added dataPath and logsPath, store pq data and checkpoints at dataPath by default

Author: AndrewChubatiuk

api/operator/v1/vlagent_types.go

@@ -88,15 +88,17 @@ type VLAgentSpec struct {
 type VLAgentK8sCollector struct {
 	// Enabled switches VLAgent to log collection mode.
 	// Note, for this purpose operator uses DaemonSet, while by default VLAgent uses StatefulSet.
-	// It means that switching this option will drop all persisted data.
+	// Switching this option will drop all persisted data.
 	Enabled bool `json:"enabled,omitempty"`
 
 	// LogsPath configures root for logs path
 	// By default VLAgent collects logs from /var/log/containers
 	LogsPath string `json:"logsPath,omitempty"`
 
-	// CheckpointsPath configures path where logs checkpoints are stored
-	CheckpointsPath string `json:"checkpointsPath,omitempty"`
+	// DataPath configures path where logs checkpoints are stored.
+	// By default it emptyDir is used as a volume for data path.
+	// To guarantee checkpoints persistence during pods recreation consider explicitly setting this option to destination, where hostPath volume is mounted.
+	DataPath string `json:"dataPath,omitempty"`
 
 	// TenantID defines default tenant ID to use for logs collected from pods in format: <accountID>:<projectID>
 	TenantID string `json:"tenantID,omitempty"`
@@ -334,7 +336,7 @@ func (cr *VLAgent) FinalAnnotations() map[string]string {
 }
 
 // AsCRDOwner implements interface
-func (*VLAgent) AsCRDOwner() []metav1.OwnerReference {
+func (*VLAgent) AsCRDOwner() *metav1.OwnerReference {
 	return vmv1beta1.GetCRDAsOwner(vmv1beta1.VLAgentCRD)
 }
 

api/operator/v1beta1/owner.go

@@ -18,7 +18,10 @@ const (
 )
 
 func (c CRDName) String() string {
-	return []string{"vmagents.operator.victoriametrics.com", "vmalerts.operator.victoriametrics.com", "vmsingles.operator.victoriametrics.com", "vmclusters.operator.victoriametrics.com", "vmauths.operator.victoriametrics.com", "vmalertmanagers.operator.victoriametrics.com"}[c]
+	return []string{
+		"vmagents.operator.victoriametrics.com",
+		"vlagents.operator.victoriametrics.com",
+	}[c]
 }
 
 type crdInfo struct {
@@ -57,17 +60,15 @@ func Init(ctx context.Context, rclient client.Client) error {
 
 // GetCRDAsOwner returns owner references with global CustomResourceDefinition object as owner
 // useful for non-namespaced objects, like clusterRole
-func GetCRDAsOwner(name CRDName) []metav1.OwnerReference {
+func GetCRDAsOwner(name CRDName) *metav1.OwnerReference {
 	crdData := crdCache[name]
 	if crdData == nil {
 		return nil
 	}
-	return []metav1.OwnerReference{
-		{
-			Name:       name.String(),
-			UID:        crdData.uuid,
-			Kind:       "CustomResourceDefinition",
-			APIVersion: crdData.apiVersion,
-		},
+	return &metav1.OwnerReference{
+		Name:       name.String(),
+		UID:        crdData.uuid,
+		Kind:       "CustomResourceDefinition",
+		APIVersion: crdData.apiVersion,
 	}
 }

api/operator/v1beta1/vmagent_types.go

@@ -787,7 +787,7 @@ func (cr *VMAgent) AsURL() string {
 }
 
 // AsCRDOwner implements interface
-func (*VMAgent) AsCRDOwner() []metav1.OwnerReference {
+func (*VMAgent) AsCRDOwner() *metav1.OwnerReference {
 	return GetCRDAsOwner(VMAgentCRD)
 }
 

