diff --git a/.circleci/config.yml b/.circleci/config.yml index 690122142a..b23350442b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2.1 jobs: build: docker: - - image: cimg/go:1.19 + - image: cimg/go:1.21 steps: - checkout - run: make vendor_jsonnet diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 79bfbe472c..8196decb7e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.19 + go-version: 1.21 - name: Vendor run: make vendor_jsonnet - name: Build diff --git a/go.mod b/go.mod index 08e79ed61a..32dc30cf2b 100644 --- a/go.mod +++ b/go.mod @@ -1,12 +1,16 @@ module github.com/rhobs/configuration -go 1.19 +go 1.21 require ( - github.com/bwplotka/mimic v0.1.1-0.20220621130344-a6338e3b8238 - github.com/observatorium/api v0.1.3-0.20220621123450-69c5f2661d01 + github.com/bwplotka/mimic v0.2.1-0.20230303101552-f705cca2f4a4 + github.com/observatorium/api v0.1.3-0.20230711132510-96e8799ade44 + github.com/observatorium/observatorium v0.0.0-00010101000000-000000000000 + github.com/openshift/api v3.9.0+incompatible github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.68.0 github.com/pyrra-dev/pyrra v0.7.0 + gopkg.in/yaml.v3 v3.0.1 + k8s.io/api v0.28.2 k8s.io/apimachinery v0.28.2 ) @@ -50,6 +54,7 @@ require ( github.com/prometheus/prometheus v1.8.2-0.20220211202545-56e14463bccf // indirect github.com/rodaine/hclencoder v0.0.1 // indirect github.com/stretchr/testify v1.8.4 // indirect + github.com/thanos-io/thanos v0.32.2 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/goleak v1.2.1 // indirect go.uber.org/zap v1.26.0 // indirect @@ -66,8 +71,6 @@ require ( gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.28.2 // indirect k8s.io/apiextensions-apiserver v0.28.2 // indirect k8s.io/client-go v0.28.2 // indirect k8s.io/klog/v2 v2.100.1 // indirect @@ -78,3 +81,6 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +// Delete when https://github.com/observatorium/observatorium/pull/543 is merged to main branch +replace github.com/observatorium/observatorium => github.com/thibaultmg/observatorium v0.0.0-20231002130052-3e0c7849c81f diff --git a/go.sum b/go.sum index 203a080e46..a8b0fc4a61 100644 --- a/go.sum +++ b/go.sum @@ -171,8 +171,9 @@ github.com/aws/aws-sdk-go v1.30.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.40.11/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.42.31 h1:tSv/YzjrFlbSqWmov9quBxrSNXLPUjJI7nPEB57S1+M= github.com/aws/aws-sdk-go v1.42.31/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= +github.com/aws/aws-sdk-go v1.44.245 h1:KtY2s4q31/kn33AdV63R5t77mdxsI7rq3YT7Mgo805M= +github.com/aws/aws-sdk-go v1.44.245/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/benbjohnson/immutable v0.2.1/go.mod h1:uc6OHo6PN2++n98KHLxW8ef4W42ylHiQSENghE1ezxI= github.com/benbjohnson/tmpl v1.0.0/go.mod h1:igT620JFIi44B6awvU9IsDhR77IXWtFigTLil/RPdps= @@ -195,8 +196,8 @@ github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/bwplotka/mimic v0.1.1-0.20220621130344-a6338e3b8238 h1:Fp7YvZafMgDnF/xGmczsMKzqlZvPFS05BJuC0AOqNoQ= -github.com/bwplotka/mimic v0.1.1-0.20220621130344-a6338e3b8238/go.mod h1:TT/FO4KJ2iOjxaBxrHmhGawOOgVGSMupSiiEgBQZpxE= +github.com/bwplotka/mimic v0.2.1-0.20230303101552-f705cca2f4a4 h1:z6ej4tVVkGgRXpdGB/p0qh1slebb/yI5TTYl3EFf4tw= +github.com/bwplotka/mimic v0.2.1-0.20230303101552-f705cca2f4a4/go.mod h1:TT/FO4KJ2iOjxaBxrHmhGawOOgVGSMupSiiEgBQZpxE= github.com/c-bata/go-prompt v0.2.2/go.mod h1:VzqtzE2ksDBcdln8G7mk2RX9QyGjH+OVqOCSiVIqS34= github.com/cactus/go-statsd-client/statsd v0.0.0-20191106001114-12b4e2b38748/go.mod h1:l/bIBLeOl9eX+wxJAzxS4TveKRtAqlyDpHjhkfO0MEI= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= @@ -380,7 +381,10 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/eclipse/paho.mqtt.golang v1.2.0/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= +github.com/efficientgo/core v1.0.0-rc.2 h1:7j62qHLnrZqO3V3UA0AqOGd5d5aXV3AX6m/NZBHp78I= +github.com/efficientgo/core v1.0.0-rc.2/go.mod h1:FfGdkzWarkuzOlY04VY+bGfb1lWrjaL6x/GLcQ4vJps= github.com/efficientgo/tools/core v0.0.0-20220225185207-fe763185946b h1:ZHiD4/yE4idlbqvAO6iYCOYRzOMRpxkW+FKasRA3tsQ= +github.com/efficientgo/tools/core v0.0.0-20220225185207-fe763185946b/go.mod h1:OmVcnJopJL8d3X3sSXTiypGoUSgFq1aDGmlrdi9dn/M= github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -402,6 +406,7 @@ github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -456,6 +461,7 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= +github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -564,6 +570,7 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= @@ -701,8 +708,9 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y= github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -800,6 +808,7 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/flux v0.65.0/go.mod h1:BwN2XG2lMszOoquQaFdPET8FRQfrXiZsWmcMO9rkaVY= github.com/influxdata/flux v0.131.0/go.mod h1:CKvnYe6FHpTj/E0YGI7TcOZdGiYHoToOPSnoa12RtKI= @@ -875,6 +884,7 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -988,8 +998,8 @@ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OS github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/observatorium/api v0.1.3-0.20220621123450-69c5f2661d01 h1:RH3c6jLZBEXvTbCOjKaRO+q177oGEA8h+yoeDLYOHlA= -github.com/observatorium/api v0.1.3-0.20220621123450-69c5f2661d01/go.mod h1:BvCKJmkIxb578L3fK3IH3jA6A6jWmIVB+HKbyTKEmrc= +github.com/observatorium/api v0.1.3-0.20230711132510-96e8799ade44 h1:QX1PSo1E9PdUbVJkA5FhZ1BA0GzDTfDLW3dbrGbjU5k= +github.com/observatorium/api v0.1.3-0.20230711132510-96e8799ade44/go.mod h1:xwDIn6xpTsymHor6ST57bJQm4FXjey31OfHyEKDFsdM= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= @@ -1005,8 +1015,9 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.3 h1:3s86PZkI1ApJh6HFIzC1gXby/mIyZqfE5zxSvtoBSsM= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -1015,6 +1026,7 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1039,6 +1051,8 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/openshift/api v3.9.0+incompatible h1:fJ/KsefYuZAjmrr3+5U9yZIZbTOpVkDDLDLFresAeYs= +github.com/openshift/api v3.9.0+incompatible/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing-contrib/go-stdlib v0.0.0-20190519235532-cf7a6c988dc9/go.mod h1:PLldrQSroqzH70Xl+1DQcGnefIbqsKR7UDaiux3zV+w= github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NHziSmy2W5GbdQZFUHADCBU= @@ -1160,6 +1174,7 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -1240,6 +1255,10 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= +github.com/thanos-io/thanos v0.32.2 h1:W9vzOUdiIBKUc947IbTPAj4Lnv5r4MP8iXuUF1G1GkM= +github.com/thanos-io/thanos v0.32.2/go.mod h1:zfpzKCtqaqCy1D9/6ksZfL+U+KKt8mkcX6v3btuDHgg= +github.com/thibaultmg/observatorium v0.0.0-20231002130052-3e0c7849c81f h1:bs2Q0quoMiEXncDLKSyzzj2K57zwE64aIebMLxWQ83s= +github.com/thibaultmg/observatorium v0.0.0-20231002130052-3e0c7849c81f/go.mod h1:Bfegly2FCsugSsgbEQ+2wGW14Hj6pH7yaE+vQA/dw2M= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tinylib/msgp v1.0.