diff --git a/kubernetes/apps/observability/thanos/app/externalsecret.yaml b/kubernetes/apps/observability/thanos/app/externalsecret.yaml new file mode 100644 index 00000000..207b5ce6 --- /dev/null +++ b/kubernetes/apps/observability/thanos/app/externalsecret.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: thanos +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: thanos-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + S3_HOST: s3.hsn.dev + S3_BUCKET: "{{ .minio_thanos_bucket_name }}" + S3_ACCESS_KEY: "{{ .minio_thanos_access_key }}" + S3_SECRET_KEY: "{{ .minio_thanos_secret_key }}" + S3_REGION: us-east-1 + dataFrom: + - extract: + key: Minio + rewrite: + - regexp: + source: "(.*)" + target: "minio_$1" diff --git a/kubernetes/apps/observability/thanos/app/helmrelease.yaml b/kubernetes/apps/observability/thanos/app/helmrelease.yaml index 0b937825..ca11c497 100644 --- a/kubernetes/apps/observability/thanos/app/helmrelease.yaml +++ b/kubernetes/apps/observability/thanos/app/helmrelease.yaml @@ -23,40 +23,33 @@ spec: remediation: strategy: rollback retries: 3 - dependsOn: - - name: openebs-cluster - namespace: openebs-system - - name: dragonfly-operator - namespace: dragonfly-operator-system - - name: rook-ceph-cluster - namespace: rook-ceph valuesFrom: - targetPath: objstoreConfig.value.config.bucket - kind: ConfigMap - name: thanos-bucket - valuesKey: BUCKET_NAME + kind: Secret + name: thanos-secret + valuesKey: S3_BUCKET - targetPath: objstoreConfig.value.config.endpoint - kind: ConfigMap - name: thanos-bucket - valuesKey: BUCKET_HOST + kind: Secret + name: thanos-secret + valuesKey: S3_HOST - targetPath: objstoreConfig.value.config.region - kind: ConfigMap - name: thanos-bucket - valuesKey: BUCKET_REGION + kind: Secret + name: thanos-secret + valuesKey: S3_REGION - targetPath: objstoreConfig.value.config.access_key kind: Secret - name: thanos-bucket - valuesKey: AWS_ACCESS_KEY_ID + name: thanos-secret + valuesKey: S3_ACCESS_KEY - targetPath: objstoreConfig.value.config.secret_key kind: Secret - name: thanos-bucket - valuesKey: AWS_SECRET_ACCESS_KEY + name: thanos-secret + valuesKey: S3_SECRET_KEY values: objstoreConfig: value: type: s3 config: - insecure: true + insecure: false additionalEndpoints: - dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local additionalReplicaLabels: ["__replica__"] diff --git a/kubernetes/apps/observability/thanos/app/kustomization.yaml b/kubernetes/apps/observability/thanos/app/kustomization.yaml index 2945c5f7..9a4c8f20 100644 --- a/kubernetes/apps/observability/thanos/app/kustomization.yaml +++ b/kubernetes/apps/observability/thanos/app/kustomization.yaml @@ -3,12 +3,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./objectbucketclaim.yaml - ./helmrelease.yaml - - ./pushsecret.yaml + - ./externalsecret.yaml configMapGenerator: - name: thanos-cache-configmap files: - cache.yaml=./resources/cache.yml generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + disableNameSuffixHash: true diff --git a/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml b/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml deleted file mode 100644 index bf9405e5..00000000 --- a/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: thanos-bucket -spec: - bucketName: thanos - storageClassName: ceph-bucket \ No newline at end of file diff --git a/kubernetes/apps/observability/thanos/app/pushsecret.yaml b/kubernetes/apps/observability/thanos/app/pushsecret.yaml deleted file mode 100644 index b028df68..00000000 --- a/kubernetes/apps/observability/thanos/app/pushsecret.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json -apiVersion: external-secrets.io/v1alpha1 -kind: PushSecret -metadata: - name: thanos -spec: - refreshInterval: 1h - secretStoreRefs: - - name: onepassword-connect - kind: ClusterSecretStore - selector: - secret: - name: thanos-bucket - data: - - match: - secretKey: &key AWS_ACCESS_KEY_ID - remoteRef: - remoteKey: thanos - property: *key - - match: - secretKey: &key AWS_SECRET_ACCESS_KEY - remoteRef: - remoteKey: thanos - property: *key \ No newline at end of file diff --git a/kubernetes/apps/observability/thanos/ks.yaml b/kubernetes/apps/observability/thanos/ks.yaml index 52d695c5..ab7d5577 100644 --- a/kubernetes/apps/observability/thanos/ks.yaml +++ b/kubernetes/apps/observability/thanos/ks.yaml @@ -12,6 +12,8 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: openebs-cluster + - name: dragonfly-operator path: ./kubernetes/apps/observability/thanos/app prune: true sourceRef: @@ -20,4 +22,4 @@ spec: wait: false interval: 30m retryInterval: 1m - timeout: 15m \ No newline at end of file + timeout: 15m