120 lines
3.4 KiB
YAML
120 lines
3.4 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: thanos
|
|
spec:
|
|
interval: 30m
|
|
timeout: 15m
|
|
chart:
|
|
spec:
|
|
chart: thanos
|
|
version: 1.17.1
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: stevehipwell
|
|
namespace: flux-system
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
strategy: rollback
|
|
retries: 3
|
|
valuesFrom:
|
|
- targetPath: objstoreConfig.value.config.bucket
|
|
kind: Secret
|
|
name: thanos-secret
|
|
valuesKey: S3_BUCKET
|
|
- targetPath: objstoreConfig.value.config.endpoint
|
|
kind: Secret
|
|
name: thanos-secret
|
|
valuesKey: S3_HOST
|
|
- targetPath: objstoreConfig.value.config.region
|
|
kind: Secret
|
|
name: thanos-secret
|
|
valuesKey: S3_REGION
|
|
- targetPath: objstoreConfig.value.config.access_key
|
|
kind: Secret
|
|
name: thanos-secret
|
|
valuesKey: S3_ACCESS_KEY
|
|
- targetPath: objstoreConfig.value.config.secret_key
|
|
kind: Secret
|
|
name: thanos-secret
|
|
valuesKey: S3_SECRET_KEY
|
|
values:
|
|
objstoreConfig:
|
|
value:
|
|
type: s3
|
|
config:
|
|
insecure: false
|
|
additionalEndpoints:
|
|
- dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
|
|
additionalReplicaLabels: ["__replica__"]
|
|
serviceMonitor:
|
|
enabled: true
|
|
compact:
|
|
enabled: true
|
|
extraArgs:
|
|
- --compact.concurrency=4
|
|
- --delete-delay=30m
|
|
- --retention.resolution-raw=14d
|
|
- --retention.resolution-5m=30d
|
|
- --retention.resolution-1h=60d
|
|
persistence: &persistence
|
|
enabled: true
|
|
storageClass: openebs-zfs
|
|
size: 10Gi
|
|
query:
|
|
replicas: 1
|
|
extraArgs: ["--alert.query-url=https://thanos.jahanson.tech"]
|
|
queryFrontend:
|
|
enabled: true
|
|
replicas: 1
|
|
extraEnv: &extraEnv
|
|
- name: THANOS_CACHE_CONFIG
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: &configMap thanos-cache-configmap
|
|
key: cache.yaml
|
|
extraArgs: ["--query-range.response-cache-config=$(THANOS_CACHE_CONFIG)"]
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: internal-nginx
|
|
hosts:
|
|
- &host thanos.jahanson.tech
|
|
tls:
|
|
- hosts: [*host]
|
|
podAnnotations: &podAnnotations
|
|
configmap.reloader.stakater.com/reload: *configMap
|
|
rule:
|
|
enabled: true
|
|
replicas: 1
|
|
extraArgs: ["--web.prefix-header=X-Forwarded-Prefix"]
|
|
alertmanagersConfig:
|
|
value: |-
|
|
alertmanagers:
|
|
- api_version: v2
|
|
static_configs:
|
|
- dnssrv+_http-web._tcp.alertmanager-operated.observability.svc.cluster.local
|
|
rules:
|
|
value: |-
|
|
groups:
|
|
- name: PrometheusWatcher
|
|
rules:
|
|
- alert: PrometheusDown
|
|
annotations:
|
|
summary: A Prometheus has disappeared from Prometheus target discovery
|
|
expr: absent(up{job="kube-prometheus-stack-prometheus"})
|
|
for: 5m
|
|
labels:
|
|
severity: critical
|
|
persistence: *persistence
|
|
storeGateway:
|
|
replicas: 1
|
|
extraEnv: *extraEnv
|
|
extraArgs: ["--index-cache.config=$(THANOS_CACHE_CONFIG)"]
|
|
persistence: *persistence
|
|
podAnnotations: *podAnnotations
|