Updated to Openshift 4.18+ and Openshift Logging (6.2) (#173)

* Updated tl500 base helm chart to add cluster observability operator and new openshift logging version 6.2

* Updated tl500-course-content Helm chart to upgrade openshift cluster logging  to version 6.2

* exclude extracted subcharts and Mac foo

* add operator group for cluster-observability-operator

* Update .gitignore

Removed unnecessary lines

---------

Co-authored-by: Tim Steffens <[email protected]>

Author: acidonper

tooling/.gitignore

@@ -1,2 +1,4 @@
 *.tgz
 *.lock
+
+.DS_Store

tooling/README.md

@@ -2,7 +2,7 @@
 
 This directory contains the necessary charts used in order to deploy a TL500 Tech Stack against an OCP 4.X cluster. This assumes that the cluster has valid certificates.
 
-🐞 Please ensure your cluster is the latest Z release - 4.10.z or 4.11.z release. We test against these. 🐞
+🐞 Please ensure your cluster is the latest Z release - 4.18.z. We test against these. 🐞
 
 This chart is capable of deploying the following:
 
@@ -12,7 +12,7 @@ This chart is capable of deploying the following:
 - SealedSecrets from Bitnami
 - OpenShift Pipelines
 - Advanced Cluster Security (StackRox)
-- Cluster Logging (ELK)
+- Cluster Logging (LokiStack)
 - Certificate Utils
 - GitOps Operator (ArgoCD)
 
@@ -30,7 +30,7 @@ When specifying a chart version, make sure to use the same version for both char
 
 1. Install TL500 Base
 
-For 4.10.z OpenShift:
+For 4.18.z OpenShift:
 
 ```bash
 helm repo add enablement-framework https://rht-labs.com/enablement-framework 
@@ -39,15 +39,9 @@ helm search repo enablement-framework
 helm install tl500-base enablement-framework/tl500-base --version XYZ --namespace tl500 --create-namespace --timeout=15m
 ```
 
-When deploying to OpenShift 4.11.z+ or 4.12.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file:
-
-```bash
-helm install tl500-base enablement-framework/tl500-base -f tl500-base/values-v4.11+.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m
-```
-
 2. Install TL500 Course Content
 
-For 4.10.z OpenShift:
+For 4.18.z OpenShift:
 
 ```bash
 helm repo add enablement-framework https://rht-labs.com/enablement-framework 
@@ -56,12 +50,6 @@ helm search repo enablement-framework
 helm install tl500-course-content enablement-framework/tl500-course-content --version XYZ --namespace tl500 --create-namespace --timeout=15m
 ```
 
-When deploying to OpenShift 4.11.z+ or 4.12.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file:
-
-```bash
-helm install  tl500-course-content enablement-framework/tl500-course-content -f tl500-base/values-v4.11+.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m
-```
-
 ## Using the helm chart source code
 
 1. Get the source code
@@ -104,7 +92,6 @@ After this is deployed, you will have a functional gitlab server that can be use
 
 With CRW, this uses the provided Operator to deploy a CRW instance. With the provided defaults, it restricts uses to two workspaces and allows for only a single `running` instance.
 
-
 ## Running on infra nodes
 
 To run on an infra node (currenly only AWS supported) you can enable this by setting `runOnInfra: true`. This assumes 1) there is at least one infra node configured with the label `node-role.kubernetes.io/infra: ""`.

tooling/charts/tl500-base/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: tl500-base
 description: A Helm chart for Kubernetes
 type: application
-version: 0.0.2
+version: 0.0.3
 appVersion: 0.0.1
 maintainers:
   - name: eformat
@@ -11,6 +11,7 @@ maintainers:
   - name: jtudelag
   - name: ckavili
   - name: springdo
+  - name: acidonper
 dependencies:
   - name: sealed-secrets
     version: "2.8.2"

tooling/charts/tl500-base/templates/logging/namespace.yaml

@@ -12,3 +12,10 @@ metadata:
  name: openshift-operators-redhat
  labels:
    openshift.io/cluster-monitoring: "true"
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-cluster-observability-operator
+  labels:
+    openshift.io/cluster-monitoring: "true"

tooling/charts/tl500-base/values.yaml

@@ -46,7 +46,7 @@ operators:
     enabled: true
     namespace: openshift-logging
     subscription:
-      channel: stable-5.9
+      channel: stable-6.2
       approval: Automatic
       operatorName: cluster-logging
       sourceName: redhat-operators
@@ -55,11 +55,24 @@ operators:
       create: true
       targetNamespace: AllNamespaces
 
