From c17025926a93e54ceacf06416e96c0872dbd6dd8 Mon Sep 17 00:00:00 2001 From: ste Date: Tue, 24 Sep 2024 19:38:57 +0200 Subject: [PATCH 01/11] Add logging options to Helm chart --- deploy/helm/grafana-operator/templates/deployment.yaml | 3 +++ deploy/helm/grafana-operator/values.yaml | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/deploy/helm/grafana-operator/templates/deployment.yaml b/deploy/helm/grafana-operator/templates/deployment.yaml index 5c8c49b16..2232a0e1c 100644 --- a/deploy/helm/grafana-operator/templates/deployment.yaml +++ b/deploy/helm/grafana-operator/templates/deployment.yaml @@ -58,6 +58,9 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:{{ .Values.metricsService.metricsPort }} - --pprof-addr=0.0.0.0:{{ .Values.metricsService.pprofPort }} + - -zap-encoder={{ .Values.logging.encoder | default "console" }} + - -zap-log-level={{ .Values.logging.level | default "info" }} + - -zap-time-encoding={{ .Values.logging.time | default "epoch" }} {{- if .Values.leaderElect }} - --leader-elect {{- end }} diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index c21643cb4..76d92b101 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -18,6 +18,15 @@ watchNamespaceSelector: "" # -- Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift isOpenShift: false +# -- Log options for the Operator +logging: + # -- Log encoding (one of 'json' or 'console') + encoder: console + # -- Configure the verbosity of logging. Can be one of 'debug', 'info', 'error' + level: info + # -- Time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). + time: epoch + # -- Additional environment variables env: [] # -- grafana image, e.g. docker.io/grafana/grafana:9.1.6, overwrites the default grafana image defined in the operator From 8d2b67b23ce29fb309fbda5ae54d7b2f22ef995e Mon Sep 17 00:00:00 2001 From: ste Date: Tue, 24 Sep 2024 19:54:08 +0200 Subject: [PATCH 02/11] Generate helm docs --- deploy/helm/grafana-operator/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index 5fe6d75bd..c8906ee57 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -73,6 +73,10 @@ It's easier to just manage this configuration outside of the operator. | imagePullSecrets | list | `[]` | image pull secrets | | isOpenShift | bool | `false` | Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift | | leaderElect | bool | `false` | If you want to run multiple replicas of the grafana-operator, this is not recommended. | +| logging | object | `{"encoder":"console","level":"info","time":"epoch"}` | Log options for the Operator | +| logging.encoder | string | `"console"` | Log encoding (one of 'json' or 'console') | +| logging.level | string | `"info"` | Configure the verbosity of logging. Can be one of 'debug', 'info', 'error' | +| logging.time | string | `"epoch"` | Time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). | | metricsService.metricsPort | int | `9090` | metrics service port | | metricsService.pprofPort | int | `8888` | port for the pprof profiling endpoint | | metricsService.type | string | `"ClusterIP"` | metrics service type | From 617bafe312a57ea12b6c04120d16874d37849214 Mon Sep 17 00:00:00 2001 From: ste Date: Wed, 25 Sep 2024 18:53:30 +0200 Subject: [PATCH 03/11] Clean up generated documentation --- deploy/helm/grafana-operator/README.md | 12 ++++++------ deploy/helm/grafana-operator/values.yaml | 17 ++++++++++------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index c8906ee57..26d4d5bd7 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -73,7 +73,6 @@ It's easier to just manage this configuration outside of the operator. | imagePullSecrets | list | `[]` | image pull secrets | | isOpenShift | bool | `false` | Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift | | leaderElect | bool | `false` | If you want to run multiple replicas of the grafana-operator, this is not recommended. | -| logging | object | `{"encoder":"console","level":"info","time":"epoch"}` | Log options for the Operator | | logging.encoder | string | `"console"` | Log encoding (one of 'json' or 'console') | | logging.level | string | `"info"` | Configure the verbosity of logging. Can be one of 'debug', 'info', 'error' | | logging.time | string | `"epoch"` | Time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). | @@ -89,13 +88,14 @@ It's easier to just manage this configuration outside of the operator. | priorityClassName | string | `""` | pod priority class name | | rbac.create | bool | `true` | Specifies whether to create the ClusterRole and ClusterRoleBinding. If "namespaceScope" is true or "watchNamespaces" is set, this will create Role and RoleBinding instead. | | resources | object | `{}` | grafana operator container resources | -| securityContext | object | `{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | grafana operator container security context | +| securityContext.capabilities | object | `{"drop":["ALL"]}` | grafana operator does not require default capabilities | +| securityContext.readOnlyRootFilesystem | bool | `true` | Allow writing to filesystem | +| securityContext.runAsNonRoot | bool | `true` | Force user to not be root | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| serviceMonitor | object | `{"additionalLabels":{},"enabled":false,"interval":"1m","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s","targetLabels":[],"telemetryPath":"/metrics"}` | Enable this to use with Prometheus Operator | | serviceMonitor.additionalLabels | object | `{}` | Set of labels to transfer from the Kubernetes Service onto the target | -| serviceMonitor.enabled | bool | `false` | When set true then use a ServiceMonitor to configure scraping | +| serviceMonitor.enabled | bool | `false` | Used with Prometheus Operator When true Create a ServiceMonitor to enable metric scraping | | serviceMonitor.interval | string | `"1m"` | Set how frequently Prometheus should scrape | | serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | | serviceMonitor.relabelings | list | `[]` | Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | @@ -103,5 +103,5 @@ It's easier to just manage this configuration outside of the operator. | serviceMonitor.targetLabels | list | `[]` | Set of labels to transfer from the Kubernetes Service onto the target | | serviceMonitor.telemetryPath | string | `"/metrics"` | Set path to metrics path | | tolerations | list | `[]` | pod tolerations | -| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, it defines which namespaces the operator should be listening for based on label and key value pair added on namespace kind. By default it's all namespaces. | -| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, it defines which namespaces the operator should be listening for. By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. | +| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, Defines namespaces the operator should be listening for based on label and key value pair added on namespace kind. By default it's all namespaces. | +| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, Defines namespaces the operator should be listening for. By default it's all namespaces, if you want to limit the Operator to its own namespace, instead set namespaceScope: true. | diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index 76d92b101..348d4b7e6 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -6,19 +6,19 @@ namespaceScope: false leaderElect: false # -- Sets the WATCH_NAMESPACE environment variable, -# it defines which namespaces the operator should be listening for. -# By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. +# Defines namespaces the operator should be listening for. +# By default it's all namespaces, if you want to limit the Operator to its own namespace, instead set namespaceScope: true. watchNamespaces: "" # -- Sets the WATCH_NAMESPACE_SELECTOR environment variable, -# it defines which namespaces the operator should be listening for based on label and key value pair added on namespace kind. +# Defines namespaces the operator should be listening for based on label and key value pair added on namespace kind. # By default it's all namespaces. watchNamespaceSelector: "" # -- Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift isOpenShift: false -# -- Log options for the Operator +# Log options for the Operator logging: # -- Log encoding (one of 'json' or 'console') encoder: console @@ -86,12 +86,15 @@ podAnnotations: {} # -- pod security context podSecurityContext: {} -# -- grafana operator container security context +# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: + # -- grafana operator does not require default capabilities capabilities: drop: - ALL + # -- Allow writing to filesystem readOnlyRootFilesystem: true + # -- Force user to not be root runAsNonRoot: true # -- grafana operator container resources @@ -109,9 +112,9 @@ tolerations: [] # -- pod affinity affinity: {} -# -- Enable this to use with Prometheus Operator serviceMonitor: - # -- When set true then use a ServiceMonitor to configure scraping + # -- Used with Prometheus Operator + # When true Create a ServiceMonitor to enable metric scraping enabled: false # -- Set of labels to transfer from the Kubernetes Service onto the target additionalLabels: {} From 661e8cfb82bfc157841ff21cf6fe7c613dcc2494 Mon Sep 17 00:00:00 2001 From: ste Date: Wed, 25 Sep 2024 18:53:50 +0200 Subject: [PATCH 04/11] Align security context of Helm and kustomize --- deploy/helm/grafana-operator/values.yaml | 2 ++ deploy/kustomize/base/deployment.yaml | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index 348d4b7e6..faa286d3b 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -92,6 +92,8 @@ securityContext: capabilities: drop: - ALL + # -- Disables privilege escalation inside the container + allowPrivilegeEscalation: false # -- Allow writing to filesystem readOnlyRootFilesystem: true # -- Force user to not be root diff --git a/deploy/kustomize/base/deployment.yaml b/deploy/kustomize/base/deployment.yaml index da6a81ead..9aaf441ac 100644 --- a/deploy/kustomize/base/deployment.yaml +++ b/deploy/kustomize/base/deployment.yaml @@ -22,6 +22,9 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:9090 - --leader-elect + - -zap-encoder=console + - -zap-log-level=info + - -zap-time-encoding=epoch image: ghcr.io/grafana/grafana-operator:v5.6.0 imagePullPolicy: Always ports: @@ -52,7 +55,12 @@ spec: cpu: 100m memory: 20Mi securityContext: + capabilities: + drop: + - ALL allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - name: dashboards-dir mountPath: /tmp/dashboards From 596abadf7f0068d0ae11cbc72e90541c06ec3fbc Mon Sep 17 00:00:00 2001 From: ste Date: Wed, 25 Sep 2024 20:19:20 +0200 Subject: [PATCH 05/11] Regenerate Helmchart README --- deploy/helm/grafana-operator/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index 26d4d5bd7..632e6256d 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -88,6 +88,7 @@ It's easier to just manage this configuration outside of the operator. | priorityClassName | string | `""` | pod priority class name | | rbac.create | bool | `true` | Specifies whether to create the ClusterRole and ClusterRoleBinding. If "namespaceScope" is true or "watchNamespaces" is set, this will create Role and RoleBinding instead. | | resources | object | `{}` | grafana operator container resources | +| securityContext.allowPrivilegeEscalation | bool | `false` | Disables privilege escalation inside the container | | securityContext.capabilities | object | `{"drop":["ALL"]}` | grafana operator does not require default capabilities | | securityContext.readOnlyRootFilesystem | bool | `true` | Allow writing to filesystem | | securityContext.runAsNonRoot | bool | `true` | Force user to not be root | From c7c6ce8b2f6b541febad3d212aed8178abfe1f80 Mon Sep 17 00:00:00 2001 From: ste Date: Sun, 6 Oct 2024 17:09:20 +0200 Subject: [PATCH 06/11] Apply review comments --- .../templates/deployment.yaml | 6 ++--- deploy/helm/grafana-operator/values.yaml | 27 +++++++++---------- deploy/kustomize/base/deployment.yaml | 6 ++--- 3 files changed, 18 insertions(+), 21 deletions(-) diff --git a/deploy/helm/grafana-operator/templates/deployment.yaml b/deploy/helm/grafana-operator/templates/deployment.yaml index 2232a0e1c..832149055 100644 --- a/deploy/helm/grafana-operator/templates/deployment.yaml +++ b/deploy/helm/grafana-operator/templates/deployment.yaml @@ -58,9 +58,9 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:{{ .Values.metricsService.metricsPort }} - --pprof-addr=0.0.0.0:{{ .Values.metricsService.pprofPort }} - - -zap-encoder={{ .Values.logging.encoder | default "console" }} - - -zap-log-level={{ .Values.logging.level | default "info" }} - - -zap-time-encoding={{ .Values.logging.time | default "epoch" }} + - -zap-encoder={{ .Values.logging.encoder }} + - -zap-log-level={{ .Values.logging.level }} + - -zap-time-encoding={{ .Values.logging.time }} {{- if .Values.leaderElect }} - --leader-elect {{- end }} diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index faa286d3b..70f75a40a 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -6,25 +6,24 @@ namespaceScope: false leaderElect: false # -- Sets the WATCH_NAMESPACE environment variable, -# Defines namespaces the operator should be listening for. -# By default it's all namespaces, if you want to limit the Operator to its own namespace, instead set namespaceScope: true. +# it defines which namespaces the operator should be listening for. +# By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. watchNamespaces: "" # -- Sets the WATCH_NAMESPACE_SELECTOR environment variable, -# Defines namespaces the operator should be listening for based on label and key value pair added on namespace kind. -# By default it's all namespaces. +# it defines which namespaces the operator should be listening for. +# By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. watchNamespaceSelector: "" # -- Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift isOpenShift: false -# Log options for the Operator logging: - # -- Log encoding (one of 'json' or 'console') + # -- Log encoding (one of "json" or "console") encoder: console - # -- Configure