redhat-appstudio
diff --git a/‎argo-cd-apps/base/member/infra-deployments/vector-kubearchive-log-collector/vector-kubearchive-log-collector.yaml‎
Lines changed: 2 additions & 2 deletions b/‎argo-cd-apps/base/member/infra-deployments/vector-kubearchive-log-collector/vector-kubearchive-log-collector.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎components/kubearchive/production/kflux-ocp-p01/external-secret.yaml‎
Lines changed: 26 additions & 0 deletions b/‎components/kubearchive/production/kflux-ocp-p01/external-secret.yaml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎components/kubearchive/production/kflux-ocp-p01/kustomization.yaml‎
Lines changed: 35 additions & 0 deletions b/‎components/kubearchive/production/kflux-ocp-p01/kustomization.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/kustomization.yaml‎
Lines changed: 19 additions & 0 deletions b/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/kustomization.yaml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/loki-helm-generator.yaml‎
Lines changed: 27 additions & 0 deletions b/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/loki-helm-generator.yaml‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/loki-helm-prod-values.yaml‎
Lines changed: 191 additions & 0 deletions b/‎components/vector-kubearchive-log-collector/production/kflux-ocp-p01/loki-helm-prod-values.yaml‎
Lines changed: 191 additions & 0 deletions
@@ -21,8 +21,8 @@ spec:
                 - nameNormalized: stone-stg-rh01
                   values.clusterDir: stone-stg-rh01
                 # Private
-                # - nameNormalized: kflux-ocp-p01
-                #   values.clusterDir: kflux-ocp-p01
+                - nameNormalized: kflux-ocp-p01
+                  values.clusterDir: kflux-ocp-p01
                 # - nameNormalized: stone-prod-p01
                 #   values.clusterDir: stone-prod-p01
                 - nameNormalized: stone-prod-p02
 
@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kubearchive-logging
+  namespace: product-kubearchive
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  dataFrom:
+    - extract:
+        key: production/kubearchive/logging
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: appsre-stonesoup-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Delete
+    name: kubearchive-logging
+    template:
+      metadata:
+        annotations:
+          argocd.argoproj.io/sync-options: Prune=false
+          argocd.argoproj.io/compare-options: IgnoreExtraneous
@@ -8,7 +8,42 @@ resources:
 
 namespace: product-kubearchive
 
+# Generate kubearchive-logging ConfigMap with hash for automatic restarts
+# Due to quoting limitations of generators we need to introduce the values with the |
+# See https://github.com/kubernetes-sigs/kustomize/issues/4845#issuecomment-1671570428
+configMapGenerator:
+    - name: kubearchive-logging
+      literals:
+          - |
+              POD_ID=cel:metadata.uid
+          - |
+              NAMESPACE=cel:metadata.namespace
+          - |
+              START=cel:status.?startTime == optional.none() ? int(now()-duration('1h'))*1000000000: status.startTime
+          - |
+              END=cel:status.?startTime == optional.none() ? int(now()+duration('1h'))*1000000000: int(timestamp(status.startTime)+duration('6h'))*1000000000
+          - |
+              LOG_URL=http://loki-gateway.product-kubearchive-logging.svc.cluster.local:80/loki/api/v1/query_range?query=%7Bstream%3D%22{NAMESPACE}%22%7D%20%7C%20pod_id%20%3D%20%60{POD_ID}%60%20%7C%20container%20%3D%20%60{CONTAINER_NAME}%60&start={START}&end={END}&direction=forward
+          - |
+              LOG_URL_JSONPATH=$.data.result[*].values[*][1]
+
 patches:
+  - patch: |-
+      $patch: delete
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: kubearchive-logging
+        namespace: kubearchive
+
+  - patch: |-
+      $patch: delete
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: kubearchive-logging
+        namespace: kubearchive
+
   - patch: |-
       apiVersion: batch/v1
       kind: Job
 
