fix: inline tempo and loki values

applications/loki.yaml

@@ -11,19 +11,6 @@ spec:
   destination:
     namespace: loki
     server: 'https://kubernetes.default.svc'
-  sources:
-  - repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git
-    path: network-policies/netpol-loki
-    targetRevision: HEAD
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: HEAD
-    ref: values
-  - repoURL: 'https://grafana.github.io/helm-charts'
-    targetRevision: 3.3.4
-    chart: loki
-    helm:
-      valueFiles:
-        - $values/kustomizations/loki/values.yaml
   project: aux
   ignoreDifferences:
   - group: apps
@@ -40,3 +27,123 @@ spec:
     automated:
       prune: true
       selfHeal: true
+  sources:
+  - repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git
+    path: network-policies/netpol-loki
+    targetRevision: HEAD
+  - repoURL: 'https://grafana.github.io/helm-charts'
+    targetRevision: 3.3.4
+    chart: loki
+    helm:
+      values: |
+        loki:
+          auth_enabled: false
+          storage:
+            bucketNames:
+              chunks: loki-chunks
+              ruler: loki-chunks
+              admin: loki-chunks
+            s3:
+              endpoint: http://10.255.241.30:30080
+              region: tos
+              secretAccessKey: ${S3SECRET}
+              accessKeyId: ${S3KEY}
+              s3ForcePathStyle: true
+              http_config:
+                insecure_skip_verify: true
+        write:
+          extraArgs:
+            - -config.expand-env=true
+          extraEnv:
+          - name: S3KEY
+            valueFrom:
+              secretKeyRef:
+                name: loki-s3
+                key: AWS_ACCESS_KEY_ID
+          - name: S3SECRET
+            valueFrom:
+              secretKeyRef:
+                name: loki-s3
+                key: AWS_ACCESS_KEY_SECRET
+          tolerations:
+          - effect: "NoSchedule"
+            operator: "Equal"
+            key: "unschedulable"
+            value: "true"
+        read:
+          extraArgs:
+            - -config.expand-env=true
+          extraEnv:
+          - name: S3KEY
+            valueFrom:
+              secretKeyRef:
+                name: loki-s3
+                key: AWS_ACCESS_KEY_ID
+          - name: S3SECRET
+            valueFrom:
+              secretKeyRef:
+                name: loki-s3
+                key: AWS_ACCESS_KEY_SECRET
+          tolerations:
+          - effect: "NoSchedule"
+            operator: "Equal"
+            key: "unschedulable"
+            value: "true"
+        ingress:
+          enabled: true
+          ingressClassName: nginx
+          annotations:
+            cert-manager.io/cluster-issuer: letsencrypt-staging
+            nginx.ingress.kubernetes.io/ssl-redirect: "true"
+            atlantis.oceanbox.io/expose: internal
+          paths:
+            # -- Paths that are exposed by Loki Distributor.
+            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`.
+            # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`.
+            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
+            distributor:
+              - /api/prom/push
+              - /loki/api/v1/push
+              - /otlp/v1/logs
+            # -- Paths that are exposed by Loki Query Frontend.
+            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`.
+            # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`.
+            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
+            queryFrontend:
+              - /api/prom/query
+              # this path covers labels and labelValues endpoints
+              - /api/prom/label
+              - /api/prom/series
+              - /api/prom/tail
+              - /loki/api/v1/query
+              - /loki/api/v1/query_range
+              - /loki/api/v1/tail
+              # this path covers labels and labelValues endpoints
+              - /loki/api/v1/label
+              - /loki/api/v1/labels
+              - /loki/api/v1/series
+              - /loki/api/v1/index/stats
+              - /loki/api/v1/index/volume
+              - /loki/api/v1/index/volume_range
+              - /loki/api/v1/format_query
+              - /loki/api/v1/detected_fields
+              - /loki/api/v1/detected_labels
+              - /loki/api/v1/patterns
+            # -- Paths that are exposed by Loki Ruler.
+            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`.
+            # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`.
+            # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`.
+            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
+            ruler:
+              - /api/prom/rules
+              - /api/prom/api/v1/rules
+              - /api/prom/api/v1/alerts
+              - /loki/api/v1/rules
+              - /prometheus/api/v1/rules
+              - /prometheus/api/v1/alerts
+          hosts:
+            - loki.adm.oceanbox.io
+          tls:
+            - hosts:
+               - loki.adm.oceanbox.io
+              secretName: loki-distributed-tls

applications/tempo.yaml

@@ -11,16 +11,6 @@ spec:
   destination:
     namespace: tempo
     server: 'https://kubernetes.default.svc'
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: HEAD
-    ref: values
-  - repoURL: 'https://grafana.github.io/helm-charts'
-    targetRevision: 1.10.3
-    chart: tempo
-    helm:
-      valueFiles:
-        - $values/kustomizations/tempo/values.yaml
   project: aux
   syncPolicy:
     # managedNamespaceMetadata:
@@ -32,4 +22,53 @@ spec:
     automated:
       prune: true
       selfHeal: true
-
+  sources:
+  - repoURL: 'https://grafana.github.io/helm-charts'
+    targetRevision: 1.10.3
+    chart: tempo
+    helm:
+      values: |
+        tempo:
+          storage:
+            trace:
+              backend: s3
+              s3:
+                bucket: tempo-traces
+                endpoint: http://10.255.241.30:30080
+                access_key: ${S3SECRET}
+                secret_key: ${S3KEY}
+                insecure: true
+              backend: local
+              local:
+                path: /var/tempo/traces
+              wal:
+                path: /var/tempo/wal
+          extraArgs:
+            - -config.expand-env=true
+          extraEnv:
+          - name: S3KEY
+            valueFrom:
+              secretKeyRef:
+                name: tempo-s3
+                key: AWS_ACCESS_KEY_ID
+          - name: S3SECRET
+            valueFrom:
+              secretKeyRef:
+                name: tempo-s3
+                key: AWS_ACCESS_KEY_SECRET
+        tempoQuery:
+          ingress:
+            enabled: true
+            ingressClassName: nginx
+            annotations:
+              cert-manager.io/cluster-issuer: letsencrypt-staging
+              nginx.ingress.kubernetes.io/ssl-redirect: "true"
+              atlantis.oceanbox.io/expose: internal
+            path: /
+            pathType: Prefix
+            hosts:
+              - query.tempo.adm.oceanbox.io
+            tls:
+             - secretName: tempo-query-tls
+               hosts:
+                 - query.tempo.adm.oceanbox.io