the verbosity of logging. Can be one of 'debug', 'info', 'error' + # -- Configure the verbosity of logging. Can be one of "debug", "info", "error" level: info - # -- Time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). + # -- Time encoding (one of "epoch", "millis", "nano", "iso8601", "rfc3339" or "rfc3339nano"). time: epoch # -- Additional environment variables @@ -86,17 +85,16 @@ podAnnotations: {} # -- pod security context podSecurityContext: {} -# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: - # -- grafana operator does not require default capabilities + # -- A list of capabilities to drop capabilities: drop: - ALL - # -- Disables privilege escalation inside the container + # -- Whether to allow privilege escalation allowPrivilegeEscalation: false - # -- Allow writing to filesystem + # -- Whether to allow writing to the root filesystem readOnlyRootFilesystem: true - # -- Force user to not be root + # -- Whether to require a container to run as a non-root user runAsNonRoot: true # -- grafana operator container resources @@ -115,8 +113,7 @@ tolerations: [] affinity: {} serviceMonitor: - # -- Used with Prometheus Operator - # When true Create a ServiceMonitor to enable metric scraping + # -- Whether to create a ServiceMonitor enabled: false # -- Set of labels to transfer from the Kubernetes Service onto the target additionalLabels: {} diff --git a/deploy/kustomize/base/deployment.yaml b/deploy/kustomize/base/deployment.yaml index 9aaf441ac..18498824c 100644 --- a/deploy/kustomize/base/deployment.yaml +++ b/deploy/kustomize/base/deployment.yaml @@ -22,9 +22,9 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:9090 - --leader-elect - - -zap-encoder=console - - -zap-log-level=info - - -zap-time-encoding=epoch + # - -zap-encoder=console + # - -zap-log-level=info + # - -zap-time-encoding=epoch image: ghcr.io/grafana/grafana-operator:v5.6.0 imagePullPolicy: Always ports: From 2e71b666fcb1b75384f8ff798bf916e7371e9660 Mon Sep 17 00:00:00 2001 From: ste Date: Sun, 6 Oct 2024 17:10:32 +0200 Subject: [PATCH 07/11] make helm/docs --- deploy/helm/grafana-operator/README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index 632e6256d..c5612dcc9 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -73,9 +73,9 @@ It's easier to just manage this configuration outside of the operator. | imagePullSecrets | list | `[]` | image pull secrets | | isOpenShift | bool | `false` | Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift | | leaderElect | bool | `false` | If you want to run multiple replicas of the grafana-operator, this is not recommended. | -| logging.encoder | string | `"console"` | Log encoding (one of 'json' or 'console') | -| logging.level | string | `"info"` | Configure the verbosity of logging. Can be one of 'debug', 'info', 'error' | -| logging.time | string | `"epoch"` | Time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). | +| logging.encoder | string | `"console"` | Log encoding (one of "json" or "console") | +| logging.level | string | `"info"` | Configure the verbosity of logging. Can be one of "debug", "info", "error" | +| logging.time | string | `"epoch"` | Time encoding (one of "epoch", "millis", "nano", "iso8601", "rfc3339" or "rfc3339nano"). | | metricsService.metricsPort | int | `9090` | metrics service port | | metricsService.pprofPort | int | `8888` | port for the pprof profiling endpoint | | metricsService.type | string | `"ClusterIP"` | metrics service type | @@ -88,15 +88,15 @@ It's easier to just manage this configuration outside of the operator. | priorityClassName | string | `""` | pod priority class name | | rbac.create | bool | `true` | Specifies whether to create the ClusterRole and ClusterRoleBinding. If "namespaceScope" is true or "watchNamespaces" is set, this will create Role and RoleBinding instead. | | resources | object | `{}` | grafana operator container resources | -| securityContext.allowPrivilegeEscalation | bool | `false` | Disables privilege escalation inside the container | -| securityContext.capabilities | object | `{"drop":["ALL"]}` | grafana operator does not require default capabilities | -| securityContext.readOnlyRootFilesystem | bool | `true` | Allow writing to filesystem | -| securityContext.runAsNonRoot | bool | `true` | Force user to not be root | +| securityContext.allowPrivilegeEscalation | bool | `false` | Whether to allow privilege escalation | +| securityContext.capabilities | object | `{"drop":["ALL"]}` | A list of capabilities to drop | +| securityContext.readOnlyRootFilesystem | bool | `true` | Whether to allow writing to the root filesystem | +| securityContext.runAsNonRoot | bool | `true` | Whether to require a container to run as a