+  cluster-observability-operator:
+    enabled: true
+    namespace: openshift-cluster-observability-operator
+    subscription:
+      channel: stable
+      approval: Automatic
+      operatorName: cluster-observability-operator
+      sourceName: redhat-operators
+      sourceNamespace: openshift-marketplace
+    operatorgroup:
+      create: true
+      targetNamespace: AllNamespaces
+
   loki-operator:
     enabled: true
     namespace: openshift-operators-redhat
     subscription:
-      channel: stable-5.9
+      channel: stable-6.2
       approval: Automatic
       operatorName: loki-operator
       sourceName: redhat-operators

tooling/charts/tl500-course-content/Chart.yaml

@@ -2,11 +2,12 @@ apiVersion: v2
 name: tl500-course-content
 description: A Helm chart for Kubernetes
 type: application
-version: 0.0.7
+version: 0.0.8
 appVersion: 0.0.1
 maintainers:
   - name: eformat
   - name: jacobsee
   - name: jtudelag
   - name: ckavili
   - name: springdo
+  - name: acidonper

tooling/charts/tl500-course-content/templates/logging/clusterlogforwarder.yaml

@@ -0,0 +1,29 @@
+apiVersion: observability.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: {{ .Values.logging.namespace }} 
+spec:
+  serviceAccount:
+    name: {{ .Values.logging.sa }} 
+  outputs:
+  - name: lokistack-out
+    type: lokiStack 
+    lokiStack:
+      target: 
+        name: {{ .Values.logging.loki_name }} 
+        namespace: {{ .Values.logging.namespace }}
+      authentication:
+        token:
+          from: serviceAccount
+    tls:
+      ca:
+        key: service-ca.crt
+        configMapName: openshift-service-ca.crt
+  pipelines:
+  - name: infra-app-logs
+    inputRefs: 
+    - application
+    - infrastructure
+    outputRefs:
+    - lokistack-out

tooling/charts/tl500-course-content/templates/logging/clusterlogging.yaml

@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: collect-application-logs
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: collect-application-logs
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.logging.sa }}
+  namespace: {{ .Values.logging.namespace }} 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: collect-infrastructure-logs
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: collect-infrastructure-logs
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.logging.sa }}
+  namespace: {{ .Values.logging.namespace }} 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: logging-collector-logs-writer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: logging-collector-logs-writer
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.logging.sa }}
+  namespace: {{ .Values.logging.namespace }} 

tooling/charts/tl500-course-content/templates/logging/clusterolebinding.yaml

@@ -2,7 +2,7 @@
 apiVersion: loki.grafana.com/v1
 kind: LokiStack
 metadata:
-  name: logging-loki
+  name: {{ .Values.logging.loki_name }} 
   namespace: {{ .Values.logging.namespace }}
 spec:
   size: 1x.extra-small
@@ -12,4 +12,4 @@ spec:
       type: s3
   storageClassName: {{ .Values.logging.storageclass }}
   tenants:
-    mode: openshift-logging
+    mode: {{ .Values.logging.namespace }}

tooling/charts/tl500-course-content/templates/logging/consolepluginjob.yaml

@@ -0,0 +1,6 @@
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "{{ .Values.logging.sa }}"
+  namespace: "{{ .Values.logging.namespace }}"

tooling/charts/tl500-course-content/templates/logging/lokistack.yaml

@@ -0,0 +1,11 @@
+apiVersion: observability.openshift.io/v1alpha1
+kind: UIPlugin
+metadata:
+  name: logging
+spec:
+  type: Logging
+  logging:
+    lokiStack:
+      name: {{ .Values.logging.loki_name }}
+    logsLimit: 50
+    timeout: 30s

tooling/charts/tl500-course-content/templates/logging/serviceaccount.yaml

@@ -12,6 +12,8 @@ logging:
   namespace: openshift-logging
   # lokistack configuration requires the sc name. If you are deploying outside of AWS, make sure you update this value
   storageclass: gp3-csi 
+  loki_name: logging-loki
+  sa: logging-collector
   tolerations:
   - effect: NoSchedule
     key: node-role.kubernetes.io/infra