diff --git a/applications/loki.yaml b/applications/loki.yaml index 4c3e4c3d..fb46426e 100644 --- a/applications/loki.yaml +++ b/applications/loki.yaml @@ -11,19 +11,6 @@ spec: destination: namespace: loki server: 'https://kubernetes.default.svc' - sources: - - repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git - path: network-policies/netpol-loki - targetRevision: HEAD - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: HEAD - ref: values - - repoURL: 'https://grafana.github.io/helm-charts' - targetRevision: 3.3.4 - chart: loki - helm: - valueFiles: - - $values/kustomizations/loki/values.yaml project: aux ignoreDifferences: - group: apps @@ -40,3 +27,123 @@ spec: automated: prune: true selfHeal: true + sources: + - repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git + path: network-policies/netpol-loki + targetRevision: HEAD + - repoURL: 'https://grafana.github.io/helm-charts' + targetRevision: 3.3.4 + chart: loki + helm: + values: | + loki: + auth_enabled: false + storage: + bucketNames: + chunks: loki-chunks + ruler: loki-chunks + admin: loki-chunks + s3: + endpoint: http://10.255.241.30:30080 + region: tos + secretAccessKey: ${S3SECRET} + accessKeyId: ${S3KEY} + s3ForcePathStyle: true + http_config: + insecure_skip_verify: true + write: + extraArgs: + - -config.expand-env=true + extraEnv: + - name: S3KEY + valueFrom: + secretKeyRef: + name: loki-s3 + key: AWS_ACCESS_KEY_ID + - name: S3SECRET + valueFrom: + secretKeyRef: + name: loki-s3 + key: AWS_ACCESS_KEY_SECRET + tolerations: + - effect: "NoSchedule" + operator: "Equal" + key: "unschedulable" + value: "true" + read: + extraArgs: + - -config.expand-env=true + extraEnv: + - name: S3KEY + valueFrom: + secretKeyRef: + name: loki-s3 + key: AWS_ACCESS_KEY_ID + - name: S3SECRET + valueFrom: + secretKeyRef: + name: loki-s3 + key: AWS_ACCESS_KEY_SECRET + tolerations: + - effect: "NoSchedule" + operator: "Equal" + key: "unschedulable" + value: "true" + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + nginx.ingress.kubernetes.io/ssl-redirect: "true" + atlantis.oceanbox.io/expose: internal + paths: + # -- Paths that are exposed by Loki Distributor. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + distributor: + - /api/prom/push + - /loki/api/v1/push + - /otlp/v1/logs + # -- Paths that are exposed by Loki Query Frontend. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + queryFrontend: + - /api/prom/query + # this path covers labels and labelValues endpoints + - /api/prom/label + - /api/prom/series + - /api/prom/tail + - /loki/api/v1/query + - /loki/api/v1/query_range + - /loki/api/v1/tail + # this path covers labels and labelValues endpoints + - /loki/api/v1/label + - /loki/api/v1/labels + - /loki/api/v1/series + - /loki/api/v1/index/stats + - /loki/api/v1/index/volume + - /loki/api/v1/index/volume_range + - /loki/api/v1/format_query + - /loki/api/v1/detected_fields + - /loki/api/v1/detected_labels + - /loki/api/v1/patterns + # -- Paths that are exposed by Loki Ruler. + # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`. + # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`. + # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`. + # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` + ruler: + - /api/prom/rules + - /api/prom/api/v1/rules + - /api/prom/api/v1/alerts + - /loki/api/v1/rules + - /prometheus/api/v1/rules + - /prometheus/api/v1/alerts + hosts: + - loki.adm.oceanbox.io + tls: + - hosts: + - loki.adm.oceanbox.io + secretName: loki-distributed-tls diff --git a/applications/tempo.yaml b/applications/tempo.yaml index b71cf80d..cea4c1a9 100644 --- a/applications/tempo.yaml +++ b/applications/tempo.yaml @@ -11,16 +11,6 @@ spec: destination: namespace: tempo server: 'https://kubernetes.default.svc' - sources: - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: HEAD - ref: values - - repoURL: 'https://grafana.github.io/helm-charts' - targetRevision: 1.10.3 - chart: tempo - helm: - valueFiles: - - $values/kustomizations/tempo/values.yaml project: aux syncPolicy: # managedNamespaceMetadata: @@ -32,4 +22,53 @@ spec: automated: prune: true selfHeal: true - + sources: + - repoURL: 'https://grafana.github.io/helm-charts' + targetRevision: 1.10.3 + chart: tempo + helm: + values: | + tempo: + storage: + trace: + backend: s3 + s3: + bucket: tempo-traces + endpoint: http://10.255.241.30:30080 + access_key: ${S3SECRET} + secret_key: ${S3KEY} + insecure: true + backend: local + local: + path: /var/tempo/traces + wal: + path: /var/tempo/wal + extraArgs: + - -config.expand-env=true + extraEnv: + - name: S3KEY + valueFrom: + secretKeyRef: + name: tempo-s3 + key: AWS_ACCESS_KEY_ID + - name: S3SECRET + valueFrom: + secretKeyRef: + name: tempo-s3 + key: AWS_ACCESS_KEY_SECRET + tempoQuery: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + nginx.ingress.kubernetes.io/ssl-redirect: "true" + atlantis.oceanbox.io/expose: internal + path: / + pathType: Prefix + hosts: + - query.tempo.adm.oceanbox.io + tls: + - secretName: tempo-query-tls + hosts: + - query.tempo.adm.oceanbox.io diff --git a/kustomizations/loki/values.yaml b/kustomizations/loki/values.yaml deleted file mode 100644 index e93b1fb1..00000000 --- a/kustomizations/loki/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -loki: - auth_enabled: false - storage: - bucketNames: - chunks: loki-chunks - ruler: loki-chunks - admin: loki-chunks - s3: - endpoint: http://10.255.241.30:30080 - region: tos - secretAccessKey: ${S3SECRET} - accessKeyId: ${S3KEY} - s3ForcePathStyle: true - http_config: - insecure_skip_verify: true -write: - extraArgs: - - -config.expand-env=true - extraEnv: - - name: S3KEY - valueFrom: - secretKeyRef: - name: loki-s3 - key: AWS_ACCESS_KEY_ID - - name: S3SECRET - valueFrom: - secretKeyRef: - name: loki-s3 - key: AWS_ACCESS_KEY_SECRET - tolerations: - - effect: "NoSchedule" - operator: "Equal" - key: "unschedulable" - value: "true" -read: - extraArgs: - - -config.expand-env=true - extraEnv: - - name: S3KEY - valueFrom: - secretKeyRef: - name: loki-s3 - key: AWS_ACCESS_KEY_ID - - name: S3SECRET - valueFrom: - secretKeyRef: - name: loki-s3 - key: AWS_ACCESS_KEY_SECRET - tolerations: - - effect: "NoSchedule" - operator: "Equal" - key: "unschedulable" - value: "true" -ingress: - enabled: true - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/ssl-redirect: "true" - atlantis.oceanbox.io/expose: internal - paths: - # -- Paths that are exposed by Loki Distributor. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - distributor: - - /api/prom/push - - /loki/api/v1/push - - /otlp/v1/logs - # -- Paths that are exposed by Loki Query Frontend. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - queryFrontend: - - /api/prom/query - # this path covers labels and labelValues endpoints - - /api/prom/label - - /api/prom/series - - /api/prom/tail - - /loki/api/v1/query - - /loki/api/v1/query_range - - /loki/api/v1/tail - # this path covers labels and labelValues endpoints - - /loki/api/v1/label - - /loki/api/v1/labels - - /loki/api/v1/series - - /loki/api/v1/index/stats - - /loki/api/v1/index/volume - - /loki/api/v1/index/volume_range - - /loki/api/v1/format_query - - /loki/api/v1/detected_fields - - /loki/api/v1/detected_labels - - /loki/api/v1/patterns - # -- Paths that are exposed by Loki Ruler. - # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`. - # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`. - # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`. - # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}` - ruler: - - /api/prom/rules - - /api/prom/api/v1/rules - - /api/prom/api/v1/alerts - - /loki/api/v1/rules - - /prometheus/api/v1/rules - - /prometheus/api/v1/alerts - hosts: - - loki.adm.oceanbox.io - tls: - - hosts: - - loki.adm.oceanbox.io - secretName: loki-distributed-tls diff --git a/kustomizations/tempo/values.yaml b/kustomizations/tempo/values.yaml deleted file mode 100644 index e15cefc4..00000000 --- a/kustomizations/tempo/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -tempo: - storage: - trace: - backend: s3 - s3: - bucket: tempo-traces - endpoint: http://10.255.241.30:30080 - access_key: ${S3SECRET} - secret_key: ${S3KEY} - insecure: true - backend: local - local: - path: /var/tempo/traces - wal: - path: /var/tempo/wal - extraArgs: - - -config.expand-env=true - extraEnv: - - name: S3KEY - valueFrom: - secretKeyRef: - name: tempo-s3 - key: AWS_ACCESS_KEY_ID - - name: S3SECRET - valueFrom: - secretKeyRef: - name: tempo-s3 - key: AWS_ACCESS_KEY_SECRET - -tempoQuery: - ingress: - enabled: true - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/ssl-redirect: "true" - atlantis.oceanbox.io/expose: internal - path: / - pathType: Prefix - hosts: - - query.tempo.adm.oceanbox.io - tls: - - secretName: tempo-query-tls - hosts: - - query.tempo.adm.oceanbox.io