non-root user | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | serviceMonitor.additionalLabels | object | `{}` | Set of labels to transfer from the Kubernetes Service onto the target | -| serviceMonitor.enabled | bool | `false` | Used with Prometheus Operator When true Create a ServiceMonitor to enable metric scraping | +| serviceMonitor.enabled | bool | `false` | Whether to create a ServiceMonitor | | serviceMonitor.interval | string | `"1m"` | Set how frequently Prometheus should scrape | | serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | | serviceMonitor.relabelings | list | `[]` | Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | @@ -104,5 +104,5 @@ It's easier to just manage this configuration outside of the operator. | serviceMonitor.targetLabels | list | `[]` | Set of labels to transfer from the Kubernetes Service onto the target | | serviceMonitor.telemetryPath | string | `"/metrics"` | Set path to metrics path | | tolerations | list | `[]` | pod tolerations | -| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, Defines namespaces the operator should be listening for based on label and key value pair added on namespace kind. By default it's all namespaces. | -| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, Defines namespaces the operator should be listening for. By default it's all namespaces, if you want to limit the Operator to its own namespace, instead set namespaceScope: true. | +| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, it defines which namespaces the operator should be listening for. By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. | +| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, it defines which namespaces the operator should be listening for. By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. | From b5417843dfe70ddb68372912506378f8ca0f16ce Mon Sep 17 00:00:00 2001 From: Igor Beliakov Date: Mon, 7 Oct 2024 10:49:40 +0200 Subject: [PATCH 08/11] chore(helm): adjust comments and regenerate readme --- deploy/helm/grafana-operator/README.md | 4 ++-- deploy/helm/grafana-operator/values.yaml | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index c5612dcc9..70a2c3acf 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -104,5 +104,5 @@ It's easier to just manage this configuration outside of the operator. | serviceMonitor.targetLabels | list | `[]` | Set of labels to transfer from the Kubernetes Service onto the target | | serviceMonitor.telemetryPath | string | `"/metrics"` | Set path to metrics path | | tolerations | list | `[]` | pod tolerations | -| watchNamespaceSelector | string | `""` | Sets the WATCH_NAMESPACE_SELECTOR environment variable, it defines which namespaces the operator should be listening for. By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. | -| watchNamespaces | string | `""` | Sets the WATCH_NAMESPACE environment variable, it defines which namespaces the operator should be listening for. By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. | +| watchNamespaceSelector | string | `""` | Sets the `WATCH_NAMESPACE_SELECTOR` environment variable, it defines which namespaces the operator should be listening for based on a namespace label (e.g. `"environment: dev"`). By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. | +| watchNamespaces | string | `""` | Sets the `WATCH_NAMESPACE` environment variable, it defines which namespaces the operator should be listening for (e.g. `"grafana, foo"`). By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. | diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index 70f75a40a..987b92421 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -5,14 +5,14 @@ namespaceScope: false # -- If you want to run multiple replicas of the grafana-operator, this is not recommended. leaderElect: false -# -- Sets the WATCH_NAMESPACE environment variable, -# it defines which namespaces the operator should be listening for. +# -- Sets the `WATCH_NAMESPACE` environment variable, +# it defines which namespaces the operator should be listening for (e.g. `"grafana, foo"`). # By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. watchNamespaces: "" -# -- Sets the WATCH_NAMESPACE_SELECTOR environment variable, -# it defines which namespaces the operator should be listening for. -# By default it's all namespaces, if you only want to listen for the same namespace as the operator is deployed to look at namespaceScope. +# -- Sets the `WATCH_NAMESPACE_SELECTOR` environment variable, +# it defines which namespaces the operator should be listening for based on a namespace label (e.g. `"environment: dev"`). +# By default, the operator watches all namespaces. To make it watch only its own namespace, check out `namespaceScope` option instead. watchNamespaceSelector: "" # -- Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift @@ -148,4 +148,3 @@ extraObjects: [] # dataFrom: # - extract: # key: my-secret-store-secret - From c02f1464dfb18701ae031c246e77975264930f2b Mon Sep 17 00:00:00 2001 From: Igor Beliakov Date: Mon, 7 Oct 2024 11:26:12 +0200 Subject: [PATCH 09/11] chore(kustomize): revert changes around logging options --- deploy/kustomize/base/deployment.