otel-collectors batch timeout. - const traceId = result.traceParentId.split('-')[1]; - debug(`Checking the tracing with traceId: ${traceId}, traceParentId: ${result.traceParentId}`); - await sleep(20_000); - await checkTrace(traceId, correctTraceProcessSequence); -} - // checks if the event publish and receive is working. // Possible values for encoding are [binary, structured, legacy]. async function checkEventDelivery(proxyHost, encoding, eventType, eventSource, @@ -709,7 +680,6 @@ module.exports = { deployV1Alpha2Subscriptions, waitForV1Alpha1Subscriptions, waitForV1Alpha2Subscriptions, - checkEventTracing, saveJetStreamDataForRecreateTest, getConfigMapWithRetries, checkStreamNotReCreated, diff --git a/tests/fast-integration/logging/client.js b/tests/fast-integration/logging/client.js deleted file mode 100644 index 84d335806be5..000000000000 --- a/tests/fast-integration/logging/client.js +++ /dev/null @@ -1,68 +0,0 @@ -module.exports = { - logsPresentInLoki, - tryGetLokiPersistentVolumeClaim, - lokiConfigData, - queryLoki, - createIstioAccessLogResource, - loadResourceFromFile, -}; - -const { - convertAxiosError, - getPersistentVolumeClaim, - sleep, - k8sApply, getConfigMap, -} = require('../utils'); -const {proxyGrafanaDatasource} = require('../monitoring/client'); - -const fs = require('fs'); -const path = require('path'); -const k8s = require('@kubernetes/client-node'); - -async function logsPresentInLoki(query, startTimestamp, iterations = 20) { - for (let i = 0; i < iterations; i++) { - const responseBody = await queryLoki(query, startTimestamp); - if (responseBody.data.result.length > 0) { - return true; - } - await sleep(5 * 1000); - } - return false; -} - -async function tryGetLokiPersistentVolumeClaim() { - try { - return await getPersistentVolumeClaim('kyma-system', 'storage-logging-loki-0'); - } catch (err) { - return null; - } -} - -async function lokiConfigData() { - const configData = await getConfigMap('logging-loki-test', 'kyma-system'); - return configData.data['loki.yaml']; -} - -async function queryLoki(query, startTimestamp) { - const path = `loki/api/v1/query_range?query=${query}&start=${startTimestamp}`; - try { - const response = await proxyGrafanaDatasource('Loki-Test', path, 5, 30, 12000); - return response.data; - } catch (err) { - throw convertAxiosError(err, 'cannot query loki'); - } -} - - -async function createIstioAccessLogResource() { - const istioAccessLogsResource = loadResourceFromFile('./istio_access_logs.yaml'); - const namespace = 'kyma-system'; - await k8sApply(istioAccessLogsResource, namespace); -} - -function loadResourceFromFile(file) { - const yaml = fs.readFileSync(path.join(__dirname, file), { - encoding: 'utf8', - }); - return k8s.loadAllYaml(yaml); -} diff --git a/tests/fast-integration/logging/index.js b/tests/fast-integration/logging/index.js deleted file mode 100644 index da4a875f7f34..000000000000 --- a/tests/fast-integration/logging/index.js +++ /dev/null @@ -1,53 +0,0 @@ -module.exports = { - loggingTests, - ...require('./loki'), - ...require('./client'), -}; - -const loki = require('./loki'); -const { - k8sDelete, -} = require('../utils'); -const {loadResourceFromFile} = require('./client'); - -function loggingTests() { - const testStartTimestamp = new Date().toISOString(); - console.log('testStartTimestamp', testStartTimestamp); - describe('Logging Tests:', function() { - this.timeout(5 * 60 * 1000); - this.slow(5000); - - it('Check Loki logs from kyma-system namespace', async () => { - await loki.checkKymaLogs(testStartTimestamp); - }); - - it('Should exclude fluent-bit logs', async () => { - await loki.checkFluentBitLogs(testStartTimestamp); - }); - - it('Retention Period and Max look-back Period should be 120h', async () => { - await loki.checkRetentionPeriod(); - }); - - it('Persistent Volume Claim Size should be 30Gi', async () => { - await loki.checkPersistentVolumeClaimSize(); - }); - istioAccessLogsTests(testStartTimestamp); - }); -} - -function istioAccessLogsTests(startTimestamp) { - describe('Istio Access Logs tests', function() { - const istioAccessLogsResource = loadResourceFromFile('./istio_access_logs.yaml'); - const namespace = 'kyma-system'; - - after('Should delete the Istio Access Logs resource', async () => { - await k8sDelete(istioAccessLogsResource, namespace); - }); - - it('Should query Loki and verify format of Istio Access Logs', async () => { - await loki.verifyIstioAccessLogFormat(startTimestamp); - }); - }); -} - diff --git a/tests/fast-integration/logging/istio_access_logs.yaml b/tests/fast-integration/logging/istio_access_logs.yaml deleted file mode 100644 index 2e61c037c7c1..000000000000 --- a/tests/fast-integration/logging/istio_access_logs.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: telemetry.istio.io/v1alpha1 -kind: Telemetry -metadata: - name: access-config - namespace: kyma-system -spec: - accessLogging: - - providers: - - name: stdout-json - selector: - matchLabels: - service.istio.io/canonical-name: loki-test diff --git a/tests/fast-integration/logging/loki.js b/tests/fast-integration/logging/loki.js deleted file mode 100644 index 284cc88f9631..000000000000 --- a/tests/fast-integration/logging/loki.js +++ /dev/null @@ -1,146 +0,0 @@ -module.exports = { - checkCommerceMockLogs, - checkKymaLogs, - checkFluentBitLogs, - checkRetentionPeriod, - checkPersistentVolumeClaimSize, - verifyIstioAccessLogFormat, -}; - -const {assert} = require('chai'); -const k8s = require('@kubernetes/client-node'); -const { - lokiConfigData, - tryGetLokiPersistentVolumeClaim, - logsPresentInLoki, - queryLoki, -} = require('./client'); -const { - info, - debug, -} = require('../utils'); - -async function checkCommerceMockLogs(startTimestamp) { - const labels = '{app="commerce-mock", container="mock", namespace="mocks"}'; - - const commerceMockLogsPresent = await logsPresentInLoki(labels, startTimestamp); - - assert.isTrue(commerceMockLogsPresent, 'No logs from commerce mock present in Loki'); -} - -async function checkKymaLogs(startTimestamp) { - const systemLabel = '{namespace="kyma-system"}'; - - const kymaSystemLogsPresent = await logsPresentInLoki(systemLabel, startTimestamp); - - assert.isTrue(kymaSystemLogsPresent, 'No logs from kyma-system namespace present in Loki'); -} - -async function checkFluentBitLogs(startTimestamp) { - const labels = '{container="fluent-bit", namespace="kyma-system"}'; - - const fluentBitLogsPresent = await logsPresentInLoki(labels, startTimestamp, 1); - - assert.isFalse(fluentBitLogsPresent, 'Fluent Bit logs present in Loki'); -} - -async function checkRetentionPeriod() { - const secretData = k8s.loadYaml(await lokiConfigData()); - - assert.equal(secretData?.table_manager?.retention_period, '120h'); - assert.equal(secretData?.chunk_store_config?.max_look_back_period, '120h'); -} - -async function checkPersistentVolumeClaimSize() { - const pvc = await tryGetLokiPersistentVolumeClaim(); - if (pvc == null) { - info('Loki PVC not found. Skipping...'); - return; - } - - assert.equal(pvc.status.capacity.storage, '30Gi'); -} - -async function verifyIstioAccessLogFormat(startTimestamp) { - const query = '{container="istio-proxy",namespace="kyma-system",pod="logging-loki-test-0"}'; - - const accessLogsPresent = await logsPresentInLoki(query, startTimestamp); - assert.isTrue(accessLogsPresent, 'No Istio access logs present in Loki'); - - const responseBody = await queryLoki(query, startTimestamp); - assert.isDefined(responseBody.data.result[0].values, 'Empty response for the query for Istio access logs'); - assert.isTrue(responseBody.data.result[0].values.length > 0, 'No Istio access logs found for loki'); - const numberOfResults = responseBody.data.result.length; - // Iterate over the values - for (let i = 0; i <= numberOfResults; i++) { - const result = responseBody.data.result[i]; - if (accessLogVerified(result)) { - return; - } - } - assert.fail('Istio access log is not present: ', JSON.stringify(responseBody.data)); -} - -function accessLogVerified(result) { - const numberOfLogs = result.values.length; - for (let i =0; i<= numberOfLogs; i++) { - // Some logs dont have values[i][1]. In such a case skip the log line - const val = result.values[i]; - if ( !Array.isArray(val) ) { - debug('skipping while its not an array', JSON.stringify(val)); - continue; - } - if (val.length < 2) { - debug('skipping length not > 1: ', JSON.stringify(val[1])); - continue; - } - if (isJsonString(val[1])) { - const log = JSON.parse(val[1]); - if (typeof log['method'] === 'undefined') { - debug('skipping while method is not present', JSON.stringify(log)); - continue; - } - verifyLogAttributeIsPresent('method', log); - verifyLogAttributeIsPresent('path', log); - verifyLogAttributeIsPresent('protocol', log); - verifyLogAttributeIsPresent('response_code', log); - verifyLogAttributeIsPresent('response_flags', log); - verifyLogAttributeIsPresent('response_code_details', log); - verifyLogAttributeIsPresent('connection_termination_details', log); - verifyLogAttributeIsPresent('upstream_transport_failure_reason', log); - verifyLogAttributeIsPresent('bytes_received', log); - verifyLogAttributeIsPresent('bytes_sent', log); - verifyLogAttributeIsPresent('duration', log); - verifyLogAttributeIsPresent('upstream_service_time', log); - verifyLogAttributeIsPresent('x_forwarded_for', log); - verifyLogAttributeIsPresent('user_agent', log); - verifyLogAttributeIsPresent('request_id', log); - verifyLogAttributeIsPresent('authority', log); - verifyLogAttributeIsPresent('upstream_host', log); - verifyLogAttributeIsPresent('upstream_cluster', log); - verifyLogAttributeIsPresent('upstream_local_address', log); - verifyLogAttributeIsPresent('downstream_local_address', log); - verifyLogAttributeIsPresent('downstream_remote_address', log); - verifyLogAttributeIsPresent('requested_server_name', log); - verifyLogAttributeIsPresent('route_name', log); - verifyLogAttributeIsPresent('traceparent', log); - verifyLogAttributeIsPresent('tracestate', log); - return true; - } - } - return false; -} - -function verifyLogAttributeIsPresent(attribute, logBody) { - assert.isDefined(logBody[attribute], - `Istio access log does not have '${attribute}' field: ${JSON.stringify(logBody)}`); -} - -function isJsonString(str) { - try { - JSON.parse(str); - } catch (e) { - return false; - } - return true; -} diff --git a/tests/fast-integration/monitoring/prometheus.js b/tests/fast-integration/monitoring/prometheus.js index 82116389581c..46e527b20266 100644 --- a/tests/fast-integration/monitoring/prometheus.js +++ b/tests/fast-integration/monitoring/prometheus.js @@ -123,23 +123,11 @@ async function assertMetricsExist() { {'istio_requests_total': [['destination_service', 'source_workload', 'response_code']]}], }, - { - 'logging-loki': [ - {'log_messages_total': [['level']]}, - {'loki_request_duration_seconds_bucket': [['route']]}], - }, - { 'monitoring-grafana': [ {'grafana_stat_totals_dashboard': [[]]}, {'grafana_api_dataproxy_request_all_milliseconds_sum ': [['pod']]}], }, - - { - 'telemetry-fluent-bit': [ - {'telemetry_fsbuffer_usage_bytes': [[]]}, - {'fluentbit_input_bytes_total ': [['pod']]}], - }, ]; for (let index = 0; index < metricsList.length; index++) { @@ -221,13 +209,8 @@ async function getServiceMonitors() { } function shouldIgnoreServiceMonitor(serviceMonitorName) { - const serviceMonitorsToBeIgnored = [ - // tracing-metrics is created automatically by jaeger operator and can't be disabled - 'tracing-metrics', - ]; - return serviceMonitorsToBeIgnored.includes(serviceMonitorName) || !serviceMonitorName.startsWith('monitoring'); + return !serviceMonitorName.startsWith('monitoring'); } - async function buildScrapePoolSet() { const serviceMonitors = await getServiceMonitors(); const scrapePools = new Set(); @@ -278,10 +261,7 @@ function removeNamePrefixes(ruleNames) { return ruleNames.map((rule) => rule .replace('monitoring-', '') - .replace('kyma-', '') - .replace('logging-', '') - .replace('fluent-bit-', '') - .replace('loki-', ''), + .replace('kyma-', ''), ); } diff --git a/tests/fast-integration/package.json b/tests/fast-integration/package.json index 072aeb39ae08..3f4c02a871c2 100644 --- a/tests/fast-integration/package.json +++ b/tests/fast-integration/package.json @@ -24,7 +24,6 @@ "eventing-get-registered-scenarios": "node -e 'require(\"./eventing-test/utils.js\").getRegisteredCompassScenarios()'", "test-eventing-provision-skr": "DEBUG=true mocha --timeout 150000 --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json ./eventing-test/provision/provision-skr.js", "test-eventing-deprovision-skr": "DEBUG=true mocha --timeout 150000 --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json ./eventing-test/provision/deprovision-skr.js", - "test-telemetry": "mocha --timeout 180000 --exit --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json ./telemetry-test/suite.js", "upgrade-test-prep": "mocha --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json upgrade-test/upgrade-test-prep.js", "upgrade-test-tests": "mocha --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json upgrade-test/upgrade-test-tests.js", "upgrade-test-cleanup": "DEBUG=true mocha --inline-diffs --check-leaks --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.json upgrade-test/upgrade-test-cleanup.js", diff --git a/tests/fast-integration/telemetry-test/helpers.js b/tests/fast-integration/telemetry-test/helpers.js deleted file mode 100644 index 9f66d0e352c0..000000000000 --- a/tests/fast-integration/telemetry-test/helpers.js +++ /dev/null @@ -1,112 +0,0 @@ -module.exports = { - loadTestData, - waitForLogPipelineStatusRunning, - waitForTracePipeline, - waitForPodWithLabel, - waitForTracePipelineStatusRunning, - waitForTracePipelineStatusPending, -}; - -const k8s = require('@kubernetes/client-node'); -const fs = require('fs'); -const path = require('path'); -const { - waitForK8sObject, -} = require('../utils'); - -function loadTestData(fileName) { - return loadResourceFromFile(`./testdata/${fileName}`); -} - -function waitForLogPipelineStatusRunning(name) { - return waitForLogPipelineStatusCondition(name, 'Running', 180000); -} - -function loadResourceFromFile(file) { - const yaml = fs.readFileSync(path.join(__dirname, file), { - encoding: 'utf8', - }); - return k8s.loadAllYaml(yaml); -} - -function waitForLogPipelineStatusCondition(name, lastConditionType, timeout) { - return waitForK8sObject( - '/apis/telemetry.kyma-project.io/v1alpha1/logpipelines', - {}, - (_type, watchObj, _) => { - return ( - watchObj.metadata.name === name && checkLastCondition(watchObj, lastConditionType) - ); - }, - timeout, - `Waiting for log pipeline ${name} timeout (${timeout} ms)`, - ); -} - -function waitForTracePipelineStatusRunning(name) { - return waitForTracePipelineStatusCondition(name, 'Running', 180000); -} - -function waitForTracePipelineStatusPending(name) { - return waitForTracePipelineStatusCondition(name, 'Pending', 180000); -} - -function waitForTracePipelineStatusCondition(name, lastConditionType, timeout) { - return waitForK8sObject( - '/apis/telemetry.kyma-project.io/v1alpha1/tracepipelines', - {}, - (_type, watchObj, _) => { - return ( - watchObj.metadata.name === name && checkLastCondition(watchObj, lastConditionType) - ); - }, - timeout, - `Waiting for log pipeline ${name} timeout (${timeout} ms)`, - ); -} - -function checkLastCondition(logPipeline, conditionType) { - const conditions = logPipeline.status.conditions; - if (conditions.length === 0) { - return false; - } - const lastCondition = conditions[conditions.length - 1]; - return lastCondition.type === conditionType; -} - -function waitForTracePipeline(name) { - return waitForK8sObject( - '/apis/telemetry.kyma-project.io/v1alpha1/tracepipelines', - {}, - (_type, watchObj, _) => { - return (watchObj.metadata.name === name); - }, - 18000, - `Waiting for trace pipeline ${name} timeout 18000 ms)`, - ); -} - -function waitForPodWithLabel( - labelKey, - labelValue, - namespace = 'default', - timeout = 90000, -) { - const query = { - labelSelector: `${labelKey}=${labelValue}`, - }; - return waitForK8sObject( - `/api/v1/namespaces/${namespace}/pods`, - query, - (_type, _apiObj, watchObj) => { - return ( - watchObj.object.status.phase === 'Running' && - watchObj.object.status.containerStatuses.every((cs) => cs.ready) - ); - }, - timeout, - `Waiting for pod with label ${labelKey}=${labelValue} timeout (${timeout} ms)`, - ); -} - - diff --git a/tests/fast-integration/telemetry-test/suite.js b/tests/fast-integration/telemetry-test/suite.js deleted file mode 100644 index c30f22766067..000000000000 --- a/tests/fast-integration/telemetry-test/suite.js +++ /dev/null @@ -1,589 +0,0 @@ -const k8s = require('@kubernetes/client-node'); -const fs = require('fs'); -const path = require('path'); -const { - assert, - expect, -} = require('chai'); -const { - getSecret, - k8sCoreV1Api, - k8sApply, - k8sDelete, - sleep, - fromBase64, - getGateway, - getVirtualService, - retryPromise, - deployJaeger, - deployLoki, - waitForConfigMap, -} = require('../utils'); -const { - logsPresentInLoki, - queryLoki, -} = require('../logging'); -const { - exposeGrafana, - unexposeGrafana, -} = require('../monitoring'); -const { - loadTestData, - waitForLogPipelineStatusRunning, - waitForTracePipeline, - waitForPodWithLabel, - waitForTracePipelineStatusRunning, -} = require('./helpers'); -const axios = require('axios'); -const {getJaegerTracesForService, getJaegerServices} = require('../tracing/client'); - -async function getTracingTestAppUrl() { - const vs = await getVirtualService('tracing-test', 'tracing-test-app'); - const host = vs.spec.hosts[0]; - return `https://${host}`; -} - -async function callTracingTestApp() { - const testAppUrl = await getTracingTestAppUrl(); - - return retryPromise(async () => { - return await axios.get(testAppUrl, {timeout: 10000}); - }, 5, 30); -} - -async function prepareEnvironment() { - async function k8sApplyFile(name, namespace) { - await k8sApply(loadTestData(name), namespace); - } - - await k8sApplyFile('http-backend-namespaces.yaml'); - await k8sApplyFile('http-backend.yaml', 'http-backend-1'); - await k8sApplyFile('http-backend.yaml', 'http-backend-2'); - await k8sApplyFile('regex-filter-deployment.yaml', 'default'); - await k8sApplyFile('logs-workload.yaml', 'default'); - await k8sApplyFile('logs-workload.yaml', 'kyma-system'); - await k8sApplyFile('secret-trace-endpoint.yaml', 'default'); - const jaegerYaml = fs.readFileSync( - path.join(__dirname, '../test/fixtures/jaeger/jaeger.yaml'), - { - encoding: 'utf8', - }, - ); - await deployJaeger(k8s.loadAllYaml(jaegerYaml)); - - const lokiYaml = fs.readFileSync( - path.join(__dirname, '../test/fixtures/loki/loki.yaml'), - { - encoding: 'utf-8', - }, - ); - - await deployLoki(k8s.loadAllYaml(lokiYaml)); -} - -async function cleanEnvironment() { - async function k8sDeleteFile(name, namespace) { - await k8sDelete(loadTestData(name), namespace); - } - - await k8sDeleteFile('http-backend.yaml', 'http-backend-1'); - await k8sDeleteFile('http-backend.yaml', 'http-backend-2'); - await k8sDeleteFile('http-backend-namespaces.yaml'); - await k8sDeleteFile('regex-filter-deployment.yaml', 'default'); - await k8sDeleteFile('logs-workload.yaml', 'default'); - await k8sDeleteFile('logs-workload.yaml', 'kyma-system'); - await k8sDeleteFile('secret-trace-endpoint.yaml', 'default'); -} - -describe('Telemetry Operator', function() { - const testStartTimestamp = new Date().toISOString(); - const defaultRetryDelayMs = 1000; - const defaultRetries = 5; - before('Prepare environment, expose Grafana', async function() { - await prepareEnvironment(); - await exposeGrafana(); - }); - - after('Clean environment, unexpose Grafana', async function() { - await cleanEnvironment(); - await unexposeGrafana(); - }); - - it('Should be ready', async function() { - const podRes = await k8sCoreV1Api.listNamespacedPod( - 'kyma-system', - 'true', - undefined, - undefined, - undefined, - 'control-plane=telemetry-operator', - ); - const podList = podRes.body.items; - assert.equal(podList.length, 1); - - const epRes = await k8sCoreV1Api.listNamespacedEndpoints( - 'kyma-system', - 'true', - undefined, - undefined, - undefined, - 'control-plane=telemetry-operator', - ); - const epList = epRes.body.items; - assert.equal(epList.length, 2); - assert.isNotEmpty(epList[0].subsets); - assert.isNotEmpty(epList[0].subsets[0].addresses); - }); - - context('Configurable Logging', function() { - context('Custom Loki LogPipeline', function() { - it('Should be \'Running\'', async function() { - await waitForLogPipelineStatusRunning('loki-test'); - }); - - it('Should push system logs to Loki', async function() { - const labels = '{namespace="kyma-system", job="telemetry-fluent-bit"}'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp, 10); - assert.isTrue(logsPresent, 'No logs present in Loki with namespace="kyma-system"'); - }); - }); - - context('Webhook', function() { - it('Should reject LogPipeline with unknown custom filter', async function() { - const pipeline = loadTestData('logpipeline-custom-filter-unknown.yaml'); - - try { - await retryWithDelayForErrorCode((r) => k8sApply(pipeline), defaultRetryDelayMs, defaultRetries, 403); - await k8sDelete(pipeline); - assert.fail('Should not be able to apply a LogPipeline with an unknown custom filter'); - } catch (e) { - assert.equal(e.statusCode, 403); - expect(e.body.message).to.have.string('denied the request'); - const errMsg = 'section \'abc\' tried to instance a plugin name that don\'t exists'; - expect(e.body.message).to.have.string(errMsg); - } - }); - - it('Should reject LogPipeline with denied custom filter', async function() { - const pipeline = loadTestData('logpipeline-custom-filter-denied.yaml'); - - try { - await retryWithDelayForErrorCode((r) => k8sApply(pipeline), defaultRetryDelayMs, defaultRetries, 403); - await k8sDelete(pipeline); - assert.fail('Should not be able to apply a LogPipeline with a denied custom filter'); - } catch (e) { - assert.equal(e.statusCode, 403); - expect(e.body.message).to.have.string('denied the request'); - const errMsg = 'plugin \'kubernetes\' is forbidden'; - expect(e.body.message).to.have.string(errMsg); - } - }); - }); - - context('LogParser', function() { - const