343 lines
12 KiB
YAML
343 lines
12 KiB
YAML
{{ if .Values.thanos.enabled }}
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: thanos
|
|
namespace: argocd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
namespace: thanos
|
|
server: 'https://kubernetes.default.svc'
|
|
source:
|
|
repoURL: 'https://charts.bitnami.com/bitnami'
|
|
targetRevision: {{ .Values.thanos.version }}
|
|
chart: thanos
|
|
helm:
|
|
values: |
|
|
## Handled by sealed secret now, and uses minio root user
|
|
#objstoreConfig: |-
|
|
# type: s3
|
|
# config:
|
|
# bucket: thanos
|
|
# endpoint: thanos-minio.thanos.svc.cluster.local:9000
|
|
# access_key: "thanos"
|
|
# secret_key: "en to tre fire"
|
|
# insecure: true
|
|
|
|
## @param indexCacheConfig The [index cache configuration](https://thanos.io/components/store.md/)
|
|
## Specify content for index-cache.yml
|
|
indexCacheConfig: ""
|
|
## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/components/store.md/)
|
|
## Specify content for bucket-cache.yml
|
|
##
|
|
bucketCacheConfig: ""
|
|
## @param existingObjstoreSecret Secret with Objstore Configuration
|
|
## Note: This will override objstoreConfig
|
|
##
|
|
existingObjstoreSecret: "thanos-objstore-secret"
|
|
existingObjstoreSecretItems: []
|
|
existingServiceAccount: ""
|
|
|
|
query:
|
|
enabled: true
|
|
stores:
|
|
- {{ .Values.prometheus.fullname | default "prometheus-kube-prometheus" }}-prometheus.prometheus.svc:10901
|
|
- thanos-envoy:10000
|
|
- thanos-envoy:10002
|
|
- thanos-envoy:11000
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-tls
|
|
|
|
## @section Thanos Query Frontend parameters
|
|
|
|
queryFrontend:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-query.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-query.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-query-tls
|
|
|
|
## @section Thanos Bucket Web parameters
|
|
|
|
bucketweb:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-bucketweb.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos-bucketweb.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-bucketweb.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-bucketweb-tls
|
|
|
|
## @section Thanos Compactor parameters
|
|
|
|
compactor:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-compactor.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-compactor.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-compactor-tls
|
|
persistence:
|
|
enabled: true
|
|
storageClass: "local-storage"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
## @section Thanos Store Gateway parameters
|
|
|
|
storegateway:
|
|
enabled: true
|
|
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-storage.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-storage.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-storage-tls
|
|
persistence:
|
|
enabled: true
|
|
storageClass: "local-storage"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
## @section Thanos Ruler parameters
|
|
|
|
ruler:
|
|
enabled: true
|
|
alertmanagers:
|
|
- https://alertmanager.k1.itpartner.no
|
|
- https://alertmanager.k2.itpartner.no
|
|
- https://alertmanager.k0.itpartner.no
|
|
config: |-
|
|
groups:
|
|
- name: "metamonitoring"
|
|
rules:
|
|
- alert: "PrometheusDown"
|
|
expr: absent(up{container="prometheus",job="prometheus-kube-prometheus-prometheus",namespace="prometheus"})
|
|
global:
|
|
resolve_timeout: 5m
|
|
route:
|
|
receiver: pagerduty
|
|
group_by:
|
|
- alertname
|
|
routes:
|
|
- receiver: snitch
|
|
match:
|
|
alertname: Watchdog
|
|
group_wait: 0s
|
|
group_interval: 1m
|
|
repeat_interval: 50s
|
|
group_wait: 60s
|
|
group_interval: 15m
|
|
repeat_interval: 24h
|
|
receivers:
|
|
- name: pagerduty
|
|
pagerduty_configs:
|
|
- routing_key: e67f3a24f11c450ad060128f20ffa5d1
|
|
url: https://events.pagerduty.com/v2/enqueue
|
|
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-ruler.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-ruler.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-ruler-tls
|
|
persistence:
|
|
enabled: true
|
|
storageClass: "local-storage"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
## @section Thanos Receive parameters
|
|
|
|
receive:
|
|
enabled: false
|
|
mode: standalone
|
|
replicationFactor: 1
|
|
replicaLabel: replica
|
|
tsdbRetention: 15d
|
|
config:
|
|
- endpoints:
|
|
- "127.0.0.1:10901"
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-receive.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-receive.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-receive-tls
|
|
persistence:
|
|
enabled: true
|
|
storageClass: "local-storage"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
## @section Metrics parameters
|
|
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
|
|
## @section MinIO® chart parameters
|
|
|
|
minio:
|
|
enabled: true
|
|
accessKey:
|
|
password: "thanos"
|
|
secretKey:
|
|
password: "en to tre fire"
|
|
defaultBuckets: thanos
|
|
ingress:
|
|
enabled: true
|
|
certManager: false
|
|
hostname: thanos-minio.{{ .Values.cluster_config.domain }}
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
extraTls:
|
|
- hosts:
|
|
- thanos-minio.{{ .Values.cluster_config.domain }}
|
|
secretName: thanos-minio-tls
|
|
project: sys
|
|
syncPolicy:
|
|
managedNamespaceMetadata:
|
|
labels:
|
|
component: sys
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ApplyOutOfSyncOnly=true
|
|
{{- if .Values.prometheus.autosync }}
|
|
automated:
|
|
prune: true
|
|
# selfHeal: false
|
|
{{- end }}
|
|
{{ end }}
|