KAR-617: setup kubearchive logging kflux-prd-rh03 config

Signed-off-by: obetsun <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: olegbet

argo-cd-apps/base/member/infra-deployments/vector-kubearchive-log-collector/vector-kubearchive-log-collector.yaml

@@ -32,12 +32,10 @@ spec:
                 # Public
                 # - nameNormalized: stone-prd-rh01
                 #   values.clusterDir: stone-prd-rh01
-                # - nameNormalized: kflux-prd-rh02
-                #   values.clusterDir: kflux-prd-rh02
-                # - nameNormalized: kflux-prd-rh03
-                #   values.clusterDir: kflux-prd-rh03
                 - nameNormalized: kflux-rhel-p01
                   values.clusterDir: kflux-rhel-p01
+                - nameNormalized: kflux-prd-rh03
+                  values.clusterDir: kflux-prd-rh03
   template:
     metadata:
       name: vector-kubearchive-log-collector-{{nameNormalized}}

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonAnnotations:
+  ignore-check.kube-linter.io/drop-net-raw-capability: |
+    "Vector runs requires access to socket."
+  ignore-check.kube-linter.io/run-as-non-root: |
+    "Vector runs as Root and attach host Path."
+  ignore-check.kube-linter.io/sensitive-host-mounts: |
+    "Vector runs requires certain host mounts to watch files being created by pods."
+  ignore-check.kube-linter.io/pdb-unhealthy-pod-eviction-policy: |
+    "Managed by upstream Loki chart (no value exposed for unhealthyPodEvictionPolicy)."
+
+resources:
+- ../base
+
+generators:
+- vector-helm-generator.yaml
+- loki-helm-generator.yaml

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/loki-helm-generator.yaml

@@ -0,0 +1,27 @@
+apiVersion: builtin
+kind: HelmChartInflationGenerator
+metadata:
+  name: loki
+name: loki
+repo: https://grafana.github.io/helm-charts
+version: 6.30.1
+releaseName: loki
+namespace: product-kubearchive-logging
+valuesFile: loki-helm-values.yaml
+additionalValuesFiles:
+  - loki-helm-prod-values.yaml
+valuesInline:
+  # Cluster-specific overrides
+  serviceAccount:
+    create: true
+    name: loki-sa
+    annotations:
+      eks.amazonaws.com/role-arn: "arn:aws:iam::310587744735:role/stone-prod-p02-loki-storage-role"
+  loki:
+    storage:
+      bucketNames:
+        chunks: stone-prod-p02-loki-storage
+        admin: stone-prod-p02-loki-storage
+    storage_config:
+      aws:
+        bucketnames: stone-prod-p02-loki-storage

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/loki-helm-prod-values.yaml

@@ -0,0 +1,191 @@
+---
+gateway:
+  service:
+    type: LoadBalancer
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      memory: 256Mi
+
+# Basic Loki configuration with S3 storage
+loki:
+  commonConfig:
+    replication_factor: 3
+  # Required storage configuration for Helm chart
+  storage:
+    type: s3
+    # bucketNames: Fill it on the generator for each cluster
+    s3:
+      region: us-east-1
+  storage_config:
+    aws:
+      # bucketnames: Fill it on the generator for each cluster
+      region: us-east-1
+      s3forcepathstyle: false 
+  # Configure ingestion limits to handle Vector's data volume
+  limits_config:
+      retention_period: 744h  # 31 days retention
+      ingestion_rate_mb: 50
+      ingestion_burst_size_mb: 100
+      ingestion_rate_strategy: "local"
+      max_streams_per_user: 0
+      max_line_size: 2097152
+      per_stream_rate_limit: 50M
+      per_stream_rate_limit_burst: 200M
+      reject_old_samples: false
+      reject_old_samples_max_age: 168h
+      discover_service_name: []
+      discover_log_levels: false
+      volume_enabled: true
+      max_global_streams_per_user: 75000
+      max_entries_limit_per_query: 100000
+      increment_duplicate_timestamp: true
+      allow_structured_metadata: true
+  ingester:
+    chunk_target_size: 8388608        # 8MB 
+    chunk_idle_period: 5m
+    max_chunk_age: 2h
+    chunk_encoding: snappy            # Compress data (reduces S3 transfer size)
+    chunk_retain_period: 1h           # Keep chunks in memory after flush
+    flush_op_timeout: 10m             # Add timeout for S3 operations
+
+  # Tuning for high-load queries
+  querier:
+    max_concurrent: 8
+  query_range:
+    # split_queries_by_interval deprecated in Loki 3.x - removed
+    parallelise_shardable_queries: true
+
+# Distributed components configuration
+ingester:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  zoneAwareReplication:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1Gi
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+  persistence:
+    enabled: true
+    size: 10Gi
+  affinity: {}
+  podAntiAffinity:
+    soft: {}
+    hard: {}
+
+querier:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+queryFrontend:
+  replicas: 2
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      memory: 512Mi
+
+queryScheduler:
+  replicas: 2
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      memory: 512Mi
+
+distributor:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+compactor:
+  replicas: 1
+  retention_enabled: true
+  retention_delete_delay: 2h
+  retention_delete_worker_count: 150
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+
+indexGateway:
+  replicas: 2
+  maxUnavailable: 0
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+# Enable Memcached caches for performance
+chunksCache:
+  enabled: true
+  replicas: 1
+
+resultsCache:
+  enabled: true
+  replicas: 1
+
+memcached:
+  enabled: true
+
+memcachedResults:
+  enabled: true
+
+memcachedChunks:
+  enabled: true
+
+memcachedFrontend:
+  enabled: true
+
+memcachedIndexQueries:
+  enabled: true
+
+memcachedIndexWrites:
+  enabled: true
+
+# Disable Minio - staging uses S3 with IAM role
+minio:
+  enabled: false
+
+# Resources for memcached exporter to satisfy linter
+memcachedExporter:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      memory: 128Mi

