Remove thanos bitnami chart.

2024-04-04 10:47:54 -05:00 · 2024-04-04 10:47:54 -05:00 · 4268a6fb8d
commit 4268a6fb8d
parent 3541923467
6 changed files with 134 additions and 122 deletions
--- a/kubernetes/apps/observability/thanos/app/externalsecret.yaml
+++ b/kubernetes/apps/observability/thanos/app/externalsecret.yaml
@ -1,31 +0,0 @@
---
-# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: thanos
-  namespace: monitoring
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: thanos-s3-secret
-    creationPolicy: Owner
-    template:
-      engineVersion: v2
-      data:
-        objstore.yml: |-
-          type: s3
-          config:
-            access_key: {{ .s3_thanos_access_key }}
-            bucket: {{ .s3_thanos_bucket_name }}
-            endpoint: {{ .s3_homelab_endpoint }}
-            secret_key: {{ .s3_thanos_secret_key }}
-  dataFrom:
-    - extract:
-        key: Minio
-      rewrite:
-        - regexp:
-            source: "(.*)"
-            target: "s3_$1"
--- a/kubernetes/apps/observability/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/thanos/app/helmrelease.yaml
@ -10,10 +10,10 @@ spec:
  chart:
    spec:
      chart: thanos
-      version: 14.0.2
+      version: 1.16.2
      sourceRef:
        kind: HelmRepository
-        name: bitnami
+        name: stevehipwell
        namespace: flux-system
  install:
    remediation:
@ -21,9 +21,8 @@ spec:
  upgrade:
    cleanupOnFail: true
    remediation:
+      strategy: rollback
      retries: 3
-  uninstall:
-    keepHistory: false
  dependsOn:
    - name: openebs
      namespace: openebs-system
@ -31,101 +30,99 @@ spec:
      namespace: dragonfly-operator-system
    - name: rook-ceph-cluster
      namespace: rook-ceph
+  valuesFrom:
+    - targetPath: objstoreConfig.value.config.bucket
+      kind: ConfigMap
+      name: thanos-bucket
+      valuesKey: BUCKET_NAME
+    - targetPath: objstoreConfig.value.config.endpoint
+      kind: ConfigMap
+      name: thanos-bucket
+      valuesKey: BUCKET_HOST
+    - targetPath: objstoreConfig.value.config.region
+      kind: ConfigMap
+      name: thanos-bucket
+      valuesKey: BUCKET_REGION
+    - targetPath: objstoreConfig.value.config.access_key
+      kind: Secret
+      name: thanos-bucket
+      valuesKey: AWS_ACCESS_KEY_ID
+    - targetPath: objstoreConfig.value.config.secret_key
+      kind: Secret
+      name: thanos-bucket
+      valuesKey: AWS_SECRET_ACCESS_KEY
  values:
-    existingObjstoreSecret: thanos-s3-secret
-    image:
-      registry: quay.io
-      repository: thanos/thanos
-      tag: v0.34.1
    objstoreConfig:
-      type: s3
-      config:
-        insecure: true
-    receive:
-      enabled: false
-      networkPolicy:
-        enabled: false
-    queryFrontend:
-      enabled: true
-      replicaCount: 2
-      config: &config |-
-        type: REDIS
+      value:
+        type: s3
        config:
-          addr: dragonfly.database.svc.cluster.local:6379
-          db: 2
-      ingress:
-        enabled: true
-        ingressClassName: internal-nginx
-        hostname: &host thanos-query-frontend.jahanson.tech
-        tls: true
-        extraTls:
-          - hosts:
-              - *host
-      networkPolicy:
-        enabled: false
-    query:
+          insecure: true
+    additionalEndpoints:
+      - dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
+    additionalReplicaLabels: ["__replica__"]
+    serviceMonitor:
      enabled: true
-      replicaCount: 2
-      replicaLabel: ["__replica__"]
-      dnsDiscovery:
-        sidecarsService: kube-prometheus-stack-thanos-discovery
-        sidecarsNamespace: observability
-      stores: ["thanos.jahanson.tech:10901"]
-      networkPolicy:
-        enabled: false
-    bucketweb:
+    compact:
      enabled: true
-      replicaCount: 2
-      networkPolicy:
-        enabled: false
-    compactor:
-      enabled: true
-      extraFlags:
+      extraArgs:
        - --compact.concurrency=4
        - --delete-delay=30m
-      retentionResolutionRaw: 14d
-      retentionResolution5m: 30d
-      retentionResolution1h: 60d
-      persistence:
+        - --retention.resolution-raw=14d
+        - --retention.resolution-5m=30d
+        - --retention.resolution-1h=60d
+      persistence: &persistence
        enabled: true
        storageClass: openebs-hostpath
        size: 10Gi
-      networkPolicy:
-        enabled: false
-    storegateway:
+    query:
+      replicas: 2
+      extraArgs: ["--alert.query-url=https://thanos.hsn.dev"]
+      additionalStores: ["thanos.turbo.ac:10901"]
+    queryFrontend:
      enabled: true
-      replicaCount: 2
-      config: *config
-      persistence:
+      replicas: 2
+      extraEnv: &extraEnv
+        - name: THANOS_CACHE_CONFIG
+          valueFrom:
+            configMapKeyRef:
+              name: &configMap thanos-cache-configmap
+              key: cache.yaml
+      extraArgs: ["--query-range.response-cache-config=$(THANOS_CACHE_CONFIG)"]
+      ingress:
        enabled: true
-        storageClass: openebs-hostpath
-        size: 10Gi
-      networkPolicy:
-        enabled: false
-    ruler:
+        ingressClassName: internal
+        hosts:
+          - &host thanos.hsn.dev
+        tls:
+          - hosts: [*host]
+      podAnnotations: &podAnnotations
+        configmap.reloader.stakater.com/reload: *configMap
+    rule:
      enabled: true
-      replicaCount: 2
-      replicaLabel: __replica__
-      alertmanagers: ["http://alertmanager-operated.observability.svc.cluster.local:9093"]
-      extraFlags: ["--web.prefix-header=X-Forwarded-Prefix"]
-      config: |-
-        groups:
-          - name: PrometheusWatcher
-            rules:
-              - alert: PrometheusDown
-                annotations:
-                  summary: A Prometheus has disappeared from Prometheus target discovery
-                expr: absent(up{job="kube-prometheus-stack-prometheus"})
-                for: 5m
-                labels:
-                  severity: critical
-      persistence:
-        enabled: true
-        storageClass: openebs-hostpath
-        size: 10Gi
-      networkPolicy:
-        enabled: false
-    metrics:
-      enabled: true
-      serviceMonitor:
-        enabled: true
+      replicas: 2
+      extraArgs: ["--web.prefix-header=X-Forwarded-Prefix"]
+      alertmanagersConfig:
+        value: |-
+          alertmanagers:
+            - api_version: v2
+              static_configs:
+                - dnssrv+_http-web._tcp.alertmanager-operated.observability.svc.cluster.local
+      rules:
+        value: |-
+          groups:
+            - name: PrometheusWatcher
+              rules:
+                - alert: PrometheusDown
+                  annotations:
+                    summary: A Prometheus has disappeared from Prometheus target discovery
+                  expr: absent(up{job="kube-prometheus-stack-prometheus"})
+                  for: 5m
+                  labels:
+                    severity: critical
+      persistence: *persistence
+    storeGateway:
+      replicas: 2
+      extraEnv: *extraEnv
+      extraArgs: ["--index-cache.config=$(THANOS_CACHE_CONFIG)"]
+      persistence: *persistence
+      podAnnotations: *podAnnotations
--- a/kubernetes/apps/observability/thanos/app/kustomization.yaml
+++ b/kubernetes/apps/observability/thanos/app/kustomization.yaml
@ -3,5 +3,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./externalsecret.yaml
-  - ./helmrelease.yaml
+  - ./objectbucketclaim.yaml
+  - ./helmrelease.yaml
+  - ./pushsecret.yaml
+configMapGenerator:
+  - name: thanos-cache-configmap
+    files:
+      - cache.yaml=./resources/cache.yml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml
+++ b/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml
@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: thanos-bucket
+spec:
+  bucketName: thanos
+  storageClassName: ceph-bucket
--- a/kubernetes/apps/observability/thanos/app/pushsecret.yaml
+++ b/kubernetes/apps/observability/thanos/app/pushsecret.yaml
@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: thanos
+spec:
+  refreshInterval: 1h
+  secretStoreRefs:
+    - name: onepassword-connect
+      kind: ClusterSecretStore
+  selector:
+    secret:
+      name: thanos-bucket
+  data:
+    - match:
+        secretKey: &key AWS_ACCESS_KEY_ID
+        remoteRef:
+          remoteKey: thanos
+          property: *key
+    - match:
+        secretKey: &key AWS_SECRET_ACCESS_KEY
+        remoteRef:
+          remoteKey: thanos
+          property: *key
--- a/kubernetes/apps/observability/thanos/app/resources/cache.yml
+++ b/kubernetes/apps/observability/thanos/app/resources/cache.yml
@ -0,0 +1,5 @@
+---
+type: REDIS
+config:
+  addr: dragonfly.database.svc.cluster.local:6379
+  db: 1