From 92046a7a3fbb4cc82e95442a323cd2af35ec4c8d Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Wed, 17 Sep 2025 17:35:16 +0200 Subject: [PATCH 1/3] Use new RBAC settings in Vector Helm values --- charts/studio/Chart.yaml | 6 +-- charts/studio/values.yaml | 86 ++++++++++----------------------------- 2 files changed, 25 insertions(+), 67 deletions(-) diff --git a/charts/studio/Chart.yaml b/charts/studio/Chart.yaml index 4becbd01..87bc279b 100644 --- a/charts/studio/Chart.yaml +++ b/charts/studio/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: studio description: A Helm chart for Kubernetes type: application -version: 0.18.109 +version: 0.18.110 appVersion: "v2.210.0" maintainers: - name: iterative @@ -23,11 +23,11 @@ dependencies: repository: "https://charts.bitnami.com/bitnami" - name: vector condition: vector-agent.enabled - version: "0.45.0" + version: "0.46.0" repository: "https://helm.vector.dev" alias: vector-agent - name: vector condition: vector-aggregator.enabled - version: "0.45.0" + version: "0.46.0" repository: "https://helm.vector.dev" alias: vector-aggregator diff --git a/charts/studio/values.yaml b/charts/studio/values.yaml index 42384bfa..074b4e5b 100644 --- a/charts/studio/values.yaml +++ b/charts/studio/values.yaml @@ -1040,6 +1040,17 @@ vector-agent: create: true name: studio-vector-agent + # -- Vector Agent ClusterRole configuration + rbac: + extraRules: + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/stats + verbs: + - get + # -- Vector Agent configuration customConfig: data_dir: /data/vector @@ -1113,38 +1124,6 @@ vector-agent: fieldPath: status.hostIP extraObjects: - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: studio-vector-agent-extended - annotations: - helm.sh/hook: pre-install, pre-upgrade - helm.sh/hook-delete-policy: hook-failed, before-hook-creation - - rules: - - apiGroups: - - "" - resources: - - nodes/metrics - - nodes/stats - verbs: - - get - - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: studio-vector-agent-extended - annotations: - helm.sh/hook: pre-install, pre-upgrade - helm.sh/hook-delete-policy: hook-failed, before-hook-creation - subjects: - - kind: ServiceAccount - name: studio-vector-agent - namespace: default # FIXME: should be configurable - roleRef: - kind: ClusterRole - name: studio-vector-agent-extended - - apiVersion: v1 kind: Secret metadata: @@ -1188,6 +1167,17 @@ vector-aggregator: create: true name: studio-vector-aggregator + # -- Vector Aggregator ClusterRole configuration + rbac: + extraRules: + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + # -- Vector Aggregator resources resources: limits: @@ -1313,38 +1303,6 @@ vector-aggregator: key: token extraObjects: - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: studio-vector-aggregator-extended - annotations: - helm.sh/hook: pre-install, pre-upgrade - helm.sh/hook-delete-policy: hook-failed, before-hook-creation - - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: studio-vector-aggregator-extended - annotations: - helm.sh/hook: pre-install, pre-upgrade - helm.sh/hook-delete-policy: hook-failed, before-hook-creation - subjects: - - kind: ServiceAccount - name: studio-vector-aggregator - namespace: default # FIXME: should be configurable - roleRef: - kind: ClusterRole - name: studio-vector-aggregator-extended - - apiVersion: v1 kind: Secret metadata: From eb113577873279d58119757f603521c8434034c8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 19:36:04 +0200 Subject: [PATCH 2/3] Update Helm release vector to v0.46.0 (#746) * Use CML v3 (#743) * Use docker.io/bitnamilegacy instead of docker.io/bitnami (#742) * Use docker.io/bitnamilegacy instead of docker.io/bitnami * Update Chart.yaml * Update Chart.yaml * Update Chart.yaml --------- Co-authored-by: Helio Machado <0x2b3bfa0+git@googlemail.com> * Studio: bump to v2.210.1 (#744) * Studio: bump to v2.210.3 (#745) * Update Helm release vector to v0.46.0 * Helm-Docs update --------- Co-authored-by: Helio Machado <0x2b3bfa0+git@googlemail.com> Co-authored-by: Vladimir Rudnykh Co-authored-by: Olivaw[bot] <64868532+iterative-olivaw@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/studio_release.yml | 4 +++- charts/studio/Chart.lock | 8 ++++---- charts/studio/Chart.yaml | 4 ++-- charts/studio/README.md | 18 +++++++++++------- charts/studio/values.yaml | 18 +++++++++++++++++- 5 files changed, 37 insertions(+), 15 deletions(-) diff --git a/.github/workflows/studio_release.yml b/.github/workflows/studio_release.yml index 6294b3dc..de092c24 100644 --- a/.github/workflows/studio_release.yml +++ b/.github/workflows/studio_release.yml @@ -26,7 +26,9 @@ jobs: run: | docker run --pull always --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest - - uses: iterative/setup-cml@v1 + - uses: iterative/setup-cml@v3 + with: + vega: false - run: > cml pr create . --{title,body,message}="Studio: bump to $STUDIO_VERSION" diff --git a/charts/studio/Chart.lock b/charts/studio/Chart.lock index 3adf93a2..bcedf3a9 100644 --- a/charts/studio/Chart.lock +++ b/charts/studio/Chart.lock @@ -10,9 +10,9 @@ dependencies: version: 9.2.2 - name: vector repository: https://helm.vector.dev - version: 0.45.0 + version: 0.46.0 - name: vector repository: https://helm.vector.dev - version: 0.45.0 -digest: sha256:971a3d5864e123dad05c065bd32b04f1a3ece329c41aa0c08ddd256c2cbc12f7 -generated: "2025-09-09T22:38:17.455796+02:00" + version: 0.46.0 +digest: sha256:451f343aa91d71212017cb1c8f13ac4f7fdf6751f7a74a146f9f2c2e79a80d15 +generated: "2025-09-24T03:33:06.267202282Z" diff --git a/charts/studio/Chart.yaml b/charts/studio/Chart.yaml index 87bc279b..5d4a9f1e 100644 --- a/charts/studio/Chart.yaml +++ b/charts/studio/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: studio description: A Helm chart for Kubernetes type: application -version: 0.18.110 -appVersion: "v2.210.0" +version: 0.18.115 +appVersion: "v2.212.0" maintainers: - name: iterative email: support@iterative.ai diff --git a/charts/studio/README.md b/charts/studio/README.md index 55f7c8e0..e7f20baf 100644 --- a/charts/studio/README.md +++ b/charts/studio/README.md @@ -1,6 +1,6 @@ # studio -![Version: 0.18.109](https://img.shields.io/badge/Version-0.18.109-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.210.0](https://img.shields.io/badge/AppVersion-v2.210.0-informational?style=flat-square) +![Version: 0.18.112](https://img.shields.io/badge/Version-0.18.112-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.210.3](https://img.shields.io/badge/AppVersion-v2.210.3-informational?style=flat-square) A Helm chart for Kubernetes @@ -17,8 +17,8 @@ A Helm chart for Kubernetes | https://charts.bitnami.com/bitnami | clickhouse | 9.2.2 | | https://charts.bitnami.com/bitnami | postgresql | 16.7.2 | | https://charts.bitnami.com/bitnami | redis | 21.0.2 | -| https://helm.vector.dev | vector-agent(vector) | 0.45.0 | -| https://helm.vector.dev | vector-aggregator(vector) | 0.45.0 | +| https://helm.vector.dev | vector-agent(vector) | 0.46.0 | +| https://helm.vector.dev | vector-aggregator(vector) | 0.46.0 | ## Values @@ -27,6 +27,7 @@ A Helm chart for Kubernetes | clickhouse.auth.password | string | `"clickhouse"` | ClickHouse password | | clickhouse.enabled | bool | `false` | ClickHouse enabled | | clickhouse.fullnameOverride | string | `"studio-clickhouse"` | ClickHouse name override | +| clickhouse.image | object | `{"repository":"bitnamilegacy/clickhouse"}` | ClickHouse image configuration | | clickhouse.replicaCount | int | `1` | | | clickhouse.shards | int | `1` | | | global.basePath | string | `""` | Studio: Base path (prefix) | @@ -87,8 +88,10 @@ A Helm chart for Kubernetes | global.scmProviders.tlsEnabled | bool | `false` | Enable HTTPS protocol for incoming webhooks (this works only if `global.scmProviders.webhookHost` is set; otherwise is ignored). | | global.scmProviders.webhookHost | string | `$global.host` value. | Custom hostname for incoming webhook (if Studio runs on a private network and you