Bump monitoring and logging (#980) (#989)

* Bump monitoring and logging

  Monitoring from 103.1.1+up45.31.1 to 105.1.2+up61.3.2
  Logging from 103.1.0+up4.4.0 to 105.2.0+up4.10.0

Signed-off-by: Jian Wang <jian.wang@suse.com>

* More updates

Signed-off-by: Jian Wang <jian.wang@suse.com>

* Fix kube-audit logRef missing

Signed-off-by: Jian Wang <jian.wang@suse.com>

* Update build script for patching monitoring and logging

Signed-off-by: Jian Wang <jian.wang@suse.com>

* Update eventrouter to v1.5.0-dev.0

Signed-off-by: Jian Wang <jian.wang@suse.com>

---------

Signed-off-by: Jian Wang <jian.wang@suse.com>
(cherry picked from commit 2cad367)

Co-authored-by: Jian Wang <jian.wang@suse.com>

pkg/config/templates/patch/rancher-logging/103.1.0+up4.4.0/eventtailer.yaml → pkg/config/templates/patch/rancher-logging/105.2.0+up4.10.0/eventtailer.yaml

@@ -1,5 +1,5 @@
 {{- with $.Values.eventTailer }}
-# patch to ./templates/eventtailer.yaml
+# patch to ./templates/logging/eventtailer.yaml
 # harvester-patch to import the event tailer feature
 apiVersion: logging-extensions.banzaicloud.io/v1alpha1
 kind: EventTailer

pkg/config/templates/patch/rancher-logging/105.2.0+up4.10.0/fluentbitagent.yaml

@@ -0,0 +1,28 @@
+{{- define "logging-operator.fluentbitagent.kube-audit" -}}
+# patch to ./templates/loggings/kube-audit/fluentbitagent.yaml
+# when harvester-installer makes ISO, the original file is replaced
+# harvester-patch to kube-audit fluentbitagent.yaml
+# upsteam file lacks loggingRef
+metadata:
+  name: {{ .Release.Name }}-kube-audit
+spec:
+  {{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }}
+  loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }}
+  {{- end }}
+  disableKubernetesFilter: true
+  extraVolumeMounts:
+    - source: {{ template "kubeAuditPathPrefix" . }}
+      destination: "/kube-audit-logs"
+      readOnly: true
+  inputTail:
+    Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }}
+    Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }}
+    Parser: json
+  {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }}
+  tolerations: {{- toYaml . | nindent 6 }}
+  {{- end }}
+  nodeSelector: {{ include "controlplaneSelector" . | nindent 6 }}
+{{- end -}}
+{{- if .Values.additionalLoggingSources.kubeAudit.enabled }}
+{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.kube-audit") -}}
+{{- end }}

pkg/config/templates/patch/rancher-monitoring-crd/103.1.1+up45.31.1/patch-values-shell-version.diff → pkg/config/templates/patch/rancher-monitoring-crd/105.1.2+up61.3.2/patch-values-shell-version.diff

@@ -4,8 +4,7 @@
 
  image:
    repository: rancher/shell
--  tag: v0.1.25
-+  tag: v0.1.26
+-  tag: v0.2.1
++  tag: v0.3.0
 
  nodeSelector: {}
-

pkg/config/templates/patch/rancher-monitoring/103.1.1+up45.31.1/patch-values-shell-version.diff → pkg/config/templates/patch/rancher-monitoring/105.1.2+up61.3.2/patch-values-shell-version.diff

@@ -1,11 +1,11 @@
 --- values.yaml
 +++ values-new.yaml
-@@ -560,7 +560,7 @@
+@@ -562,7 +562,7 @@
    ## Image to use to run the scripts
    image:
      repository: rancher/shell
--    tag: v0.1.25
-+    tag: v0.1.26
+-    tag: v0.2.1
++    tag: v0.3.0
 
