From d9ded562fbd6f1af592ba3617f73530105e9db7b Mon Sep 17 00:00:00 2001
From: eseiker <eseiker@users.noreply.github.com>
Date: Thu, 17 Apr 2025 19:57:13 +0900
Subject: [PATCH] syncing bootstrap setups with cluster

---
 9c-internal/network/heimdall.yaml             |  4 +--
 9c-internal/values.yaml                       | 11 ++++----
 9c-main/values.yaml                           |  7 +++++
 common/bootstrap-v2/templates/datadog.yaml    | 14 +++++-----
 .../fluent-bit/configmap-fluent-bit.yaml      | 26 ++++++++++++++++---
 .../templates/fluent-bit/fluent-bit.yaml      |  2 ++
 common/bootstrap-v2/templates/loki.yaml       | 22 +++++++---------
 common/bootstrap-v2/templates/monitoring.yaml |  2 +-
 common/bootstrap-v2/templates/prometheus.yaml |  2 +-
 common/bootstrap-v2/templates/r2-secret.yaml  |  2 ++
 common/bootstrap-v2/values.yaml               |  6 ++++-
 11 files changed, 65 insertions(+), 33 deletions(-)

diff --git a/9c-internal/network/heimdall.yaml b/9c-internal/network/heimdall.yaml
index ebc67553d..adecc7704 100644
--- a/9c-internal/network/heimdall.yaml
+++ b/9c-internal/network/heimdall.yaml
@@ -57,7 +57,7 @@ gateway:
       - heimdall-preview-market.9c.gg
 
 bridgeService:
-  enabled: true
+  enabled: false
 
   multiplanetary:
     registryEndpoint: "https://9c-dx.s3.ap-northeast-2.amazonaws.com/planets-internal.json"
@@ -85,7 +85,7 @@ bridgeService:
       channel: "9c-relay-bridge-bot-test-rdb"
 
   db:
-    enabled: true
+    enabled: false
     size: "10Gi"
 
   rdb:
diff --git a/9c-internal/values.yaml b/9c-internal/values.yaml
index cf60b6b2c..2f8517acf 100644
--- a/9c-internal/values.yaml
+++ b/9c-internal/values.yaml
@@ -26,14 +26,15 @@ certManager:
     - "*.petpop.fun"
   issuer:
     email: devops@planetariumhq.com
+traefik:
+  trustedIPs:
+  - 10.0.0.0/8
+  - 172.16.0.0/12
+  - 49.247.0.0/16
+  - 115.68.0.0/16
 grafana:
   hosts:
     - monitoring-internal.planetarium.network
 prometheus:
   server:
     extraScrapeConfigs:
-      - job_name: scrape-headlesses
-        metrics_path: /metrics
-        scrape_interval: 8s
-        scrape_timeout: 6s
-        static_configs:
diff --git a/9c-main/values.yaml b/9c-main/values.yaml
index 1380f6a32..4c779b2f2 100644
--- a/9c-main/values.yaml
+++ b/9c-main/values.yaml
@@ -32,6 +32,13 @@ certManager:
 traefik:
   service:
     loadBalancerIP: 115.68.199.177
+  trustedIPs:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 49.247.0.0/16
+    - 115.68.0.0/16
+fluentBit:
+  enabled: true
 loki:
   enabled: true
   bucketName: 9c-loki
diff --git a/common/bootstrap-v2/templates/datadog.yaml b/common/bootstrap-v2/templates/datadog.yaml
index 45db5b7d6..bb8017be7 100644
--- a/common/bootstrap-v2/templates/datadog.yaml
+++ b/common/bootstrap-v2/templates/datadog.yaml
@@ -14,6 +14,12 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   project: infra
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: datadog
   source:
     repoURL: https://helm.datadoghq.com
     chart: datadog
@@ -67,14 +73,6 @@ spec:
           nodeSelector:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: datadog
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
 ---
 apiVersion: "external-secrets.io/v1beta1"
 kind: SecretStore
diff --git a/common/bootstrap-v2/templates/fluent-bit/configmap-fluent-bit.yaml b/common/bootstrap-v2/templates/fluent-bit/configmap-fluent-bit.yaml
index 38554cb27..e03583c5d 100644
--- a/common/bootstrap-v2/templates/fluent-bit/configmap-fluent-bit.yaml
+++ b/common/bootstrap-v2/templates/fluent-bit/configmap-fluent-bit.yaml
@@ -1,4 +1,4 @@
-
+{{- if .Values.fluentBit.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -54,17 +54,21 @@ data:
         Match                        application.*
         Rule                         $kubernetes['container_name'] ^.*$ s3.$kubernetes['namespace_name'].$kubernetes['container_name'].$TAG true
         Emitter_Name                 for_s3
-    {{- if eq .Values.provider "AWS" }}
     [OUTPUT]
         Name                         s3
         Match                        s3.*
+        {{- if eq .Values.provider "AWS" }}
         region                       ${AWS_REGION}
         Bucket                       fluent-bit.planetariumhq.com
+        {{- else if eq .Values.provider "RKE2" }}
+        region                       auto
+        bucket                       9c-fluentbit
+        endpoint                     ${R2_ENDPOINT}
+        {{- end }}
         compression                  gzip
         Total_file_size              100M
         S3_key_format                /${CLUSTER_NAME}/$TAG[1]/$TAG[2]/%Y/%m/%d/%H/$TAG-$UUID.gz
         S3_key_format_tag_delimiters ._
-    {{- end }}
 
     [INPUT]
         Name                         tail
@@ -167,6 +171,21 @@ data:
         Total_file_size              100M
         S3_key_format                /${CLUSTER_NAME}/json/$TAG[1]/$TAG[2]/%Y/%m/%d/%H/$TAG-$UUID.gz
         S3_key_format_tag_delimiters ._
+    [OUTPUT]
+        Name                         s3
+        Match                        s3json.*
+        {{- if eq .Values.provider "AWS" }}
+        region                       ${AWS_REGION}
+        Bucket                       fluent-bit.planetariumhq.com
+        {{- else if eq .Values.provider "RKE2" }}
+        region                       auto
+        bucket                       9c-fluentbit
+        endpoint                     ${R2_ENDPOINT}
+        {{- end }}
+        compression                  gzip
+        Total_file_size              100M
+        S3_key_format                /${CLUSTER_NAME}/json/$TAG[1]/glue/$TAG[3]/%Y/%m/%d/%H/$TAG-$UUID.gz
+        S3_key_format_tag_delimiters ._
 
     [INPUT]
         Name                tail
@@ -274,3 +293,4 @@ data:
         Time_Key            time_local
         Time_Format         %d/%b/%Y:%H:%M:%S %z
         Decode_Field        json request_body
+{{- end }}
diff --git a/common/bootstrap-v2/templates/fluent-bit/fluent-bit.yaml b/common/bootstrap-v2/templates/fluent-bit/fluent-bit.yaml
index ae260d8fb..00fae59ee 100644
--- a/common/bootstrap-v2/templates/fluent-bit/fluent-bit.yaml
+++ b/common/bootstrap-v2/templates/fluent-bit/fluent-bit.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.fluentBit.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -67,3 +68,4 @@ spec:
     automated:
       prune: true
       selfHeal: true
+{{- end }}
diff --git a/common/bootstrap-v2/templates/loki.yaml b/common/bootstrap-v2/templates/loki.yaml
index 69735cad5..d6a422612 100644
--- a/common/bootstrap-v2/templates/loki.yaml
+++ b/common/bootstrap-v2/templates/loki.yaml
@@ -1,5 +1,4 @@
-{{ if .Values.loki.enabled }}
----
+{{- if .Values.loki.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -9,6 +8,13 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   project: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
   source:
     repoURL: https://grafana.github.io/helm-charts
     chart: loki
@@ -30,7 +36,7 @@ spec:
               chunks: {{ $.Values.loki.bucketName }}
               ruler: {{ $.Values.loki.bucketName }}
             s3:
-              endpoint: "${R2_ENDPOINT}}"
+              endpoint: "${R2_ENDPOINT}"
               region: "apac"
               bucketnames: "{{ $.Values.loki.bucketName }}"
               accessKeyId: "${R2_ACCESS_KEY_ID}"
@@ -160,12 +166,4 @@ spec:
               enabled: false
             grafanaAgent:
               installOperator: false
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: monitoring
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
----
-{{ end }}
+{{- end }}
diff --git a/common/bootstrap-v2/templates/monitoring.yaml b/common/bootstrap-v2/templates/monitoring.yaml
index 2d50ca129..e66e4c320 100644
--- a/common/bootstrap-v2/templates/monitoring.yaml
+++ b/common/bootstrap-v2/templates/monitoring.yaml
@@ -3,7 +3,7 @@ kind: Namespace
 metadata:
   name: monitoring
 ---
-{{- if eq .Values.provider "RKE2" }}
+{{- if and (eq .Values.provider "RKE2") (or .Values.fluentBit.enabled .Values.loki.enabled) }}
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
diff --git a/common/bootstrap-v2/templates/prometheus.yaml b/common/bootstrap-v2/templates/prometheus.yaml
index a55aa2167..53307b1f4 100644
--- a/common/bootstrap-v2/templates/prometheus.yaml
+++ b/common/bootstrap-v2/templates/prometheus.yaml
@@ -17,7 +17,7 @@ spec:
   source:
     repoURL: https://prometheus-community.github.io/helm-charts
     chart: prometheus
-    targetRevision: 27.3.0
+    targetRevision: 27.6.0
     helm:
       values: |-
         serviceAccounts:
diff --git a/common/bootstrap-v2/templates/r2-secret.yaml b/common/bootstrap-v2/templates/r2-secret.yaml
index 148e56f74..5e6dee4b8 100644
--- a/common/bootstrap-v2/templates/r2-secret.yaml
+++ b/common/bootstrap-v2/templates/r2-secret.yaml
@@ -1,3 +1,4 @@
+{{- if or .Values.fluentBit.enabled .Values.loki.enabled }}
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
@@ -18,3 +19,4 @@ spec:
   dataFrom:
     - extract:
         key: {{ .Values.clusterName }}{{- if eq .Values.provider "RKE2" }}-rke2{{- end }}/r2-token
+{{- end }}
diff --git a/common/bootstrap-v2/values.yaml b/common/bootstrap-v2/values.yaml
index abdf62893..7cfa68fdc 100644
--- a/common/bootstrap-v2/values.yaml
+++ b/common/bootstrap-v2/values.yaml
@@ -14,7 +14,8 @@ traefik:
     annotations: {}
   trustedIPs:
   - 10.0.0.0/8
-  - 172.0.0.0/8
+  - 172.16.0.0/12
+  - 192.168.0.0/16
   ports:
     grpc:
       kind: GRPCRoute
@@ -45,6 +46,9 @@ prometheus:
 grafana:
   serviceAnnotations:
 
+fluentBit:
+  enabled: false
+
 loki:
   enabled: false
   bucketName: ""