Fix race condition when generating charts (#7554)

Signed-off-by: Marta Anon <[email protected]>

Author: maruiz93

argo-cd-apps/base/member/infra-deployments/vector-kubearchive-log-collector/vector-kubearchive-log-collector.yaml

@@ -12,7 +12,7 @@ spec:
               values:
                 sourceRoot: components/vector-kubearchive-log-collector
                 environment: staging
-                clusterDir: base
+                clusterDir: ""
           - list:
               elements:
                 - nameNormalized: stone-stg-rh01

components/vector-kubearchive-log-collector/base/kustomization.yaml

@@ -3,15 +3,6 @@ kind: Kustomization
 namespace: product-kubearchive-logging
 commonAnnotations:
   argocd.argoproj.io/sync-wave: "-1"
-  ignore-check.kube-linter.io/drop-net-raw-capability: |
-    "Vector Runs requires access to socket."
-  ignore-check.kube-linter.io/run-as-non-root: |
-    "Vector Runs as Root and attach host Path."
-  ignore-check.kube-linter.io/sensitive-host-mounts: |
-    "Vector Runs requires certain host mounts to watch  files being created by pods."
-
-generators:
-- vector-helm-generator.yaml
 
 resources:
 - vector-pre.yaml

components/vector-kubearchive-log-collector/development/kustomization.yaml

@@ -1,10 +1,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+commonAnnotations:
+  ignore-check.kube-linter.io/drop-net-raw-capability: |
+    "Vector runs requires access to socket."
+  ignore-check.kube-linter.io/run-as-non-root: |
+    "Vector runs as Root and attach host Path."
+  ignore-check.kube-linter.io/sensitive-host-mounts: |
+    "Vector runs requires certain host mounts to watch files being created by pods."
+
 resources:
 - ../base
 - loki-secret.yaml
 
 generators:
+- vector-helm-generator.yaml
 - loki-helm-generator.yaml
 - grafana-helm-generator.yaml

components/vector-kubearchive-log-collector/base/vector-helm-generator.yaml renamed to components/vector-kubearchive-log-collector/development/vector-helm-generator.yaml

@@ -1,11 +1,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+commonAnnotations:
+  ignore-check.kube-linter.io/drop-net-raw-capability: |
+    "Vector runs requires access to socket."
+  ignore-check.kube-linter.io/run-as-non-root: |
+    "Vector runs as Root and attach host Path."
+  ignore-check.kube-linter.io/sensitive-host-mounts: |
+    "Vector runs requires certain host mounts to watch files being created by pods."
+
 resources:
-- ../base
+- ../../base
 - loki-secret.yaml
 
 generators:
+- vector-helm-generator.yaml
 - loki-helm-generator.yaml
 - grafana-helm-generator.yaml
 

components/vector-kubearchive-log-collector/base/vector-helm-values.yaml renamed to components/vector-kubearchive-log-collector/development/vector-helm-values.yaml

@@ -0,0 +1,10 @@
+apiVersion: builtin
+kind: HelmChartInflationGenerator
+metadata:
+  name: vector
+name: vector
+repo: https://helm.vector.dev
+version: 0.43.0
+releaseName: vector-kubearchive-log-collector
+namespace: product-kubearchive-logging
+valuesFile: vector-helm-values.yaml