kustomizations/loki/values.yaml

@@ -1,111 +0,0 @@
-loki:
-  auth_enabled: false
-  storage:
-    bucketNames:
-      chunks: loki-chunks
-      ruler: loki-chunks
-      admin: loki-chunks
-    s3:
-      endpoint: http://10.255.241.30:30080
-      region: tos
-      secretAccessKey: ${S3SECRET}
-      accessKeyId: ${S3KEY}
-      s3ForcePathStyle: true
-      http_config:
-        insecure_skip_verify: true
-write:
-  extraArgs:
-    - -config.expand-env=true
-  extraEnv:
-  - name: S3KEY
-    valueFrom:
-      secretKeyRef:
-        name: loki-s3
-        key: AWS_ACCESS_KEY_ID
-  - name: S3SECRET
-    valueFrom:
-      secretKeyRef:
-        name: loki-s3
-        key: AWS_ACCESS_KEY_SECRET
-  tolerations:
-  - effect: "NoSchedule"
-    operator: "Equal"
-    key: "unschedulable"
-    value: "true"
-read:
-  extraArgs:
-    - -config.expand-env=true
-  extraEnv:
-  - name: S3KEY
-    valueFrom:
-      secretKeyRef:
-        name: loki-s3
-        key: AWS_ACCESS_KEY_ID
-  - name: S3SECRET
-    valueFrom:
-      secretKeyRef:
-        name: loki-s3
-        key: AWS_ACCESS_KEY_SECRET
-  tolerations:
-  - effect: "NoSchedule"
-    operator: "Equal"
-    key: "unschedulable"
-    value: "true"
-ingress:
-  enabled: true
-  ingressClassName: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    atlantis.oceanbox.io/expose: internal
-  paths:
-    # -- Paths that are exposed by Loki Distributor.
-    # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`.
-    # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`.
-    # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
-    distributor:
-      - /api/prom/push
-      - /loki/api/v1/push
-      - /otlp/v1/logs
-    # -- Paths that are exposed by Loki Query Frontend.
-    # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`.
-    # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`.
-    # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
-    queryFrontend:
-      - /api/prom/query
-      # this path covers labels and labelValues endpoints
-      - /api/prom/label
-      - /api/prom/series
-      - /api/prom/tail
-      - /loki/api/v1/query
-      - /loki/api/v1/query_range
-      - /loki/api/v1/tail
-      # this path covers labels and labelValues endpoints
-      - /loki/api/v1/label
-      - /loki/api/v1/labels
-      - /loki/api/v1/series
-      - /loki/api/v1/index/stats
-      - /loki/api/v1/index/volume
-      - /loki/api/v1/index/volume_range
-      - /loki/api/v1/format_query
-      - /loki/api/v1/detected_fields
-      - /loki/api/v1/detected_labels
-      - /loki/api/v1/patterns
-    # -- Paths that are exposed by Loki Ruler.
-    # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`.
-    # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`.
-    # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`.
-    # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
-    ruler:
-      - /api/prom/rules
-      - /api/prom/api/v1/rules
-      - /api/prom/api/v1/alerts
-      - /loki/api/v1/rules
-      - /prometheus/api/v1/rules
-      - /prometheus/api/v1/alerts
-  hosts:
-    - loki.adm.oceanbox.io
-  tls:
-    - hosts:
-       - loki.adm.oceanbox.io
-      secretName: loki-distributed-tls

kustomizations/tempo/values.yaml

@@ -1,45 +0,0 @@
-tempo:
-  storage:
-    trace:
-      backend: s3
-      s3:
-        bucket: tempo-traces
-        endpoint: http://10.255.241.30:30080
-        access_key: ${S3SECRET}
-        secret_key: ${S3KEY}
-        insecure: true
-      backend: local
-      local:
-        path: /var/tempo/traces
-      wal:
-        path: /var/tempo/wal
-  extraArgs:
-    - -config.expand-env=true
-  extraEnv:
-  - name: S3KEY
-    valueFrom:
-      secretKeyRef:
-        name: tempo-s3
-        key: AWS_ACCESS_KEY_ID
-  - name: S3SECRET
-    valueFrom:
-      secretKeyRef:
-        name: tempo-s3
-        key: AWS_ACCESS_KEY_SECRET
-
-tempoQuery:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-staging
-      nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      atlantis.oceanbox.io/expose: internal
-    path: /
-    pathType: Prefix
-    hosts:
-      - query.tempo.adm.oceanbox.io
-    tls:
-     - secretName: tempo-query-tls
-       hosts:
-         - query.tempo.adm.oceanbox.io