use SaaS versions of GitHub, GitLab, or Bitbucket) | | global.secretKey | string | `""` | Studio: Django SECRET_KEY to encrypt, DB, sign reaquests, etc We recommend you set and manage this externally as other secrets (e.g. DB password, user name, REDIS password, etc). If left empty, a random key will be generated. If it's not saved and lost it might be hard to recover the DB. | +| global.security | object | `{"allowInsecureImages":true}` | Security settings for Bitnami Legacy images | +| global.security.allowInsecureImages | bool | `true` | Allow insecure images from bitnamilegacy repository | | imagePullSecrets | list | `[]` | Secret containing Docker registry credentials | -| pgBouncer | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":false,"envFromSecret":"","envVars":{},"image":{"pullPolicy":"IfNotPresent","repository":"docker.io/bitnami/pgbouncer","tag":"1.24.1"},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"512Mi"}},"securityContext":{},"service":{"port":6432,"type":"ClusterIP"},"serviceAccountName":"","tolerations":[]}` | PgBouncer settings group | +| pgBouncer | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":false,"envFromSecret":"","envVars":{},"image":{"pullPolicy":"IfNotPresent","repository":"bitnamilegacy/pgbouncer","tag":"1.24.1"},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"memory":"1024Mi"},"requests":{"cpu":"500m","memory":"512Mi"}},"securityContext":{},"service":{"port":6432,"type":"ClusterIP"},"serviceAccountName":"","tolerations":[]}` | PgBouncer settings group | | pgBouncer.affinity | object | `{}` | PgBouncer pod affinity configuration | | pgBouncer.autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | PgBouncer autoscaling configuration | | pgBouncer.autoscaling.enabled | bool | `false` | PgBouncer autoscaling enabled flag | @@ -97,9 +100,9 @@ A Helm chart for Kubernetes | pgBouncer.autoscaling.targetCPUUtilizationPercentage | int | `80` | PgBouncer autoscaling target CPU utilization percentage | | pgBouncer.envFromSecret | string | `""` | The name of an existing Secret that contains sensitive environment variables. | | pgBouncer.envVars | object | `{}` | Additional environment variables for PgBouncer pods | -| pgBouncer.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.io/bitnami/pgbouncer","tag":"1.24.1"}` | PgBouncer image settings | +| pgBouncer.image | object | `{"pullPolicy":"IfNotPresent","repository":"bitnamilegacy/pgbouncer","tag":"1.24.1"}` | PgBouncer image settings | | pgBouncer.image.pullPolicy | string | `"IfNotPresent"` | PgBouncer image pull policy | -| pgBouncer.image.repository | string | `"docker.io/bitnami/pgbouncer"` | PgBouncer image repository | +| pgBouncer.image.repository | string | `"bitnamilegacy/pgbouncer"` | PgBouncer image repository | | pgBouncer.image.tag | string | `"1.24.1"` | PgBouncer image tag | | pgBouncer.nodeSelector | object | `{}` | PgBouncer pod node selector configuration | | pgBouncer.podAnnotations | object | `{}` | Additional PgBouncer pod annotations | @@ -114,12 +117,13 @@ A Helm chart for Kubernetes | postgresql.fullnameOverride | string | `"studio-postgresql"` | Postgres name override | | postgresql.global.postgresql.auth.database | string | `"iterativeai"` | Postgres database | | postgresql.global.postgresql.auth.postgresPassword | string | `"postgres"` | Postgres password | -| postgresql.image.tag | string | `"14.5.0-debian-11-r35"` | | +| postgresql.image | object | `{"repository":"bitnamilegacy/postgresql","tag":"14.5.0-debian-11-r35"}` | Postgres image configuration | | redis.auth | object | `{"enabled":false}` | Redis authentication settings | | redis.auth.enabled | bool | `false` | Redis authentication disabled | | redis.commonConfiguration | string | `"timeout 20"` | Redis common configuration to be added into the ConfigMap | | redis.enabled | bool | `true` | Redis enabled | | redis.fullnameOverride | string | `"studio-redis"` | Redis name override | +| redis.image | object | `{"repository":"bitnamilegacy/redis"}` | Redis image configuration | | redis.master | object | `{"persistence":{"enabled":false},"resources":{"limits":{"cpu":"1000m","memory":"2Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | Redis master configuration | | redis.master.persistence | object | `{"enabled":false}` | Redis master persistence configuration | | redis.master.persistence.enabled | bool | `false` | Redis master persistence is disabled | diff --git a/charts/studio/values.yaml b/charts/studio/values.yaml index 074b4e5b..6f27e7d7 100644 --- a/charts/studio/values.yaml +++ b/charts/studio/values.yaml @@ -6,6 +6,11 @@ imagePullSecrets: [] global: + # -- Security settings for Bitnami Legacy images + security: + # -- Allow insecure images from bitnamilegacy repository + allowInsecureImages: true + # -- Studio: Hostname for accessing Studio (no http(s) scheme) host: "studio.example.com" # -- Studio: Base path (prefix) @@ -193,6 +198,10 @@ redis: # -- Redis name override fullnameOverride: studio-redis + # -- Redis image configuration + image: + repository: bitnamilegacy/redis + # -- Redis master configuration master: ## Redis® master resource requests and limits @@ -235,8 +244,11 @@ postgresql: # -- Postgres name override fullnameOverride: studio-postgresql + # -- Postgres image configuration image: + repository: bitnamilegacy/postgresql tag: 14.5.0-debian-11-r35 + # Change this before deploying global: postgresql: @@ -252,6 +264,10 @@ clickhouse: # -- ClickHouse name override fullnameOverride: studio-clickhouse + # -- ClickHouse image configuration + image: + repository: bitnamilegacy/clickhouse + # Shards / replicas configuration replicaCount: 1 shards: 1 @@ -268,7 +284,7 @@ pgBouncer: # -- PgBouncer image settings image: # -- PgBouncer image repository - repository: docker.io/bitnami/pgbouncer + repository: bitnamilegacy/pgbouncer # -- PgBouncer image pull policy pullPolicy: IfNotPresent # -- PgBouncer image tag From 27195af3266cf747f9434f6751ccf15ea4cc0037 Mon Sep 17 00:00:00 2001 From: 0x2b3bfa0 <11387611+0x2b3bfa0@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:37:07 +0000 Subject: [PATCH 3/3] Helm-Docs update --- charts/studio/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/studio/README.md b/charts/studio/README.md index ffc0fe84..4e01586e 100644 --- a/charts/studio/README.md +++ b/charts/studio/README.md @@ -251,15 +251,16 @@ A Helm chart for Kubernetes | studioWorker.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}` | Worker deployment strategy | | studioWorker.terminationGracePeriodSeconds | int | `150` | Worker termination grace period | | studioWorker.tolerations | list | `[]` | Worker tolerations | -| vector-agent | object | `{"customConfig":{"api":{"enabled":false},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"vector_aggregator":{"address":"studio-vector-aggregator:6000","compression":true,"inputs":["kubernetes_logs_filtered","kubernetes_metrics_filtered","kubernetes_metrics_cadvisor_filtered"],"type":"vector"}},"sources":{"kubernetes_logs":{"ignore_older_secs":600,"type":"kubernetes_logs"},"kubernetes_metrics":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"},"kubernetes_metrics_cadvisor":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics/cadvisor"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"}},"transforms":{"kubernetes_logs_filtered":{"inputs":["kubernetes_logs"],"source":". = {\n \"message\": .message,\n \"source_type\": .source_type,\n \"stream\": .stream,\n \"timestamp\": .timestamp,\n \"kubernetes\": {\n \"pod_name\": .kubernetes.pod_name,\n \"namespace\": .kubernetes.pod_namespace,\n \"container_name\": .kubernetes.container_name\n }\n}\n","type":"remap"},"kubernetes_metrics_cadvisor_filtered":{"condition":".name == \"node_cpu_usage_seconds_total\" || .name == \"node_memory_working_set_bytes\" || .name == \"container_cpu_usage_seconds_total\" || .name == \"container_memory_working_set_bytes\" || .name == \"container_start_time_seconds\"","inputs":["kubernetes_metrics_cadvisor"],"type":"filter"},"kubernetes_metrics_filtered":{"condition":"starts_with!