config/crd/overlay/crd.yaml

@@ -740,9 +740,11 @@ spec:
                 description: K8sCollector configures VLAgent logs collection from
                   K8s pods
                 properties:
-                  checkpointsPath:
-                    description: CheckpointsPath configures path where logs checkpoints
-                      are stored
+                  dataPath:
+                    description: |-
+                      DataPath configures path where logs checkpoints are stored.
+                      By default it emptyDir is used as a volume for data path.
+                      To guarantee checkpoints persistence during pods recreation consider explicitly setting this option to destination, where hostPath volume is mounted.
                     type: string
                   decolorizeFields:
                     description: DecolorizeFields defines fields to remove ANSI color
@@ -754,7 +756,7 @@ spec:
                     description: |-
                       Enabled switches VLAgent to log collection mode.
                       Note, for this purpose operator uses DaemonSet, while by default VLAgent uses StatefulSet.
-                      It means that switching this option will drop all persisted data.
+                      Switching this option will drop all persisted data.
                     type: boolean
                   extraFields:
                     description: ExtraFields defines extra fields to add to each collected

config/examples/vlagent-collector.yaml

@@ -3,21 +3,14 @@ kind: VLAgent
 metadata:
   name: example
 spec:
-  replicaCount: 2
   resources:
     requests:
       cpu: "50m"
       memory: "350Mi"
     limits:
       cpu: "500m"
       memory: "850Mi"
-  persistentVolumeClaimRetentionPolicy:
-    whenDeleted: Delete
   k8sCollector:
     enabled: true
   remoteWrite:
     - url: "http://vlsingle-example-0.default.svc:9428/internal/insert"
-      maxDiskUsage: 10GB
-  remoteWriteSettings:
-    # ~ 5GB in bytes
-    maxBlockSize: 30MB

config/examples/vlagent-full-collector.yaml

@@ -0,0 +1,24 @@
+apiVersion: operator.victoriametrics.com/v1
+kind: VLAgent
+metadata:
+  name: example
+spec:
+  resources:
+    requests:
+      cpu: "50m"
+      memory: "350Mi"
+    limits:
+      cpu: "500m"
+      memory: "850Mi"
+  k8sCollector:
+    enabled: true
+    dataPath: /var/lib/vl-collector
+  volumes:
+    - name: data
+      hostPath:
+        path: /var/lib/vl-collector
+  volumeMounts:
+    - name: data
+      mountPath: /var/lib/vl-collector
+  remoteWrite:
+    - url: "http://vlsingle-example-0.default.svc:9428/internal/insert"

docs/CHANGELOG.md

@@ -14,7 +14,7 @@ aliases:
 ## tip
 
 * FEATURE: [vmagent](https://docs.victoriametrics.com/operator/resources/vmagent/): support `namespace` parameter in `attach_metadata` section for all scrape configurations. See [#1654](https://github.com/VictoriaMetrics/operator/issues/1654).
-* FEATURE: [vlagen](https://docs.victoriametrics.com/operator/resources/vlagent): support logs collection. See [#1501](https://github.com/VictoriaMetrics/operator/issues/1501).
+* FEATURE: [vlagent](https://docs.victoriametrics.com/operator/resources/vlagent): support logs collection. See [#1501](https://github.com/VictoriaMetrics/operator/issues/1501).
 
 ## [v0.66.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.66.1)
 

docs/api.md

@@ -180,9 +180,9 @@ Appears in: [VLAgentSpec](#vlagentspec)
 
