Update thanos config and rook config.

2023-09-29 13:03:48 +00:00 · 2023-09-29 13:03:48 +00:00 · 1fc12c300c
commit 1fc12c300c
parent 29bd8096e0
7 changed files with 50 additions and 50 deletions
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@ -21,7 +21,9 @@ env:
 includes:
  volsync: .taskfiles/VolSync/Tasks.yaml
  precommit: .taskfiles/PreCommit/Tasks.yaml
-  rook: .taskfiles/rook/Taskfile.yaml
+  rook:
+    taskfile: ".taskfiles/rook"
+    dir: .taskfiles/rook

 tasks:

--- a/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml
@ -0,0 +1,31 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: thanos
+  namespace: monitoring
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: thanos-s3-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        objstore.yml: |-
+          type: s3
+          config:
+            access_key: {{ .minio_thanos_access_key }}
+            bucket: thanos
+            endpoint: {{ .minio_s3_host }}
+            region: us-east-1
+            secret_key: {{ .minio_thanos_secret_key }}
+  dataFrom:
+    - extract:
+        key: minio
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "minio_$1"
--- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@ -35,10 +35,7 @@ spec:
      registry: quay.io
      repository: thanos/thanos
      tag: v0.32.3
-    objstoreConfig:
-      type: s3
-      config:
-        insecure: true
+    existingObjstoreSecret: thanos-s3-secret
    queryFrontend:
      enabled: true
      replicaCount: 3
@ -71,14 +68,14 @@ spec:
      persistence:
        enabled: true
        storageClass: ceph-block
-        size: 100Gi
+        size: 20Gi
    storegateway:
      enabled: true
      replicaCount: 3
      persistence:
        enabled: true
        storageClass: ceph-block
-        size: 20Gi
+        size: 10Gi
    ruler:
      enabled: true
      replicaCount: 3
@ -99,29 +96,8 @@ spec:
      persistence:
        enabled: true
        storageClass: ceph-block
-        size: 20Gi
+        size: 5Gi
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
-  valuesFrom:
-    - targetPath: objstoreConfig.config.bucket
-      kind: ConfigMap
-      name: thanos-bucket-v1
-      valuesKey: BUCKET_NAME
-    - targetPath: objstoreConfig.config.endpoint
-      kind: ConfigMap
-      name: thanos-bucket-v1
-      valuesKey: BUCKET_HOST
-    - targetPath: objstoreConfig.config.region
-      kind: ConfigMap
-      name: thanos-bucket-v1
-      valuesKey: BUCKET_REGION
-    - targetPath: objstoreConfig.config.access_key
-      kind: Secret
-      name: thanos-bucket-v1
-      valuesKey: AWS_ACCESS_KEY_ID
-    - targetPath: objstoreConfig.config.secret_key
-      kind: Secret
-      name: thanos-bucket-v1
-      valuesKey: AWS_SECRET_ACCESS_KEY
--- a/kubernetes/apps/monitoring/thanos/app/kustomization.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/kustomization.yaml
@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: monitoring
 resources:
-  - ./objectbucketclaim.yaml
+  - ./externalsecret.yaml
  - ./helmrelease.yaml
 configMapGenerator:
  - name: thanos-bucket-replicate-dashboard
--- a/kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml
@ -1,9 +0,0 @@
---
-apiVersion: objectbucket.io/v1alpha1
-kind: ObjectBucketClaim
-metadata:
-  name: thanos-bucket-v1
-  namespace: monitoring
-spec:
-  bucketName: thanos-v1
-  storageClassName: ceph-bucket
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@ -53,15 +53,15 @@ spec:
        config:
          osdsPerDevice: "1"
        nodes:
-          - name: "valinor-1"
+          - name: "aule"
            devices:
-              - name: /dev/disk/by-id/scsi-0HC_Volume_37231496
-          - name: "valinor-2"
+              - name: /dev/disk/by-id/scsi-0HC_Volume_37460833
+          - name: "eonwe"
            devices:
-              - name: /dev/disk/by-id/scsi-0HC_Volume_37231521
-          - name: "valinor-3"
+              - name: /dev/disk/by-id/scsi-0HC_Volume_37460887
+          - name: "arlen"
            devices:
-              - name: /dev/disk/by-id/scsi-0HC_Volume_37231596
+              - name: /dev/disk/by-id/scsi-0HC_Volume_37460897

    ingress:
      ingressClassName: "nginx"
--- a/talos/deploy-integrations.sh
+++ b/talos/deploy-integrations.sh
@ -2,11 +2,11 @@
 # shellcheck disable=2312
 pushd integrations >/dev/null 2>&1 || exit 1

-rm -rf cni/charts
-envsubst < ../../kubernetes/apps/kube-system/cilium/app/values.yaml > cni/values.yaml
-kustomize build --enable-helm cni | kubectl apply -f -
-rm cni/values.yaml
-rm -rf cni/charts
+#rm -rf cni/charts
+#envsubst < ../../kubernetes/apps/kube-system/cilium/app/values.yaml > cni/values.yaml
+#kustomize build --enable-helm cni | kubectl apply -f -
+#rm cni/values.yaml
+#rm -rf cni/charts

 rm -rf kubelet-csr-approver/charts
 envsubst < ../../kubernetes/apps/system/kubelet-csr-approver/app/values.yaml > kubelet-csr-approver/values.yaml