(.name, \"kubelet_volume_stats_\") || .name == \"kubelet_image_pull_duration_seconds\"","inputs":["kubernetes_metrics"],"type":"filter"}}},"defaultVolumeMounts":[{"mountPath":"/var/log/","name":"var-log","readOnly":true}],"defaultVolumes":[{"hostPath":{"path":"/var/log/"},"name":"var-log"}],"enabled":false,"env":[{"name":"KUBERNETES_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"key":"token","name":"studio-vector-agent-token"}}},{"name":"KUBERNETES_NODE_IP","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}],"extraObjects":[{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"hook-failed, before-hook-creation"},"name":"studio-vector-agent-extended"},"rules":[{"apiGroups":[""],"resources":["nodes/metrics","nodes/stats"],"verbs":["get"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"hook-failed, before-hook-creation"},"name":"studio-vector-agent-extended"},"roleRef":{"kind":"ClusterRole","name":"studio-vector-agent-extended"},"subjects":[{"kind":"ServiceAccount","name":"studio-vector-agent","namespace":"default"}]},{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"kubernetes.io/service-account.name":"studio-vector-agent"},"name":"studio-vector-agent-token"},"type":"kubernetes.io/service-account-token"}],"fullnameOverride":"studio-vector-agent","image":{"base":"alpine"},"persistence":{"hostPath":{"enabled":false}},"role":"Agent","serviceAccount":{"create":true,"name":"studio-vector-agent"},"tolerations":[{"operator":"Exists"}]}` | Vector Agent configuration for log collection (DaemonSet) | +| vector-agent | object | `{"customConfig":{"api":{"enabled":false},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"vector_aggregator":{"address":"studio-vector-aggregator:6000","compression":true,"inputs":["kubernetes_logs_filtered","kubernetes_metrics_filtered","kubernetes_metrics_cadvisor_filtered"],"type":"vector"}},"sources":{"kubernetes_logs":{"ignore_older_secs":600,"type":"kubernetes_logs"},"kubernetes_metrics":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"},"kubernetes_metrics_cadvisor":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics/cadvisor"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"}},"transforms":{"kubernetes_logs_filtered":{"inputs":["kubernetes_logs"],"source":". = {\n \"message\": .message,\n \"source_type\": .source_type,\n \"stream\": .stream,\n \"timestamp\": .timestamp,\n \"kubernetes\": {\n \"pod_name\": .kubernetes.pod_name,\n \"namespace\": .kubernetes.pod_namespace,\n \"container_name\": .kubernetes.container_name\n }\n}\n","type":"remap"},"kubernetes_metrics_cadvisor_filtered":{"condition":".name == \"node_cpu_usage_seconds_total\" || .name == \"node_memory_working_set_bytes\" || .name == \"container_cpu_usage_seconds_total\" || .name == \"container_memory_working_set_bytes\" || .name == \"container_start_time_seconds\"","inputs":["kubernetes_metrics_cadvisor"],"type":"filter"},"kubernetes_metrics_filtered":{"condition":"starts_with!(.name, \"kubelet_volume_stats_\") || .name == \"kubelet_image_pull_duration_seconds\"","inputs":["kubernetes_metrics"],"type":"filter"}}},"defaultVolumeMounts":[{"mountPath":"/var/log/","name":"var-log","readOnly":true}],"defaultVolumes":[{"hostPath":{"path":"/var/log/"},"name":"var-log"}],"enabled":false,"env":[{"name":"KUBERNETES_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"key":"token","name":"studio-vector-agent-token"}}},{"name":"KUBERNETES_NODE_IP","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}],"extraObjects":[{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"kubernetes.io/service-account.name":"studio-vector-agent"},"name":"studio-vector-agent-token"},"type":"kubernetes.io/service-account-token"}],"fullnameOverride":"studio-vector-agent","image":{"base":"alpine"},"persistence":{"hostPath":{"enabled":false}},"rbac":{"extraRules":[{"apiGroups":[""],"resources":["nodes/metrics","nodes/stats"],"verbs":["get"]}]},"role":"Agent","serviceAccount":{"create":true,"name":"studio-vector-agent"},"tolerations":[{"operator":"Exists"}]}` | Vector