 | Field | Description |
 | --- | --- |
-| checkpointsPath<a href="#vlagentk8scollector-checkpointspath" id="vlagentk8scollector-checkpointspath">#</a><br/>_string_ | _(Required)_<br/>CheckpointsPath configures path where logs checkpoints are stored |
+| dataPath<a href="#vlagentk8scollector-datapath" id="vlagentk8scollector-datapath">#</a><br/>_string_ | _(Required)_<br/>DataPath configures path where logs checkpoints are stored.<br />By default it emptyDir is used as a volume for data path.<br />To guarantee checkpoints persistence during pods recreation consider explicitly setting this option to destination, where hostPath volume is mounted. |
 | decolorizeFields<a href="#vlagentk8scollector-decolorizefields" id="vlagentk8scollector-decolorizefields">#</a><br/>_string array_ | _(Required)_<br/>DecolorizeFields defines fields to remove ANSI color codes across logs ingested from Kubernetes |
-| enabled<a href="#vlagentk8scollector-enabled" id="vlagentk8scollector-enabled">#</a><br/>_boolean_ | _(Required)_<br/>Enabled switches VLAgent to log collection mode.<br />Note, for this purpose operator uses DaemonSet, while by default VLAgent uses StatefulSet.<br />It means that switching this option will drop all persisted data. |
+| enabled<a href="#vlagentk8scollector-enabled" id="vlagentk8scollector-enabled">#</a><br/>_boolean_ | _(Required)_<br/>Enabled switches VLAgent to log collection mode.<br />Note, for this purpose operator uses DaemonSet, while by default VLAgent uses StatefulSet.<br />Switching this option will drop all persisted data. |
 | extraFields<a href="#vlagentk8scollector-extrafields" id="vlagentk8scollector-extrafields">#</a><br/>_string_ | _(Required)_<br/>ExtraFields defines extra fields to add to each collected log line |
 | ignoreFields<a href="#vlagentk8scollector-ignorefields" id="vlagentk8scollector-ignorefields">#</a><br/>_string array_ | _(Required)_<br/>IgnoreFields defines fields to ignore across logs ingested from Kubernetes |
 | logsPath<a href="#vlagentk8scollector-logspath" id="vlagentk8scollector-logspath">#</a><br/>_string_ | _(Required)_<br/>LogsPath configures root for logs path<br />By default VLAgent collects logs from /var/log/containers |

internal/controller/operator/factory/finalize/vlagent.go

@@ -5,15 +5,24 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	vmv1 "github.com/VictoriaMetrics/operator/api/operator/v1"
+	"github.com/VictoriaMetrics/operator/internal/config"
 )
 
 // OnVLAgentDelete deletes all vlagent related resources
 func OnVLAgentDelete(ctx context.Context, rclient client.Client, cr *vmv1.VLAgent) error {
-	if err := removeFinalizeObjByName(ctx, rclient, &appsv1.StatefulSet{}, cr.PrefixedName(), cr.Namespace); err != nil {
-		return err
+	if cr.Spec.K8sCollector.Enabled {
+		if err := removeFinalizeObjByName(ctx, rclient, &appsv1.DaemonSet{}, cr.PrefixedName(), cr.Namespace); err != nil {
+			return err
+		}
+	} else {
+		if err := removeFinalizeObjByName(ctx, rclient, &appsv1.StatefulSet{}, cr.PrefixedName(), cr.Namespace); err != nil {
+			return err
+		}
 	}
 	// check service
 	if err := removeFinalizeObjByName(ctx, rclient, &corev1.Service{}, cr.PrefixedName(), cr.Namespace); err != nil {
@@ -39,5 +48,20 @@ func OnVLAgentDelete(ctx context.Context, rclient client.Client, cr *vmv1.VLAgen
 	if err := deleteSA(ctx, rclient, cr); err != nil {
 		return err
 	}
+	if config.IsClusterWideAccessAllowed() {
+		if err := removeFinalizeObjByName(ctx, rclient, &rbacv1.ClusterRoleBinding{}, cr.GetClusterRoleName(), cr.GetNamespace()); err != nil {
+			return err
+		}
+		if err := removeFinalizeObjByName(ctx, rclient, &rbacv1.ClusterRole{}, cr.GetClusterRoleName(), cr.GetNamespace()); err != nil {
+			return err
+		}
+		if err := SafeDelete(ctx, rclient, &rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: cr.GetClusterRoleName(), Namespace: cr.GetNamespace()}}); err != nil {
+			return err
+		}
+
+		if err := SafeDelete(ctx, rclient, &rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: cr.GetClusterRoleName(), Namespace: cr.GetNamespace()}}); err != nil {
+			return err
+		}
+	}
 	return nil
 }

