From cea8076b752c2ced43b1c79a51c77f2c3859bbfa Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Fri, 3 May 2024 15:38:07 +0100 Subject: [PATCH 1/5] Start using a secret Signed-off-by: Michel Hollands --- charts/meta-monitoring/values.yaml | 77 ++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 14 deletions(-) diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml index 77dae8c..74b48df 100644 --- a/charts/meta-monitoring/values.yaml +++ b/charts/meta-monitoring/values.yaml @@ -229,9 +229,9 @@ loki: common: storage: s3: - access_key_id: "{{ .Values.global.minio.rootUser }}" + access_key_id: "${rootUser}" endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: "{{ .Values.global.minio.rootPassword }}" + secret_access_key: "${rootPassword}" compactor: retention_enabled: true delete_request_store: s3 @@ -254,8 +254,24 @@ loki: installOperator: false lokiCanary: enabled: false - test: - enabled: false + write: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + read: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + backend: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" alloy: alloy: @@ -292,29 +308,33 @@ alloy: mimir-distributed: minio: enabled: false + global: + extraEnvFrom: + - secretRef: + name: "mmc-minio" mimir: structuredConfig: alertmanager_storage: s3: bucket_name: mimir-ruler - access_key_id: "{{ .Values.global.minio.rootUser }}" + access_key_id: ${rootUser2} endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: "{{ .Values.global.minio.rootPassword }}" + secret_access_key: ${rootPassword} insecure: true blocks_storage: backend: s3 s3: bucket_name: mimir-tsdb - access_key_id: "{{ .Values.global.minio.rootUser }}" + access_key_id: ${rootUser3} endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: "{{ .Values.global.minio.rootPassword }}" + secret_access_key: ${rootPassword} insecure: true ruler_storage: s3: bucket_name: mimir-ruler - access_key_id: "{{ .Values.global.minio.rootUser }}" + access_key_id: "${rootUser4}" endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: "{{ .Values.global.minio.rootPassword }}" + secret_access_key: ${rootPassword} insecure: true limits: compactor_blocks_retention_period: 30d @@ -328,12 +348,42 @@ tempo-distributed: s3: bucket: tempo endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - access_key: "{{ .Values.global.minio.rootUser }}" - secret_key: "{{ .Values.global.minio.rootPassword }}" + access_key: "${rootUser}" + secret_key: "${rootPassword}" insecure: true compactor: compaction: block_retention: 30d + distributor: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + ingester: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + compactor: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + querier: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" + queryFrontend: + extraArgs: + - "-config.expand-env=true" + extraEnvFrom: + - secretRef: + name: "mmc-minio" traces: otlp: http: @@ -342,8 +392,7 @@ tempo-distributed: enabled: true minio: - rootUser: rootuser - rootPassword: rootpassword + existingSecret: "mmc-minio" buckets: - name: loki-chunks policy: none From 2739bae0c0050d65c3b8470521384e5c150f589f Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Fri, 3 May 2024 15:40:36 +0100 Subject: [PATCH 2/5] Use correct variables Signed-off-by: Michel Hollands --- charts/meta-monitoring/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml index 74b48df..ea69f48 100644 --- a/charts/meta-monitoring/values.yaml +++ b/charts/meta-monitoring/values.yaml @@ -317,7 +317,7 @@ mimir-distributed: alertmanager_storage: s3: bucket_name: mimir-ruler - access_key_id: ${rootUser2} + access_key_id: ${rootUser} endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" secret_access_key: ${rootPassword} insecure: true @@ -325,7 +325,7 @@ mimir-distributed: backend: s3 s3: bucket_name: mimir-tsdb - access_key_id: ${rootUser3} + access_key_id: ${rootUser} endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" secret_access_key: ${rootPassword} insecure: true