Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
6424c51a86 |
6 changed files with 47 additions and 59 deletions
28
kubernetes/apps/observability/thanos/app/externalsecret.yaml
Normal file
28
kubernetes/apps/observability/thanos/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: thanos
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: thanos-secret
|
||||||
|
creationPolicy: Owner
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
S3_HOST: s3.hsn.dev
|
||||||
|
S3_BUCKET: "{{ .minio_thanos_bucket_name }}"
|
||||||
|
S3_ACCESS_KEY: "{{ .minio_thanos_access_key }}"
|
||||||
|
S3_SECRET_KEY: "{{ .minio_thanos_secret_key }}"
|
||||||
|
S3_REGION: us-east-1
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: Minio
|
||||||
|
rewrite:
|
||||||
|
- regexp:
|
||||||
|
source: "(.*)"
|
||||||
|
target: "minio_$1"
|
|
@ -23,40 +23,33 @@ spec:
|
||||||
remediation:
|
remediation:
|
||||||
strategy: rollback
|
strategy: rollback
|
||||||
retries: 3
|
retries: 3
|
||||||
dependsOn:
|
|
||||||
- name: openebs-cluster
|
|
||||||
namespace: openebs-system
|
|
||||||
- name: dragonfly-operator
|
|
||||||
namespace: dragonfly-operator-system
|
|
||||||
- name: rook-ceph-cluster
|
|
||||||
namespace: rook-ceph
|
|
||||||
valuesFrom:
|
valuesFrom:
|
||||||
- targetPath: objstoreConfig.value.config.bucket
|
- targetPath: objstoreConfig.value.config.bucket
|
||||||
kind: ConfigMap
|
kind: Secret
|
||||||
name: thanos-bucket
|
name: thanos-secret
|
||||||
valuesKey: BUCKET_NAME
|
valuesKey: S3_BUCKET
|
||||||
- targetPath: objstoreConfig.value.config.endpoint
|
- targetPath: objstoreConfig.value.config.endpoint
|
||||||
kind: ConfigMap
|
kind: Secret
|
||||||
name: thanos-bucket
|
name: thanos-secret
|
||||||
valuesKey: BUCKET_HOST
|
valuesKey: S3_HOST
|
||||||
- targetPath: objstoreConfig.value.config.region
|
- targetPath: objstoreConfig.value.config.region
|
||||||
kind: ConfigMap
|
kind: Secret
|
||||||
name: thanos-bucket
|
name: thanos-secret
|
||||||
valuesKey: BUCKET_REGION
|
valuesKey: S3_REGION
|
||||||
- targetPath: objstoreConfig.value.config.access_key
|
- targetPath: objstoreConfig.value.config.access_key
|
||||||
kind: Secret
|
kind: Secret
|
||||||
name: thanos-bucket
|
name: thanos-secret
|
||||||
valuesKey: AWS_ACCESS_KEY_ID
|
valuesKey: S3_ACCESS_KEY
|
||||||
- targetPath: objstoreConfig.value.config.secret_key
|
- targetPath: objstoreConfig.value.config.secret_key
|
||||||
kind: Secret
|
kind: Secret
|
||||||
name: thanos-bucket
|
name: thanos-secret
|
||||||
valuesKey: AWS_SECRET_ACCESS_KEY
|
valuesKey: S3_SECRET_KEY
|
||||||
values:
|
values:
|
||||||
objstoreConfig:
|
objstoreConfig:
|
||||||
value:
|
value:
|
||||||
type: s3
|
type: s3
|
||||||
config:
|
config:
|
||||||
insecure: true
|
insecure: false
|
||||||
additionalEndpoints:
|
additionalEndpoints:
|
||||||
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
|
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
|
||||||
additionalReplicaLabels: ["__replica__"]
|
additionalReplicaLabels: ["__replica__"]
|
||||||
|
|
|
@ -3,12 +3,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./objectbucketclaim.yaml
|
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ./pushsecret.yaml
|
- ./externalsecret.yaml
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: thanos-cache-configmap
|
- name: thanos-cache-configmap
|
||||||
files:
|
files:
|
||||||
- cache.yaml=./resources/cache.yml
|
- cache.yaml=./resources/cache.yml
|
||||||
generatorOptions:
|
generatorOptions:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
|
|
||||||
apiVersion: objectbucket.io/v1alpha1
|
|
||||||
kind: ObjectBucketClaim
|
|
||||||
metadata:
|
|
||||||
name: thanos-bucket
|
|
||||||
spec:
|
|
||||||
bucketName: thanos
|
|
||||||
storageClassName: ceph-bucket
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
|
|
||||||
apiVersion: external-secrets.io/v1alpha1
|
|
||||||
kind: PushSecret
|
|
||||||
metadata:
|
|
||||||
name: thanos
|
|
||||||
spec:
|
|
||||||
refreshInterval: 1h
|
|
||||||
secretStoreRefs:
|
|
||||||
- name: onepassword-connect
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
selector:
|
|
||||||
secret:
|
|
||||||
name: thanos-bucket
|
|
||||||
data:
|
|
||||||
- match:
|
|
||||||
secretKey: &key AWS_ACCESS_KEY_ID
|
|
||||||
remoteRef:
|
|
||||||
remoteKey: thanos
|
|
||||||
property: *key
|
|
||||||
- match:
|
|
||||||
secretKey: &key AWS_SECRET_ACCESS_KEY
|
|
||||||
remoteRef:
|
|
||||||
remoteKey: thanos
|
|
||||||
property: *key
|
|
|
@ -12,6 +12,8 @@ spec:
|
||||||
app.kubernetes.io/name: *app
|
app.kubernetes.io/name: *app
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: external-secrets-stores
|
- name: external-secrets-stores
|
||||||
|
- name: openebs-cluster
|
||||||
|
- name: dragonfly-operator
|
||||||
path: ./kubernetes/apps/observability/thanos/app
|
path: ./kubernetes/apps/observability/thanos/app
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
|
@ -20,4 +22,4 @@ spec:
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
retryInterval: 1m
|
||||||
timeout: 15m
|
timeout: 15m
|
||||||
|
|
Loading…
Reference in a new issue