jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 4 Projects Releases Packages Wiki Activity Actions

Remove thanos bitnami chart.

Browse source
This commit is contained in:
Joseph Hanson 2024-04-04 10:47:54 -05:00
parent 3541923467
commit 4268a6fb8d
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
6 changed files with 134 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
kubernetes/apps/observability/thanos/app/externalsecret.yaml
View file

@ -1,31 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: thanos
namespace: monitoring
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: thanos-s3-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
objstore.yml: |-
type: s3
config:
access_key: {{ .s3_thanos_access_key }}
bucket: {{ .s3_thanos_bucket_name }}
endpoint: {{ .s3_homelab_endpoint }}
secret_key: {{ .s3_thanos_secret_key }}
dataFrom:
- extract:
key: Minio
rewrite:
- regexp:
source: "(.*)"
target: "s3_$1"

151
kubernetes/apps/observability/thanos/app/helmrelease.yaml
View file

@ -10,10 +10,10 @@ spec:
chart: chart:
spec: spec:
chart: thanos chart: thanos
version: 14.0.2 version: 1.16.2
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bitnami name: stevehipwell
namespace: flux-system namespace: flux-system
install: install:
remediation: remediation:
@ -21,9 +21,8 @@ spec:
upgrade: upgrade:
cleanupOnFail: true cleanupOnFail: true
remediation: remediation:
strategy: rollback
retries: 3 retries: 3
uninstall:
keepHistory: false
dependsOn: dependsOn:
- name: openebs - name: openebs
namespace: openebs-system namespace: openebs-system
@ -31,84 +30,85 @@ spec:
namespace: dragonfly-operator-system namespace: dragonfly-operator-system
- name: rook-ceph-cluster - name: rook-ceph-cluster
namespace: rook-ceph namespace: rook-ceph
valuesFrom:
- targetPath: objstoreConfig.value.config.bucket
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_NAME
- targetPath: objstoreConfig.value.config.endpoint
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_HOST
- targetPath: objstoreConfig.value.config.region
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_REGION
- targetPath: objstoreConfig.value.config.access_key
kind: Secret
name: thanos-bucket
valuesKey: AWS_ACCESS_KEY_ID
- targetPath: objstoreConfig.value.config.secret_key
kind: Secret
name: thanos-bucket
valuesKey: AWS_SECRET_ACCESS_KEY
values: values:
existingObjstoreSecret: thanos-s3-secret
image:
registry: quay.io
repository: thanos/thanos
tag: v0.34.1
objstoreConfig: objstoreConfig:
value:
type: s3 type: s3
config: config:
insecure: true insecure: true
receive: additionalEndpoints:
enabled: false - dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
networkPolicy: additionalReplicaLabels: ["__replica__"]
enabled: false serviceMonitor:
queryFrontend:
enabled: true enabled: true
replicaCount: 2 compact:
config: &config |-
type: REDIS
config:
addr: dragonfly.database.svc.cluster.local:6379
db: 2
ingress:
enabled: true enabled: true
ingressClassName: internal-nginx extraArgs:
hostname: &host thanos-query-frontend.jahanson.tech
tls: true
extraTls:
- hosts:
- *host
networkPolicy:
enabled: false
query:
enabled: true
replicaCount: 2
replicaLabel: ["__replica__"]
dnsDiscovery:
sidecarsService: kube-prometheus-stack-thanos-discovery
sidecarsNamespace: observability
stores: ["thanos.jahanson.tech:10901"]
networkPolicy:
enabled: false
bucketweb:
enabled: true
replicaCount: 2
networkPolicy:
enabled: false
compactor:
enabled: true
extraFlags:
- --compact.concurrency=4 - --compact.concurrency=4
- --delete-delay=30m - --delete-delay=30m
retentionResolutionRaw: 14d - --retention.resolution-raw=14d
retentionResolution5m: 30d - --retention.resolution-5m=30d
retentionResolution1h: 60d - --retention.resolution-1h=60d
persistence: persistence: &persistence
enabled: true enabled: true
storageClass: openebs-hostpath storageClass: openebs-hostpath
size: 10Gi size: 10Gi
networkPolicy: query:
enabled: false replicas: 2
storegateway: extraArgs: ["--alert.query-url=https://thanos.hsn.dev"]
additionalStores: ["thanos.turbo.ac:10901"]
queryFrontend:
enabled: true enabled: true
replicaCount: 2 replicas: 2
config: *config extraEnv: &extraEnv
persistence: - name: THANOS_CACHE_CONFIG
valueFrom:
configMapKeyRef:
name: &configMap thanos-cache-configmap
key: cache.yaml
extraArgs: ["--query-range.response-cache-config=$(THANOS_CACHE_CONFIG)"]
ingress:
enabled: true enabled: true
storageClass: openebs-hostpath ingressClassName: internal
size: 10Gi hosts:
networkPolicy: - &host thanos.hsn.dev
enabled: false tls:
ruler: - hosts: [*host]
podAnnotations: &podAnnotations
configmap.reloader.stakater.com/reload: *configMap
rule:
enabled: true enabled: true
replicaCount: 2 replicas: 2
replicaLabel: __replica__ extraArgs: ["--web.prefix-header=X-Forwarded-Prefix"]
alertmanagers: ["http://alertmanager-operated.observability.svc.cluster.local:9093"] alertmanagersConfig:
extraFlags: ["--web.prefix-header=X-Forwarded-Prefix"] value: |-
config: |- alertmanagers:
- api_version: v2
static_configs:
- dnssrv+_http-web._tcp.alertmanager-operated.observability.svc.cluster.local
rules:
value: |-
groups: groups:
- name: PrometheusWatcher - name: PrometheusWatcher
rules: rules:
@ -119,13 +119,10 @@ spec:
for: 5m for: 5m
labels: labels:
severity: critical severity: critical
persistence: persistence: *persistence
enabled: true storeGateway:
storageClass: openebs-hostpath replicas: 2
size: 10Gi extraEnv: *extraEnv
networkPolicy: extraArgs: ["--index-cache.config=$(THANOS_CACHE_CONFIG)"]
enabled: false persistence: *persistence
metrics: podAnnotations: *podAnnotations
enabled: true
serviceMonitor:
enabled: true

9
kubernetes/apps/observability/thanos/app/kustomization.yaml
View file

@ -3,5 +3,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./externalsecret.yaml - ./objectbucketclaim.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ./pushsecret.yaml
configMapGenerator:
- name: thanos-cache-configmap
files:
- cache.yaml=./resources/cache.yml
generatorOptions:
disableNameSuffixHash: true

9
kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml Normal file
View file

@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: thanos-bucket
spec:
bucketName: thanos
storageClassName: ceph-bucket

25
kubernetes/apps/observability/thanos/app/pushsecret.yaml Normal file
View file

@ -0,0 +1,25 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: thanos
spec:
refreshInterval: 1h
secretStoreRefs:
- name: onepassword-connect
kind: ClusterSecretStore
selector:
secret:
name: thanos-bucket
data:
- match:
secretKey: &key AWS_ACCESS_KEY_ID
remoteRef:
remoteKey: thanos
property: *key
- match:
secretKey: &key AWS_SECRET_ACCESS_KEY
remoteRef:
remoteKey: thanos
property: *key

5
kubernetes/apps/observability/thanos/app/resources/cache.yml Normal file
View file

@ -0,0 +1,5 @@
---
type: REDIS
config:
addr: dragonfly.database.svc.cluster.local:6379
db: 1