parser = loadTestData('logparser-regex.yaml'); - const parserName = parser[0].metadata.name; - - it(`Should create LogParser '${parserName}'`, async function() { - await retryWithDelay( (r)=> k8sApply(parser), defaultRetryDelayMs, defaultRetries); - }); - - it('Should parse the logs using regex', async function() { - try { - const labels = '{namespace="default"}|json|pass="bar"|user="foo"'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(logsPresent, 'No parsed logs present in Loki'); - } catch (e) { - assert.fail(e); - } - }); - - it(`Should delete LogParser '${parserName}'`, async function() { - await k8sDelete(parser); - }); - }); - - context('LogPipeline', function() { - context('HTTP Output', function() { - const backend1Secret = loadTestData('http-backend-1-secret.yaml'); - const backend1Host = backend1Secret[0].stringData.host; - const backend2Secret = loadTestData('http-backend-2-secret.yaml'); - const backend2Host = backend2Secret[0].stringData.host; - - it(`Should create host secret with host set to '${backend1Host}'`, async function() { - await k8sApply(loadTestData('http-backend-1-secret.yaml')); - }); - - const pipeline = loadTestData('logpipeline-output-http.yaml'); - const pipelineName = pipeline[0].metadata.name; - - it(`Should create LogPipeline '${pipelineName}'`, async function() { - await k8sApply(pipeline); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should push logs to '${backend1Host}'`, async function() { - const labels = '{namespace="http-backend-1"}'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(logsPresent, 'No logs received by mockserver present in Loki'); - }); - - it(`Should update host secret with host set to '${backend2Host}'`, async function() { - await k8sApply(loadTestData('http-backend-2-secret.yaml')); - await sleep(5000); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should detect secret update and push logs to '${backend2Host}'`, async function() { - const labels = '{namespace="http-backend-2"}'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(logsPresent, 'No logs received by mockserver present in Loki'); - }); - - it(`Should delete LogPipeline '${pipelineName}'`, async function() { - await k8sDelete(pipeline); - }); - }); - - context('Custom Output', function() { - const backend1Secret = loadTestData('http-backend-1-secret.yaml'); - const backend1Host = backend1Secret[0].stringData.host; - const backend2Secret = loadTestData('http-backend-2-secret.yaml'); - const backend2Host = backend2Secret[0].stringData.host; - - it(`Should create host secret with host set to '${backend1Host}'`, async function() { - await k8sApply(loadTestData('http-backend-1-secret.yaml')); - }); - - const pipeline = loadTestData('logpipeline-output-custom.yaml'); - const pipelineName = pipeline[0].metadata.name; - - it(`Should create LogPipeline '${pipelineName}'`, async function() { - await retryWithDelay( (r) => k8sApply(pipeline), defaultRetryDelayMs, defaultRetries); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should push logs to '${backend1Host}'`, async function() { - const labels = '{namespace="http-backend-1"}'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(logsPresent, 'No logs received by mockserver present in Loki'); - }); - - it(`Should update host secret with host set to '${backend2Host}'`, async function() { - await k8sApply(loadTestData('http-backend-2-secret.yaml')); - await sleep(5000); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should detect secret update and push logs to '${backend2Host}'`, async function() { - const labels = '{namespace="http-backend-2"}'; - const logsPresent = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(logsPresent, 'No logs received by mockserver present in Loki'); - }); - - it(`Should delete LogPipeline '${pipelineName}'`, async function() { - await k8sDelete(pipeline); - }); - }); - - context('Input', function() { - context('Drop annotations, keep labels', function() { - const pipeline = loadTestData('logpipeline-input-keep-labels.yaml'); - const pipelineName = pipeline[0].metadata.name; - - it(`Should create LogPipeline '${pipelineName}'`, async function() { - await k8sApply(pipeline); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should push only labels to Loki`, async function() { - const labels = '{job="drop-annotations-keep-labels-telemetry-fluent-bit", container="flog"}'; - const found = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(found, `No logs in Loki with labels: ${labels}`); - - const responseBody = await queryLoki(labels, testStartTimestamp); - const entry = JSON.parse(responseBody.data.result[0].values[0][1]); - assert.hasAnyKeys(entry, 'kubernetes', `No kubernetes metadata in ${entry}`); - const k8smeta = entry['kubernetes']; - assert.doesNotHaveAnyKeys(k8smeta, 'annotations', `Annotations found in ${JSON.stringify(k8smeta)}`); - assert.hasAnyKeys(k8smeta, 'labels', `No labels in ${JSON.stringify(k8smeta)}`); - }); - - it(`Should delete LogPipeline '${pipelineName}'`, async function() { - await k8sDelete(pipeline); - }); - }); - - context('Keep annotations, drop labels', function() { - const pipeline = loadTestData('logpipeline-input-drop-labels.yaml'); - const pipelineName = pipeline[0].metadata.name; - - it(`Should create LogPipeline '${pipelineName}'`, async function() { - await retryWithDelay( (r) => k8sApply(pipeline), defaultRetryDelayMs, defaultRetries); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should push only annotations to Loki`, async function() { - const labels = '{job="keep-annotations-drop-labels-telemetry-fluent-bit", container="flog"}'; - const found = await logsPresentInLoki(labels, testStartTimestamp); - assert.isTrue(found, `No logs in Loki with labels: ${labels}`); - - const responseBody = await queryLoki(labels, testStartTimestamp); - const entry = JSON.parse(responseBody.data.result[0].values[0][1]); - assert.hasAnyKeys(entry, 'kubernetes', `No kubernetes metadata in ${entry}`); - const k8smeta = entry['kubernetes']; - assert.doesNotHaveAnyKeys(k8smeta, 'labels', `Labels found in ${JSON.stringify(k8smeta)}`); - assert.hasAnyKeys(k8smeta, 'annotations', `No annotations in ${JSON.stringify(k8smeta)}`); - }); - - it(`Should delete LogPipeline '${pipelineName}'`, async function() { - await k8sDelete(pipeline); - }); - }); - - context('Containers Exclude', function() { - const pipeline = loadTestData('logpipeline-input-containers-exclude.yaml'); - const pipelineName = pipeline[0].metadata.name; - - it(`Should create LogPipeline '${pipelineName}'`, async function() { - await k8sApply(pipeline); - await waitForLogPipelineStatusRunning(pipelineName); - }); - - it(`Should not push any system logs to Loki`, async function() { - const labels = '{namespace="kyma-system", job="exclude-istio-proxy-telemetry-fluent-bit"}'; - const logsFound = await logsPresentInLoki(labels, testStartTimestamp, 3); - assert.isFalse(logsFound, `No logs must present in Loki for labels: ${labels}`); - }); - - it(`Should not push any istio-proxy logs to Loki`, async function() { - const labels = '{container="istio-proxy", job="exclude-istio-proxy-telemetry-fluent-bit"}'; - const logsFound = await logsPresentInLoki(labels, testStartTimestamp, 3); - assert.isFalse(logsFound, `No logs must present in Loki for labels: ${labels}`); - }); - - it(`Should delete LogPipeline '${pipelineName}'`, async function() { - await k8sDelete(pipeline); - }); - }); - }); - }); - }); - - context('Configurable Tracing', function() { - context('Configurable Tracing', function() { - context('TracePipeline', function() { - const jaeger = loadTestData('tracepipeline-jaeger.yaml'); - const firstPipeline = loadTestData('tracepipeline-output-otlp-secret-ref-1.yaml'); - const firstPipelineName = firstPipeline[0].metadata.name; - - it(`Should clean up TracePipeline jaeger`, async function() { - await k8sDelete(jaeger); - }); - - it(`Should create TracePipeline '${firstPipelineName}'`, async function() { - await k8sApply(firstPipeline); - await waitForTracePipeline(firstPipelineName); - }); - - it('Should be \'Running\'', async function() { - await waitForTracePipelineStatusRunning(firstPipelineName); - }); - - it('Should have ready trace collector pods', async () => { - await waitForPodWithLabel('app.kubernetes.io/name', 'telemetry-trace-collector', 'kyma-system'); - }); - - it('Should have created telemetry-trace-collector secret', async () => { - const secret = await getSecret('telemetry-trace-collector', 'kyma-system'); - assert.equal(secret.data.OTLP_ENDPOINT_OTLP_OUTPUT_ENDPOINT_SECRET_REF_1, 'aHR0cDovL25vLWVuZHBvaW50'); - }); - - it(`Should reflect secret ref change in telemetry-trace-collector secret and pod restart`, async function() { - const podRes = await k8sCoreV1Api.listNamespacedPod( - 'kyma-system', - 'true', - undefined, - undefined, - undefined, - 'app.kubernetes.io/name=telemetry-trace-collector', - ); - const podList = podRes.body.items; - - await k8sApply(loadTestData('secret-patched-trace-endpoint.yaml'), 'default'); - await sleep(5*1000); - const secret = await getSecret('telemetry-trace-collector', 'kyma-system'); - assert.equal(secret.data.OTLP_ENDPOINT_OTLP_OUTPUT_ENDPOINT_SECRET_REF_1, 'aHR0cDovL2Fub3RoZXItZW5kcG9pbnQ='); - - const newPodRes = await k8sCoreV1Api.listNamespacedPod( - 'kyma-system', - 'true', - undefined, - undefined, - undefined, - 'app.kubernetes.io/name=telemetry-trace-collector', - ); - const newPodList = newPodRes.body.items; - assert.notDeepEqual( - newPodList, - podList, - 'telemetry-trace-collector has not been restarted after Secret change', - ); - }); - - it(`Should delete first TracePipeline '${firstPipeline}'`, async function() { - await k8sDelete(firstPipeline); - }); - }); - - context('Debuggability', function() { - const overrideConfig = loadTestData('override-config.yaml'); - const pipeline = loadTestData('tracepipeline-output-otlp.yaml'); - const pipelineName = pipeline[0].metadata.name; - it(`Creates a tracepipeline`, async function() { - await k8sApply(pipeline); - await waitForTracePipeline(pipelineName); - await waitForTracePipelineStatusRunning(pipelineName); - }); - - it('Should have created telemetry-trace-collector secret', async () => { - const secret = await getSecret('telemetry-trace-collector', 'kyma-system'); - assert.equal(fromBase64(secret.data.OTLP_ENDPOINT_TEST_TRACE), 'http://foo-bar'); - }); - - it(`Should create override configmap with paused flag`, async function() { - await retryWithDelay( (r) => k8sApply(overrideConfig), defaultRetryDelayMs, defaultRetries); - await waitForConfigMap('telemetry-override-config', 'kyma-system'); - }); - - it(`Tries to change the otlp endpoint`, async function() { - await sleep(5*1000); - pipeline[0].spec.output.otlp.endpoint.value = 'http://another-foo'; - await retryWithDelay( (r) => k8sApply(pipeline), defaultRetryDelayMs, defaultRetries); - }); - - it(`Should not change the OTLP endpoint in the telemetry-trace-collector secret in paused state`, async () => { - await sleep(5*1000); - const secret = await getSecret('telemetry-trace-collector', 