Skip to content

Commit

Permalink
chore: use Sumo Logic hosted Kube RBAC Proxy (#3674)
Browse files Browse the repository at this point in the history 
* chore: add script and action to sync repositories

Signed-off-by: Dominik Rosiek <[email protected]>

* feat: use Sumo Logic hosted Kube RBAC Proxy

Signed-off-by: Dominik Rosiek <[email protected]>

* chore: change schedule for syncing repositories

Signed-off-by: Dominik Rosiek <[email protected]>

* chore: restrict sync workflow to be run once

Signed-off-by: Dominik Rosiek <[email protected]>

* chore: rename workflows

Signed-off-by: Dominik Rosiek <[email protected]>

* chore: fix typo

Signed-off-by: Dominik Rosiek <[email protected]>

---------

Signed-off-by: Dominik Rosiek <[email protected]>
  • Loading branch information
@sumo-drosiek
sumo-drosiek authored Apr 23, 2024
1 parent e7f3989 commit 5631a6a
Show file tree
Hide file tree
Showing 7 changed files with 112 additions and 0 deletions.
1 change: 1 addition & 0 deletions .changelog/3674.added.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
chore: use Sumo Logic hosted Kube RBAC Proxy
30 changes: 30 additions & 0 deletions .github/workflows/sync-repositories.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Sync Repositories

on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:

jobs:
sync-repositories:
name: Sync container repositories
strategy:
matrix:
include:
- docker_username: DOCKERHUB_LOGIN_KUBE_RBAC_PROXY
docker_password: DOCKERHUB_PASSWORD_KUBE_RBAC_PROXY
aws_access_key: AWS_ACCESS_KEY_ID_KUBE_RBAC_PROXY
aws_secret_access_key: AWS_SECRET_ACCESS_KEY_KUBE_RBAC_PROXY
src_repository: quay.io/brancz/kube-rbac-proxy
dest_docker_namespace: docker.io/sumologic
dest_ecr_namespace: public.ecr.aws/a4t4y2n3
uses: ./.github/workflows/workflow-sync-repositories.yaml
with:
src_repository: ${{ matrix.src_repository }}
dest_docker_namespace: ${{ matrix.dest_docker_namespace }}
dest_ecr_namespace: ${{ matrix.dest_ecr_namespace }}
secrets:
DOCKER_USERNAME: ${{ secrets[matrix.docker_username] }}
DOCKER_PASSWORD: ${{ secrets[matrix.docker_password] }}
AWS_ACCESS_KEY_ID: ${{ secrets[matrix.aws_access_key] }}
AWS_SECRET_ACCESS_KEY: ${{ secrets[matrix.aws_secret_access_key] }}
59 changes: 59 additions & 0 deletions .github/workflows/workflow-sync-repositories.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Sync container repository

on:
workflow_call:
inputs:
src_repository:
description: Source repository
required: true
type: string
dest_docker_namespace:
description: Destination DockerHub repository
required: true
type: string
dest_ecr_namespace:
description: Destination ECR repository
required: true
type: string
secrets:
DOCKER_USERNAME:
required: true
DOCKER_PASSWORD:
required: true
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true

jobs:
sync-repository:
runs-on: ubuntu-20.04
name: ${{ inputs.src_repository }}
steps:
- name: No re-runs
run: |
if [ "$GITHUB_RUN_ATTEMPT" -gt 1 ]; then
echo "It is not advised to re-run this workflow! It won't speed up the process!"
exit 1
else
echo "not a re-run, continue"
fi
- uses: actions/checkout@v4
- name: Install skopeo
run: sudo apt-get install skopeo -y
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Synchronize image to Docker Hub repository
run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_docker_namespace }}
- name: Login to ECR
run: |-
aws ecr-public get-login-password --region us-east-1 \
| docker login --username AWS --password-stdin ${{ inputs.dest_ecr_namespace }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Synchronize image to ECR repository
run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_ecr_namespace }}
11 changes: 11 additions & 0 deletions ci/sync-repository.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/usr/bin/env bash

