Compare commits

...

1 commit

Author SHA1 Message Date
6424c51a86
switch from ceph buckets to minio bucket 2024-05-08 18:37:29 -05:00
6 changed files with 47 additions and 59 deletions

View file

@ -0,0 +1,28 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: thanos
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: thanos-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
S3_HOST: s3.hsn.dev
S3_BUCKET: "{{ .minio_thanos_bucket_name }}"
S3_ACCESS_KEY: "{{ .minio_thanos_access_key }}"
S3_SECRET_KEY: "{{ .minio_thanos_secret_key }}"
S3_REGION: us-east-1
dataFrom:
- extract:
key: Minio
rewrite:
- regexp:
source: "(.*)"
target: "minio_$1"

View file

@ -23,40 +23,33 @@ spec:
remediation: remediation:
strategy: rollback strategy: rollback
retries: 3 retries: 3
dependsOn:
- name: openebs-cluster
namespace: openebs-system
- name: dragonfly-operator
namespace: dragonfly-operator-system
- name: rook-ceph-cluster
namespace: rook-ceph
valuesFrom: valuesFrom:
- targetPath: objstoreConfig.value.config.bucket - targetPath: objstoreConfig.value.config.bucket
kind: ConfigMap kind: Secret
name: thanos-bucket name: thanos-secret
valuesKey: BUCKET_NAME valuesKey: S3_BUCKET
- targetPath: objstoreConfig.value.config.endpoint - targetPath: objstoreConfig.value.config.endpoint
kind: ConfigMap kind: Secret
name: thanos-bucket name: thanos-secret
valuesKey: BUCKET_HOST valuesKey: S3_HOST
- targetPath: objstoreConfig.value.config.region - targetPath: objstoreConfig.value.config.region
kind: ConfigMap kind: Secret
name: thanos-bucket name: thanos-secret
valuesKey: BUCKET_REGION valuesKey: S3_REGION
- targetPath: objstoreConfig.value.config.access_key - targetPath: objstoreConfig.value.config.access_key
kind: Secret kind: Secret
name: thanos-bucket name: thanos-secret
valuesKey: AWS_ACCESS_KEY_ID valuesKey: S3_ACCESS_KEY
- targetPath: objstoreConfig.value.config.secret_key - targetPath: objstoreConfig.value.config.secret_key
kind: Secret kind: Secret
name: thanos-bucket name: thanos-secret
valuesKey: AWS_SECRET_ACCESS_KEY valuesKey: S3_SECRET_KEY
values: values:
objstoreConfig: objstoreConfig:
value: value:
type: s3 type: s3
config: config:
insecure: true insecure: false
additionalEndpoints: additionalEndpoints:
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local - dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
additionalReplicaLabels: ["__replica__"] additionalReplicaLabels: ["__replica__"]

View file

@ -3,12 +3,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./objectbucketclaim.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ./pushsecret.yaml - ./externalsecret.yaml
configMapGenerator: configMapGenerator:
- name: thanos-cache-configmap - name: thanos-cache-configmap
files: files:
- cache.yaml=./resources/cache.yml - cache.yaml=./resources/cache.yml
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true

View file

@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/objectbucket.io/objectbucketclaim_v1alpha1.json
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: thanos-bucket
spec:
bucketName: thanos
storageClassName: ceph-bucket

View file

@ -1,25 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: thanos
spec:
refreshInterval: 1h
secretStoreRefs:
- name: onepassword-connect
kind: ClusterSecretStore
selector:
secret:
name: thanos-bucket
data:
- match:
secretKey: &key AWS_ACCESS_KEY_ID
remoteRef:
remoteKey: thanos
property: *key
- match:
secretKey: &key AWS_SECRET_ACCESS_KEY
remoteRef:
remoteKey: thanos
property: *key

View file

@ -12,6 +12,8 @@ spec:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
dependsOn: dependsOn:
- name: external-secrets-stores - name: external-secrets-stores
- name: openebs-cluster
- name: dragonfly-operator
path: ./kubernetes/apps/observability/thanos/app path: ./kubernetes/apps/observability/thanos/app
prune: true prune: true
sourceRef: sourceRef:
@ -20,4 +22,4 @@ spec:
wait: false wait: false
interval: 30m interval: 30m
retryInterval: 1m retryInterval: 1m
timeout: 15m timeout: 15m