'kyma-system'); - assert.equal(fromBase64(secret.data.OTLP_ENDPOINT_TEST_TRACE), 'http://foo-bar'); - }); - - it(`Deletes the override configmap`, async function() { - await k8sDelete(overrideConfig); - }); - - it(`Tries to change the otlp endpoint again`, async function() { - await sleep(10*1000); - pipeline[0].spec.output.otlp.endpoint.value = 'http://another-foo-bar'; - await k8sApply(pipeline); - await waitForTracePipeline(pipelineName); - await waitForTracePipelineStatusRunning(pipelineName); - }); - - it(`Should now change the OTLP endpoint in the telemetry-trace-collector secret`, async function() { - await sleep(5*1000); - const secret = await getSecret('telemetry-trace-collector', 'kyma-system'); - assert.equal(fromBase64(secret.data.OTLP_ENDPOINT_TEST_TRACE), 'http://another-foo-bar'); - }); - - it(`Should delete TracePipeline`, async function() { - await k8sDelete(pipeline); - }); - }); - - context('Filter Processor', function() { - const testApp = loadTestData('tracepipeline-test-app.yaml'); - const testAppIstioPatch = loadTestData('tracepipeline-test-istio-telemetry-patch.yaml'); - - it(`Should create test app`, async function() { - const kymaGateway = await getGateway('kyma-system', 'kyma-gateway'); - let kymaHostUrl = kymaGateway.spec.servers[0].hosts[0]; - kymaHostUrl = kymaHostUrl.replace('*', 'tracing-test-app'); - for (const resource of testApp ) { - if (resource.kind == 'VirtualService') { - resource.spec.hosts[0] = kymaHostUrl; - } - } - await retryWithDelay( (r) => k8sApply(testApp), defaultRetryDelayMs, defaultRetries); - await retryWithDelay( (r) =>k8sApply(testAppIstioPatch), defaultRetryDelayMs, defaultRetries); - await waitForPodWithLabel('app', 'tracing-test-app', 'tracing-test'); - }); - - it(`Should call test app and produce spans`, async function() { - for (let i=0; i < 10; i++) { - await retryWithDelay(callTracingTestApp, defaultRetryDelayMs, defaultRetries); - await sleep(500); - } - }); - - it(`Should filter out noisy spans`, async function() { - const services = await retryWithDelay(async function() { - const services = await getJaegerServices(); - if (services.data.length > 0) { - return services; - } - - throw services; - }, defaultRetryDelayMs, defaultRetries); - assert.isFalse(services.data.includes('grafana.kyma-system'), 'spans are present for grafana'); - assert.isFalse(services.data.includes('telemetry-fluent-bit.kyma-system'), - 'spans are present for fluent-bit'); - assert.isFalse(services.data.includes('loki.kyma-system'), 'spans are present for loki'); - }); - - it(`Should find test spans`, async function() { - const testAppTraces = await retryWithDelay( async (r) => { - const testAppTraces = await getJaegerTracesForService('tracing-test-app', 'tracing-test'); - if (testAppTraces.data.length > 0) { - return testAppTraces; - } - - throw testAppTraces; - }, defaultRetryDelayMs, 20); - assert.isTrue(testAppTraces.data.length > 0, 'No spans present for test application "tracing-test-app"'); - }); - - it(`Should delete test setup`, async function() { - testAppIstioPatch[0].spec.tracing[0].randomSamplingPercentage = 1; - await k8sApply(testAppIstioPatch); - await k8sDelete(testApp); - }); - }); - }); - }); -}); - -const wait = (ms) => new Promise((resolve) => { - setTimeout(() => resolve(), ms); -}); - -const retryWithDelay = (operation, delay, retries) => new Promise((resolve, reject) => { - return operation() - .then(resolve) - .catch((reason) => { - if (retries > 0) { - return wait(delay) - .then(retryWithDelay.bind(null, operation, delay, retries - 1)) - .then(resolve) - .catch(reject); - } - return reject(reason); - }); -}); - -const retryWithDelayForErrorCode = (operation, delay, retries, expectedErrorCode) => new Promise((resolve, reject) => { - return operation() - .then(resolve) - .catch((reason) => { - if (reason.statusCode !== undefined && reason.statusCode === expectedErrorCode) { - return reject(reason); - } - if (retries > 0) { - return wait(delay) - .then(retryWithDelay.bind(null, operation, delay, retries - 1, expectedErrorCode)) - .then(resolve) - .catch(reject); - } - return reject(reason); - }); -}); diff --git a/tests/fast-integration/telemetry-test/testdata/http-backend-1-secret.yaml b/tests/fast-integration/telemetry-test/testdata/http-backend-1-secret.yaml deleted file mode 100644 index b489eb064c0b..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/http-backend-1-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: http-backend - namespace: default -type: Opaque -stringData: - host: mockserver.http-backend-1.svc.cluster.local diff --git a/tests/fast-integration/telemetry-test/testdata/http-backend-2-secret.yaml b/tests/fast-integration/telemetry-test/testdata/http-backend-2-secret.yaml deleted file mode 100644 index 6ffbba41b4f4..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/http-backend-2-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: http-backend - namespace: default -type: Opaque -stringData: - host: mockserver.http-backend-2.svc.cluster.local diff --git a/tests/fast-integration/telemetry-test/testdata/http-backend-namespaces.yaml b/tests/fast-integration/telemetry-test/testdata/http-backend-namespaces.yaml deleted file mode 100644 index 2121138e9b3b..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/http-backend-namespaces.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: http-backend-1 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: http-backend-2 diff --git a/tests/fast-integration/telemetry-test/testdata/http-backend.yaml b/tests/fast-integration/telemetry-test/testdata/http-backend.yaml deleted file mode 100644 index 6032dc2d899f..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/http-backend.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: mockserver - name: mockserver -spec: - replicas: 1 - selector: - matchLabels: - app: mockserver - template: - metadata: - labels: - app: mockserver - name: mockserver - spec: - containers: - - args: - - -i http - - -o stdout - - -q - image: europe-docker.pkg.dev/kyma-project/prod/tpi/fluent-bit:2.1.8-da21e9f9 - livenessProbe: - tcpSocket: - port: serviceport - name: mockserver - ports: - - containerPort: 9880 - name: serviceport - protocol: TCP - readinessProbe: - tcpSocket: - port: serviceport ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: mockserver - name: mockserver -spec: - ports: - - name: serviceport - port: 9880 - protocol: TCP - targetPort: serviceport - selector: - app: mockserver diff --git a/tests/fast-integration/telemetry-test/testdata/logparser-regex.yaml b/tests/fast-integration/telemetry-test/testdata/logparser-regex.yaml deleted file mode 100644 index e4047ed8311d..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logparser-regex.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogParser -metadata: - name: my-regex-parser -spec: - parser: | - Format regex - Regex ^(?[^ ]*) (?[^ ]*)$ - Time_Key time - Time_Format %d/%b/%Y:%H:%M:%S %z - Types user:string pass:string diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-denied.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-denied.yaml deleted file mode 100644 index 188193814e5d..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-denied.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: kubernetes-custom-filter -spec: - filters: - - custom: | - Name kubernetes - output: - grafana-loki: - url: - value: "http://logging-loki-test:3100/loki/api/v1/push" - labels: - "job": "telemetry-fluent-bit" - removeKeys: ["kubernetes", "stream"] diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-unknown.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-unknown.yaml deleted file mode 100644 index 7dfefeaa35b8..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-custom-filter-unknown.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: logpipeline-test -spec: - filters: - - custom: | - Name abc - output: - custom: | - Name null - files: [] diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-containers-exclude.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-input-containers-exclude.yaml deleted file mode 100644 index 8bc4a052d1ee..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-containers-exclude.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: exclude-istio-proxy -spec: - input: - application: - containers: - exclude: - - istio-proxy - output: - grafana-loki: - url: - value: "http://logging-loki-test:3100/loki/api/v1/push" - labels: - "job": "exclude-istio-proxy-telemetry-fluent-bit" - removeKeys: ["stream"] diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-drop-labels.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-input-drop-labels.yaml deleted file mode 100644 index 040388c6ccd7..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-drop-labels.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: loki-keep-annotations-drop-labels -spec: - input: - application: - namespaces: - system: true - keepAnnotations: true - dropLabels: true - output: - grafana-loki: - url: - value: "http://logging-loki-test:3100/loki/api/v1/push" - labels: - "job": "keep-annotations-drop-labels-telemetry-fluent-bit" - removeKeys: ["stream"] diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-keep-labels.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-input-keep-labels.yaml deleted file mode 100644 index 5260e2c3324c..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-input-keep-labels.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: loki-drop-annotations-keep-labels -spec: - input: - application: - namespaces: - system: true - keepAnnotations: false - dropLabels: false - output: - grafana-loki: - url: - value: "http://logging-loki-test:3100/loki/api/v1/push" - labels: - "job": "drop-annotations-keep-labels-telemetry-fluent-bit" - removeKeys: ["stream"] diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-output-custom.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-output-custom.yaml deleted file mode 100644 index 92df3f493f32..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-output-custom.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kind: LogPipeline -apiVersion: telemetry.kyma-project.io/v1alpha1 -metadata: - name: custom-output -spec: - output: - custom: | - name http - port 9880 - host ${ENDPOINT} - variables: - - name: ENDPOINT - valueFrom: - secretKeyRef: - name: http-backend - namespace: default - key: host diff --git a/tests/fast-integration/telemetry-test/testdata/logpipeline-output-http.yaml b/tests/fast-integration/telemetry-test/testdata/logpipeline-output-http.yaml deleted file mode 100644 index 60d542cde2de..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logpipeline-output-http.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: output-http -spec: - output: - http: - host: - valueFrom: - secretKeyRef: - name: http-backend - namespace: default - key: host - port: "9880" - tls: - disabled: true - skipCertificateValidation: true diff --git a/tests/fast-integration/telemetry-test/testdata/logs-workload.yaml b/tests/fast-integration/telemetry-test/testdata/logs-workload.yaml deleted file mode 100644 index c78d3d8d5da2..