diff --git a/root/templates/cluster-forge.yaml b/root/templates/cluster-forge.yaml index 4bf42558..3355f667 100644 --- a/root/templates/cluster-forge.yaml +++ b/root/templates/cluster-forge.yaml @@ -11,13 +11,16 @@ spec: # Uses the SAME targetRevision for both chart templates AND values sources: - repoURL: {{ .Values.clusterForge.repoUrl }} - targetRevision: {{ .Values.clusterForge.targetRevision }} + targetRevision: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} path: root helm: valueFiles: - {{ .Values.externalValues.path }} - {{ .Values.global.clusterSize }} - $cluster-values/values.yaml + parameters: + - name: clusterForge.targetRevision + value: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} - repoURL: {{ .Values.externalValues.repoUrl }} targetRevision: {{ .Values.externalValues.targetRevision }} ref: cluster-values @@ -25,12 +28,17 @@ spec: # helm-chart & values file within the same git repo source: repoURL: {{ .Values.clusterForge.repoUrl }} - targetRevision: {{ .Values.clusterForge.targetRevision }} + targetRevision: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} path: root helm: valueFiles: - {{ .Values.clusterForge.valuesFile }} - {{ .Values.global.clusterSize }} + parameters: + - name: clusterForge.targetRevision + value: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} + - name: global.domain + value: {{ .Values.global.domain | quote }} {{- end }} destination: server: https://kubernetes.default.svc @@ -38,4 +46,13 @@ spec: syncPolicy: automated: prune: true - selfHeal: true \ No newline at end of file + selfHeal: true + ignoreDifferences: + - group: argoproj.io + kind: Application + name: cluster-forge + jsonPointers: + - /spec/source/targetRevision + - /spec/sources/0/targetRevision + - /spec/source/helm/parameters + - /spec/sources/0/helm/parameters \ No newline at end of file diff --git a/root/values.yaml b/root/values.yaml index 762b834d..94c9e510 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -1,8 +1,9 @@ clusterForge: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" - targetRevision: # injected via scripts/bootstrap.sh; tag, branch, or commit + targetRevision: main # Overridden by bootstrap --target-revision flag + valuesFile: values.yaml externalValues: - enabled: true + enabled: false path: values.yaml repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" targetRevision: main @@ -237,6 +238,14 @@ apps: syncWave: -40 valuesObject: installCRDs: true + cert-manager-config: + helmParameters: + - name: domain + value: "{{ .Values.global.domain }}" + namespace: cert-manager + path: cert-manager-config + syncWave: -35 + valuesFile: values.yaml cluster-auth: namespace: cluster-auth path: cluster-auth/0.5.0 @@ -253,6 +262,12 @@ apps: namespace: cluster-auth path: cluster-auth-config syncWave: -20 + cluster-cert: + namespace: cluster-cert + path: cluster-cert + syncWave: -15 + directory: + recurse: true cnpg-operator: namespace: cnpg-system path: cnpg-operator/0.26.0 @@ -525,6 +540,18 @@ apps: requests: cpu: "250m" memory: "512Mi" + keycloak-config: + ignoreDifferences: + - group: external-secrets.io + jqPathExpressions: + - ".spec.data[].remoteRef.conversionStrategy" + - ".spec.data[].remoteRef.decodingStrategy" + - ".spec.data[].remoteRef.metadataPolicy" + kind: ExternalSecret + namespace: keycloak + path: keycloak-config + syncWave: -5 + valuesFile: values.yaml kgateway: namespace: kgateway-system path: kgateway/v2.1.0-main diff --git a/root/values_large.yaml b/root/values_large.yaml index 917e1f54..91947a19 100644 --- a/root/values_large.yaml +++ b/root/values_large.yaml @@ -1,3 +1,14 @@ +global: + clusterSize: values_large.yaml + +# Large cluster uses Gitea for GitOps (multi-source) +clusterForge: + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + targetRevision: main # Default branch, can be overridden via --target-revision +externalValues: + enabled: true + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_medium.yaml b/root/values_medium.yaml index 04b7e20c..08139349 100644 --- a/root/values_medium.yaml +++ b/root/values_medium.yaml @@ -1,5 +1,15 @@ # Medium & Small clusters add local-path storage policy for RWX→RWO conversion +global: + clusterSize: values_medium.yaml + +# Medium cluster uses Gitea for GitOps (multi-source) +clusterForge: + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" +externalValues: + enabled: true + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_small.yaml b/root/values_small.yaml index 282e517f..9e31bb36 