platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
mrtz/nixidy
manifests/apps/loki.nix
T
Moritz Jörg 9e1beb6895 Add more Nix Apps 
Rewrite of some of the Apps to Nix. Tried to convert
ApplicationSets to simple Applications with an ${env}
modifier.
2025-02-21 17:47:45 +00:00

249 lines
6.5 KiB
Nix
Raw Permalink Blame History

{ lib, config, ... }:
let
cfg = config.apps.loki;
env = config.apps.env;
values = lib.apps.appValues {
inherit env;
extraValues = {
loki = {
auth_enabled = false;
storage = {
bucketNames = {
chunks = cfg.buckets.chunks;
ruler = cfg.buckets.ruler;
admin = cfg.buckets.admin;
};
s3 =
{
endpoint = cfg.s3.endpoint;
region = cfg.s3.region;
secretAccessKey = "\${S3SECRET}";
accessKeyId = "\${S3KEY}";
s3ForcePathStyle = true;
}
// lib.optionalAttrs cfg.s3.insecureSkipVerify {
http_config.insecure_skip_verify = true;
};
};
schemaConfig.configs = [
{
from = "2024-04-01";
index.period = "24h";
index.prefix = "loki_index_";
object_store = "s3";
schema = "v13";
store = "tsdb";
}
];
compactor = {
compaction_interval = "10m";
working_directory = "/tmp/loki/compactor";
retention_enabled = true;
retention_delete_delay = "2h";
retention_delete_worker_count = 150;
delete_request_store = "s3";
};
limits_config.retention_period = "744h";
};
write = {
extraArgs = [ "-config.expand-env=true" ];
extraEnv = [
{
name = "S3KEY";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.accessKey;
};
}
{
name = "S3SECRET";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.secretKey;
};
}
];
tolerations = [
{
effect = "NoSchedule";
operator = "Equal";
key = "unschedulable";
value = "true";
}
];
};
read = {
extraArgs = [ "-config.expand-env=true" ];
extraEnv = [
{
name = "S3KEY";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.accessKey;
};
}
{
name = "S3SECRET";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.secretKey;
};
}
];
tolerations = [
{
effect = "NoSchedule";
operator = "Equal";
key = "unschedulable";
value = "true";
}
];
};
ingress = {
enabled = true;
ingressClassName = "nginx";
annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt-staging";
"nginx.ingress.kubernetes.io/ssl-redirect" = "true";
"atlantis.oceanbox.io/expose" = "internal";
};
hosts = [ "loki.adm.oceanbox.io" ];
tls = [{
hosts = [ "loki.adm.oceanbox.io" ];
secretName = "loki-distributed-tls";
}];
};
compactor = {
extraArgs = [ "-config.expand-env=true" ];
extraEnv = [
{
name = "S3KEY";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.accessKey;
};
}
{
name = "S3SECRET";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.secretKey;
};
}
];
};
backend = {
extraArgs = [ "-config.expand-env=true" ];
extraEnv = [
{
name = "S3KEY";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.accessKey;
};
}
{
name = "S3SECRET";
valueFrom.secretKeyRef = {
name = cfg.secret.name;
key = cfg.secret.secretKey;
};
}
];
};
};
};
in
{
options.apps.loki = lib.apps.appOptions {
revision = lib.mkOption {
type = lib.types.str;
default = "6.12.0";
description = "Loki chart version";
};
buckets = {
chunks = lib.mkOption {
type = lib.types.str;
default = "loki-chunks";
description = "S3 bucket for chunks";
};
ruler = lib.mkOption {
type = lib.types.str;
default = "loki-chunks";
description = "S3 bucket for ruler";
};
admin = lib.mkOption {
type = lib.types.str;
default = "loki-chunks";
description = "S3 bucket for admin";
};
};
s3 = {
endpoint = lib.mkOption {
type = lib.types.str;
default = "http://10.255.241.30:30080";
description = "S3 endpoint";
};
region = lib.mkOption {
type = lib.types.str;
default = "tos";
description = "S3 region";
};
insecureSkipVerify = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Skip TLS verification";
};
};
secret = {
name = lib.mkOption {
type = lib.types.str;
default = "loki-s3";
description = "Name of the S3 credentials secret";
};
accessKey = lib.mkOption {
type = lib.types.str;
default = "AWS_ACCESS_KEY_ID";
description = "Access key field in secret";
};
secretKey = lib.mkOption {
type = lib.types.str;
default = "AWS_ACCESS_KEY_SECRET";
description = "Secret key field in secret";
};
};
};
config = lib.apps.appConfig cfg "loki" {
namespace = "argocd";
helm.releases.loki = {
inherit values;
chart = lib.helm.downloadHelmChart {
repo = "https://grafana.github.io/helm-charts";
chart = "loki";
version = cfg.revision;
chartHash = "sha256-YUtEIUiQWRzlttfOOgDk1xfTaiAZ12tIgpGr1QcMpro=";
};
};
annotations = {
"argocd.argoproj.io/sync-options" = "SkipDryRunOnMissingResource=true";
};
# TODO: Add network policies as a second source or integrate them into `resources`.
resources = {
"argoproj.io".v1alpha1.Application.loki.spec.ignoreDifferences = [
{
group = "apps";
kind = "StatefulSet";
jsonPointers = [ "/spec/persistentVolumeClaimRetentionPolicy" ];
}
];
};
};
}
Reference in New Issue View Git Blame Copy Permalink