Compare commits

...

1 commit

Author SHA1 Message Date
6424c51a86
switch from ceph buckets to minio bucket 2024-05-08 18:37:29 -05:00
6 changed files with 47 additions and 59 deletions

View file

@ -0,0 +1,28 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: thanos
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: thanos-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
S3_HOST: s3.hsn.dev
S3_BUCKET: "{{ .minio_thanos_bucket_name }}"
S3_ACCESS_KEY: "{{ .minio_thanos_access_key }}"
S3_SECRET_KEY: "{{ .minio_thanos_secret_key }}"
S3_REGION: us-east-1
dataFrom:
- extract:
key: Minio
rewrite:
- regexp:
source: "(.*)"
target: "minio_$1"

View file

@ -23,40 +23,33 @@ spec:
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: openebs-cluster
namespace: openebs-system
- name: dragonfly-operator
namespace: dragonfly-operator-system
- name: rook-ceph-cluster
namespace: rook-ceph
valuesFrom:
- targetPath: objstoreConfig.value.config.bucket
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_NAME
kind: Secret
name: thanos-secret
valuesKey: S3_BUCKET
- targetPath: objstoreConfig.value.config.endpoint
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_HOST
kind: Secret
name: thanos-secret
valuesKey: S3_HOST
- targetPath: objstoreConfig.value.config.region
kind: ConfigMap
name: thanos-bucket
valuesKey: BUCKET_REGION
kind: Secret
name: thanos-secret
valuesKey: S3_REGION
- targetPath: objstoreConfig.value.config.access_key
kind: Secret
name: thanos-bucket
valuesKey: AWS_ACCESS_KEY_ID
name: thanos-secret
valuesKey: S3_ACCESS_KEY
- targetPath: objstoreConfig.value.config.secret_key
kind: Secret
name: thanos-bucket
valuesKey: AWS_SECRET_ACCESS_KEY
name: thanos-secret
valuesKey: S3_SECRET_KEY
values:
objstoreConfig:
value:
type: s3
config:
insecure: true
insecure: false
additionalEndpoints:
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
additionalReplicaLabels: ["__replica__"]

View file

@ -3,12 +3,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./objectbucketclaim.yaml
- ./helmrelease.yaml
- ./pushsecret.yaml
- ./externalsecret.yaml
configMapGenerator:
- name: thanos-cache-configmap
files:
- cache.yaml=./resources/cache.yml
generatorOptions:
disableNameSuffixHash: true
disableNameSuffixHash: true

View file

@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: thanos-bucket
spec:
bucketName: thanos
storageClassName: ceph-bucket

View file

@ -1,25 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: thanos
spec:
refreshInterval: 1h
secretStoreRefs:
- name: onepassword-connect
kind: ClusterSecretStore
selector:
secret:
name: thanos-bucket
data:
- match:
secretKey: &key AWS_ACCESS_KEY_ID
remoteRef:
remoteKey: thanos
property: *key
- match:
secretKey: &key AWS_SECRET_ACCESS_KEY
remoteRef:
remoteKey: thanos
property: *key

View file

@ -12,6 +12,8 @@ spec:
app.kubernetes.io/name: *app
dependsOn:
- name: external-secrets-stores
- name: openebs-cluster
- name: dragonfly-operator
path: ./kubernetes/apps/observability/thanos/app
prune: true
sourceRef:
@ -20,4 +22,4 @@ spec:
wait: false
interval: 30m
retryInterval: 1m
timeout: 15m
timeout: 15m