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/logs-workload.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: log-spammer - annotations: - key : "value" - labels: - key : "value" -spec: - containers: - - image: mingrammer/flog - args: - - -b=100 - - -f=json - - -l - name: flog - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 50m - memory: 200Mi -status: {} diff --git a/tests/fast-integration/telemetry-test/testdata/override-config.yaml b/tests/fast-integration/telemetry-test/testdata/override-config.yaml deleted file mode 100644 index 311d741e9b14..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/override-config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: telemetry-override-config - namespace: kyma-system -data: - override-config: | - global: - logLevel: debug - tracing: - paused: true diff --git a/tests/fast-integration/telemetry-test/testdata/regex-filter-deployment.yaml b/tests/fast-integration/telemetry-test/testdata/regex-filter-deployment.yaml deleted file mode 100644 index 12dc3ed4d4ca..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/regex-filter-deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: regex-parser-testing-service - namespace: default - labels: - app: regex-parser-testing-service - example: regex-parser-testing-service -spec: - replicas: 1 - selector: - matchLabels: - app: regex-parser-testing-service - example: regex-parser-testing-service - template: - metadata: - labels: - app: regex-parser-testing-service - example: regex-parser-testing-service - annotations: - fluentbit.io/parser: my-regex-parser - spec: - containers: - - name: regex-parser-testing-service - image: "alpine:3.17.2" - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - | - while true - do - echo "foo bar" - sleep 10 - done - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 10m - memory: 16Mi diff --git a/tests/fast-integration/telemetry-test/testdata/secret-patched-trace-endpoint.yaml b/tests/fast-integration/telemetry-test/testdata/secret-patched-trace-endpoint.yaml deleted file mode 100644 index 23c70f9c9e83..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/secret-patched-trace-endpoint.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: some-endpoint-secret -type: Opaque -data: - ENDPOINT: aHR0cDovL2Fub3RoZXItZW5kcG9pbnQ= \ No newline at end of file diff --git a/tests/fast-integration/telemetry-test/testdata/secret-trace-endpoint.yaml b/tests/fast-integration/telemetry-test/testdata/secret-trace-endpoint.yaml deleted file mode 100644 index 6c5843b2ee1a..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/secret-trace-endpoint.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: some-endpoint-secret -type: Opaque -data: - ENDPOINT: aHR0cDovL25vLWVuZHBvaW50 \ No newline at end of file diff --git a/tests/fast-integration/telemetry-test/testdata/tracepipeline-jaeger.yaml b/tests/fast-integration/telemetry-test/testdata/tracepipeline-jaeger.yaml deleted file mode 100644 index 6d4e4ac5cebe..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/tracepipeline-jaeger.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: TracePipeline -metadata: - name: jaeger -spec: - output: - otlp: - endpoint: - value: http://tracing-jaeger-collector.default.svc.cluster.local:4317 \ No newline at end of file diff --git a/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp-secret-ref-1.yaml b/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp-secret-ref-1.yaml deleted file mode 100644 index 35d94b36ab3c..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp-secret-ref-1.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: TracePipeline -metadata: - name: otlp-output-endpoint-secret-ref-1 -spec: - output: - otlp: - endpoint: - valueFrom: - secretKeyRef: - name: some-endpoint-secret - namespace: default - key: ENDPOINT diff --git a/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp.yaml b/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp.yaml deleted file mode 100644 index 78cee2e599ec..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/tracepipeline-output-otlp.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: TracePipeline -metadata: - name: test-trace -spec: - output: - otlp: - endpoint: - value: http://foo-bar \ No newline at end of file diff --git a/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-app.yaml b/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-app.yaml deleted file mode 100644 index 19c8ff9c2958..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-app.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tracing-test ---- - -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: TracePipeline -metadata: - name: test-app-trace -spec: - output: - otlp: - endpoint: - value: http://tracing-jaeger-collector.default.svc.cluster.local:4317 - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: tracing-test - name: tracing-test-app - labels: - app: tracing-test-app - annotations: - sidecar.istio.io/inject: "true" -spec: - selector: - matchLabels: - app: tracing-test-app - replicas: 1 - template: - metadata: - labels: - app: tracing-test-app - annotations: - sidecar.istio.io/inject: "true" - spec: - containers: - - name: nginx - image: nginx:1.14.2 - ports: - - containerPort: 80 ---- - -apiVersion: v1 -kind: Service -metadata: - namespace: tracing-test - labels: - app: tracing-test-app - name: tracing-test-app -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: tracing-test-app - type: ClusterIP - ---- -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - namespace: tracing-test - labels: - app: tracing-test-app - name: tracing-test-app -spec: - gateways: - - kyma-system/kyma-gateway - hosts: - - - http: - - route: - - destination: - host: tracing-test-app - port: - number: 80 - - diff --git a/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-istio-telemetry-patch.yaml b/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-istio-telemetry-patch.yaml deleted file mode 100644 index d3cb919e801c..000000000000 --- a/tests/fast-integration/telemetry-test/testdata/tracepipeline-test-istio-telemetry-patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: telemetry.istio.io/v1alpha1 -kind: Telemetry -metadata: - name: kyma-traces - namespace: istio-system -spec: - tracing: - - providers: - - name: kyma-traces - randomSamplingPercentage: 100 diff --git a/tests/fast-integration/test/1-commerce-mock.js b/tests/fast-integration/test/1-commerce-mock.js index 7b7d9471464b..d659ae28f55c 100644 --- a/tests/fast-integration/test/1-commerce-mock.js +++ b/tests/fast-integration/test/1-commerce-mock.js @@ -12,13 +12,11 @@ const { printRestartReport, getContainerRestartsForAllNamespaces, } = require('../utils'); -const loki = require('../logging'); function commerceMockTests(testNamespace) { describe('CommerceMock Tests:', function() { this.timeout(10 * 60 * 1000); this.slow(5000); - const testStartTimestamp = new Date().toISOString(); let initialRestarts = null; it('Listing all pods in cluster', async function() { @@ -37,10 +35,6 @@ function commerceMockTests(testNamespace) { const afterTestRestarts = await getContainerRestartsForAllNamespaces(); printRestartReport(initialRestarts, afterTestRestarts); }); - - it('Logs from commerce mock pod should be retrieved through Loki', async function() { - await loki.checkCommerceMockLogs(testStartTimestamp); - }); }); } diff --git a/tests/fast-integration/test/fixtures/commerce-mock/commerce-mock.yaml b/tests/fast-integration/test/fixtures/commerce-mock/commerce-mock.yaml index 7aa685daa2aa..c2a9e0ff1b33 100644 --- a/tests/fast-integration/test/fixtures/commerce-mock/commerce-mock.yaml +++ b/tests/fast-integration/test/fixtures/commerce-mock/commerce-mock.yaml @@ -72,13 +72,14 @@ spec: selector: app: commerce-mock --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: commerce-mock namespace: %%MOCK_NAMESPACE%% spec: gateway: kyma-gateway.kyma-system.svc.cluster.local + host: commerce-%%MOCK_NAMESPACE%% rules: - accessStrategies: - config: {} @@ -86,6 +87,5 @@ spec: methods: ["*"] path: /.* service: - host: commerce-%%MOCK_NAMESPACE%% name: commerce-mock port: 10000 diff --git a/tests/fast-integration/test/fixtures/commerce-mock/index.js b/tests/fast-integration/test/fixtures/commerce-mock/index.js index 1d23c543860f..b8a8338157e1 100644 --- a/tests/fast-integration/test/fixtures/commerce-mock/index.js +++ b/tests/fast-integration/test/fixtures/commerce-mock/index.js @@ -1,7 +1,7 @@ const k8s = require('@kubernetes/client-node'); const fs = require('fs'); const path = require('path'); -const {expect, assert} = require('chai'); +const {expect} = require('chai'); const https = require('https'); const axios = require('axios').default; const crypto = require('crypto'); @@ -32,9 +32,7 @@ const { eventingSubscriptionV1Alpha2, k8sDelete, namespaceObj, - getTraceDAG, printStatusOfInClusterEventingInfrastructure, - deployJaeger, deployLoki, } = require('../../../utils'); const { @@ -46,8 +44,6 @@ const { unassignRuntimeFromScenario, } = require('../../../compass'); -const {getJaegerTrace} = require('../../../tracing/client'); - const {bebBackend, getEventMeshNamespace} = require('../../../eventing-test/common/common'); const commerceMockYaml = fs.readFileSync( @@ -71,20 +67,6 @@ const lastorderFunctionYaml = fs.readFileSync( }, ); -const jaegerYaml = fs.readFileSync( - path.join(__dirname, '../jaeger/jaeger.yaml'), - { - encoding: 'utf8', - }, -); - -const lokiYaml = fs.readFileSync( - path.join(__dirname, '../loki/loki.yaml'), - { - encoding: 'utf8', - }, -); - const eventTypeOrderCompleted = 'order.completed.v1'; const uncleanEventType = 'Order-$.Final.R-e-c-e-i-v-e-d.v1'; const fullyQualifiedEventType = 'sap.kyma.custom.inapp.order.completed.v2'; @@ -250,180 +232,6 @@ async function sendCloudEventBinaryModeAndCheckResponse(backendType = 'nats', mo return await sendEventAndCheckResponse('cloud event binary', body, params, mockNamespace); } -async function getTraceId(data) { - // Extract traceId from response - // Second part of traceparent header contains trace-id. See https://www.w3.org/TR/trace-context/#traceparent-header - const traceParent = data.event.headers['traceparent']; - debug(`Traceparent header is: ${traceParent}`); - let traceId; - if (traceParent == null) { - debug('traceID using traceparent is not present. Trying to fetch traceID using b3'); - traceId = data.event.headers['x-b3-traceid']; - assert.isNotEmpty(traceId, 'neither traceparent or b3 header is present in the response header'); - } else { - traceId = data.event.headers['traceparent'].split('-')[1]; - } - debug(`got the traceId: ${traceId}`); - return traceId; -} - -async function checkEventTracing(targetNamespace = 'test', res) { - expect(res.data).to.have.nested.property('event.headers.traceparent'); - expect(res.data).to.have.nested.property('podName'); - - // Extract traceId from response - const traceId = getTraceId(res.data); - - // Define expected trace data - const correctTraceProcessSequence = [ - 'istio-ingressgateway.istio-system', - 'central-application-connectivity-validator.kyma-system', - 'central-application-connectivity-validator.kyma-system', - 'eventing-publisher-proxy.kyma-system', - 'eventing-controller.kyma-system', - `lastorder-${res.data.podName.split('-')[1]}.${targetNamespace}`, - ]; - // wait some time for jaeger to complete tracing data - await sleep(10 * 1000); - await checkTrace(traceId, correctTraceProcessSequence); -} - -async function sendLegacyEventAndCheckTracing(targetNamespace = 'test', mockNamespace = 'mocks') { - // Send an event and get it back from the lastorder function - const res = await sendLegacyEventAndCheckResponse(mockNamespace); - - // Check the correct event tracing - await checkEventTracing(targetNamespace, res); -} - -async function sendCloudEventStructuredModeAndCheckTracing(targetNamespace = 'test', mockNamespace = 'mocks') { - // Send an event and get it back from the lastorder function - const res = await sendCloudEventStructuredModeAndCheckResponse(mockNamespace); - - // Check the correct event tracing - await checkEventTracing(targetNamespace, res); -} - -async function sendCloudEventBinaryModeAndCheckTracing(targetNamespace = 'test', mockNamespace = 'mocks') { - // Send an event and get it back from the lastorder function - const res = await sendCloudEventBinaryModeAndCheckResponse(mockNamespace); - - // Check the correct event tracing - await checkEventTracing(targetNamespace, res); -} - -async function checkInClusterEventTracing(targetNamespace) { - const res = await checkInClusterEventDeliveryHelper(targetNamespace, 'structured'); - expect(res.data).to.have.nested.property('event.headers.traceparent'); - expect(res.data).to.have.nested.property('podName'); - - const traceId = await getTraceId(res.data); - - // Define expected trace data - const correctTraceProcessSequence = [ - // We are sending the in-cluster event from inside the lastorder pod - 'istio-ingressgateway.istio-system', - `lastorder-${res.data.podName.split('-')[1]}.${targetNamespace}`, - 'eventing-publisher-proxy.kyma-system', - 'eventing-controller.kyma-system', - `lastorder-${res.data.podName.split('-')[1]}.${targetNamespace}`, - ]; - - // wait sometime for jaeger to complete tracing data. - // Arrival of traces might be delayed by otel-collectors batch timeout. - await sleep(20_000); - await checkTrace(traceId, correctTraceProcessSequence); -} - -async function checkTrace(traceId, expectedTraceProcessSequence) { - const traceRes = await getJaegerTrace(traceId); - - // log the expected trace - debug('expected spans:'); - for (let i = 0; i < expectedTraceProcessSequence.length; i++) { - debug(`${buildLevel(i)} ${expectedTraceProcessSequence[i]}`); - } - - // the trace response should have data for single trace - expect(traceRes.data).to.have.length(1); - - // extract trace data from response - const traceData = traceRes.data[0]; - expect(traceData['spans'].length).to.be.gte(expectedTraceProcessSequence.length); - - // generate DAG for trace spans - const traceDAG = await getTraceDAG(traceData); - expect(traceDAG).to.have.length(1); - - // log the actual trace - debug('actual spans:'); - logSpansGraph(0, traceDAG[0], traceData); - - // searching through the trace-graph for the expected span sequence staring at the root element - debug('trying to match expected and actual'); - expect(findSpanSequence(expectedTraceProcessSequence, 0, traceDAG[0], traceData, 0)).to.be.true; -} - -function logSpansGraph(position, currentSpan, traceData) { - const actualSpan = traceData.processes[currentSpan.processID].serviceName; - debug(`${buildLevel(position)} ${actualSpan}`); - - const newPosition = position +1; - for (let i = 0; i < currentSpan.childSpans.length; i++) { - logSpansGraph(newPosition, currentSpan.childSpans[i], traceData); - } -} - -// findSpanSequence recursively searches through the trace-graph to find all expected spans in the right, consecutive -// order while ignoring the spans that are not expected. -function findSpanSequence(expectedSpans, position, currentSpan, traceData, numberFound) { - // validate if the actual span is the expected span - const actualSpan = traceData.processes[currentSpan.processID].serviceName; - const expectedSpan = expectedSpans[numberFound]; - const debugMsg = `${buildLevel(position)} ${actualSpan}`; - - // if this span contains the currently expected span, the position will be increased - if (actualSpan === expectedSpan) { - numberFound++; - debug(debugMsg); - } else { - debug(`${debugMsg} [expected ${expectedSpan}, continue to search]`); - } - - // check if all traces have been found yet - if (numberFound === expectedSpans.length) { - return true; - } - - // recursive search through all the child spans - for (let i = 0; i < currentSpan.childSpans.length; i++) { - if (findSpanSequence(expectedSpans, position +1, currentSpan.childSpans[i], traceData, numberFound)) { - return true; - } - } - - // if nothing was found on this branch of the graph, close it - return false; -} - -// buildLevel helps to display trace hierarchy by adding a whitespace for each level of hierarchy in front of the trace -// to get output like -// -> myTrace -// └> myChildTrace -// └> ChildOfMyChildTrace -// ... -function buildLevel(n) { - if (n === 0) { - return ' ->'; - } - - let level = ''; - for (let i = 0; i < n+1; i++) { - level += ' '; - } - return `${level} └>`; -} - async function addService() { const vs = await waitForVirtualService('mocks', 'commerce-mock'); const mockHost = vs.spec.hosts[0]; @@ -717,8 +525,6 @@ async function provisionCommerceMockResources(appName, mockNamespace, targetName targetNamespace), ]), 1000, 10); await waitForDeployment('commerce-mock', mockNamespace, 120 * 1000); - await deployJaeger(k8s.loadAllYaml(jaegerYaml)); - await deployLoki(k8s.loadAllYaml(lokiYaml)); const vs = await waitForVirtualService(mockNamespace, 'commerce-mock'); const mockHost = vs.spec.hosts[0]; await retryPromise( @@ -737,7 +543,7 @@ function getResourcePaths(namespace) { return [ `/apis/serverless.kyma-project.io/v1alpha2/namespaces/${namespace}/functions`, `/apis/addons.kyma-project.io/v1alpha1/namespaces/${namespace}/addonsconfigurations`, - `/apis/gateway.kyma-project.io/v1alpha1/namespaces/${namespace}/apirules`, + `/apis/gateway.kyma-project.io/v1beta1/namespaces/${namespace}/apirules`, `/apis/apps/v1/namespaces/${namespace}/deployments`, `/api/v1/namespaces/${namespace}/services`, ]; @@ -780,11 +586,6 @@ async function waitForSubscriptions(subscriptions) { } } -async function waitForSubscriptionsTillReady(targetNamespace) { - await waitForSubscription(orderReceivedSubName, targetNamespace); - await waitForSubscription('order-created', targetNamespace); -} - async function checkInClusterEventDelivery(targetNamespace, testSubscriptionV1Alpha2=false) { await checkInClusterEventDeliveryHelper(targetNamespace, 'structured', testSubscriptionV1Alpha2); await checkInClusterEventDeliveryHelper(targetNamespace, 'binary', testSubscriptionV1Alpha2); @@ -997,19 +798,14 @@ module.exports = { sendLegacyEventAndCheckResponse, sendCloudEventStructuredModeAndCheckResponse, sendCloudEventBinaryModeAndCheckResponse, - sendLegacyEventAndCheckTracing, - sendCloudEventStructuredModeAndCheckTracing, - sendCloudEventBinaryModeAndCheckTracing, addService, updateService, deleteService, checkFunctionResponse, checkInClusterEventDelivery, checkFullyQualifiedTypeWithExactSub, - checkInClusterEventTracing, cleanMockTestFixture, deleteMockTestFixture, - waitForSubscriptionsTillReady, waitForSubscriptions, setEventMeshSourceNamespace, cleanCompassResourcesSKR, @@ -1023,5 +819,4 @@ module.exports = { eventTypeOrderReceived, orderReceivedSubName, generateTraceParentHeader, - checkTrace, }; diff --git a/tests/fast-integration/test/fixtures/commerce-mock/lastorder-function.yaml b/tests/fast-integration/test/fixtures/commerce-mock/lastorder-function.yaml index 0abd973fd2c4..98e82455d864 100644 --- a/tests/fast-integration/test/fixtures/commerce-mock/lastorder-function.yaml +++ b/tests/fast-integration/test/fixtures/commerce-mock/lastorder-function.yaml @@ -180,12 +180,13 @@ spec: scope: "read write" secretName: lastorder-oauth --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: lastorder spec: gateway: kyma-gateway.kyma-system.svc.cluster.local + host: lastorder rules: - path: /function methods: ["GET", "POST"] @@ -197,6 +198,5 @@ spec: - handler: allow config: {} service: - host: lastorder name: lastorder port: 80 diff --git a/tests/fast-integration/test/fixtures/getting-started-guide/index.js b/tests/fast-integration/test/fixtures/getting-started-guide/index.js index 23f84f3e6d7b..036561e13b89 100644 --- a/tests/fast-integration/test/fixtures/getting-started-guide/index.js +++ b/tests/fast-integration/test/fixtures/getting-started-guide/index.js @@ -130,7 +130,7 @@ async function ensureGettingStartedTestFixture() { await k8sApply([ordersServiceNamespaceObj]); await k8sApply(ordersServiceMicroserviceObj, orderService); await k8sApply(addonServiceBindingServiceInstanceObjs, orderService); - const apiRulePath = `/apis/gateway.kyma-project.io/v1alpha1/namespaces/${orderService}/apirules`; + const apiRulePath = `/apis/gateway.kyma-project.io/v1beta1/namespaces/${orderService}/apirules`; await waitForK8sObject(apiRulePath, {}, (_type, _apiObj, watchObj) => { return (watchObj.object.metadata.name == orderService && watchObj.object.status.APIRuleStatus.code == 'OK'); }, 60 * 1000, 'Waiting for APIRule to be ready timeout'); @@ -151,7 +151,7 @@ function getResourcePaths(namespace) { return [ `/apis/serverless.kyma-project.io/v1alpha2/namespaces/${namespace}/functions`, `/apis/addons.kyma-project.io/v1alpha1/namespaces/${namespace}/addonsconfigurations`, - `/apis/gateway.kyma-project.io/v1alpha1/namespaces/${namespace}/apirules`, + `/apis/gateway.kyma-project.io/v1beta1/namespaces/${namespace}/apirules`, `/apis/apps/v1/namespaces/${namespace}/deployments`, `/api/v1/namespaces/${namespace}/services`, ]; diff --git a/tests/fast-integration/test/fixtures/getting-started-guide/microservice.yaml b/tests/fast-integration/test/fixtures/getting-started-guide/microservice.yaml index ffc493267b6f..07afc225ba1e 100644 --- a/tests/fast-integration/test/fixtures/getting-started-guide/microservice.yaml +++ b/tests/fast-integration/test/fixtures/getting-started-guide/microservice.yaml @@ -54,7 +54,7 @@ spec: app: orders-service example: orders-service --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: orders-service @@ -63,8 +63,8 @@ metadata: app: orders-service example: orders-service spec: + host: orders-service service: - host: orders-service name: orders-service port: 80 gateway: kyma-gateway.kyma-system.svc.cluster.local diff --git a/tests/fast-integration/test/fixtures/getting-started-guide/xf-mocks.yaml b/tests/fast-integration/test/fixtures/getting-started-guide/xf-mocks.yaml index 4ffdd16e6547..c7700bc9802d 100644 --- a/tests/fast-integration/test/fixtures/getting-started-guide/xf-mocks.yaml +++ b/tests/fast-integration/test/fixtures/getting-started-guide/xf-mocks.yaml @@ -191,13 +191,14 @@ spec: return storage; } --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: orders-function namespace: orders-service spec: gateway: kyma-gateway.kyma-system.svc.cluster.local + host: orders-function rules: - path: /.