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/kustomize/base/deployment.yaml b/deploy/kustomize/base/deployment.yaml index 18498824c..89eb590ce 100644 --- a/deploy/kustomize/base/deployment.yaml +++ b/deploy/kustomize/base/deployment.yaml @@ -22,9 +22,6 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:9090 - --leader-elect - # - -zap-encoder=console - # - -zap-log-level=info - # - -zap-time-encoding=epoch image: ghcr.io/grafana/grafana-operator:v5.6.0 imagePullPolicy: Always ports: From 5ac1cbc83f7e48ef9e7b7cb30bf7d8ae324bac8b Mon Sep 17 00:00:00 2001 From: Igor Beliakov Date: Mon, 7 Oct 2024 11:36:29 +0200 Subject: [PATCH 10/11] fix(helm): fix default value for time encoder --- deploy/helm/grafana-operator/README.md | 6 +++--- deploy/helm/grafana-operator/values.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deploy/helm/grafana-operator/README.md b/deploy/helm/grafana-operator/README.md index 70a2c3acf..0d99df8e4 100644 --- a/deploy/helm/grafana-operator/README.md +++ b/deploy/helm/grafana-operator/README.md @@ -73,9 +73,9 @@ It's easier to just manage this configuration outside of the operator. | imagePullSecrets | list | `[]` | image pull secrets | | isOpenShift | bool | `false` | Determines if the target cluster is OpenShift. Additional rbac permissions for routes will be added on OpenShift | | leaderElect | bool | `false` | If you want to run multiple replicas of the grafana-operator, this is not recommended. | -| logging.encoder | string | `"console"` | Log encoding (one of "json" or "console") | -| logging.level | string | `"info"` | Configure the verbosity of logging. Can be one of "debug", "info", "error" | -| logging.time | string | `"epoch"` | Time encoding (one of "epoch", "millis", "nano", "iso8601", "rfc3339" or "rfc3339nano"). | +| logging.encoder | string | `"console"` | Log encoding ("console", "json") | +| logging.level | string | `"info"` | Configure the verbosity of logging ("debug", "error", "info") | +| logging.time | string | `"rfc3339"` | Time encoding ("epoch", "iso8601", "millis", "nano", "rfc3339", "rfc3339nano") | | metricsService.metricsPort | int | `9090` | metrics service port | | metricsService.pprofPort | int | `8888` | port for the pprof profiling endpoint | | metricsService.type | string | `"ClusterIP"` | metrics service type | diff --git a/deploy/helm/grafana-operator/values.yaml b/deploy/helm/grafana-operator/values.yaml index 987b92421..489fb9c6b 100644 --- a/deploy/helm/grafana-operator/values.yaml +++ b/deploy/helm/grafana-operator/values.yaml @@ -19,12 +19,12 @@ watchNamespaceSelector: "" isOpenShift: false logging: - # -- Log encoding (one of "json" or "console") + # -- Log encoding ("console", "json") encoder: console - # -- Configure the verbosity of logging. Can be one of "debug", "info", "error" + # -- Configure the verbosity of logging ("debug", "error", "info") level: info - # -- Time encoding (one of "epoch", "millis", "nano", "iso8601", "rfc3339" or "rfc3339nano"). - time: epoch + # -- Time encoding ("epoch", "iso8601", "millis", "nano", "rfc3339", "rfc3339nano") + time: rfc3339 # -- Additional environment variables env: [] From 1acf75d41217ac92ad237f47611dba82a551b21f Mon Sep 17 00:00:00 2001 From: Igor Beliakov Date: Mon, 7 Oct 2024 11:39:57 +0200 Subject: [PATCH 11/11] chore(helm): use zap flags as defined in operator-sdk docs --- deploy/helm/grafana-operator/templates/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/helm/grafana-operator/templates/deployment.yaml b/deploy/helm/grafana-operator/templates/deployment.yaml index 832149055..0ea27aeb5 100644 --- a/deploy/helm/grafana-operator/templates/deployment.yaml +++ b/deploy/helm/grafana-operator/templates/deployment.yaml @@ -58,9 +58,9 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=0.0.0.0:{{ .Values.metricsService.metricsPort }} - --pprof-addr=0.0.0.0:{{ .Values.metricsService.pprofPort }} - - -zap-encoder={{ .Values.logging.encoder }} - - -zap-log-level={{ .Values.logging.level }} - - -zap-time-encoding={{ .Values.logging.time }} + - --zap-encoder={{ .Values.logging.encoder }} + - --zap-log-level={{ .Values.logging.level }} + - --zap-time-encoding={{ .Values.logging.time }} {{- if .Values.leaderElect }} - --leader-elect {{- end }}