Agent configuration for log collection (DaemonSet) | | vector-agent.customConfig | object | `{"api":{"enabled":false},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"vector_aggregator":{"address":"studio-vector-aggregator:6000","compression":true,"inputs":["kubernetes_logs_filtered","kubernetes_metrics_filtered","kubernetes_metrics_cadvisor_filtered"],"type":"vector"}},"sources":{"kubernetes_logs":{"ignore_older_secs":600,"type":"kubernetes_logs"},"kubernetes_metrics":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"},"kubernetes_metrics_cadvisor":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"endpoints":["https://${KUBERNETES_NODE_IP}:10250/metrics/cadvisor"],"scrape_interval_secs":30,"tls":{"verify_certificate":false},"type":"prometheus_scrape"}},"transforms":{"kubernetes_logs_filtered":{"inputs":["kubernetes_logs"],"source":". = {\n \"message\": .message,\n \"source_type\": .source_type,\n \"stream\": .stream,\n \"timestamp\": .timestamp,\n \"kubernetes\": {\n \"pod_name\": .kubernetes.pod_name,\n \"namespace\": .kubernetes.pod_namespace,\n \"container_name\": .kubernetes.container_name\n }\n}\n","type":"remap"},"kubernetes_metrics_cadvisor_filtered":{"condition":".name == \"node_cpu_usage_seconds_total\" || .name == \"node_memory_working_set_bytes\" || .name == \"container_cpu_usage_seconds_total\" || .name == \"container_memory_working_set_bytes\" || .name == \"container_start_time_seconds\"","inputs":["kubernetes_metrics_cadvisor"],"type":"filter"},"kubernetes_metrics_filtered":{"condition":"starts_with!(.name, \"kubelet_volume_stats_\") || .name == \"kubelet_image_pull_duration_seconds\"","inputs":["kubernetes_metrics"],"type":"filter"}}}` | Vector Agent configuration | | vector-agent.enabled | bool | `false` | Vector Agent enabled | | vector-agent.fullnameOverride | string | `"studio-vector-agent"` | Vector Agent name override | | vector-agent.image.base | string | `"alpine"` | The base to use for Vector's image. | +| vector-agent.rbac | object | `{"extraRules":[{"apiGroups":[""],"resources":["nodes/metrics","nodes/stats"],"verbs":["get"]}]}` | Vector Agent ClusterRole configuration | | vector-agent.role | string | `"Agent"` | Deploy as DaemonSet for log collection from all nodes | | vector-agent.serviceAccount | object | `{"create":true,"name":"studio-vector-agent"}` | Vector Agent service account | | vector-agent.tolerations | list | `[{"operator":"Exists"}]` | Vector Agent tolerations | -| vector-aggregator | object | `{"args":["while sleep 60; do find /data/vector/logs -type f -mtime +7 -delete; done &\nexec /usr/local/bin/vector --config-dir /etc/vector/"],"command":["/bin/sh","-c"],"customConfig":{"api":{"address":"0.0.0.0:8686","enabled":true,"playground":true},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"events_file":{"encoding":{"codec":"json"},"inputs":["kubernetes_events_deduped"],"path":"/data/vector/events/%Y-%m-%d.log","type":"file"},"logs_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.logs"],"path":"/data/vector/logs/%Y-%m-%d-{{ \"{{\" }} .kubernetes.pod_name {{ \"}}\" }}.log","type":"file"},"metrics_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.metrics"],"path":"/data/vector/metrics/%Y-%m-%d.log","type":"file"}},"sources":{"kubernetes_events":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"decoding":{"codec":"json"},"endpoint":"https://kubernetes.default.svc:443/api/v1/events","headers":{"Accept":["application/json"]},"scrape_interval_secs":30,"tls":{"ca_file":"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},"type":"http_client"},"vector_agent":{"address":"0.0.0.0:6000","type":"vector","version":"2"}},"transforms":{"kubernetes_events_deduped":{"fields":{"match":["node_name","object_name","message","timestamp"]},"inputs":["kubernetes_events_normalized"],"type":"dedupe"},"kubernetes_events_normalized":{"inputs":["kubernetes_events_unnested"],"source":". = {\n \"run_id\": null,\n \"node_name\": .items.reportingInstance,\n \"object_name\": .items.involvedObject.name,\n \"timestamp\": .items.lastTimestamp,\n \"message\": .items.message,\n \"raw\": .