add enterprise gateway

Signed-off-by: Edward Welch <[email protected]>
grafana · Mar 5, 2024 · b5cadab · b5cadab
1 parent d288491
commit b5cadab
Show file tree

Hide file tree

Showing 3 changed files with 206 additions and 1 deletion.
diff --git a/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml b/production/helm/loki/templates/gateway/deployment-gateway-enterprise.yaml
@@ -0,0 +1,137 @@
+{{- if and .Values.gateway.enabled .Values.enterprise.gelGateway }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "loki.gatewayFullname" . }}
+  labels:
+    {{- include "loki.gatewayLabels" . | nindent 4 }}
+    {{- with .Values.enterpriseGateway.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.enterpriseGateway.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.enterpriseGateway.replicas }}
+  selector:
+    matchLabels:
+      {{- include "loki.gatewaySelectorLabels" . | nindent 6 }}
+  strategy:
+    {{- toYaml .Values.enterpriseGateway.strategy | nindent 4 }}
+  template:
+    metadata:
+      labels:
+        {{- include "loki.gatewaySelectorLabels" . | nindent 8 }}
+        {{- with .Values.enterpriseGateway.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if .Values.useExternalConfig }}
+        checksum/config: {{ .Values.externalConfigVersion }}
+        {{- else }}
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
+        {{- end}}
+        {{- with .Values.enterpriseGateway.annotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "loki.serviceAccountName" . }}
+      {{- if .Values.enterpriseGateway.priorityClassName }}
+      priorityClassName: {{ .Values.enterpriseGateway.priorityClassName }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.enterpriseGateway.podSecurityContext | nindent 8 }}
+      initContainers:
+        {{- toYaml .Values.enterpriseGateway.initContainers | nindent 8 }}
+      {{- if .Values.image.pullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.image.pullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      {{- with .Values.enterpriseGateway.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: gateway
+          image: "{{ template "loki.image" . }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - -target=gateway
+            - -config.file=/etc/loki/config/config.yaml
+            {{- if .Values.minio.enabled }}
+            - -admin.client.backend-type=s3
+            - -admin.client.s3.endpoint={{ template "loki.minio" . }}
+            - -admin.client.s3.bucket-name=enterprise-logs-admin
+            - -admin.client.s3.access-key-id={{ .Values.minio.accessKey }}
+            - -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }}
+            - -admin.client.s3.insecure=true
+            {{- end }}
+            {{- if .Values.enterpriseGateway.useDefaultProxyURLs }}
+            - -gateway.proxy.default.url=http://{{ template "loki.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:3100
+            - -gateway.proxy.admin-api.url=http://{{ template "loki.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:3100
+            - -gateway.proxy.distributor.url=http://{{ template "loki.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:3100
+            - -gateway.proxy.ingester.url=http://{{ template "loki.fullname" . }}-ingester.{{ .Release.Namespace }}.svc:3100
+            - -gateway.proxy.query-frontend.url=http://{{ template "loki.fullname" . }}-query-frontend.{{ .Release.Namespace }}.svc:3100
+            - -gateway.proxy.ruler.url=http://{{ template "loki.fullname" . }}-ruler.{{ .Release.Namespace }}.svc:3100
+            {{- end }}
+            {{- range $key, $value := .Values.enterpriseGateway.extraArgs }}
+            - "-{{ $key }}={{ $value }}"
+            {{- end }}
+          volumeMounts:
+            - name: config
+              mountPath: /etc/loki/config
+            - name: license
+              mountPath: /etc/enterprise-logs/license
+            - name: storage
+              mountPath: /data
+            {{- if .Values.enterpriseGateway.extraVolumeMounts }}
+            {{ toYaml .Values.enterpriseGateway.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+          ports:
+            - name: http-metrics
+              containerPort: 3100
+              protocol: TCP
+          readinessProbe:
+            {{- toYaml .Values.enterpriseGateway.readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .Values.enterpriseGateway.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.enterpriseGateway.containerSecurityContext | nindent 12 }}
+          env:
+            {{- if .Values.enterpriseGateway.env }}
+            {{ toYaml .Values.enterpriseGateway.env | nindent 12 }}
+            {{- end }}
+        {{- with .Values.enterpriseGateway.extraContainers }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- toYaml .Values.enterpriseGateway.nodeSelector | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.enterpriseGateway.affinity | nindent 8 }}
+      tolerations:
+        {{- toYaml .Values.enterpriseGateway.tolerations | nindent 8 }}
+      terminationGracePeriodSeconds: {{ .Values.enterpriseGateway.terminationGracePeriodSeconds }}
+      volumes:
+        - name: config
+          secret:
+          {{- if .Values.useExternalConfig }}
+            secretName: {{ .Values.externalConfigName }}
+          {{- else }}
+            secretName: enterprise-logs-config
+          {{- end }}
+        - name: license
+          secret:
+          {{- if .Values.useExternalLicense }}
+            secretName: {{ .Values.externalLicenseName }}
+          {{- else }}
+            secretName: enterprise-logs-license
+          {{- end }}
+        - name: storage
+          emptyDir: {}
+        {{- if .Values.enterpriseGateway.extraVolumes }}
+        {{ toYaml .Values.enterpriseGateway.extraVolumes | nindent 8 }}
+        {{- end }}
+{{- end }}
diff --git a/...templates/gateway/deployment-gateway.yaml → ...tes/gateway/deployment-gateway-nginx.yaml b/...templates/gateway/deployment-gateway.yaml → ...tes/gateway/deployment-gateway-nginx.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.gateway.enabled }}
+{{- if and .Values.gateway.enabled (not .Values.enterprise.gelGateway) }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml
@@ -410,6 +410,8 @@ enterprise:
   externalLicenseName: null
   # -- Name of the external config secret to use
   externalConfigName: ""
+  # -- Use GEL gateway, if false will use the default nginx gateway
+  gelGateway: true
   # -- If enabled, the correct admin_client storage will be configured. If disabled while running enterprise,
   # make sure auth is set to `type: trust`, or that `auth_enabled` is set to `false`.
   adminApi:
@@ -930,6 +932,72 @@ gateway:
     file: |
       {{- include "loki.nginxFile" . | indent 2 -}}
 
+# -- If running enterprise and using the default enterprise gateway, configs go here.
+enterpriseGateway:
+  # -- Define the amount of instances
+  replicas: 1
+  # -- hostAliases to add
+  hostAliases: []
+  #  - ip: 1.2.3.4
+  #    hostnames:
+  #      - domain.tld
+  # -- Additional CLI arguments for the `gateway` target
+  extraArgs: {}
+  # -- Additional labels for the `gateway` Pod
+  labels: {}
+  # -- Additional annotations for the `gateway` Pod
+  annotations: {}
+  # -- Additional labels and annotations for the `gateway` Service
+  # -- Service overriding service type
+  service:
+    type: ClusterIP
+    labels: {}
+    annotations: {}
+  # -- Run container as user `enterprise-logs(uid=10001)`
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsGroup: 10001
+    runAsUser: 10001
+    fsGroup: 10001
+  containerSecurityContext:
+    readOnlyRootFilesystem: true
+    capabilities:
+      drop:
+        - ALL
+    allowPrivilegeEscalation: false
+  # -- If you want to use your own proxy URLs, set this to false.
+  useDefaultProxyURLs: true
+  # -- update strategy
+  strategy:
+    type: RollingUpdate
+  # -- Readiness probe
+  readinessProbe:
+    httpGet:
+      path: /ready
+      port: http-metrics
+    initialDelaySeconds: 45
+  # -- Request and limit Kubernetes resources
+  # -- Values are defined in small.yaml and large.yaml
+  resources: {}
+  # -- Configure optional environment variables
+  env: []
+  # -- Configure optional initContainers
+  initContainers: []
+  # -- Conifgure optional extraContainers
+  extraContainers: []
+  # -- Additional volumes for Pods
+  extraVolumes: []
+  # -- Additional volume mounts for Pods
+  extraVolumeMounts: []
+  # -- Affinity for gateway Pods
+  affinity: {}
+  # -- Node selector for gateway Pods
+  nodeSelector: {}
+  # -- Tolerations for gateway Pods
+  tolerations: []
+  # -- Grace period to allow the gateway to shutdown before it is killed
+  terminationGracePeriodSeconds: 60
+
 # -- Ingress configuration Use either this ingress or the gateway, but not both at once.
 # If you enable this, make sure to disable the gateway.
 # You'll need to supply authn configuration for your ingress controller.