From c6889131a7485b44afc566b8c379378f36e15f29 Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Mon, 6 May 2024 16:12:48 +0100 Subject: [PATCH 3/5] Use structuredConfig correctly Signed-off-by: Michel Hollands --- charts/meta-monitoring/values.yaml | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml index ea69f48..7e44b62 100644 --- a/charts/meta-monitoring/values.yaml +++ b/charts/meta-monitoring/values.yaml @@ -317,25 +317,22 @@ mimir-distributed: alertmanager_storage: s3: bucket_name: mimir-ruler - access_key_id: ${rootUser} - endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: ${rootPassword} - insecure: true blocks_storage: backend: s3 s3: bucket_name: mimir-tsdb - access_key_id: ${rootUser} - endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: ${rootPassword} - insecure: true ruler_storage: s3: bucket_name: mimir-ruler - access_key_id: "${rootUser4}" - endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" - secret_access_key: ${rootPassword} - insecure: true + common: + storage: + backend: s3 + s3: + bucket_name: mimir-ruler + access_key_id: "${rootUser}" + endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000" + secret_access_key: "${rootPassword}" + insecure: true limits: compactor_blocks_retention_period: 30d @@ -351,9 +348,6 @@ tempo-distributed: access_key: "${rootUser}" secret_key: "${rootPassword}" insecure: true - compactor: - compaction: - block_retention: 30d distributor: extraArgs: - "-config.expand-env=true" From 386ff25fca0044ad4088de69dfd3dbdbf7c7c213 Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Mon, 6 May 2024 16:18:44 +0100 Subject: [PATCH 4/5] Use the secret in the ruler for the dashboards Signed-off-by: Michel Hollands --- charts/meta-monitoring/templates/ruler/ruler.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/meta-monitoring/templates/ruler/ruler.yaml b/charts/meta-monitoring/templates/ruler/ruler.yaml index c3af965..21caa5b 100644 --- a/charts/meta-monitoring/templates/ruler/ruler.yaml +++ b/charts/meta-monitoring/templates/ruler/ruler.yaml @@ -49,6 +49,9 @@ spec: - containerPort: 7946 name: memberlist protocol: TCP + envFrom: + - secretRef: + name: mmc-minio readinessProbe: failureThreshold: 3 httpGet: From ab42a96949af5be56208e602ea936ad6bc25c43b Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Mon, 6 May 2024 16:29:33 +0100 Subject: [PATCH 5/5] Update installation instructions Signed-off-by: Michel Hollands --- charts/meta-monitoring/values.yaml | 2 +- docs/installation.md | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml index 7e44b62..2c8065c 100644 --- a/charts/meta-monitoring/values.yaml +++ b/charts/meta-monitoring/values.yaml @@ -386,7 +386,7 @@ tempo-distributed: enabled: true minio: - existingSecret: "mmc-minio" + existingSecret: "minio" buckets: - name: loki-chunks policy: none diff --git a/docs/installation.md b/docs/installation.md index e827d5c..0c53f40 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -25,17 +25,17 @@ ``` kubectl create secret generic logs -n meta \ --from-literal=username= \ - --from-literal=password= + --from-literal=password= \ --from-literal=endpoint='https://logs-prod-us-central1.grafana.net/loki/api/v1/push' kubectl create secret generic metrics -n meta \ --from-literal=username= \ - --from-literal=password= + --from-literal=password= \ --from-literal=endpoint='https://prometheus-us-central1.grafana.net/api/prom/push' kubectl create secret generic traces -n meta \ --from-literal=username= \ - --from-literal=password= + --from-literal=password= \ --from-literal=endpoint='https://otlp-gateway-prod-us-east-0.grafana.net/otlp' ``` @@ -67,6 +67,14 @@ kubectl create namespace meta ``` +1. Create a secret with the user and password for the local Minio: + + ``` + kubectl create secret generic minio -n meta \ + --from-literal=rootPassword= \ + --from-literal=rootUser= + ``` + 1. Create a values.yaml file based on the [default one](../charts/meta-monitoring/values.yaml). An example minimal values.yaml looks like this: ```