SRC_REPOSITORY=${1}
DESTINATION_NAMESPACE=${2}
skopeo sync \
-f v2s2 \
--retry-times 5 \
--src docker \
--dest docker \
"${SRC_REPOSITORY}" \
"${DESTINATION_NAMESPACE}"
2 changes: 2 additions & 0 deletions deploy/helm/sumologic/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,7 @@ The following table lists the configurable parameters of the Sumo Logic chart an
| `opentelemetry-operator.instrumentationJobImage.image.tag` | Name of the image tag used to apply Instrumentation resource | `2.22.0` |
| `opentelemetry-operator.admissionWebhooks` | Admission webhooks make sure only requests with correctly formatted rules will get into the Operator. They also enable the sidecar injection for OpenTelemetryCollector and Instrumentation CR's. | See [values.yaml] |
| `opentelemetry-operator.manager.env` | Additional environment variables for opentelemetry-operator helm chart. | `{"ENABLE_WEBHOOKS": "true"}` |
| `opentelemetry-operator.kubeRBACProxy.image.repository` | Container repository for Kube RBAC Proxy. | `public.ecr.aws/sumologic/kube-rbac-proxy` |
| `otelcolInstrumentation.enabled` | Enables Sumo Otel Distro Collector StatefulSet to collect telemetry data. [See docs for more information.](/docs/opentelemetry-collector/traces.md) | `true` |
| `otelcolInstrumentation.autoscaling.enabled` | Option to override the default autoscaling parameter (sumologic.autoscaling.enabled) for Sumo Otel Distro Collector StatefulSet and specify params for HPA. Autoscaling needs metrics-server to access cpu metrics. | `false` |
| `otelcolInstrumentation.autoscaling.minReplicas` | Default min replicas for autoscaling. | `3` |
Expand Down Expand Up @@ -503,6 +504,7 @@ The following table lists the configurable parameters of the Sumo Logic chart an
| `tailing-sidecar-operator.enabled` | Flag to control deploying Tailing Sidecar Operator Helm sub-chart. | `false` |
| `tailing-sidecar-operator.fullnameOverride` | Used to override the chart's full name. | `Nil` |
| `tailing-sidecar-operator.scc.create` | Create OpenShift's Security Context Constraint | `false` |
| `tailing-sidecar-operator.kubeRbacProxy.image.repository` | Container repository for Kube RBAC Proxy | `public.ecr.aws/sumologic/kube-rbac-proxy` |
| `pvcCleaner.metrics.enabled` | Flag to enable cleaning unused PVCs for otelcol metrics statefulsets. | `false` |
| `pvcCleaner.logs.enabled` | Flag to enable cleaning unused PVCs for otelcol logs statefulsets. | `false` |
| `pvcCleaner.job.image.repository` | Image repository for pvcCleaner docker containers. | `public.ecr.aws/sumologic/kubernetes-tools-kubectl` |
Expand Down
8 changes: 8 additions & 0 deletions deploy/helm/sumologic/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2418,6 +2418,10 @@ tailing-sidecar-operator:
scc:
create: false

kubeRbacProxy:
image:
repository: public.ecr.aws/sumologic/kube-rbac-proxy

## Configure OpenTelemetry Operator - Instrumentation
## ref: https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-operator
opentelemetry-operator:
Expand Down Expand Up @@ -2526,6 +2530,10 @@ opentelemetry-operator:
cpu: 150m
memory: 256Mi

kubeRBACProxy:
image:
repository: public.ecr.aws/sumologic/kube-rbac-proxy

## pvcCleaner deletes unused PVCs
pvcCleaner:
metrics:
Expand Down
1 change: 1 addition & 0 deletions shell.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ pkgs.mkShell {
pkgs.golangci-lint
pkgs.go
pkgs.kind
pkgs.skopeo
];
}
## Output of `make tool-versions`:
Expand Down

0 comments on commit 5631a6a

Please sign in to comment.