components/vector-kubearchive-log-collector/staging/base/kustomization.yaml

@@ -0,0 +1,211 @@
+---
+role: Agent
+resources:
+  requests:
+    cpu: 200m
+    memory: 1024Mi
+  limits:
+    cpu: 1000m
+    memory: 2048Mi
+customConfig:
+  data_dir: /vector-data-dir
+  api:
+    enabled: true
+    address: 127.0.0.1:8686
+    playground: false
+  sources:
+    k8s_logs:
+      type: kubernetes_logs
+      rotate_wait_secs: 5
+      glob_minimum_cooldown_ms: 500
+      max_line_bytes: 3145728
+      auto_partial_merge: true
+  transforms:
+    reduce_events:
+      type: reduce
+      inputs:
+        - k8s_logs
+      group_by:
+        - file
+      flush_period_ms: 2000
+      end_every_period_ms: 2000
+      merge_strategies:
+        message: concat_newline
+    remap_app_logs:
+      type: remap
+      inputs:
+        - reduce_events
+      source: |-
+        .tmp = del(.)
+        # Preserve original kubernetes fields for Loki labels
+        if exists(.tmp.kubernetes.pod_uid) {
+          .pod_id = del(.tmp.kubernetes.pod_uid)
+        } else {
+          .pod_id = "unknown_pod_id"
+        }
+        if exists(.tmp.kubernetes.pod_name) {
+          .pod_name = del(.tmp.kubernetes.pod_name)
+        } else {
+          .pod_name = "unknown_pod"
+        }
+        if exists(.tmp.kubernetes.container_name) {
+          .container = del(.tmp.kubernetes.container_name)
+        } else {
+          .container = "unknown_container"
+        }
+        if exists(.tmp.kubernetes.pod_namespace) {
+          .namespace = del(.tmp.kubernetes.pod_namespace)
+        } else {
+          .namespace = "unlabeled"
+        }
+        # Handling Tekton-specific labels
+        if exists(.tmp.kubernetes.pod_labels."tekton.dev/taskRunUID") {
+          .taskRunUID = del(.tmp.kubernetes.pod_labels."tekton.dev/taskRunUID")
+        } else {
+          .taskRunUID = "none"
+        }
+        if exists(.tmp.kubernetes.pod_labels."tekton.dev/pipelineRunUID") {
+          .pipelineRunUID = del(.tmp.kubernetes.pod_labels."tekton.dev/pipelineRunUID")
+          .result = .pipelineRunUID
+        } else {
+          .result = .taskRunUID
+        }
+        # --- Start: Cronjob Specific Handling ---
+        if exists(.tmp.kubernetes.pod_labels."job-name") {
+          .job_name = del(.tmp.kubernetes.pod_labels."job-name")
+          .log_type = "cronjob"
+          if exists(.tmp.kubernetes.pod_labels."cronjob-name") {
+            .cronjob_name = del(.tmp.kubernetes.pod_labels."cronjob-name")
+          } else {
+            # Using corrected regex pattern without \d
+            .job_name = to_string(.job_name) ?? "default"
+            if match(.job_name, r'^(.*)-[0-9]{8,10}$') {
+              .cronjob_name = replace(.job_name, r'-[0-9]{8,10}$', "")
+            } else {
+              .cronjob_name = "unknown_cronjob"
+            }
+          }
+          if exists(.tmp.kubernetes.pod_labels."controller-uid") {
+              .job_uid = del(.tmp.kubernetes.pod_labels."controller-uid")
+          }
+        } else {
+          .log_type = "application"
+        }
+        # --- End: Cronjob Specific Handling ---
+        # Handling general Kubernetes labels
+        if exists(.tmp.kubernetes.pod_labels) {
+          .pod_labels = .tmp.kubernetes.pod_labels
+        } else {
+          .pod_labels = "no_labels"
+        }
+        # General message field handling
+        if exists(.tmp.message) {
+          .message = to_string(del(.tmp.message)) ?? "no_message"
+        } else {
+          .message = "no_message"
+        }
+        # Basic data sanitization to prevent 400 errors
+        # Truncate very long messages
+        if length(.message) > 32768 {
+          .message = slice!(.message, 0, 32768) + "...[TRUNCATED]"
+        }
+        # Clean up temporary fields
+        del(.tmp)
+  sinks:
+    loki:
+      type: loki
+      inputs: ["remap_app_logs"]
+      # Direct connection to Loki service (no gateway)
+      endpoint: "http://vector-kubearchive-log-collector-loki.product-kubearchive-logging.svc.cluster.local:3100"
+      encoding:
+        codec: "json"
+      auth:
+        strategy: "basic"
+        user: "${LOKI_USERNAME}"
+        password: "${LOKI_PASSWORD}"
+      tenant_id: "kubearchive"
+      request:
+        headers:
+          X-Scope-OrgID: kubearchive
+      batch:
+        max_bytes: 10485760
+        timeout_secs: 300 
+      compression: "none"
+      labels:
+        job: "vector"
+        pod_id: "{{`{{ pod_id }}`}}"
+        container: "{{`{{ container }}`}}"
+        namespace: "{{`{{ namespace }}`}}"
+        pod: "{{`{{ pod_name }}`}}"
+      buffer:
+        type: "memory"
+        max_events: 10000
+        when_full: "block"
+env:
+  - name: LOKI_USERNAME
+    valueFrom:
+      secretKeyRef:
+        name: kubearchive-loki
+        key: USERNAME
+  - name: LOKI_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: kubearchive-loki
+        key: PASSWORD
+nodeSelector:
+  konflux-ci.dev/workload: konflux-tenants
+tolerations:
+  - effect: NoSchedule
+    key: konflux-ci.dev/workload
+    operator: Equal
+    value: konflux-tenants
+image:
+  repository: quay.io/kubearchive/vector
+  tag: 0.46.1-distroless-libc
+serviceAccount:
+  create: true
+  name: vector-kubearchive-log-collector
+securityContext:
+  allowPrivilegeEscalation: false
+  runAsUser: 0
+  capabilities:
+    drop:
+    - CHOWN
+    - DAC_OVERRIDE
+    - FOWNER
+    - FSETID
+    - KILL
+    - NET_BIND_SERVICE
+    - SETGID
+    - SETPCAP
+    - SETUID
+  readOnlyRootFilesystem: true
+  seLinuxOptions:
+    type: spc_t
+  seccompProfile:
+    type: RuntimeDefault
+
+# Override default volumes to be more specific and secure
+extraVolumes:
+  - name: varlog
+    hostPath:
+      path: /var/log/pods
+      type: Directory
+  - name: varlibdockercontainers
+    hostPath:
+      path: /var/lib/containers
+      type: DirectoryOrCreate
+
+extraVolumeMounts:
+  - name: varlog
+    mountPath: /var/log/pods
+    readOnly: true
+  - name: varlibdockercontainers  
+    mountPath: /var/lib/containers
+    readOnly: true
+
+# Configure Vector to use emptyDir for its default data volume instead of hostPath
+persistence:
+  enabled: false
+
+