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -1,3 +1,15 @@ +# Medium & Small clusters add local-path storage policy for RWX→RWO conversion + +global: + clusterSize: values_small.yaml + +# Small cluster uses GitHub (no Gitea deployed) +clusterForge: + repoUrl: "https://github.com/silogen/cluster-forge.git" + targetRevision: main # Overridden by bootstrap --target-revision flag +externalValues: + enabled: false + enabledApps: - aim-cluster-model-source - aim-engine @@ -15,14 +27,14 @@ enabledApps: - argocd - argocd-config - cert-manager + - cert-manager-config - cluster-auth + - cluster-cert - cluster-auth-config - cnpg-operator - external-secrets - external-secrets-config - gateway-api - - gitea - - gitea-config - kaiwo - kaiwo-config - kaiwo-crds @@ -53,6 +65,34 @@ enabledApps: - rabbitmq apps: + # Modular Kyverno policy applications (only the storage-local-path addition) + cluster-cert: + namespace: static-cert-system + kyverno-policies-storage-local-path: + namespace: kyverno + path: kyverno-policies/storage-local-path + syncWave: -25 + airm-infra-cnpg: + syncWave: 5 + valuesObject: + instances: 1 + storage: + storageClass: local-path + walStorage: + storageClass: local-path + airm-infra-rabbitmq: + syncWave: 5 + valuesObject: + persistence: + storageClassName: local-path + aiwb-infra-cnpg: + syncWave: 5 + valuesObject: + instances: 1 + storage: + storageClass: local-path + walStorage: + storageClass: local-path argocd: valuesObject: applicationSet: @@ -61,38 +101,34 @@ apps: replicas: 1 resources: limits: - cpu: "2000m" - memory: "4Gi" + memory: "2Gi" requests: - cpu: "500m" + cpu: "125m" memory: "1Gi" redis-ha: enabled: false redis: resources: limits: - cpu: "1000m" - memory: "2Gi" + memory: "1Gi" requests: - cpu: "250m" + cpu: "5m" memory: "512Mi" repoServer: replicas: 1 resources: limits: - cpu: "1000m" - memory: "2Gi" + memory: "1Gi" requests: - cpu: "250m" + cpu: "25m" memory: "512Mi" server: replicas: 1 resources: limits: - cpu: "500m" memory: "1Gi" requests: - cpu: "125m" + cpu: "25m" memory: "256Mi" grafana: valuesObject: @@ -105,22 +141,38 @@ apps: replicas: 1 resources: limits: - cpu: "1000m" memory: "2Gi" requests: - cpu: "250m" + cpu: "125m" memory: "512Mi" - kyverno-policies-storage-local-path: - ignoreDifferences: [] - namespace: kyverno - path: kyverno-policies/storage-local-path - source: clusterForge - syncOptions: - - CreateNamespace=true - syncWave: - - group: kyverno.io - kind: ClusterPolicy - wave: 26 # Deploy after base policies + airm: + valuesObject: + airm-api: + frontend: + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "1Gi" + keycloak-config: + valuesObject: + storageClass: local-path + keycloak: + syncWave: 5 + valuesObject: + # Increase memory resources for Keycloak to prevent OOMKilled during initialization + # Medium preset provides 1536Mi memory limit vs small preset's 768Mi + resourcesPreset: "medium" + cnpg: + storage: + storageClass: local-path + walStorage: + storageClass: local-path + minio-operator: + valuesObject: + operator: + replicaCount: 1 minio-tenant: valuesObject: tenant: @@ -139,10 +191,9 @@ apps: volumesPerServer: 2 resources: limits: - cpu: "4000m" memory: "8Gi" requests: - cpu: "1000m" + cpu: "500m" memory: "2Gi" openbao: valuesObject: @@ -157,24 +208,109 @@ apps: replicas: 1 resources: limits: - cpu: "1000m" memory: "2Gi" requests: - cpu: "250m" + cpu: "5m" memory: "512Mi" + cnpg-operator: + valuesObject: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + cert-manager: + valuesObject: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + webhook: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + cainjector: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + external-secrets: + valuesObject: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + webhook: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + certController: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + opentelemetry-operator: + valuesObject: + manager: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + otel-lgtm-stack: + syncWave: 5 + valuesObject: + lgtm: + storage: + storageClass: local-path + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "8Gi" + collectors: + resources: + metrics: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "8Gi" + logs: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "2Gi" prometheus: valuesObject: prometheus: prometheusSpec: resources: limits: - cpu: "2000m" memory: "4Gi" requests: - cpu: "500m" + cpu: "250m" memory: "1Gi" - retention: 15d - retentionSize: 20GB + retention: 3d + retentionSize: 4GB storageSpec: volumeClaimTemplate: spec: @@ -182,5 +318,5 @@ apps: - ReadWriteOnce resources: requests: - storage: 25Gi + storage: 5Gi storageClassName: local-path diff --git a/sbom/components.yaml b/sbom/components.yaml index 56d7a1cf..27b4f940 100644 --- a/sbom/components.yaml +++ b/sbom/components.yaml @@ -103,6 +103,12 @@ components: projectUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-auth license: Apache License 2.0 licenseUrl: https://github.com/silogen/cluster-forge/blob/main/LICENSE + cluster-cert: + path: cluster-cert/0.0.6 + sourceUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-cert + projectUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-cert + license: Apache License 2.0 + licenseUrl: https://github.com/silogen/cluster-forge/blob/main/LICENSE cnpg-operator: path: cnpg-operator/0.26.0 valuesFile: values.yaml @@ -275,4 +281,3 @@ components: projectUrl: https://github.com/rabbitmq/cluster-operator/ license: Mozilla Public License 2.0 licenseUrl: https://github.com/rabbitmq/cluster-operator/blob/main/LICENSE.txt - \ No newline at end of file diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index a35633c2..fc585bba 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -429,6 +429,26 @@ is_disabled_app() { return 1 } +# Returns 0 if gitea is in enabledApps in the values file(s) +is_gitea_enabled() { + local values_file="${SOURCE_ROOT}/root/${VALUES_FILE}" + local size_values_file="${SOURCE_ROOT}/root/${SIZE_VALUES_FILE}" + + # Check base values file + if yq eval '.enabledApps[] | select(. == "gitea")' "$values_file" 2>/dev/null | grep -q "gitea"; then + return 0 + fi + + # Check size-specific values file if it exists + if [ -n "${SIZE_VALUES_FILE}" ] && [ -f "$size_values_file" ]; then + if yq eval '.enabledApps[] | select(. == "gitea")' "$size_values_file" 2>/dev/null | grep -q "gitea"; then + return 0 + fi + fi + + return 1 +} + # Helper function to either apply directly or output YAML for templating apply_or_template() { @@ -441,9 +461,15 @@ apply_or_template() { # Create namespaces create_namespaces() { - for ns in argocd cf-gitea cf-openbao; do + # Always create argocd and openbao namespaces + for ns in argocd cf-openbao; do kubectl create ns "$ns" --dry-run=client -o yaml | apply_or_template -f - done + + # Only create gitea namespace if gitea is enabled + if is_gitea_enabled; then + kubectl create ns cf-gitea --dry-run=client -o yaml | apply_or_template -f - + fi } # Extract ArgoCD values using yq @@ -815,13 +841,22 @@ EOF fi done + # Determine repo URLs based on whether gitea is enabled + local cluster_forge_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + local external_values_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + + if ! is_gitea_enabled; then + cluster_forge_repo="https://github.com/silogen/cluster-forge.git" + external_values_repo="https://github.com/silogen/cluster-forge.git" + fi + # Render only the cluster-apps template with filtered values helm template cluster-forge "${SOURCE_ROOT}/root" \ --show-only templates/cluster-apps.yaml \ --values "$temp_values" \ --set clusterForge.targetRevision="${TARGET_REVISION}" \ - --set externalValues.repoUrl="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" \ - --set clusterForge.repoUrl="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" \ + --set externalValues.repoUrl="${external_values_repo}" \ + --set clusterForge.repoUrl="${cluster_forge_repo}" \ --namespace argocd \ --kube-version "${KUBE_VERSION}" | apply_or_template -f - @@ -834,7 +869,18 @@ apply_cluster_forge_parent_app() { log_info "=== Creating ClusterForge Parent App ===" log_info "Target revision: $TARGET_REVISION" - + # Determine repo URLs based on whether gitea is enabled + local cluster_forge_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + local external_values_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + local external_values_enabled="true" + + if ! is_gitea_enabled; then + log_info "Gitea not enabled, using GitHub repository" + cluster_forge_repo="https://github.com/silogen/cluster-forge.git" + external_values_enabled="false" + else + log_info "Gitea enabled, using local Gitea repository" + fi helm template cluster-forge "${SOURCE_ROOT}/root" \ --show-only templates/cluster-forge.yaml \ @@ -842,12 +888,14 @@ apply_cluster_forge_parent_app() { --values "${SOURCE_ROOT}/root/${SIZE_VALUES_FILE}" \ --set