  ## Rancher Monitoring
  ##

scripts/build

@@ -68,8 +68,11 @@ if [ "$(uname)" = "Linux" ]; then
     fi
 fi
 
+source ${SCRIPTS_DIR}/patch-monitoring-logging
+
 # render template files
 cd ${addons_path}
+update_monitoring_logging_version version_info
 go run . -generateTemplates -path ${TOP_DIR}/pkg/config/templates
 
 cd ${TOP_DIR}

scripts/build-bundle

@@ -9,59 +9,14 @@ PACKAGE_HARVESTER_REPO_DIR="${TOP_DIR}/package/harvester-repo"
 
 cd ${TOP_DIR}
 
+source ${SCRIPTS_DIR}/patch-monitoring-logging
+
 addons_path=../addons
 if [ ! -d ${addons_path} ];then
   echo "No existing addons source. Pulling..."
   git clone --branch v1.5 --single-branch --depth 1 https://github.com/harvester/addons.git ../addons
 fi
 
-source ${SCRIPTS_DIR}/version-monitoring
-source ${SCRIPTS_DIR}/version-logging
-
-update_monitoring_logging_version() {
-  # due to legacy code, monitoring and logging versions are first updated on installer
-  # then on addon
-  local target=$1
-  local lnew="RANCHER_LOGGING_CHART_VERSION=\"${LOGGING_VERSION}\""
-  local lcur=$(grep $lnew $target) || echo "logging chart version is not found from $target"
-  # if the file has no new line at end, append new ENV will be added to last line accidently
-  echo "" >> $target
-  if [ -z "${lcur}" ]; then
-    # remove possible existing values
-    sed -i '/RANCHER_LOGGING_CHART_VERSION/d' $target
-    echo "$lnew" >> $target
-    echo ""logging chart version is updated to ${LOGGING_VERSION}""
-  else
-    echo "logging chart version is already set to ${LOGGING_VERSION}"
-  fi
-
-  local mnew="RANCHER_MONITORING_CHART_VERSION=\"${MONITORING_VERSION}\""
-  local mcur=$(grep $mnew $target) || echo "monitoring chart version is not found from $target"
-  if [ -z "${mcur}" ]; then
-    # remove possible existing values
-    sed -i '/RANCHER_MONITORING_CHART_VERSION/d' $target
-    echo "$mnew" >> $target
-    echo "monitoring chart version is updated to ${MONITORING_VERSION}"
-  else
-    echo "monitoring chart version is already set to ${MONITORING_VERSION}"
-  fi
-
-  # the harvester-eventrouter image tag is first bumped on installer, then on addon, to decouple the PRs
-  # if ENV includes keyword `IMAGE` then `addon generateTemplates` will strip the image and only keep version
-  local HARVESTER_EVENTROUTER_FULL_TAG="rancher/harvester-eventrouter:v0.3.3"
-  local henew="HARVESTER_EVENTROUTER_FULL_TAG=\"${HARVESTER_EVENTROUTER_FULL_TAG}\""
-  local hecur=$(grep $henew $target) || echo "harvester-eventrouter image tag is not found from $target"
-  if [ -z "${hecur}" ]; then
-    # remove possible existing values
-    sed -i '/HARVESTER_EVENTROUTER_FULL_TAG/d' $target
-    echo "$henew" >> $target
-    echo "harvester-eventrouter image tag is updated to ${HARVESTER_EVENTROUTER_FULL_TAG}"
-  else
-    echo "harvester-eventrouter image tag is already set to ${HARVESTER_EVENTROUTER_FULL_TAG}"
-  fi
-  cat $target
-}
-
 # will generate template file in ${addons_path}, and this is used for subsequent checks
 cd ${addons_path}
 update_monitoring_logging_version version_info

scripts/hack/patch-rancher-logging

@@ -22,22 +22,12 @@ patch_rancher_logging_chart()
   grep "harvester-patch" ./rancher-logging/templates/loggings/rke2/daemonset.yaml || true
 
