Moritz Jörg
9e1beb6895
Rewrite of some of the Apps to Nix. Tried to convert
ApplicationSets to simple Applications with an ${env}
modifier.
125 lines
3.2 KiB
Nix
125 lines
3.2 KiB
Nix
{ lib, config, ... }:
|
|
let
|
|
cfg = config.apps.tempo;
|
|
env = config.apps.env;
|
|
|
|
values = lib.apps.appValues {
|
|
inherit env;
|
|
extraValues = {
|
|
tempo = {
|
|
storage = {
|
|
trace = {
|
|
backend = "s3";
|
|
s3 = {
|
|
bucket = cfg.s3.bucket;
|
|
endpoint = cfg.s3.endpoint;
|
|
access_key = "\${S3SECRET}";
|
|
secret_key = "\${S3KEY}";
|
|
insecure = true;
|
|
};
|
|
local = {
|
|
path = "/var/tempo/traces";
|
|
};
|
|
wal = {
|
|
path = "/var/tempo/wal";
|
|
};
|
|
};
|
|
};
|
|
metricsGenerator = {
|
|
enabled = true;
|
|
remoteWriteUrl = "http://prom-prometheus.prometheus:9090/api/v1/write";
|
|
};
|
|
extraEnv = [
|
|
{
|
|
name = "S3KEY";
|
|
valueFrom.secretKeyRef = {
|
|
name = cfg.secret.name;
|
|
key = cfg.secret.accessKey;
|
|
};
|
|
}
|
|
{
|
|
name = "S3SECRET";
|
|
valueFrom.secretKeyRef = {
|
|
name = cfg.secret.name;
|
|
key = cfg.secret.secretKey;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
tempoQuery = {
|
|
ingress = {
|
|
enabled = true;
|
|
ingressClassName = "nginx";
|
|
annotations = {
|
|
"cert-manager.io/cluster-issuer" = "letsencrypt-staging";
|
|
"nginx.ingress.kubernetes.io/ssl-redirect" = "true";
|
|
"atlantis.oceanbox.io/expose" = "internal";
|
|
};
|
|
path = "/";
|
|
pathType = "Prefix";
|
|
hosts = [ "query.tempo.adm.oceanbox.io" ];
|
|
tls = [{
|
|
secretName = "tempo-query-tls";
|
|
hosts = [ "query.tempo.adm.oceanbox.io" ];
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
in
|
|
{
|
|
options.apps.tempo = lib.apps.appOptions {
|
|
revision = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "1.10.3";
|
|
description = "Tempo chart version";
|
|
};
|
|
s3 = {
|
|
bucket = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "tempo-traces";
|
|
description = "S3 bucket for traces";
|
|
};
|
|
endpoint = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "http://10.255.241.30:30080";
|
|
description = "S3 endpoint";
|
|
};
|
|
};
|
|
secret = {
|
|
name = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "tempo-s3";
|
|
description = "Name of the S3 credentials secret";
|
|
};
|
|
accessKey = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "AWS_ACCESS_KEY_ID";
|
|
description = "Access key field in secret";
|
|
};
|
|
secretKey = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "AWS_ACCESS_KEY_SECRET";
|
|
description = "Secret key field in secret";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.apps.appConfig cfg "tempo" {
|
|
namespace = "argocd";
|
|
helm.releases.tempo = {
|
|
inherit values;
|
|
chart = lib.helm.downloadHelmChart {
|
|
repo = "https://grafana.github.io/helm-charts";
|
|
chart = "tempo";
|
|
version = cfg.revision;
|
|
};
|
|
};
|
|
annotations = {
|
|
"argocd.argoproj.io/sync-options" = "SkipDryRunOnMissingResource=true";
|
|
};
|
|
};
|
|
}
|