manifests/infrastructure/openobserve/openobserve.yaml

# manifests/infrastructure/openobserve/openobserve.yaml
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: openobserve
  namespace: openobserve
spec:
  interval: 5m0s
  url: https://charts.openobserve.ai
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: openobserve
  namespace: openobserve
spec:
  interval: 5m
  chart:
    spec:
      chart: openobserve-standalone
      version: ">=0.15.0"
      sourceRef:
        kind: HelmRepository
        name: openobserve
        namespace: openobserve
      interval: 1m
  values:
    # Use SIMD-optimized image for ARM with NEON support
    image:
      repository: public.ecr.aws/zinclabs/openobserve
      tag: v0.15.0-simd
    
    # Basic configuration with memory optimization
    config:
      ZO_TELEMETRY: "false"
      ZO_WEB_URL: "https://obs.keyboardvagabond.com"
      # Aggressive data retention for resource-constrained environment
      ZO_COMPACT_DATA_RETENTION_DAYS: "7"  # Reduced from 14 to 7 days
      ZO_COMPACT_RETENTION_LOGS: "7"       # Explicit log retention
      ZO_COMPACT_RETENTION_METRICS: "14"   # Keep metrics longer than logs
      ZO_COMPACT_RETENTION_TRACES: "3"     # Traces are large, keep only 3 days
      
      # Memory optimization settings - reduced for 5GB container limit
      ZO_MEMORY_CACHE_MAX_SIZE: "1536"  # Reduced to 1.5GB (was 2GB) - still good performance
      ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE: "768"   # Reduced to 768MB (was 1GB) - adequate for queries
      ZO_MAX_FILE_SIZE_IN_MEMORY: "64"  # Reduce memory table size to 64MB (default 256MB)
      ZO_MEM_DUMP_THREAD_NUM: "2"  # Use 2 threads for memory dumps (faster disk writes)
      
      # Enable disk caching to reduce RAM usage
      ZO_DISK_CACHE_ENABLED: "true"
      ZO_DISK_CACHE_MAX_SIZE: "8192"  # 8GB disk cache (in MB)
      
      # Reduce field processing overhead
      ZO_COLS_PER_RECORD_LIMIT: "500"  # Limit fields per record (default 1000)
      
      # Optimized compaction for memory efficiency
      ZO_COMPACT_SYNC_TO_DB_INTERVAL: "10"  # Reduced frequency (was 5s) to save memory
      ZO_COMPACT_MAX_FILE_SIZE: "256"       # Smaller files (256MB) to reduce memory buffers
      ZO_COMPACT_INTERVAL: "120"            # Less frequent compaction (2min vs 1min) to reduce memory spikes
      ZO_COMPACT_STEP_SIZE: "500"           # Fewer files per step to reduce memory usage
    
    # Local storage for now - easy to migrate to S3 later
    persistence:
      size: 100Gi
      storageClass: "longhorn"
    
    # Resource limits optimized with memory configuration tunning
    resources:
      requests:
        cpu: 512m
        memory: 1.5Gi    # Reasonable request for optimized caches
      limits:
        cpu: 2500m
        memory: 5Gi      # Keep at 5GB with optimized cache settings
    
    ingress:
      enabled: false
    
    # Security context optimized for large volumes per Kubernetes docs
    # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
    securityContext:
      fsGroup: 2000
      runAsUser: 10000  # Match existing StatefulSet to avoid conflicts
      runAsGroup: 3000  # Match existing StatefulSet to avoid conflicts  
      fsGroupChangePolicy: "OnRootMismatch"  # Only change permissions if root ownership differs
      runAsNonRoot: true
    
    # Use secret for credentials (secure approach)
    extraEnv:
      - name: ZO_ROOT_USER_EMAIL
        valueFrom:
          secretKeyRef:
            name: openobserve-credentials
            key: ZO_ROOT_USER_EMAIL
      - name: ZO_ROOT_USER_PASSWORD
        valueFrom:
          secretKeyRef:
            name: openobserve-credentials
            key: ZO_ROOT_USER_PASSWORD
      # SMTP configuration for email alerts - all as environment variables
      - name: ZO_SMTP_ENABLED
        value: "true"
      - name: ZO_SMTP_HOST
        value: "<YOUR_SMTP_SERVER>"
      - name: ZO_SMTP_PORT
        value: "587"
      - name: ZO_SMTP_USERNAME
        value: "alerts@mail.keyboardvagabond.com"
      - name: ZO_SMTP_FROM_EMAIL
        value: "alerts@mail.keyboardvagabond.com"
      - name: ZO_SMTP_REPLY_TO
        value: "alerts@mail.keyboardvagabond.com"
      - name: ZO_SMTP_ENCRYPTION
        value: "starttls"
      - name: ZO_SMTP_PASSWORD
        valueFrom:
          secretKeyRef:
            name: openobserve-credentials
            key: ZO_SMTP_PASSWORD
redaction (#1) Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me> 2025-12-24 13:40:47 +00:00			`# manifests/infrastructure/openobserve/openobserve.yaml`
			`apiVersion: source.toolkit.fluxcd.io/v1`
			`kind: HelmRepository`
			`metadata:`
			`name: openobserve`
			`namespace: openobserve`
			`spec:`
			`interval: 5m0s`
			`url: https://charts.openobserve.ai`
			`---`
			`apiVersion: helm.toolkit.fluxcd.io/v2`
			`kind: HelmRelease`
			`metadata:`
			`name: openobserve`
			`namespace: openobserve`
			`spec:`
			`interval: 5m`
			`chart:`
			`spec:`
			`chart: openobserve-standalone`
			`version: ">=0.15.0"`
			`sourceRef:`
			`kind: HelmRepository`
			`name: openobserve`
			`namespace: openobserve`
			`interval: 1m`
			`values:`
			`# Use SIMD-optimized image for ARM with NEON support`
			`image:`
			`repository: public.ecr.aws/zinclabs/openobserve`
			`tag: v0.15.0-simd`

			`# Basic configuration with memory optimization`
			`config:`
			`ZO_TELEMETRY: "false"`
			`ZO_WEB_URL: "https://obs.keyboardvagabond.com"`
			`# Aggressive data retention for resource-constrained environment`
			`ZO_COMPACT_DATA_RETENTION_DAYS: "7" # Reduced from 14 to 7 days`
			`ZO_COMPACT_RETENTION_LOGS: "7" # Explicit log retention`
			`ZO_COMPACT_RETENTION_METRICS: "14" # Keep metrics longer than logs`
			`ZO_COMPACT_RETENTION_TRACES: "3" # Traces are large, keep only 3 days`

			`# Memory optimization settings - reduced for 5GB container limit`
			`ZO_MEMORY_CACHE_MAX_SIZE: "1536" # Reduced to 1.5GB (was 2GB) - still good performance`
			`ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE: "768" # Reduced to 768MB (was 1GB) - adequate for queries`
			`ZO_MAX_FILE_SIZE_IN_MEMORY: "64" # Reduce memory table size to 64MB (default 256MB)`
			`ZO_MEM_DUMP_THREAD_NUM: "2" # Use 2 threads for memory dumps (faster disk writes)`

			`# Enable disk caching to reduce RAM usage`
			`ZO_DISK_CACHE_ENABLED: "true"`
			`ZO_DISK_CACHE_MAX_SIZE: "8192" # 8GB disk cache (in MB)`

			`# Reduce field processing overhead`
			`ZO_COLS_PER_RECORD_LIMIT: "500" # Limit fields per record (default 1000)`

			`# Optimized compaction for memory efficiency`
			`ZO_COMPACT_SYNC_TO_DB_INTERVAL: "10" # Reduced frequency (was 5s) to save memory`
			`ZO_COMPACT_MAX_FILE_SIZE: "256" # Smaller files (256MB) to reduce memory buffers`
			`ZO_COMPACT_INTERVAL: "120" # Less frequent compaction (2min vs 1min) to reduce memory spikes`
			`ZO_COMPACT_STEP_SIZE: "500" # Fewer files per step to reduce memory usage`

			`# Local storage for now - easy to migrate to S3 later`
			`persistence:`
			`size: 100Gi`
			`storageClass: "longhorn"`

			`# Resource limits optimized with memory configuration tunning`
			`resources:`
			`requests:`
			`cpu: 512m`
			`memory: 1.5Gi # Reasonable request for optimized caches`
			`limits:`
			`cpu: 2500m`
			`memory: 5Gi # Keep at 5GB with optimized cache settings`

			`ingress:`
			`enabled: false`

			`# Security context optimized for large volumes per Kubernetes docs`
			`# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods`
			`securityContext:`
			`fsGroup: 2000`
			`runAsUser: 10000 # Match existing StatefulSet to avoid conflicts`
			`runAsGroup: 3000 # Match existing StatefulSet to avoid conflicts`
			`fsGroupChangePolicy: "OnRootMismatch" # Only change permissions if root ownership differs`
			`runAsNonRoot: true`

			`# Use secret for credentials (secure approach)`
			`extraEnv:`
			`- name: ZO_ROOT_USER_EMAIL`
			`valueFrom:`
			`secretKeyRef:`
			`name: openobserve-credentials`
			`key: ZO_ROOT_USER_EMAIL`
			`- name: ZO_ROOT_USER_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: openobserve-credentials`
			`key: ZO_ROOT_USER_PASSWORD`
			`# SMTP configuration for email alerts - all as environment variables`
			`- name: ZO_SMTP_ENABLED`
			`value: "true"`
			`- name: ZO_SMTP_HOST`
			`value: "<YOUR_SMTP_SERVER>"`
			`- name: ZO_SMTP_PORT`
			`value: "587"`
			`- name: ZO_SMTP_USERNAME`
			`value: "alerts@mail.keyboardvagabond.com"`
			`- name: ZO_SMTP_FROM_EMAIL`
			`value: "alerts@mail.keyboardvagabond.com"`
			`- name: ZO_SMTP_REPLY_TO`
			`value: "alerts@mail.keyboardvagabond.com"`
			`- name: ZO_SMTP_ENCRYPTION`
			`value: "starttls"`
			`- name: ZO_SMTP_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: openobserve-credentials`
			`key: ZO_SMTP_PASSWORD`