diff --git a/kubernetes/apps/observability/loki/app/externalsecret.yaml b/kubernetes/apps/observability/loki/app/externalsecret.yaml new file mode 100644 index 0000000..c7b7efa --- /dev/null +++ b/kubernetes/apps/observability/loki/app/externalsecret.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: loki +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: loki-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + S3_BUCKET_HOST: s3.hsn.dev + S3_BUCKET_NAME: "{{ .minio_thanos_bucket_name }}" + S3_ACCESS_KEY: "{{ .minio_loki_access_key }}" + S3_SECRET_KEY: "{{ .minio_loki_secret_key }}" + S3_BUCKET_REGION: us-east-1 + dataFrom: + - extract: + key: minio + rewrite: + - regexp: + source: "(.*)" + target: "minio_$1" diff --git a/kubernetes/apps/observability/loki/app/helmrelease.yaml b/kubernetes/apps/observability/loki/app/helmrelease.yaml index cf547b1..0c3ef59 100644 --- a/kubernetes/apps/observability/loki/app/helmrelease.yaml +++ b/kubernetes/apps/observability/loki/app/helmrelease.yaml @@ -26,39 +26,36 @@ spec: dependsOn: - name: openebs-cluster namespace: openebs-system - - name: rook-ceph-cluster - namespace: rook-ceph - name: vector-agent namespace: observability - name: vector-aggregator namespace: observability valuesFrom: - targetPath: loki.storage.bucketNames.chunks - kind: ConfigMap - name: &cephBucket loki-bucket + kind: Secret + name: loki-secret valuesKey: BUCKET_NAME - targetPath: loki.storage.s3.endpoint - kind: ConfigMap - name: *cephBucket + kind: Secret + name: loki-secret valuesKey: BUCKET_HOST - targetPath: loki.storage.s3.region - kind: ConfigMap - name: *cephBucket + kind: Secret + name: loki-secret valuesKey: BUCKET_REGION - targetPath: loki.storage.s3.accessKeyId kind: Secret - name: *cephBucket + name: loki-secret valuesKey: AWS_ACCESS_KEY_ID - targetPath: loki.storage.s3.secretAccessKey kind: Secret - name: *cephBucket + name: loki-secret valuesKey: AWS_SECRET_ACCESS_KEY values: deploymentMode: SimpleScalable loki: podAnnotations: - configmap.reloader.stakater.com/reload: *cephBucket - secret.reloader.stakater.com/reload: *cephBucket + secret.reloader.stakater.com/reload: loki-secret ingester: chunk_encoding: snappy storage: diff --git a/kubernetes/apps/observability/loki/app/kustomization.yaml b/kubernetes/apps/observability/loki/app/kustomization.yaml index 334f716..4eed917 100644 --- a/kubernetes/apps/observability/loki/app/kustomization.yaml +++ b/kubernetes/apps/observability/loki/app/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./objectbucketclaim.yaml - - ./helmrelease.yaml \ No newline at end of file + - ./externalsecret.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/loki/app/objectbucketclaim.yaml b/kubernetes/apps/observability/loki/app/objectbucketclaim.yaml deleted file mode 100644 index 8fea0e6..0000000 --- a/kubernetes/apps/observability/loki/app/objectbucketclaim.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: loki-bucket -spec: - bucketName: loki - storageClassName: ceph-bucket \ No newline at end of file