\n}\n","type":"remap"},"kubernetes_events_unnested":{"inputs":["kubernetes_events"],"source":". = unnest!(.items)\n","type":"remap"},"vector_agent_route":{"inputs":["vector_agent"],"route":{"logs":{"type":"is_log"},"metrics":{"type":"is_metric"}},"type":"route"}}},"enabled":false,"env":[{"name":"KUBERNETES_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"key":"token","name":"studio-vector-aggregator-token"}}}],"extraObjects":[{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"hook-failed, before-hook-creation"},"name":"studio-vector-aggregator-extended"},"rules":[{"apiGroups":[""],"resources":["events"],"verbs":["get","list"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"hook-failed, before-hook-creation"},"name":"studio-vector-aggregator-extended"},"roleRef":{"kind":"ClusterRole","name":"studio-vector-aggregator-extended"},"subjects":[{"kind":"ServiceAccount","name":"studio-vector-aggregator","namespace":"default"}]},{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"kubernetes.io/service-account.name":"studio-vector-aggregator"},"name":"studio-vector-aggregator-token"},"type":"kubernetes.io/service-account-token"}],"fullnameOverride":"studio-vector-aggregator","image":{"base":"alpine"},"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"64Gi","storageClass":""},"replicaCount":1,"resources":{"limits":{"memory":"512Mi"},"requests":{"cpu":"200m","memory":"256Mi"}},"role":"Aggregator","service":{"enabled":true,"ports":[{"name":"logs","port":6000,"protocol":"TCP","targetPort":6000},{"name":"api","port":8686,"protocol":"TCP","targetPort":8686}],"type":"ClusterIP"},"serviceAccount":{"create":true,"name":"studio-vector-aggregator"}}` | Vector Aggregator configuration for log aggregation and processing | +| vector-aggregator | object | `{"args":["while sleep 60; do find /data/vector/logs -type f -mtime +7 -delete; done &\nexec /usr/local/bin/vector --config-dir /etc/vector/"],"command":["/bin/sh","-c"],"customConfig":{"api":{"address":"0.0.0.0:8686","enabled":true,"playground":true},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"events_file":{"encoding":{"codec":"json"},"inputs":["kubernetes_events_deduped"],"path":"/data/vector/events/%Y-%m-%d.log","type":"file"},"logs_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.logs"],"path":"/data/vector/logs/%Y-%m-%d-{{ \"{{\" }} .kubernetes.pod_name {{ \"}}\" }}.log","type":"file"},"metrics_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.metrics"],"path":"/data/vector/metrics/%Y-%m-%d.log","type":"file"}},"sources":{"kubernetes_events":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"decoding":{"codec":"json"},"endpoint":"https://kubernetes.default.svc:443/api/v1/events","headers":{"Accept":["application/json"]},"scrape_interval_secs":30,"tls":{"ca_file":"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},"type":"http_client"},"vector_agent":{"address":"0.0.0.0:6000","type":"vector","version":"2"}},"transforms":{"kubernetes_events_deduped":{"fields":{"match":["node_name","object_name","message","timestamp"]},"inputs":["kubernetes_events_normalized"],"type":"dedupe"},"kubernetes_events_normalized":{"inputs":["kubernetes_events_unnested"],"source":". = {\n \"run_id\": null,\n \"node_name\": .items.reportingInstance,\n \"object_name\": .items.involvedObject.name,\n \"timestamp\": .items.lastTimestamp,\n \"message\": .items.message,\n \"raw\": .\n}\n","type":"remap"},"kubernetes_events_unnested":{"inputs":["kubernetes_events"],"source":". = unnest!