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/loki-helm-values.yaml

@@ -0,0 +1,83 @@
+---
+# simplified Loki configuration for staging
+deploymentMode: Distributed
+
+ # This exposes the Loki gateway so it can be written to and queried externally
+gateway:
+  image:
+    registry: quay.io # Use Quay.io registry to prevent docker hub rate limit
+    repository: nginx/nginx-unprivileged
+    tag: 1.24-alpine
+  nginxConfig:
+    resolver: "dns-default.openshift-dns.svc.cluster.local."
+
+# Basic Loki configuration
+loki:
+  # Enable multi-tenancy to handle X-Scope-OrgID headers
+  auth_enabled: true
+  commonConfig:
+    path_prefix: /var/loki  # This directory will be writable via volume mount
+  storage:
+    type: s3
+  schemaConfig:
+    configs:
+      - from: "2024-04-01"
+        store: tsdb
+        object_store: s3
+        schema: v13
+        index:
+          prefix: loki_index_
+          period: 24h
+  # Configure compactor to use writable volumes
+  compactor:
+    working_directory: /var/loki/compactor
+
+# Security contexts for OpenShift
+podSecurityContext:
+  runAsNonRoot: false
+  allowPrivilegeEscalation: false
+
+containerSecurityContext:
+  runAsNonRoot: false
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true  # Keep read-only root filesystem for security
+
+# Disable test pods
+test:
+  enabled: false
+
+# Disable sidecar completely to avoid loki-sc-rules container
+sidecar:
+  rules:
+    enabled: false
+  datasources:
+    enabled: false
+
+# Zero out replica counts of other deployment modes
+
+singleBinary:
+  replicas: 0
+backend:
+  replicas: 0
+read:
+  replicas: 0
+write:
+  replicas: 0
+
+bloomPlanner:
+  replicas: 0
+bloomBuilder:
+  replicas: 0
+bloomGateway:
+  replicas: 0
+
+# Disable lokiCanary - not essential for core functionality
+lokiCanary:
+  enabled: false
+
+# Disable the ruler - not needed as we aren't using metrics
+ruler:
+  enabled: false

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/vector-helm-generator.yaml

@@ -0,0 +1,12 @@
+apiVersion: builtin
+kind: HelmChartInflationGenerator
+metadata:
+  name: vector
+name: vector
+repo: https://helm.vector.dev
+version: 0.43.0
+releaseName: vector
+namespace: product-kubearchive-logging
+valuesFile: vector-helm-values.yaml
+additionalValuesFiles:
+  - vector-helm-prod-values.yaml

components/vector-kubearchive-log-collector/production/kflux-prd-rh03/vector-helm-prod-values.yaml

@@ -0,0 +1,17 @@
+---
+resources:
+  requests:
+    cpu: 512m
+    memory: 4096Mi
+  limits:
+    cpu: 2000m
+    memory: 4096Mi
+
+customConfig:
+  sources:
+    k8s_logs:
+      extra_label_selector: "app.kubernetes.io/managed-by in (tekton-pipelines,pipelinesascode.tekton.dev)"
+      extra_field_selector: "metadata.namespace!=product-kubearchive-logging"
+
+podLabels:
+  vector.dev/exclude: "false"