internal/controller/operator/factory/vlagent/rbac.go

@@ -16,26 +16,24 @@ import (
 )
 
 var (
-	policyRules = []rbacv1.PolicyRule{
-		{
-			APIGroups: []string{""},
-			Verbs: []string{
-				"get",
-				"list",
-				"watch",
-			},
-			Resources: []string{
-				"pods",
-				"namespaces",
-				"nodes",
-			},
+	policyRules = []rbacv1.PolicyRule{{
+		APIGroups: []string{""},
+		Verbs: []string{
+			"get",
+			"list",
+			"watch",
 		},
-	}
+		Resources: []string{
+			"pods",
+			"namespaces",
+			"nodes",
+		},
+	}}
 )
 
 // createK8sAPIAccess - creates RBAC access rules for vlagent
 func createK8sAPIAccess(ctx context.Context, rclient client.Client, cr, prevCR *vmv1.VLAgent) error {
-	if config.IsClusterWideAccessAllowed() {
+	if !config.IsClusterWideAccessAllowed() {
 		logger.WithContext(ctx).Info(fmt.Sprintf("skipping cluster role and binding for vlagent=%s/%s since operator has WATCH_NAMESPACE set", cr.Namespace, cr.Name))
 		return nil
 	}
@@ -65,16 +63,13 @@ func ensureCRBExist(ctx context.Context, rclient client.Client, cr, prevCR *vmv1
 }
 
 func buildCRB(cr *vmv1.VLAgent) *rbacv1.ClusterRoleBinding {
-	return &rbacv1.ClusterRoleBinding{
+	r := &rbacv1.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:        cr.GetClusterRoleName(),
 			Namespace:   cr.GetNamespace(),
 			Labels:      cr.FinalLabels(),
 			Annotations: cr.FinalAnnotations(),
 			Finalizers:  []string{vmv1beta1.FinalizerName},
-			// Kubernetes does not allow namespace-scoped resources to own cluster-scoped resources,
-			// use crd instead
-			OwnerReferences: cr.AsCRDOwner(),
 		},
 		Subjects: []rbacv1.Subject{
 			{
@@ -89,20 +84,31 @@ func buildCRB(cr *vmv1.VLAgent) *rbacv1.ClusterRoleBinding {
 			Kind:     "ClusterRole",
 		},
 	}
+	owner := cr.AsCRDOwner()
+	if owner != nil {
+		// Kubernetes does not allow namespace-scoped resources to own cluster-scoped resources,
+		// use crd instead
+		r.OwnerReferences = []metav1.OwnerReference{*owner}
+	}
+	return r
 }
 
 func buildCR(cr *vmv1.VLAgent) *rbacv1.ClusterRole {
-	return &rbacv1.ClusterRole{
+	r := &rbacv1.ClusterRole{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:        cr.GetClusterRoleName(),
 			Namespace:   cr.GetNamespace(),
 			Labels:      cr.FinalLabels(),
 			Annotations: cr.FinalAnnotations(),
 			Finalizers:  []string{vmv1beta1.FinalizerName},
-			// Kubernetes does not allow namespace-scoped resources to own cluster-scoped resources,
-			// use crd instead
-			OwnerReferences: cr.AsCRDOwner(),
 		},
 		Rules: policyRules,
 	}
+	owner := cr.AsCRDOwner()
+	if owner != nil {
+		// Kubernetes does not allow namespace-scoped resources to own cluster-scoped resources,
+		// use crd instead
+		r.OwnerReferences = []metav1.OwnerReference{*owner}
+	}
+	return r
 }