(.items)\n","type":"remap"},"vector_agent_route":{"inputs":["vector_agent"],"route":{"logs":{"type":"is_log"},"metrics":{"type":"is_metric"}},"type":"route"}}},"enabled":false,"env":[{"name":"KUBERNETES_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"key":"token","name":"studio-vector-aggregator-token"}}}],"extraObjects":[{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"kubernetes.io/service-account.name":"studio-vector-aggregator"},"name":"studio-vector-aggregator-token"},"type":"kubernetes.io/service-account-token"}],"fullnameOverride":"studio-vector-aggregator","image":{"base":"alpine"},"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"64Gi","storageClass":""},"rbac":{"extraRules":[{"apiGroups":[""],"resources":["events"],"verbs":["get","list"]}]},"replicaCount":1,"resources":{"limits":{"memory":"512Mi"},"requests":{"cpu":"200m","memory":"256Mi"}},"role":"Aggregator","service":{"enabled":true,"ports":[{"name":"logs","port":6000,"protocol":"TCP","targetPort":6000},{"name":"api","port":8686,"protocol":"TCP","targetPort":8686}],"type":"ClusterIP"},"serviceAccount":{"create":true,"name":"studio-vector-aggregator"}}` | Vector Aggregator configuration for log aggregation and processing | | vector-aggregator.args | list | `["while sleep 60; do find /data/vector/logs -type f -mtime +7 -delete; done &\nexec /usr/local/bin/vector --config-dir /etc/vector/"]` | Vector arguments. | | vector-aggregator.command | list | `["/bin/sh","-c"]` | Vector command. | | vector-aggregator.customConfig | object | `{"api":{"address":"0.0.0.0:8686","enabled":true,"playground":true},"data_dir":"/data/vector","expire_metrics_secs":60,"sinks":{"events_file":{"encoding":{"codec":"json"},"inputs":["kubernetes_events_deduped"],"path":"/data/vector/events/%Y-%m-%d.log","type":"file"},"logs_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.logs"],"path":"/data/vector/logs/%Y-%m-%d-{{ \"{{\" }} .kubernetes.pod_name {{ \"}}\" }}.log","type":"file"},"metrics_file":{"encoding":{"codec":"json"},"inputs":["vector_agent_route.metrics"],"path":"/data/vector/metrics/%Y-%m-%d.log","type":"file"}},"sources":{"kubernetes_events":{"auth":{"strategy":"bearer","token":"${KUBERNETES_SERVICE_ACCOUNT_TOKEN:?}"},"decoding":{"codec":"json"},"endpoint":"https://kubernetes.default.svc:443/api/v1/events","headers":{"Accept":["application/json"]},"scrape_interval_secs":30,"tls":{"ca_file":"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},"type":"http_client"},"vector_agent":{"address":"0.0.0.0:6000","type":"vector","version":"2"}},"transforms":{"kubernetes_events_deduped":{"fields":{"match":["node_name","object_name","message","timestamp"]},"inputs":["kubernetes_events_normalized"],"type":"dedupe"},"kubernetes_events_normalized":{"inputs":["kubernetes_events_unnested"],"source":". = {\n \"run_id\": null,\n \"node_name\": .items.reportingInstance,\n \"object_name\": .items.involvedObject.name,\n \"timestamp\": .items.lastTimestamp,\n \"message\": .items.message,\n \"raw\": .\n}\n","type":"remap"},"kubernetes_events_unnested":{"inputs":["kubernetes_events"],"source":". = unnest!(.items)\n","type":"remap"},"vector_agent_route":{"inputs":["vector_agent"],"route":{"logs":{"type":"is_log"},"metrics":{"type":"is_metric"}},"type":"route"}}}` | Vector Aggregator configuration | @@ -267,6 +268,7 @@ A Helm chart for Kubernetes | vector-aggregator.fullnameOverride | string | `"studio-vector-aggregator"` | Vector Aggregator name override | | vector-aggregator.image.base | string | `"alpine"` | The base to use for Vector's image. | | vector-aggregator.persistence | object | `{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"64Gi","storageClass":""}` | Vector Aggregator persistence configuration | +| vector-aggregator.rbac | object | `{"extraRules":[{"apiGroups":[""],"resources":["events"],"verbs":["get","list"]}]}` | Vector Aggregator ClusterRole configuration | | vector-aggregator.replicaCount | int | `1` | Vector Aggregator replica count | | vector-aggregator.resources | object | `{"limits":{"memory":"512Mi"},"requests":{"cpu":"200m","memory":"256Mi"}}` | Vector Aggregator resources | | vector-aggregator.role | string | `"Aggregator"` | Deploy as StatefulSet for aggregation and persistence |