   echo "patch rancher logging eventtailer"
-  cp -f ${pkg_logging_path}/${logging_version}/eventtailer.yaml ./rancher-logging/templates/eventtailer.yaml
-  grep "harvester-patch" ./rancher-logging/templates/eventtailer.yaml || true
-
-  # replace fluentbit image version; yq can also work, but it strips all blank lines; use patch instead
-  local valuesfile="./rancher-logging/values.yaml"
-  local difffile="${pkg_logging_path}/${logging_version}/patch-vaues-fluentbit-image.diff"
-  echo "patch fluentbit image version"
-  echo "the current values.yaml has following fluentbit image version"
-  grep "rancher/mirrored-fluent-fluent-bit" $valuesfile -1 || true
-  if [ -f "$difffile" ]; then
-    patch $valuesfile $difffile
-  else
-    echo "diff file $difffile is not found"
-  fi
-  echo "the patched values.yaml has following fluentbit image version"
-  grep "rancher/mirrored-fluent-fluent-bit" $valuesfile -1 || true
+  cp -f ${pkg_logging_path}/${logging_version}/eventtailer.yaml ./rancher-logging/templates/logging/eventtailer.yaml
+  grep "harvester-patch" ./rancher-logging/templates/logging/eventtailer.yaml || true
+
+  echo "patch rancher logging kube-audit fluentbitagent"
+  cp -f ${pkg_logging_path}/${logging_version}/fluentbitagent.yaml ./rancher-logging/templates/loggings/kube-audit/fluentbitagent.yaml
+  grep "harvester-patch" ./rancher-logging/templates/loggings/kube-audit/fluentbitagent.yaml || true
 
   # remove existing chart
   rm ${chart_dir}/rancher-logging-${logging_version}.tgz

scripts/images/rancher-images.txt

@@ -1,31 +1,29 @@
 docker.io/rancher/fleet-agent:v0.11.2
 docker.io/rancher/fleet:v0.11.2
 docker.io/rancher/gitjob:v0.9.8
-docker.io/rancher/kubectl:v1.20.2
 docker.io/rancher/kubectl:v1.21.5
 docker.io/rancher/kubectl:v1.29.2
-docker.io/rancher/mirrored-grafana-grafana:9.1.5
-docker.io/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
-docker.io/rancher/mirrored-kiwigrid-k8s-sidecar:1.24.6
-docker.io/rancher/mirrored-kube-state-metrics-kube-state-metrics:v2.10.1
+docker.io/rancher/mirrored-grafana-grafana:11.1.0
+docker.io/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.3
+docker.io/rancher/mirrored-kiwigrid-k8s-sidecar:1.27.4
+docker.io/rancher/mirrored-kube-state-metrics-kube-state-metrics:v2.12.0
 docker.io/rancher/mirrored-library-busybox:1.31.1
 docker.io/rancher/mirrored-library-nginx:1.24.0-alpine
-docker.io/rancher/mirrored-prometheus-adapter-prometheus-adapter:v0.10.0
-docker.io/rancher/mirrored-prometheus-node-exporter:v1.3.1
-docker.io/rancher/mirrored-prometheus-operator-prometheus-config-reloader:v0.65.1
-docker.io/rancher/mirrored-prometheus-operator-prometheus-operator:v0.65.1
-docker.io/rancher/mirrored-prometheus-prometheus:v2.45.0
-docker.io/rancher/mirrored-prometheus-alertmanager:v0.26.0
+docker.io/rancher/mirrored-prometheus-adapter-prometheus-adapter:v0.12.0
+docker.io/rancher/mirrored-prometheus-node-exporter:v1.8.2
+docker.io/rancher/mirrored-prometheus-operator-prometheus-config-reloader:v0.75.1
+docker.io/rancher/mirrored-prometheus-operator-prometheus-operator:v0.75.1
+docker.io/rancher/mirrored-prometheus-operator-admission-webhook:v0.75.1
+docker.io/rancher/mirrored-prometheus-prometheus:v2.53.1
+docker.io/rancher/mirrored-prometheus-alertmanager:v0.27.0
 docker.io/rancher/rancher-webhook:v0.6.2
 docker.io/rancher/rancher:v2.10.1
 docker.io/rancher/rancher-agent:v2.10.1
-docker.io/rancher/shell:v0.1.26
-docker.io/rancher/shell:v0.1.24
 docker.io/rancher/shell:v0.3.0
 docker.io/rancher/system-agent:v0.3.11-suc
 docker.io/rancher/system-upgrade-controller:v0.14.2
-docker.io/rancher/mirrored-banzaicloud-fluentd:v1.14.6-alpine-5
-docker.io/rancher/mirrored-kube-logging-logging-operator:4.4.0
-docker.io/rancher/mirrored-fluent-fluent-bit:2.2.0
-docker.io/rancher/mirrored-jimmidyson-configmap-reload:v0.4.0
+docker.io/rancher/mirrored-kube-logging-fluentd:v1.16-4.10-full
+docker.io/rancher/mirrored-kube-logging-logging-operator:4.10.0
+docker.io/rancher/mirrored-fluent-fluent-bit:3.1.8
+docker.io/rancher/mirrored-kube-logging-config-reloader:v0.0.6
 docker.io/rancher/mirrored-cluster-api-controller:v1.8.3

scripts/patch-monitoring-logging

@@ -0,0 +1,54 @@
+#!/bin/bash
+set -e
+
+if [ -z $SCRIPTS_DIR ]; then
+  TOP_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." &> /dev/null && pwd )"
+  SCRIPTS_DIR="${TOP_DIR}/scripts"
+fi
+
+source ${SCRIPTS_DIR}/version-monitoring
+source ${SCRIPTS_DIR}/version-logging
+
+update_monitoring_logging_version() {
+  # due to legacy code, monitoring and logging versions are first updated on installer
+  # then on addon
+  local target=$1
+  local lnew="RANCHER_LOGGING_CHART_VERSION=\"${LOGGING_VERSION}\""
+  local lcur=$(grep $lnew $target) || echo "logging chart version is not found from $target"
+  # if the file has no new line at end, append new ENV will be added to last line accidently
+  echo "" >> $target
+  if [ -z "${lcur}" ]; then
+    # remove possible existing values
+    sed -i '/RANCHER_LOGGING_CHART_VERSION/d' $target
+    echo "$lnew" >> $target
+    echo ""logging chart version is updated to ${LOGGING_VERSION}""
+  else
+    echo "logging chart version is already set to ${LOGGING_VERSION}"
+  fi
+
+  local mnew="RANCHER_MONITORING_CHART_VERSION=\"${MONITORING_VERSION}\""
+  local mcur=$(grep $mnew $target) || echo "monitoring chart version is not found from $target"
+  if [ -z "${mcur}" ]; then
+    # remove possible existing values
+    sed -i '/RANCHER_MONITORING_CHART_VERSION/d' $target
+    echo "$mnew" >> $target
+    echo "monitoring chart version is updated to ${MONITORING_VERSION}"
+  else
+    echo "monitoring chart version is already set to ${MONITORING_VERSION}"
+  fi
+
+  # the harvester-eventrouter image tag is first bumped on installer, then on addon, to decouple the PRs
+  # if ENV includes keyword `IMAGE` then `addon generateTemplates` will strip the image and only keep version
+  local HARVESTER_EVENTROUTER_FULL_TAG="rancher/harvester-eventrouter:v1.5.0-dev.0"
+  local henew="HARVESTER_EVENTROUTER_FULL_TAG=\"${HARVESTER_EVENTROUTER_FULL_TAG}\""
+  local hecur=$(grep $henew $target) || echo "harvester-eventrouter image tag is not found from $target"
+  if [ -z "${hecur}" ]; then
+    # remove possible existing values
+    sed -i '/HARVESTER_EVENTROUTER_FULL_TAG/d' $target
+    echo "$henew" >> $target
+    echo "harvester-eventrouter image tag is updated to ${HARVESTER_EVENTROUTER_FULL_TAG}"
+  else
+    echo "harvester-eventrouter image tag is already set to ${HARVESTER_EVENTROUTER_FULL_TAG}"
+  fi
+  cat $target
+}

scripts/version-logging

@@ -1 +1 @@
-LOGGING_VERSION=103.1.0+up4.4.0
+LOGGING_VERSION=105.2.0+up4.10.0

scripts/version-monitoring

@@ -1 +1 @@
-MONITORING_VERSION=103.1.1+up45.31.1
+MONITORING_VERSION=105.1.2+up61.3.2