From 37184db5f82fd8bd7834fc2b816606c82c05ccb3 Mon Sep 17 00:00:00 2001 From: Frank Zhu Date: Mon, 26 Feb 2024 15:52:04 -0600 Subject: [PATCH] add rbac namespace for grafana --- charts/chainlink-cluster/devspace.yaml | 105 ------------------------- charts/chainlink-cluster/values.yaml | 51 ++++++++++++ 2 files changed, 51 insertions(+), 105 deletions(-) diff --git a/charts/chainlink-cluster/devspace.yaml b/charts/chainlink-cluster/devspace.yaml index 88c7fc42cca..f7808085505 100644 --- a/charts/chainlink-cluster/devspace.yaml +++ b/charts/chainlink-cluster/devspace.yaml @@ -300,111 +300,6 @@ deployments: # monitoring.coreos.com/v1 PodMonitor for each node prometheusMonitor: true - # for tracing - opentelemetry-collector: - enabled: true - mode: deployment - image: - repository: otel/opentelemetry-collector - tag: 0.81.2 - command: - name: otelcol - extraVolumes: - - name: trace-data - emptyDir: {} - extraVolumeMounts: - - name: trace-data - mountPath: /tracing - podSecurityContext: - fsGroup: 10001 - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 - config: - receivers: - otlp: - protocols: - grpc: - endpoint: "0.0.0.0:4317" - http: - endpoint: "0.0.0.0:3100" - exporters: - file: - path: /tracing/trace-data.json - otlp: - endpoint: tempo:4317 - tls: - insecure: true - service: - telemetry: - logs: - level: "debug" - pipelines: - traces: - receivers: [otlp] - exporters: [file, otlp] - - tempo: - enabled: true - image: - tag: "1.7.2" - server: - http_listen_port: 3200 - # default storage path: /var/tempo/ - readinessProbe: - httpGet: - path: /ready - port: 3200 - initialDelaySeconds: 10 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /ready - port: 3200 - initialDelaySeconds: 20 - periodSeconds: 10 - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 - tempo: - storage: - trace: - backend: local # backend configuration to use - wal: - path: /tmp/tempo/wal # where to store the the wal locally - local: - path: /tmp/tempo/blocks - - grafana: - enabled: true - image: - tag: 7.3.2 - datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Tempo - type: tempo - access: proxy - orgId: 1 - url: http://tempo:3200 - basicAuth: false - isDefault: true - version: 1 - editable: false - uid: tempo - jsonData: - httpMethod: GET - serviceMap: - datasourceUid: prometheus - env: - GF_AUTH_ANONYMOUS_ENABLED: "true" - GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin" - GF_AUTH_DISABLE_LOGIN_FORM: "true" - GF_FEATURE_TOGGLES_ENABLE: "traceqlEditor" - networkPolicy: ingress: # Should be a comma separated list of CIDR blocks. To include diff --git a/charts/chainlink-cluster/values.yaml b/charts/chainlink-cluster/values.yaml index f922e6397ba..2bca739bfdf 100644 --- a/charts/chainlink-cluster/values.yaml +++ b/charts/chainlink-cluster/values.yaml @@ -272,6 +272,8 @@ grafana: enabled: true image: tag: 7.3.2 + rbac: + namespaced: true datasources: datasources.yaml: apiVersion: 1 @@ -402,6 +404,55 @@ affinity: networkPolicies: enabled: true + customPolicies: + grafanaToTempoEgress: + podSelector: + matchLabels: + app: grafana + egress: + - to: + - podSelector: + matchLabels: + app: tempo + ports: + - protocol: TCP + port: 3100 + tempoIngressFromGrafana: + podSelector: + matchLabels: + app: tempo + ingress: + - from: + - podSelector: + matchLabels: + app: grafana + ports: + - protocol: TCP + port: 3100 + chainlinkToOtelCollectorEgress: + podSelector: + matchLabels: + app: chainlink + egress: + - to: + - podSelector: + matchLabels: + app: otel-collector + ports: + - protocol: TCP + port: 4317 + otelCollectorToTempoEgress: + podSelector: + matchLabels: + app: otel-collector + egress: + - to: + - podSelector: + matchLabels: + app: tempo + ports: + - protocol: TCP + port: 3100 # Configure the default network policy. networkPolicyDefault: