redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/manifests/infrastructure/openobserve/openobserve.yaml
+++ b/manifests/infrastructure/openobserve/openobserve.yaml
@@ -0,0 +1,119 @@
+# manifests/infrastructure/openobserve/openobserve.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: openobserve
+  namespace: openobserve
+spec:
+  interval: 5m0s
+  url: https://charts.openobserve.ai
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openobserve
+  namespace: openobserve
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: openobserve-standalone
+      version: ">=0.15.0"
+      sourceRef:
+        kind: HelmRepository
+        name: openobserve
+        namespace: openobserve
+      interval: 1m
+  values:
+    # Use SIMD-optimized image for ARM with NEON support
+    image:
+      repository: public.ecr.aws/zinclabs/openobserve
+      tag: v0.15.0-simd
+    
+    # Basic configuration with memory optimization
+    config:
+      ZO_TELEMETRY: "false"
+      ZO_WEB_URL: "https://obs.keyboardvagabond.com"
+      # Aggressive data retention for resource-constrained environment
+      ZO_COMPACT_DATA_RETENTION_DAYS: "7"  # Reduced from 14 to 7 days
+      ZO_COMPACT_RETENTION_LOGS: "7"       # Explicit log retention
+      ZO_COMPACT_RETENTION_METRICS: "14"   # Keep metrics longer than logs
+      ZO_COMPACT_RETENTION_TRACES: "3"     # Traces are large, keep only 3 days
+      
+      # Memory optimization settings - reduced for 5GB container limit
+      ZO_MEMORY_CACHE_MAX_SIZE: "1536"  # Reduced to 1.5GB (was 2GB) - still good performance
+      ZO_MEMORY_CACHE_DATAFUSION_MAX_SIZE: "768"   # Reduced to 768MB (was 1GB) - adequate for queries
+      ZO_MAX_FILE_SIZE_IN_MEMORY: "64"  # Reduce memory table size to 64MB (default 256MB)
+      ZO_MEM_DUMP_THREAD_NUM: "2"  # Use 2 threads for memory dumps (faster disk writes)
+      
+      # Enable disk caching to reduce RAM usage
+      ZO_DISK_CACHE_ENABLED: "true"
+      ZO_DISK_CACHE_MAX_SIZE: "8192"  # 8GB disk cache (in MB)
+      
+      # Reduce field processing overhead
+      ZO_COLS_PER_RECORD_LIMIT: "500"  # Limit fields per record (default 1000)
+      
+      # Optimized compaction for memory efficiency
+      ZO_COMPACT_SYNC_TO_DB_INTERVAL: "10"  # Reduced frequency (was 5s) to save memory
+      ZO_COMPACT_MAX_FILE_SIZE: "256"       # Smaller files (256MB) to reduce memory buffers
+      ZO_COMPACT_INTERVAL: "120"            # Less frequent compaction (2min vs 1min) to reduce memory spikes
+      ZO_COMPACT_STEP_SIZE: "500"           # Fewer files per step to reduce memory usage
+    
+    # Local storage for now - easy to migrate to S3 later
+    persistence:
+      size: 100Gi
+      storageClass: "longhorn"
+    
+    # Resource limits optimized with memory configuration tunning
+    resources:
+      requests:
+        cpu: 512m
+        memory: 1.5Gi    # Reasonable request for optimized caches
+      limits:
+        cpu: 2500m
+        memory: 5Gi      # Keep at 5GB with optimized cache settings
+    
+    ingress:
+      enabled: false
+    
+    # Security context optimized for large volumes per Kubernetes docs
+    # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
+    securityContext:
+      fsGroup: 2000
+      runAsUser: 10000  # Match existing StatefulSet to avoid conflicts
+      runAsGroup: 3000  # Match existing StatefulSet to avoid conflicts  
+      fsGroupChangePolicy: "OnRootMismatch"  # Only change permissions if root ownership differs
+      runAsNonRoot: true
+    
+    # Use secret for credentials (secure approach)
+    extraEnv:
+      - name: ZO_ROOT_USER_EMAIL
+        valueFrom:
+          secretKeyRef:
+            name: openobserve-credentials
+            key: ZO_ROOT_USER_EMAIL
+      - name: ZO_ROOT_USER_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: openobserve-credentials
+            key: ZO_ROOT_USER_PASSWORD
+      # SMTP configuration for email alerts - all as environment variables
+      - name: ZO_SMTP_ENABLED
+        value: "true"
+      - name: ZO_SMTP_HOST
+        value: "<YOUR_SMTP_SERVER>"
+      - name: ZO_SMTP_PORT
+        value: "587"
+      - name: ZO_SMTP_USERNAME
+        value: "alerts@mail.keyboardvagabond.com"
+      - name: ZO_SMTP_FROM_EMAIL
+        value: "alerts@mail.keyboardvagabond.com"
+      - name: ZO_SMTP_REPLY_TO
+        value: "alerts@mail.keyboardvagabond.com"
+      - name: ZO_SMTP_ENCRYPTION
+        value: "starttls"
+      - name: ZO_SMTP_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: openobserve-credentials
+            key: ZO_SMTP_PASSWORD