KFLUXBUGS-1610 - Hold Logging Operator back on Prod

components/monitoring/logging/production/base/configure-logging/configure-log-collectors.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: "logging.openshift.io/v1"
+kind: "ClusterLogging"
+metadata:
+  name: "instance"
+  annotations:
+    logging.openshift.io/preview-vector-collector: enabled
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  collection:
+    type: vector

components/monitoring/logging/production/base/configure-logging/configure-logforwarder.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "1"
+  name: instance
+spec:
+  outputs:
+    - name: splunk-receiver-application
+      secret:
+        name: log-forwarder-splunk-rhtap-application-secret
+      type: splunk
+      url: https://http-inputs-rhcorporate.splunkcloud.com
+    - name: splunk-receiver-audit
+      secret:
+        name: log-forwarder-splunk-rhtap-audit-secret
+      type: splunk
+      url: https://http-inputs-rhcorporate.splunkcloud.com
+  pipelines:
+    - name: fluentd-forward-logs-to-splunk-rhtap-app-index
+      inputRefs:
+        - application
+      outputRefs:
+        - splunk-receiver-application
+      parse: json
+    - name: fluentd-forward-logs-to-splunk-rhtap-audit-index
+      inputRefs:
+        - infrastructure
+        - audit
+      outputRefs:
+        - splunk-receiver-audit
+      parse: json

components/monitoring/logging/production/base/configure-logging/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- configure-log-collectors.yaml
+- configure-logforwarder.yaml
+
+namespace: "openshift-logging"
+
+generatorOptions:
+  disableNameSuffixHash: true

components/monitoring/logging/production/base/external-secrets/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- splunk-log-forwarder-external-secrets.yaml
+namespace: openshift-logging

components/monitoring/logging/production/base/external-secrets/splunk-log-forwarder-external-secrets.yaml

@@ -0,0 +1,37 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: log-forwarder-splunk-rhtap-application-external-secret
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  dataFrom:
+  - extract:
+      key: "" # will be added by the overlays
+  refreshInterval: 1h
+  secretStoreRef:
+    name: appsre-stonesoup-vault
+    kind: ClusterSecretStore
+  target:
+    name: log-forwarder-splunk-rhtap-application-secret
+    deletionPolicy: Delete
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: log-forwarder-splunk-rhtap-audit-external-secret
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  dataFrom:
+  - extract:
+      key: "" # will be added by the overlays
+  refreshInterval: 1h
+  secretStoreRef:
+    name: appsre-stonesoup-vault
+    kind: ClusterSecretStore
+  target:
+    name: log-forwarder-splunk-rhtap-audit-secret
+    deletionPolicy: Delete

components/monitoring/logging/production/base/install-logging-operator.yaml

@@ -0,0 +1,15 @@
+# On managed clusters, there is no need to create the openshift-logging
+# namespace because it's created automatically by hive.
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+spec:
+  channel: "stable" 
+  name: cluster-logging
+  source: redhat-operators 
+  sourceNamespace: openshift-marketplace

components/monitoring/logging/production/base/kustomization.yaml

@@ -1,8 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- ../../base
-- ../../base/external-secrets
+- install-logging-operator.yaml
+- ./configure-logging/
+- ./rbac/
+- ./external-secrets/
+
+generatorOptions:
+  disableNameSuffixHash: true
+
 patches:
   - target:
       group: external-secrets.io
@@ -21,4 +27,4 @@ patches:
     patch: |
       - op: replace
         path: /spec/dataFrom/0/extract/key
-        value: production/monitoring/logging/fluentd/splunk-forwarder-rhtap-production-audit
+        value: production/monitoring/logging/fluentd/splunk-forwarder-rhtap-production-audit

components/monitoring/logging/production/base/logging-operator-prerequisite/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- operatorgroup.yaml

components/monitoring/logging/production/base/logging-operator-prerequisite/operatorgroup.yaml

@@ -0,0 +1,10 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+spec:
+  targetNamespaces:
+  - openshift-logging

components/monitoring/logging/production/base/rbac/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- logging-admin.yaml

components/monitoring/logging/production/base/rbac/logging-admin.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: all-access-openshift-logging
+  namespace: openshift-logging
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["*"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: all-access-openshift-logging
+  namespace: openshift-logging
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: konflux-o11y-admins
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: all-access-openshift-logging