global.clusterSize="${SIZE_VALUES_FILE}" \ --set global.domain="${DOMAIN}" \ + --set clusterForge.repoUrl="${cluster_forge_repo}" \ --set clusterForge.targetRevision="${TARGET_REVISION}" \ + --set clusterForge.valuesFile="${VALUES_FILE}" \ + --set externalValues.enabled="${external_values_enabled}" \ + --set externalValues.repoUrl="${external_values_repo}" \ --namespace argocd \ --kube-version "${KUBE_VERSION}" | apply_or_template -f - } - -# Check if requested apps are cluster-forge child apps is_cluster_forge_child_app() { local app="$1" # Check if the app is defined in the values.yaml apps section @@ -970,8 +1018,12 @@ main() { fi if should_run gitea; then - log_info "📦 Step 4/5: Bootstrapping Gitea" - bootstrap_gitea + if is_gitea_enabled; then + log_info "📦 Step 4/5: Bootstrapping Gitea" + bootstrap_gitea + else + log_info "⏭️ Step 4/5: Skipping Gitea (not in enabledApps)" + fi else log_info "⏭️ Step 4/5: Skipping Gitea" fi diff --git a/sources/cluster-cert/webhook-cert-generator.yaml b/sources/cluster-cert/webhook-cert-generator.yaml index fa220c7d..135fce35 100644 --- a/sources/cluster-cert/webhook-cert-generator.yaml +++ b/sources/cluster-cert/webhook-cert-generator.yaml @@ -60,7 +60,8 @@ data: cp /tmp/server.crt /certs/tls.crt cp /tmp/server.key /certs/tls.key cp /tmp/ca.crt /certs/ca.crt - + chmod 644 /certs/tls.crt /certs/tls.key /certs/ca.crt + echo "Certificates copied to /certs/" # Create Kubernetes secret diff --git a/sources/cluster-cert/webhook-config.yaml b/sources/cluster-cert/webhook-config.yaml index 3cd80423..61770c8f 100644 --- a/sources/cluster-cert/webhook-config.yaml +++ b/sources/cluster-cert/webhook-config.yaml @@ -17,4 +17,4 @@ webhooks: resources: ["certificates"] admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None - failurePolicy: Fail \ No newline at end of file + failurePolicy: Ignore \ No newline at end of file diff --git a/sources/keycloak-config/templates/keycloak-cluster.yaml b/sources/keycloak-config/templates/keycloak-cluster.yaml index 0421fda3..a302fcaf 100644 --- a/sources/keycloak-config/templates/keycloak-cluster.yaml +++ b/sources/keycloak-config/templates/keycloak-cluster.yaml @@ -91,9 +91,9 @@ spec: stopDelay: 300 storage: size: 50Gi - storageClass: default + storageClass: {{ default "default" .Values.storageClass }} superuserSecret: name: keycloak-cnpg-superuser walStorage: size: 50Gi - storageClass: default + storageClass: {{ default "default" .Values.storageClass }} diff --git a/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml b/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml index 6a93f9e8..c4351455 100644 --- a/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml +++ b/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml @@ -36,6 +36,7 @@ spec: - key: "ReadOnlyMany" operator: AnyIn value: "{{ "{{" }} request.object.spec.accessModes || [] {{ "}}" }}" + skipBackgroundRequests: true mutate: patchStrategicMerge: spec: @@ -82,11 +83,13 @@ spec: - key: "ReadOnlyMany" operator: AnyIn value: "{{ "{{" }} request.object.spec.accessModes || [] {{ "}}" }}" + skipBackgroundRequests: true validate: + allowExistingViolations: true message: >- WARNING: The requested access mode(s) {{ "{{" }} request.object.spec.accessModes && join(',', request.object.spec.accessModes) || 'undefined' {{ "}}" }} - are not supported by the local-path provisioner used in small/medium clusters. - The access mode has been automatically converted to ReadWriteOnce (RWO). + are not supported by the local-path provisioner used in small/medium clusters. + The access mode has been automatically converted to ReadWriteOnce (RWO). For ReadWriteMany support, consider using a large cluster with Longhorn storage. deny: conditions: diff --git a/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml new file mode 100644 index 00000000..3a255f2e --- /dev/null +++ b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml @@ -0,0 +1,101 @@ +--- +# Kyverno ClusterPolicy to mutate PVC storage class references +# This policy is ONLY deployed to small and medium clusters via enabledApps configuration +# Converts "default" and "multinode" storage classes to "local-path" for compatibility +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: local-path-storageclass-mutation + annotations: + policies.kyverno.io/title: "Local-Path Storage Class Mutation" + policies.kyverno.io/category: "Storage" + policies.kyverno.io/severity: "medium" + policies.kyverno.io/subject: "PersistentVolumeClaim" + policies.kyverno.io/minversion: "1.6.0" + policies.kyverno.io/description: >- + This policy automatically converts "default" and "multinode" storage class references + to "local-path" for clusters using local-path provisioner. This handles components + that cannot be configured via values.yaml overrides (e.g., hardcoded templates). + NOTE: This policy is only deployed to small/medium clusters, never to large clusters. +spec: + admission: true + background: false + validationFailureAction: Enforce + rules: + - name: convert-default-to-local-path + match: + resources: + kinds: + - PersistentVolumeClaim + preconditions: + any: + # Apply if PVC requests "default" or "multinode" storage class + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "default" + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "multinode" + skipBackgroundRequests: true + mutate: + patchStrategicMerge: + spec: + # Replace with local-path storage class + storageClassName: local-path + metadata: + annotations: + +(kyverno.io/original-storageclass): "{{ "{{" }} request.object.spec.storageClassName || 'undefined' {{ "}}" }}" + +(kyverno.io/mutation-applied): "storageclass-to-local-path" + +(kyverno.io/policy-reason): "Components using 'default' or 'multinode' storage classes are converted to 'local-path' for small/medium cluster compatibility" + +--- +# Validation policy to warn about storage class changes +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: local-path-storageclass-warning + annotations: + policies.kyverno.io/title: "Local-Path Storage Class Warning" + policies.kyverno.io/category: "Storage" + policies.kyverno.io/severity: "low" + policies.kyverno.io/subject: "PersistentVolumeClaim" + policies.kyverno.io/description: >- + This policy generates warnings when PVCs request "default" or "multinode" storage classes + that will be converted to "local-path" due to cluster size limitations. + NOTE: This policy is only deployed to small/medium clusters, never to large clusters. +spec: + admission: true + background: false + validationFailureAction: Audit # Warning only, don't block + rules: + - name: warn-storageclass-conversion + match: + resources: + kinds: + - PersistentVolumeClaim + preconditions: + any: + # Warn for storage classes that will be converted + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "default" + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "multinode" + skipBackgroundRequests: true + validate: + allowExistingViolations: true + message: >- + INFO: The requested storage class "{{ "{{" }} request.object.spec.storageClassName || 'undefined' {{ "}}" }}" + is not available in small/medium clusters. The storage class has been automatically + converted to "local-path". Components that cannot be overridden via values.yaml: + - keycloak-old/keycloak-cnpg (hardcoded template) + - kaiwo-config/pvc-user-demo (static PVC) + - otel-lgtm-stack PVCs (hardcoded template) + For large clusters with distributed storage, this policy is not deployed. + deny: + conditions: + # This condition is always false, so it only generates a warning + - key: "false" + operator: Equals + value: "true" diff --git a/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml b/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml index cb76e752..33f2c6f1 100644 --- a/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml +++ b/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml @@ -12,7 +12,7 @@ metadata: name: tempo-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -25,7 +25,7 @@ metadata: name: loki-data-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -38,7 +38,7 @@ metadata: name: loki-storage-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -51,7 +51,7 @@ metadata: name: grafana-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -64,7 +64,7 @@ metadata: name: p8s-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/sources/otel-lgtm-stack/v1.0.7/values.yaml b/sources/otel-lgtm-stack/v1.0.7/values.yaml index 6ea2fd2e..53cd4247 100644 --- a/sources/otel-lgtm-stack/v1.0.7/values.yaml +++ b/sources/otel-lgtm-stack/v1.0.7/values.yaml @@ -11,11 +11,12 @@ namespace: otel-lgtm-stack # LGTM Stack storage configuration lgtm: storage: + storageClass: default # Tempo storage for traces tempo: 50Gi - # Loki storage for logs + # Loki storage for logs loki: 50Gi - # Grafana storage for dashboards/config + # Grafana storage for dashboards/config grafana: 10Gi # Mimir/Prometheus storage for metrics mimir: 50Gi