Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
6424c51a86 |
6 changed files with 47 additions and 59 deletions
28
kubernetes/apps/observability/thanos/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/thanos/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: thanos
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: thanos-secret
|
||||
creationPolicy: Owner
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
S3_HOST: s3.hsn.dev
|
||||
S3_BUCKET: "{{ .minio_thanos_bucket_name }}"
|
||||
S3_ACCESS_KEY: "{{ .minio_thanos_access_key }}"
|
||||
S3_SECRET_KEY: "{{ .minio_thanos_secret_key }}"
|
||||
S3_REGION: us-east-1
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: Minio
|
||||
rewrite:
|
||||
- regexp:
|
||||
source: "(.*)"
|
||||
target: "minio_$1"
|
|
@ -23,40 +23,33 @@ spec:
|
|||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
dependsOn:
|
||||
- name: openebs-cluster
|
||||
namespace: openebs-system
|
||||
- name: dragonfly-operator
|
||||
namespace: dragonfly-operator-system
|
||||
- name: rook-ceph-cluster
|
||||
namespace: rook-ceph
|
||||
valuesFrom:
|
||||
- targetPath: objstoreConfig.value.config.bucket
|
||||
kind: ConfigMap
|
||||
name: thanos-bucket
|
||||
valuesKey: BUCKET_NAME
|
||||
kind: Secret
|
||||
name: thanos-secret
|
||||
valuesKey: S3_BUCKET
|
||||
- targetPath: objstoreConfig.value.config.endpoint
|
||||
kind: ConfigMap
|
||||
name: thanos-bucket
|
||||
valuesKey: BUCKET_HOST
|
||||
kind: Secret
|
||||
name: thanos-secret
|
||||
valuesKey: S3_HOST
|
||||
- targetPath: objstoreConfig.value.config.region
|
||||
kind: ConfigMap
|
||||
name: thanos-bucket
|
||||
valuesKey: BUCKET_REGION
|
||||
kind: Secret
|
||||
name: thanos-secret
|
||||
valuesKey: S3_REGION
|
||||
- targetPath: objstoreConfig.value.config.access_key
|
||||
kind: Secret
|
||||
name: thanos-bucket
|
||||
valuesKey: AWS_ACCESS_KEY_ID
|
||||
name: thanos-secret
|
||||
valuesKey: S3_ACCESS_KEY
|
||||
- targetPath: objstoreConfig.value.config.secret_key
|
||||
kind: Secret
|
||||
name: thanos-bucket
|
||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
||||
name: thanos-secret
|
||||
valuesKey: S3_SECRET_KEY
|
||||
values:
|
||||
objstoreConfig:
|
||||
value:
|
||||
type: s3
|
||||
config:
|
||||
insecure: true
|
||||
insecure: false
|
||||
additionalEndpoints:
|
||||
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
|
||||
additionalReplicaLabels: ["__replica__"]
|
||||
|
|
|
@ -3,12 +3,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./objectbucketclaim.yaml
|
||||
- ./helmrelease.yaml
|
||||
- ./pushsecret.yaml
|
||||
- ./externalsecret.yaml
|
||||
configMapGenerator:
|
||||
- name: thanos-cache-configmap
|
||||
files:
|
||||
- cache.yaml=./resources/cache.yml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
disableNameSuffixHash: true
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
|
||||
apiVersion: objectbucket.io/v1alpha1
|
||||
kind: ObjectBucketClaim
|
||||
metadata:
|
||||
name: thanos-bucket
|
||||
spec:
|
||||
bucketName: thanos
|
||||
storageClassName: ceph-bucket
|
|
@ -1,25 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
|
||||
apiVersion: external-secrets.io/v1alpha1
|
||||
kind: PushSecret
|
||||
metadata:
|
||||
name: thanos
|
||||
spec:
|
||||
refreshInterval: 1h
|
||||
secretStoreRefs:
|
||||
- name: onepassword-connect
|
||||
kind: ClusterSecretStore
|
||||
selector:
|
||||
secret:
|
||||
name: thanos-bucket
|
||||
data:
|
||||
- match:
|
||||
secretKey: &key AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
remoteKey: thanos
|
||||
property: *key
|
||||
- match:
|
||||
secretKey: &key AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
remoteKey: thanos
|
||||
property: *key
|
|
@ -12,6 +12,8 @@ spec:
|
|||
app.kubernetes.io/name: *app
|
||||
dependsOn:
|
||||
- name: external-secrets-stores
|
||||
- name: openebs-cluster
|
||||
- name: dragonfly-operator
|
||||
path: ./kubernetes/apps/observability/thanos/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
|
@ -20,4 +22,4 @@ spec:
|
|||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 15m
|
||||
timeout: 15m
|
||||
|
|
Loading…
Reference in a new issue