* accessStrategies: @@ -205,7 +206,6 @@ spec: handler: noop methods: ["GET", "POST"] service: - host: orders-function name: orders-function port: 80 diff --git a/tests/fast-integration/test/fixtures/jaeger/jaeger.yaml b/tests/fast-integration/test/fixtures/jaeger/jaeger.yaml deleted file mode 100644 index 7352f87c82e8..000000000000 --- a/tests/fast-integration/test/fixtures/jaeger/jaeger.yaml +++ /dev/null @@ -1,208 +0,0 @@ -apiVersion: telemetry.istio.io/v1alpha1 -kind: Telemetry -metadata: - name: kyma-traces - namespace: istio-system -spec: - tracing: - - providers: - - name: "kyma-traces" - randomSamplingPercentage: 100 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: jaeger - app.kubernetes.io/component: service-collector - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger-collector - app.kubernetes.io/part-of: jaeger - name: tracing-jaeger-collector -spec: - ports: - - name: otlp-grpc - port: 4317 - protocol: TCP - targetPort: 4317 - - name: otlp-http - port: 4318 - protocol: TCP - targetPort: 4318 - selector: - app: jaeger - app.kubernetes.io/component: all-in-one - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger - app.kubernetes.io/part-of: jaeger ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: jaeger - app.kubernetes.io/component: service-query - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger-query - app.kubernetes.io/part-of: jaeger - name: tracing-jaeger-query -spec: - ports: - - name: http-query - port: 16686 - protocol: TCP - targetPort: 16686 - - name: grpc-query - port: 16685 - protocol: TCP - targetPort: 16685 - selector: - app: jaeger - app.kubernetes.io/component: all-in-one - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger - app.kubernetes.io/part-of: jaeger - ---- -# Source: tracing/templates/kyma-additions/grafana-datasource.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: tracing-jaeger-grafana-datasource - labels: - app.kubernetes.io/name: tracing - app.kubernetes.io/instance: jaeger - grafana_datasource: "1" -data: - jaeger-datasource.yaml: |- - apiVersion: 1 - datasources: - - name: Jaeger - type: jaeger - access: proxy - url: http://tracing-jaeger-query.default:16686 - editable: true ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jaeger - app.kubernetes.io/component: all-in-one - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger - app.kubernetes.io/part-of: jaeger - name: tracing-jaeger - namespace: default -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: jaeger - app.kubernetes.io/component: all-in-one - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger - app.kubernetes.io/part-of: jaeger - strategy: - type: Recreate - template: - metadata: - annotations: - linkerd.io/inject: disabled - prometheus.io/port: "14269" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "true" - sidecar.istio.io/rewriteAppHTTPProbers: "true" - labels: - app: jaeger - app.kubernetes.io/component: all-in-one - app.kubernetes.io/instance: tracing-jaeger - app.kubernetes.io/managed-by: jaeger-operator - app.kubernetes.io/name: tracing-jaeger - app.kubernetes.io/part-of: jaeger - spec: - containers: - - args: - - --collector.otlp.enabled=true - - --log-level=info - - --memory.max-traces=10000 - - --query.max-clock-skew-adjustment=1s - env: - - name: SPAN_STORAGE_TYPE - value: memory - image: jaegertracing/all-in-one:1.44.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: / - port: 14269 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - name: jaeger - ports: - - containerPort: 4317 - name: otlp-grpc - protocol: TCP - - containerPort: 4318 - name: otlp-http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: / - port: 14269 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 20m - memory: 40Mi - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault ---- -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: TracePipeline -metadata: - name: jaeger -spec: - output: - otlp: - endpoint: - value: http://tracing-jaeger-collector.default.svc.cluster.local:4317 ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: tracing-jaeger-metrics - labels: - app.kubernetes.io/name: tracing - app.kubernetes.io/instance: jaeger -spec: - selector: - matchLabels: - app.kubernetes.io/name: tracing-jaeger - mtls: - mode: PERMISSIVE \ No newline at end of file diff --git a/tests/fast-integration/test/fixtures/loki/loki.yaml b/tests/fast-integration/test/fixtures/loki/loki.yaml deleted file mode 100644 index e29c9ad3cdd3..000000000000 --- a/tests/fast-integration/test/fixtures/loki/loki.yaml +++ /dev/null @@ -1,316 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: loki-test - name: logging-loki-test - namespace: kyma-system -automountServiceAccountToken: true ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: logging-loki-test - namespace: kyma-system - labels: - app: loki-test -data: - loki.yaml: | - auth_enabled: false - ingester: - chunk_idle_period: 3m - chunk_block_size: 262144 - chunk_target_size: 1572864 - chunk_retain_period: 1m - max_chunk_age: 2h - max_transfer_retries: 0 - lifecycler: - ring: - kvstore: - store: inmemory - replication_factor: 1 - - limits_config: - enforce_metric_name: false - ingestion_rate_mb: 3 - reject_old_samples: true - reject_old_samples_max_age: 168h - schema_config: - configs: - - from: 2018-04-15 - store: boltdb - object_store: filesystem - schema: v9 - index: - prefix: index_ - period: 24h - server: - http_listen_port: 3100 - storage_config: - boltdb: - directory: /data/loki/index - filesystem: - directory: /data/loki/chunks - chunk_store_config: - max_look_back_period: 120h - table_manager: - retention_deletes_enabled: true - retention_period: 120h - compactor: - working_directory: /data/loki/boltdb-shipper-compactor - shared_store: filesystem - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: logging-loki-test-grafana-datasource - namespace: kyma-system - labels: - grafana_datasource: "1" - app: loki-test -data: - loki-test-datasource.yaml: |- - apiVersion: 1 - datasources: - - name: Loki-Test - type: loki - access: proxy - url: http://logging-loki-test.kyma-system:3100 - editable: true - jsonData: - maxLines: 1000 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: logging-loki-test - namespace: kyma-system - labels: - app: loki-test ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: logging-loki-test - namespace: kyma-system - labels: - app: loki-test -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: logging-loki-test -subjects: - - kind: ServiceAccount - name: logging-loki-test ---- -apiVersion: v1 -kind: Service -metadata: - name: logging-loki-headless-test - namespace: kyma-system - labels: - app: loki-test -spec: - clusterIP: None - ports: - - port: 3100 - protocol: TCP - name: http-metrics - targetPort: http-metrics - selector: - app: loki-test ---- -apiVersion: v1 -kind: Service -metadata: - name: logging-loki-test - namespace: kyma-system - labels: - app: loki-test - annotations: - prometheus.io/port: "3100" - prometheus.io/scrape: "true" -spec: - type: ClusterIP - ports: - - port: 3100 - protocol: TCP - name: http-metrics - targetPort: http-metrics - selector: - app: loki-test ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: logging-loki-test - namespace: kyma-system - labels: - app: loki-test -spec: - podManagementPolicy: OrderedReady - replicas: 1 - selector: - matchLabels: - app: loki-test - serviceName: logging-loki-headless-test - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: loki-test - name: loki-test - spec: - serviceAccountName: logging-loki-test - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault - initContainers: - [] - containers: - - name: loki - image: europe-docker.pkg.dev/kyma-project/prod/tpi/loki:2.2.1-0065b2a5 - imagePullPolicy: IfNotPresent - args: - - "-config.file=/etc/loki/loki.yaml" - - "-log.level=info" - volumeMounts: - - name: config - mountPath: /etc/loki - - name: storage-test - mountPath: "/data" - ports: - - name: http-metrics - containerPort: 3100 - protocol: TCP - livenessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - resources: - limits: - cpu: 200m - memory: 300Mi - requests: - cpu: 10m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - nodeSelector: - {} - affinity: - {} - tolerations: - [] - terminationGracePeriodSeconds: 4800 - volumes: - - name: config - configMap: - name: logging-loki-test - items: - - key: loki.yaml - path: loki.yaml - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: storage-test - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "30Gi" - volumeMode: Filesystem ---- -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - labels: - app: loki-test - name: logging-loki-test - namespace: kyma-system -spec: - action: ALLOW - selector: - matchLabels: - app: loki-test - rules: - # Grafana having SA can query v1 API - - from: - - source: - principals: - - "cluster.local/ns/kyma-system/sa/monitoring-grafana" - to: - - operation: - paths: ["/loki/api/v1/*"] - methods: ["GET"] - # fluent-bit with SA can push to v1 API - - from: - - source: - principals: - - "cluster.local/ns/kyma-system/sa/telemetry-fluent-bit" - to: - - operation: - paths: ["/loki/api/v1/push"] - methods: ["POST"] - - from: - - source: - principals: - - cluster.local/ns/kyma-system/sa/monitoring-prometheus - to: - - operation: - paths: ["/metrics"] - methods: ["GET"] ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - labels: - app: loki-test - name: logging-loki-test - namespace: kyma-system -spec: - selector: - matchLabels: - app: loki-test - mtls: - mode: STRICT ---- -apiVersion: telemetry.kyma-project.io/v1alpha1 -kind: LogPipeline -metadata: - name: loki-test -spec: - input: - application: - containers: {} - namespaces: - system: true - output: - grafana-loki: - labels: - job: telemetry-fluent-bit - removeKeys: - - kubernetes - - stream - url: - value: http://logging-loki-test:3100/loki/api/v1/push diff --git a/tests/fast-integration/test/test.js b/tests/fast-integration/test/test.js index ad6b7e1b5b55..6b9b2d896523 100644 --- a/tests/fast-integration/test/test.js +++ b/tests/fast-integration/test/test.js @@ -4,11 +4,8 @@ const { } = require('./'); const {monitoringTests, unexposeGrafana} = require('../monitoring'); -const {loggingTests} = require('../logging'); -const {createIstioAccessLogResource} = require('../logging/client.js'); const {cleanMockTestFixture} = require('./fixtures/commerce-mock'); const {ensureCommerceMockLocalTestFixture} = require('../test/fixtures/commerce-mock'); -const {tracingTests} = require('../tracing'); const {error, sleep} = require('../utils'); describe('Executing Standard Testsuite:', function() { @@ -26,10 +23,6 @@ describe('Executing Standard Testsuite:', function() { }); }); - before('Istio Accesslog Resource should be deployed', async function() { - await createIstioAccessLogResource(); - }); - after('Test Cleanup: Test namespaces should be deleted', async function() { await cleanMockTestFixture(mockNamespace, testNamespace, true); }); @@ -43,7 +36,4 @@ describe('Executing Standard Testsuite:', function() { commerceMockTests(testNamespace); // unusuble because of redis dependency that is not usable in the current form after SC migration // gettingStartedGuideTests(); - - loggingTests(); - tracingTests(testNamespace); }); diff --git a/tests/fast-integration/tracing/client.js b/tests/fast-integration/tracing/client.js deleted file mode 100644 index f373b83154f8..000000000000 --- a/tests/fast-integration/tracing/client.js +++ /dev/null @@ -1,65 +0,0 @@ -const { - debug, - convertAxiosError, -} = require('../utils'); -const {proxyGrafanaDatasource} = require('../monitoring/client'); - -const axios = require('axios'); -const https = require('https'); -const httpsAgent = new https.Agent({ - rejectUnauthorized: false, // curl -k -}); -axios.defaults.httpsAgent = httpsAgent; - -async function getJaegerViaGrafana(path, retries = 5, interval = 30, - timeout = 10000, debugMsg = undefined) { - return await proxyGrafanaDatasource('Jaeger', path, retries, interval, timeout, debugMsg); -} - -async function getJaegerTrace(traceId) { - const path = `api/traces/${traceId}`; - - debug(`fetching trace: ${traceId} from jaeger`); - - try { - const debugMsg = `waiting for trace (id: ${traceId}) from jaeger...