Update installation instructions

Signed-off-by: Michel Hollands <michel.hollands@gmail.com>

.github/configs/updatecli.d/grafana.yaml

@@ -1,30 +0,0 @@
-name: Bump grafana version specified in the values.yaml
-sources:
-    latestGrafanaRelease:
-        name: Get latest grafana release on Github
-        kind: githubrelease
-        spec:
-            owner: grafana
-            repository: grafana
-            token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
-            versionfilter:
-                kind: latest
-        transformers:
-          - trimprefix: "v"
-conditions:
-    grafanaImagePublished:
-        name: Ensure the latest Grafana is published on DockerHub
-        kind: dockerimage
-        source-id: latestGrafanaRelease
-        spec:
-            image: "grafana/grafana"
-targets:
-    grafana:
-        name: Update Grafana version in values.yaml
-        kind: helmchart
-        spec:
-            file: values.yaml
-            key: $.grafana.version
-            name: charts/meta-monitoring
-            versionincrement: none
-        sourceid: latestGrafanaRelease

.github/workflows/check-for-dependency-updates.yaml

@@ -175,35 +175,3 @@ jobs:
                 labels: dependencies
                 branch: chore/update-minio
                 delete-branch: true
-
-    updateGrafana:
-        name: Update the Grafana version
-        runs-on: "ubuntu-latest"
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v2
-
-            - name: Install Updatecli
-              uses: updatecli/updatecli-action@v2
-
-            - name: Run Updatecli
-              id: update-grafana
-              run: |
-                updatecli apply --config ${UPDATECLI_CONFIG_DIR}/grafana.yaml
-                if ! git diff --exit-code > /dev/null; then
-                  echo "changed=true" >> "${GITHUB_OUTPUT}"
-                fi
-
-            - name: Create pull request
-              if: steps.update-grafana.outputs.changed == 'true'
-              uses: peter-evans/create-pull-request@v5
-              with:
-                title: "[dependency] Update the Grafana version"
-                body: "Updates the Grafana version"
-                base: main
-                author: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>"
-                committer: "GitHub <noreply@github.com>"
-                commit-message: Update Grafana version
-                labels: dependencies
-                branch: chore/update-minio
-                delete-branch: true

charts/meta-monitoring/Chart.lock

@@ -1,7 +1,7 @@
 dependencies:
 - name: loki
   repository: https://grafana.github.io/helm-charts
-  version: 6.5.0
+  version: 6.4.2
 - name: alloy
   repository: https://grafana.github.io/helm-charts
   version: 0.1.1
@@ -14,5 +14,5 @@ dependencies:
 - name: minio
   repository: https://charts.min.io
   version: 5.2.0
-digest: sha256:6244c08b5829d6dbd363b736e55c5182274d65191672e7aeecaf3bb62f3f34fb
-generated: "2024-05-07T07:02:47.839270709Z"
+digest: sha256:1b5cc2c89ce11b6f0f1c02d7459ac9202577ac4e56bae9cc7e54e253a27df265
+generated: "2024-05-03T07:02:27.762464734Z"

charts/meta-monitoring/Chart.yaml

@@ -22,7 +22,7 @@ appVersion: "0.0.1"
 dependencies:
 - name: loki
   repository: https://grafana.github.io/helm-charts
-  version: 6.5.0
+  version: 6.4.2
   condition: local.logs.enabled
 - name: alloy
   repository: https://grafana.github.io/helm-charts

charts/meta-monitoring/templates/grafana/grafana.yaml

@@ -32,7 +32,7 @@ spec:
           - 0
       containers:
         - name: grafana
-          image: grafana/grafana:{{- .Values.grafana.version }}
+          image: grafana/grafana:10.0.0
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000

charts/meta-monitoring/templates/ruler/ruler.yaml

@@ -49,6 +49,9 @@ spec:
             - containerPort: 7946
               name: memberlist
               protocol: TCP
+          envFrom:
+          - secretRef:
+             name: mmc-minio
           readinessProbe:
             failureThreshold: 3
             httpGet:

charts/meta-monitoring/values.yaml

@@ -31,7 +31,6 @@ local:
     enabled: false  # This should be set to true if any of the previous is enabled
 
 grafana:
-  version: 10.0.0
   # Gateway ingress configuration
   ingress:
     # -- Specifies whether an ingress for the gateway should be created
@@ -230,9 +229,9 @@ loki:
       common:
         storage:
           s3:
-            access_key_id: "{{ .Values.global.minio.rootUser }}"
+            access_key_id: "${rootUser}"
             endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-            secret_access_key: "{{ .Values.global.minio.rootPassword }}"
+            secret_access_key: "${rootPassword}"
       compactor:
         retention_enabled: true
         delete_request_store: s3
@@ -255,8 +254,24 @@ loki:
         installOperator: false
     lokiCanary:
       enabled: false
-  test:
-    enabled: false
+  write:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  read:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  backend:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
 
 alloy:
   alloy:
@@ -293,30 +308,31 @@ alloy:
 mimir-distributed:
   minio:
     enabled: false
+  global:
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
   mimir:
     structuredConfig:
       alertmanager_storage:
         s3:
           bucket_name: mimir-ruler
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
       blocks_storage:
         backend: s3
         s3:
           bucket_name: mimir-tsdb
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
       ruler_storage:
         s3:
           bucket_name: mimir-ruler
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
+      common:
+        storage:
+          backend: s3
+          s3:
+            bucket_name: mimir-ruler
+            access_key_id: "${rootUser}"
+            endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
+            secret_access_key: "${rootPassword}"
+            insecure: true
       limits:
         compactor_blocks_retention_period: 30d
 
@@ -329,12 +345,39 @@ tempo-distributed:
           s3:
             bucket: tempo
             endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-            access_key: "{{ .Values.global.minio.rootUser }}"
-            secret_key: "{{ .Values.global.minio.rootPassword }}"
+            access_key: "${rootUser}"
+            secret_key: "${rootPassword}"
             insecure: true
-      compactor:
-        compaction:
-          block_retention: 30d
+  distributor:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  ingester:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  compactor:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  querier:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
+  queryFrontend:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "mmc-minio"
   traces:
     otlp:
       http:
@@ -343,8 +386,7 @@ tempo-distributed:
         enabled: true
 
 minio:
-  rootUser: rootuser
-  rootPassword: rootpassword
+  existingSecret: "minio"
   buckets:
     - name: loki-chunks
       policy: none

docs/installation.md

@@ -25,17 +25,17 @@
    ```
    kubectl create secret generic logs -n meta \
     --from-literal=username=<logs username> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://logs-prod-us-central1.grafana.net/loki/api/v1/push'
 
    kubectl create secret generic metrics -n meta \
     --from-literal=username=<metrics username> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://prometheus-us-central1.grafana.net/api/prom/push'
 
    kubectl create secret generic traces -n meta \
     --from-literal=username=<OTLP instance ID> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://otlp-gateway-prod-us-east-0.grafana.net/otlp'
    ```
 
@@ -67,6 +67,14 @@
    kubectl create namespace meta
    ```
 
+1. Create a secret with the user and password for the local Minio:
+
+   ```
+   kubectl create secret generic minio -n meta \
+    --from-literal=rootPassword=<password> \
+    --from-literal=rootUser=<user>
+   ```
+
 1. Create a values.yaml file based on the [default one](../charts/meta-monitoring/values.yaml). An example minimal values.yaml looks like this:
 
    ```