@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonAnnotations:
+  ignore-check.kube-linter.io/drop-net-raw-capability: |
+    "Vector runs requires access to socket."
+  ignore-check.kube-linter.io/run-as-non-root: |
+    "Vector runs as Root and attach host Path."
+  ignore-check.kube-linter.io/sensitive-host-mounts: |
+    "Vector runs requires certain host mounts to watch files being created by pods."
+  ignore-check.kube-linter.io/pdb-unhealthy-pod-eviction-policy: |
+    "Managed by upstream Loki chart (no value exposed for unhealthyPodEvictionPolicy)."
+
+resources:
+- ../base
+
+generators:
+- vector-helm-generator.yaml
+- loki-helm-generator.yaml
@@ -0,0 +1,27 @@
+apiVersion: builtin
+kind: HelmChartInflationGenerator
+metadata:
+  name: loki
+name: loki
+repo: https://grafana.github.io/helm-charts
+version: 6.30.1
+releaseName: loki
+namespace: product-kubearchive-logging
+valuesFile: loki-helm-values.yaml
+additionalValuesFiles:
+  - loki-helm-prod-values.yaml
+valuesInline:
+  # Cluster-specific overrides
+  serviceAccount:
+    create: true
+    name: loki-sa
+    annotations:
+      eks.amazonaws.com/role-arn: "arn:aws:iam::442042531708:role/kflux-ocp-p01-loki-storage-role"
+  loki:
+    storage:
+      bucketNames:
+        chunks: kflux-ocp-p01-loki-storage
+        admin: kflux-ocp-p01-loki-storage
+    storage_config:
+      aws:
+        bucketnames: kflux-ocp-p01-loki-storage
@@ -0,0 +1,191 @@
+---
+gateway:
+  service:
+    type: LoadBalancer
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      memory: 256Mi
+
+# Basic Loki configuration with S3 storage
+loki:
+  commonConfig:
+    replication_factor: 3
+  # Required storage configuration for Helm chart
+  storage:
+    type: s3
+    # bucketNames: Fill it on the generator for each cluster
+    s3:
+      region: us-east-1
+  storage_config:
+    aws:
+      # bucketnames: Fill it on the generator for each cluster
+      region: us-east-1
+      s3forcepathstyle: false 
+  # Configure ingestion limits to handle Vector's data volume
+  limits_config:
+      retention_period: 744h  # 31 days retention
+      ingestion_rate_mb: 50
+      ingestion_burst_size_mb: 100
+      ingestion_rate_strategy: "local"
+      max_streams_per_user: 0
+      max_line_size: 2097152
+      per_stream_rate_limit: 50M
+      per_stream_rate_limit_burst: 200M
+      reject_old_samples: false
+      reject_old_samples_max_age: 168h
+      discover_service_name: []
+      discover_log_levels: false
+      volume_enabled: true
+      max_global_streams_per_user: 75000
+      max_entries_limit_per_query: 100000
+      increment_duplicate_timestamp: true
+      allow_structured_metadata: true
+  ingester:
+    chunk_target_size: 8388608        # 8MB 
+    chunk_idle_period: 5m
+    max_chunk_age: 2h
+    chunk_encoding: snappy            # Compress data (reduces S3 transfer size)
+    chunk_retain_period: 1h           # Keep chunks in memory after flush
+    flush_op_timeout: 10m             # Add timeout for S3 operations
+
+  # Tuning for high-load queries
+  querier:
+    max_concurrent: 8
+  query_range:
+    # split_queries_by_interval deprecated in Loki 3.x - removed
+    parallelise_shardable_queries: true
+
+# Distributed components configuration
+ingester:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  zoneAwareReplication:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1Gi
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+  persistence:
+    enabled: true
+    size: 10Gi
+  affinity: {}
+  podAntiAffinity:
+    soft: {}
+    hard: {}
+
+querier:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+queryFrontend:
+  replicas: 2
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      memory: 512Mi
+
+queryScheduler:
+  replicas: 2
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      memory: 512Mi
+
+distributor:
+  replicas: 3
+  autoscaling:
+    enabled: true
+  maxUnavailable: 1
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+compactor:
+  replicas: 1
+  retention_enabled: true
+  retention_delete_delay: 2h
+  retention_delete_worker_count: 150
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+
+indexGateway:
+  replicas: 2
+  maxUnavailable: 0
+  resources:
+    requests:
+      cpu: 300m
+      memory: 512Mi
+    limits:
+      memory: 1Gi
+  affinity: {}
+
+# Enable Memcached caches for performance
+chunksCache:
+  enabled: true
+  replicas: 1
+
+resultsCache:
+  enabled: true
+  replicas: 1
+
+memcached:
+  enabled: true
+
+memcachedResults:
+  enabled: true
+
+memcachedChunks:
+  enabled: true
+
+memcachedFrontend:
+  enabled: true
+
+memcachedIndexQueries:
+  enabled: true
+
+memcachedIndexWrites:
+  enabled: true
+
+# Disable Minio - staging uses S3 with IAM role
+minio:
+  enabled: false
+
+# Resources for memcached exporter to satisfy linter
+memcachedExporter:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      memory: 128Mi