`; - const responseBody = await getJaegerViaGrafana(path, 30, 1000, 30 * 1000, debugMsg); - return responseBody.data; - } catch (err) { - throw convertAxiosError(err, 'cannot get jaeger trace'); - } -} - -async function getJaegerServices() { - const path = `api/services`; - - debug(`fetching services from jaeger`); - - try { - const debugMsg = `waiting for fetching service from jaeger...`; - const responseBody = await getJaegerViaGrafana(path, 30, 1000, 30 * 1000, debugMsg); - return responseBody.data; - } catch (err) { - throw convertAxiosError(err, 'cannot get jaeger trace'); - } -} - -async function getJaegerTracesForService(serviceName, namespace = 'default') { - const path = `api/traces?limit=20&lookback=1h&maxDuration&minDuration&service=${serviceName}.${namespace}`; - - debug(`fetching traces from jaeger`); - - try { - const debugMsg = `waiting for fetching service from jaeger...`; - const responseBody = await getJaegerViaGrafana(path, 30, 1000, 30 * 1000, debugMsg); - return responseBody.data; - } catch (err) { - throw convertAxiosError(err, 'cannot get jaeger trace'); - } -} - -module.exports = { - getJaegerTrace, - getJaegerServices, - getJaegerTracesForService, -}; diff --git a/tests/fast-integration/tracing/index.js b/tests/fast-integration/tracing/index.js deleted file mode 100644 index eccfcab0c31c..000000000000 --- a/tests/fast-integration/tracing/index.js +++ /dev/null @@ -1,37 +0,0 @@ -const { - waitForNamespace, - getEnvOrDefault, -} = require('../utils'); -const { - waitForSubscriptionsTillReady, - checkInClusterEventTracing, -} = require('../test/fixtures/commerce-mock'); - -function tracingTests(testNamespace) { - if (getEnvOrDefault('KYMA_MAJOR_UPGRADE', 'false') === 'true') { - console.log('Skipping tracing tests for Kyma 1 to Kyma 2 upgrade scenario'); - return; - } - - describe('Tracing Tests:', function() { - this.timeout(5 * 60 * 1000); // 5 min - this.slow(5000); - - before('Ensure the test and mock namespaces exist', async function() { - await waitForNamespace(testNamespace); - }); - - context('with Nats backend', function() { - it('Wait until subscriptions are ready', async () => { - await waitForSubscriptionsTillReady(testNamespace); - }); - - it('in-cluster structured event should have correct tracing spans', async () => { - await checkInClusterEventTracing(testNamespace); - }); - }); - }); -} -module.exports = { - tracingTests, -}; diff --git a/tests/fast-integration/upgrade-test/upgrade-test-tests.js b/tests/fast-integration/upgrade-test/upgrade-test-tests.js index 5c6e40c9f0a2..14c08f187aaa 100644 --- a/tests/fast-integration/upgrade-test/upgrade-test-tests.js +++ b/tests/fast-integration/upgrade-test/upgrade-test-tests.js @@ -1,23 +1,15 @@ -const k8s = require('@kubernetes/client-node'); -const fs = require('fs'); -const path = require('path'); - const { printRestartReport, getContainerRestartsForAllNamespaces, - deployLoki, } = require('../utils'); -const {loggingTests} = require('../logging'); const { monitoringTests, unexposeGrafana, } = require('../monitoring'); -const {tracingTests} = require('../tracing'); const { checkInClusterEventDelivery, checkFunctionResponse, } = require('../test/fixtures/commerce-mock'); -const {createIstioAccessLogResource} = require('../logging/client.js'); describe('Upgrade test tests', function() { @@ -26,20 +18,6 @@ describe('Upgrade test tests', function() { let initialRestarts = null; const testNamespace = 'test'; - it('Deploys Istio access logs', async function() { - await createIstioAccessLogResource(); - }); - - it('Deploys the Loki resource', async function() { - const lokiYaml = fs.readFileSync( - path.join(__dirname, '../test/fixtures/loki/loki.yaml'), - { - encoding: 'utf8', - }, - ); - await deployLoki(k8s.loadAllYaml(lokiYaml)); - }); - it('Listing all pods in cluster', async function() { initialRestarts = await getContainerRestartsForAllNamespaces(); }); @@ -58,8 +36,6 @@ describe('Upgrade test tests', function() { }); monitoringTests(); - loggingTests(); - tracingTests(testNamespace); after('Unexpose Grafana', async () => { await unexposeGrafana(); diff --git a/tests/fast-integration/utils/index.js b/tests/fast-integration/utils/index.js index a8487730bf1d..a1b8e934f702 100644 --- a/tests/fast-integration/utils/index.js +++ b/tests/fast-integration/utils/index.js @@ -651,7 +651,7 @@ async function printContainerLogs(selector, container, namespace = 'default', ti function waitForVirtualService(namespace, apiRuleName, timeout = 30_000) { const path = `/apis/networking.istio.io/v1beta1/namespaces/${namespace}/virtualservices`; const query = { - labelSelector: `apirule.gateway.kyma-project.io/v1alpha1=${apiRuleName}.${namespace}`, + labelSelector: `apirule.gateway.kyma-project.io/v1beta1=${apiRuleName}.${namespace}`, }; return waitForK8sObject( path, @@ -1802,42 +1802,6 @@ async function printAllSubscriptions(testNamespace, crdVersion='v1alpha1') { } } -// getTraceDAG returns a DAG for the provided Jaeger tracing data -async function getTraceDAG(trace) { - // Find root spans which are not child of any other span - const rootSpans = []; - for (const span of trace['spans']) { - if (span['references'].length === 0) { - rootSpans.push(span); - } - - if (!trace['spans'].find((s) => s['spanID'] === span['references'][0]['spanID'])) { - rootSpans.push(span); - } - } - - // Find and attach child spans for each root span - for (const root of rootSpans) { - await attachTraceChildSpans(root, trace); - } - return rootSpans; -} - -// attachChildSpans finds child spans of current parentSpan and attach it to parentSpan object -// and also recursively, finds and attaches further child spans of each child. -async function attachTraceChildSpans(parentSpan, trace) { - // find child spans of current parentSpan and attach it to parentSpan object - parentSpan['childSpans'] = trace['spans'].filter((s) => s['references'].find((r) => r['refType'] === 'CHILD_OF' && - r['spanID'] === parentSpan['spanID'] && - r['traceID'] === parentSpan['traceID'])); - // recursively, find and attach further child span of each parentSpan["childSpans"] - if (parentSpan['childSpans'] && parentSpan['childSpans'].length > 0) { - for (const child of parentSpan['childSpans']) { - await attachTraceChildSpans(child, trace); - } - } -} - function waitForDeploymentWithLabel( labelKey, labelValue, @@ -1861,37 +1825,6 @@ function waitForDeploymentWithLabel( ); } -function waitForTracePipeline(name, timeout = 90_000) { - return waitForK8sObject( - `/apis/telemetry.kyma-project.io/v1alpha1/tracepipelines`, - {}, - (_type, _apiObj, watchObj) => { - return ( - watchObj.object.metadata.name === name && - watchObj.object.status.conditions && - watchObj.object.status.conditions.some( - (c) => c.type === 'Running', - ) - ); - }, - timeout, - `Waiting for Tracepipeline ${name} timeout (${timeout} ms)`, - ); -} - -async function deployJaeger(jaegerObj) { - await k8sApply(jaegerObj, 'default').catch(console.error); - await waitForDeployment('tracing-jaeger', 'default'); - await waitForTracePipeline('jaeger'); - await sleep(20 * 1000); // give istio some time to propagate the changes to the proxies -} - -async function deployLoki(lokiObj) { - await k8sApply(lokiObj, 'kyma-system').catch(console.error); - await waitForStatefulSet('logging-loki-test', 'kyma-system'); - await sleep(20 * 1000); // give istio some time to propagate the changes to the proxies -} - module.exports = { initializeK8sClient, getShootNameFromK8sServerUrl, @@ -1981,14 +1914,10 @@ module.exports = { deleteK8sConfigMap, createApiRuleForService, deleteApiRule, - getTraceDAG, printStatusOfInClusterEventingInfrastructure, getFunction, waitForEndpoint, waitForPodWithLabelAndCondition, waitForDeploymentWithLabel, getSubscription, - deployJaeger, - waitForTracePipeline, - deployLoki, }; diff --git a/tests/perf/prerequisites/istio/apirule.yaml b/tests/perf/prerequisites/istio/apirule.yaml index 064a8f484086..f19fe1b43dfc 100644 --- a/tests/perf/prerequisites/istio/apirule.yaml +++ b/tests/perf/prerequisites/istio/apirule.yaml @@ -1,10 +1,10 @@ -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: allow-$WORKER spec: + host: httpbin-$WORKER.$NAMESPACE.$CLUSTER_DOMAIN_NAME service: - host: httpbin-$WORKER.$NAMESPACE.$CLUSTER_DOMAIN_NAME name: httpbin-$WORKER port: 8000 gateway: kyma-system/kyma-gateway diff --git a/tests/perf/prerequisites/ory/apirules.yaml b/tests/perf/prerequisites/ory/apirules.yaml index dba072ef931b..62c71c144680 100644 --- a/tests/perf/prerequisites/ory/apirules.yaml +++ b/tests/perf/prerequisites/ory/apirules.yaml @@ -1,10 +1,10 @@ -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: noop-unsecured spec: + host: httpbin.$NAMESPACE.$CLUSTER_DOMAIN_NAME service: - host: httpbin.$NAMESPACE.$CLUSTER_DOMAIN_NAME name: httpbin port: 8000 gateway: kyma-system/kyma-gateway @@ -15,14 +15,14 @@ spec: - handler: noop mutators: [] --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: oauth spec: gateway: kyma-system/kyma-gateway + host: httpbin1.$NAMESPACE.$CLUSTER_DOMAIN_NAME service: - host: httpbin1.$NAMESPACE.$CLUSTER_DOMAIN_NAME name: httpbin1 port: 8000 rules: @@ -34,14 +34,14 @@ spec: config: required_scope: ["read"] --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: oauth-with-id-token-mutator spec: gateway: kyma-system/kyma-gateway + host: httpbin2.$NAMESPACE.$CLUSTER_DOMAIN_NAME service: - host: httpbin2.$NAMESPACE.$CLUSTER_DOMAIN_NAME name: httpbin2 port: 8000 rules: @@ -56,14 +56,14 @@ spec: config: required_scope: ["read"] --- -apiVersion: gateway.kyma-project.io/v1alpha1 +apiVersion: gateway.kyma-project.io/v1beta1 kind: APIRule metadata: name: oauth-with-header-mutator spec: gateway: kyma-system/kyma-gateway + host: httpbin3.$NAMESPACE.$CLUSTER_DOMAIN_NAME service: - host: httpbin3.$NAMESPACE.$CLUSTER_DOMAIN_NAME name: httpbin3 port: 8000 rules: