Add loki files

rename lokistack

Author: elfiesmelfie

cloudkitty-loki/README

@@ -0,0 +1,42 @@
+# CloudKitty Loki Deployment with Red Hat Loki Operator
+
+1. Create the internal certificate
+```
+$ oc apply -f certificate-internal.yaml
+$ oc apply -f certificate-public.yaml
+```
+
+2. Create ConfigMap
+```
+$ kubectl create configmap lokistack-mtls --from-literal=ca.crt="$(kubectl get secret cert-loki-public-route -n openstack -o jsonpath='{.data.ca\.crt}' | base64 -d)" -n openstack
+```
+
+# Need to set up S3
+oc apply -f <telemetry_operator_repo>/ci/deploy-logging-dependencies/files/minio-dev.yaml
+
+oc apply -f loki-subscription.yaml
+
+3. Edit loki-secret.yaml with the appropiate data to connect to S3:
+```
+  access_key_id: <your access key id>
+  access_key_secret: <your access key secret>
+  bucketnames: <your S3 bucket name>
+  endpoint: <your S3 endpoint url>
+```
+
+4. Create LokiStack:
+```
+$ oc apply -f lokistack.yaml
+```
+
+5. Check that Loki pods have been created in the openstack namespace:
+```
+lokistack-compactor-0                                         1/1     Running     0          18m
+lokistack-distributor-65c994c58-c84rw                         1/1     Running     0          18m
+lokistack-gateway-6dbbc4d789-lnjdv                            1/1     Running     0          18m
+lokistack-gateway-6dbbc4d789-s8pwx                            1/1     Running     0          18m
+lokistack-index-gateway-0                                     1/1     Running     0          18m
+lokistack-ingester-0                                          1/1     Running     0          18m
+lokistack-querier-7f887c4f89-rw7qb                            1/1     Running     0          18m
+lokistack-query-frontend-57576979bf-qbxw7                     1/1     Running     0          18m
+```

cloudkitty-loki/certificate-internal.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cert-loki-internal
+  namespace: openstack
+spec:
+  secretName: cert-loki-internal-svc
+  commonName: cloudkitty-lokistack-gateway-http.openstack.svc
+  dnsNames:
+    - cloudkitty-lokistack-gateway-http.openstack.svc
+    - cloudkitty-lokistack-gateway-http.openstack.svc.cluster.local
+  subject:
+    ## This is what binds the client to the role cloudkitty definedi in LokiStack
+    organizationalUnits:
+      - cloudkitty 
+  privateKey:
+    algorithm: RSA
+    size: 2048
+    encoding: PKCS8
+  usages:
+    - digital signature
+    - key encipherment
+    - client auth
+  issuerRef:
+    kind: Issuer
+    name: rootca-internal

cloudkitty-loki/certificate-public.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cert-loki-public
+  namespace: openstack
+spec:
+  secretName: cert-loki-public-route
+  commonName: lokistack-openstack.apps-crc.testing
+  dnsNames:
+    - lokistack-openstack.apps-crc.testing
+  subject:
+    ## This is what binds the client to the role cloudkitty defined in LokiStack
+    organizationalUnits:
+      - cloudkitty 
+  privateKey:
+    algorithm: RSA
+    size: 2048
+    encoding: PKCS8
+  usages:
+    - digital signature
+    - key encipherment
+    - client auth
+  issuerRef:
+    kind: Issuer
+    name: rootca-public

cloudkitty-loki/loki-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loki-secret-s3
+  namespace: openstack
+stringData:
+  access_key_id: minio
+  access_key_secret: minio123
+  bucketnames: cloudkitty-bucket
+  endpoint: http://api-minio-dev.apps-crc.testing
+

cloudkitty-loki/loki-subscription.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-operators-redhat
+  annotations:
+    openshift.io/node-selector: ""
+  labels:
+    openshift.io/cluster-monitoring: "true"
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  labels:
+    operators.coreos.com/loki-operator.openshift-operators-redhat: ""
+  name: loki-operator
+  namespace: openshift-operators-redhat
+spec:
+  channel: stable-6.3
+  installPlanApproval: Automatic
+  name: loki-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+    #  startingCSV: loki-operator.v6.3.0
+

cloudkitty-loki/lokistack.yaml

@@ -0,0 +1,56 @@
+---
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: cloudkitty-lokistack
+  namespace: openstack
+spec:
+  size: 1x.demo
+  storage:
+    schemas:
+    - version: v13
+      effectiveDate: "2024-11-18"
+    secret:
+      name: loki-secret-s3
+      type: s3
+  storageClassName: crc-csi-hostpath-provisioner
+  tenants:
+    mode: static
+    authentication:
+      - tenantName: cloudkitty
+        tenantId: cloudkitty
+        mTLS:
+          ca:
+            caKey: ca.crt
+            caName: lokistack-mtls
+    authorization:
+      roleBindings:
+      - name: cloudkitty-dataframes
+        roles:
+        - cloudkitty-dataframes
+        subjects:
+        - kind: group
+          name: cloudkitty
+      - name: cluster-reader
+        roles:
+        - cluster-reader
+        subjects:
+        - kind: group
+          name: cloudkitty-dataframes-admin
+      roles:
+      - name: cloudkitty-dataframes
+        permissions:
+        - read
+        - write
+        resources:
+        - logs
+        tenants:
+        - cloudkitty
+      - name: cluster-reader
+        permissions:
+        - read
+        resources:
+        - logs
+        tenants:
+        - cloudkitty
+