platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

wip: unify sys and apps

Browse Source
This commit is contained in:
Jonas Juselius
2025-05-06 16:00:57 +02:00
parent 4590ddc30a
commit 7de100a4d4
204 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/templates/prometheus-thanos.yaml
+342
View File
@@ -0,0 +1,342 @@
{{ if .Values.thanos.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: thanos
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: thanos
server: 'https://kubernetes.default.svc'
source:
repoURL: 'https://charts.bitnami.com/bitnami'
targetRevision: {{ .Values.thanos.version }}
chart: thanos
helm:
values: |
## Handled by sealed secret now, and uses minio root user
#objstoreConfig: |-
# type: s3
# config:
# bucket: thanos
# endpoint: thanos-minio.thanos.svc.cluster.local:9000
# access_key: "thanos"
# secret_key: "en to tre fire"
# insecure: true
## @param indexCacheConfig The [index cache configuration](https://thanos.io/components/store.md/)
## Specify content for index-cache.yml
indexCacheConfig: ""
## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/components/store.md/)
## Specify content for bucket-cache.yml
##
bucketCacheConfig: ""
## @param existingObjstoreSecret Secret with Objstore Configuration
## Note: This will override objstoreConfig
##
existingObjstoreSecret: "thanos-objstore-secret"
existingObjstoreSecretItems: []
existingServiceAccount: ""
query:
enabled: true
stores:
- {{ .Values.prometheus.fullname | default "prometheus-kube-prometheus" }}-prometheus.prometheus.svc:10901
- thanos-envoy:10000
- thanos-envoy:10002
- thanos-envoy:11000
ingress:
enabled: true
certManager: false
hostname: thanos.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos.{{ .Values.cluster_config.domain }}
secretName: thanos-tls
## @section Thanos Query Frontend parameters
queryFrontend:
enabled: true
ingress:
enabled: true
certManager: false
hostname: thanos-query.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-query.{{ .Values.cluster_config.domain }}
secretName: thanos-query-tls
## @section Thanos Bucket Web parameters
bucketweb:
enabled: true
ingress:
enabled: true
certManager: false
hostname: thanos-bucketweb.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos-bucketweb.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-bucketweb.{{ .Values.cluster_config.domain }}
secretName: thanos-bucketweb-tls
## @section Thanos Compactor parameters
compactor:
enabled: true
ingress:
enabled: true
certManager: false
hostname: thanos-compactor.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-compactor.{{ .Values.cluster_config.domain }}
secretName: thanos-compactor-tls
persistence:
enabled: true
storageClass: "local-storage"
accessModes:
- ReadWriteOnce
size: 8Gi
## @section Thanos Store Gateway parameters
storegateway:
enabled: true
ingress:
enabled: true
certManager: false
hostname: thanos-storage.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-storage.{{ .Values.cluster_config.domain }}
secretName: thanos-storage-tls
persistence:
enabled: true
storageClass: "local-storage"
accessModes:
- ReadWriteOnce
size: 8Gi
## @section Thanos Ruler parameters
ruler:
enabled: true
alertmanagers:
- https://alertmanager.k1.itpartner.no
- https://alertmanager.k2.itpartner.no
- https://alertmanager.k0.itpartner.no
config: |-
groups:
- name: "metamonitoring"
rules:
- alert: "PrometheusDown"
expr: absent(up{container="prometheus",job="prometheus-kube-prometheus-prometheus",namespace="prometheus"})
global:
resolve_timeout: 5m
route:
receiver: pagerduty
group_by:
- alertname
routes:
- receiver: snitch
match:
alertname: Watchdog
group_wait: 0s
group_interval: 1m
repeat_interval: 50s
group_wait: 60s
group_interval: 15m
repeat_interval: 24h
receivers:
- name: pagerduty
pagerduty_configs:
- routing_key: e67f3a24f11c450ad060128f20ffa5d1
url: https://events.pagerduty.com/v2/enqueue
ingress:
enabled: true
certManager: false
hostname: thanos-ruler.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-ruler.{{ .Values.cluster_config.domain }}
secretName: thanos-ruler-tls
persistence:
enabled: true
storageClass: "local-storage"
accessModes:
- ReadWriteOnce
size: 8Gi
## @section Thanos Receive parameters
receive:
enabled: false
mode: standalone
replicationFactor: 1
replicaLabel: replica
tsdbRetention: 15d
config:
- endpoints:
- "127.0.0.1:10901"
ingress:
enabled: true
certManager: false
hostname: thanos-receive.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-receive.{{ .Values.cluster_config.domain }}
secretName: thanos-receive-tls
persistence:
enabled: true
storageClass: "local-storage"
accessModes:
- ReadWriteOnce
size: 8Gi
## @section Metrics parameters
metrics:
enabled: true
serviceMonitor:
enabled: true
## @section MinIO® chart parameters
minio:
enabled: true
accessKey:
password: "thanos"
secretKey:
password: "en to tre fire"
defaultBuckets: thanos
ingress:
enabled: true
certManager: false
hostname: thanos-minio.{{ .Values.cluster_config.domain }}
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
## extraHosts:
## - name: thanos.local
## path: /
## pathType: ImplementationSpecific
##
extraHosts: []
extraTls:
- hosts:
- thanos-minio.{{ .Values.cluster_config.domain }}
secretName: thanos-minio-tls
project: sys
syncPolicy:
managedNamespaceMetadata:
labels:
component: sys
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
{{- if .Values.prometheus.autosync }}
automated:
prune: true
# selfHeal: false
{{- end }}
{{ end }}