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= @@ -1340,6 +1359,7 @@ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+ go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -1532,6 +1552,7 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1766,6 +1787,7 @@ golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyj golang.org/x/tools v0.1.9-0.20211209172050-90a85b2969be/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2026,6 +2048,7 @@ k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeY k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= k8s.io/component-base v0.28.2 h1:Yc1yU+6AQSlpJZyvehm/NkJBII72rzlEsd6MkBQ+G0E= +k8s.io/component-base v0.28.2/go.mod h1:4IuQPQviQCg3du4si8GpMrhAIegxpsgPngPRR/zWpzc= k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= diff --git a/mimic.go b/mimic.go index 21ae4adaef..15ab5012fd 100644 --- a/mimic.go +++ b/mimic.go @@ -3,6 +3,7 @@ package main import ( "github.com/bwplotka/mimic" cfgobservatorium "github.com/rhobs/configuration/configuration/observatorium" + services "github.com/rhobs/configuration/services_go" ) func main() { @@ -13,4 +14,8 @@ func main() { cfgobservatorium.GenSLO(gen.With("observability", "prometheusrules", "pyrra"), gen.With("observability", "prometheusrules")) cfgobservatorium.GenerateRBAC(gen.With(".tmp", "tenants")) + + // Generate the manifests for all observatorium instances. + services.Generate(gen.With("services")) + } diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-default-template.yaml new file mode 100755 index 0000000000..793d65d315 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-default-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-default +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-default + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + prometheus: app-sre + name: observatorium-thanos-compact-default + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + serviceName: observatorium-thanos-compact-default + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: default-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: default-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: default-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: default-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: default-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-default + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-default + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-default + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-default + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-rhel-template.yaml new file mode 100755 index 0000000000..0afd164aff --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-rhel-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-rhel +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-rhel + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + prometheus: app-sre + name: observatorium-thanos-compact-rhel + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + serviceName: observatorium-thanos-compact-rhel + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: rhel-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: rhel-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: rhel-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: rhel-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: rhel-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-rhel + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-rhel + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-rhel + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-rhel + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-shared-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-shared-template.yaml new file mode 100755 index 0000000000..88e0cb09fc --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-shared-template.yaml @@ -0,0 +1,343 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-shared +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-shared + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + prometheus: app-sre + name: observatorium-thanos-compact-shared + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + serviceName: observatorium-thanos-compact-shared + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --retention.resolution-1h=8760h0m0s + - --retention.resolution-5m=8760h0m0s + - --retention.resolution-raw=8760h0m0s + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: shared-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: shared-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: shared-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: shared-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: shared-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-shared + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-shared + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-shared + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-shared + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml new file mode 100755 index 0000000000..b93eb3fb24 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-telemeter +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-telemeter + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + prometheus: app-sre + name: observatorium-thanos-compact-telemeter + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + serviceName: observatorium-thanos-compact-telemeter + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: telemeter-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: telemeter-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: telemeter-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: telemeter-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: telemeter-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-telemeter + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-telemeter + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-telemeter + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-telemeter + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml new file mode 100755 index 0000000000..4f86d223cb --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-default +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: list-pods-default + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: list-pods-default + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-default + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-default + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: hashmod-config-template-default + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + prometheus: app-sre + name: observatorium-thanos-store-default + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + serviceName: observatorium-thanos-store-default + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: default-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: default-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: default-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: default-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: default-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-default + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml new file mode 100755 index 0000000000..cf67a69732 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-rhel +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: list-pods-rhel + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: list-pods-rhel + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-rhel + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-rhel + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: hashmod-config-template-rhel + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + prometheus: app-sre + name: observatorium-thanos-store-rhel + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + serviceName: observatorium-thanos-store-rhel + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: rhel-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: rhel-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: rhel-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: rhel-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: rhel-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-rhel + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-shared-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-shared-template.yaml new file mode 100755 index 0000000000..428c1b60d0 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-shared-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-shared +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: list-pods-shared + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: list-pods-shared + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-shared + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-shared + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: hashmod-config-template-shared + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + prometheus: app-sre + name: observatorium-thanos-store-shared + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + serviceName: observatorium-thanos-store-shared + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: shared-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: shared-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: shared-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: shared-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: shared-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-shared + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml new file mode 100755 index 0000000000..bb07caaab7 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-telemeter +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: list-pods-telemeter + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: list-pods-telemeter + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-telemeter + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-telemeter + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: hashmod-config-template-telemeter + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + prometheus: app-sre + name: observatorium-thanos-store-telemeter + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + serviceName: observatorium-thanos-store-telemeter + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: telemeter-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: telemeter-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: telemeter-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: telemeter-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: telemeter-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-telemeter + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-default-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-default-template.yaml new file mode 100755 index 0000000000..793d65d315 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-default-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-default +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-default + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + prometheus: app-sre + name: observatorium-thanos-compact-default + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + serviceName: observatorium-thanos-compact-default + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: default-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: default-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: default-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: default-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: default-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-default + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-default + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-default + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-default + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-compact-default + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-rhel-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-rhel-template.yaml new file mode 100755 index 0000000000..0afd164aff --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-rhel-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-rhel +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-rhel + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + prometheus: app-sre + name: observatorium-thanos-compact-rhel + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + serviceName: observatorium-thanos-compact-rhel + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: rhel-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: rhel-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: rhel-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: rhel-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: rhel-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-rhel + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-rhel + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-rhel + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-rhel + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-compact-rhel + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-shared-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-shared-template.yaml new file mode 100755 index 0000000000..88e0cb09fc --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-shared-template.yaml @@ -0,0 +1,343 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-shared +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-shared + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + prometheus: app-sre + name: observatorium-thanos-compact-shared + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + serviceName: observatorium-thanos-compact-shared + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --retention.resolution-1h=8760h0m0s + - --retention.resolution-5m=8760h0m0s + - --retention.resolution-raw=8760h0m0s + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: shared-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: shared-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: shared-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: shared-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: shared-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-shared + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-shared + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-shared + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-shared + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-compact-shared + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml new file mode 100755 index 0000000000..b93eb3fb24 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-compact-telemeter-template.yaml @@ -0,0 +1,340 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-compact-telemeter +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: compact-tls-telemeter + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + prometheus: app-sre + name: observatorium-thanos-compact-telemeter + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + serviceName: observatorium-thanos-compact-telemeter + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-compact + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - compact + - --compact.concurrency=1 + - --data-dir=/var/thanos/compactor + - --deduplication.replica-label=replica + - --delete-delay=24h0m0s + - --downsample.concurrency=1 + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --objstore.config=$(OBJSTORE_CONFIG) + - --wait + - --debug.max-compaction-level=3 + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: telemeter-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: telemeter-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: telemeter-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: telemeter-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: telemeter-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/compactor + name: data + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-compact-telemeter + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:v4.13.0 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: compact-tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-compact-telemeter + terminationGracePeriodSeconds: 120 + volumes: + - name: compact-tls + secret: + secretName: compact-tls-telemeter + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-compact-telemeter + weight: null +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-compact-telemeter + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: database-compactor + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-compact + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: 200m +- name: THANOS_MEMORY_LIMIT + value: 5Gi +- name: THANOS_MEMORY_REQUEST + value: 1Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml new file mode 100755 index 0000000000..4f86d223cb --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-default +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: list-pods-default + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: list-pods-default + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-default + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-default + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: hashmod-config-template-default + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + prometheus: app-sre + name: observatorium-thanos-store-default + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: observatorium-thanos-store-default + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: default + serviceName: observatorium-thanos-store-default + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: default-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: default-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: default-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: default-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: default-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-default + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: default + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml new file mode 100755 index 0000000000..cf67a69732 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-rhel +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: list-pods-rhel + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: list-pods-rhel + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-rhel + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-rhel + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: hashmod-config-template-rhel + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + prometheus: app-sre + name: observatorium-thanos-store-rhel + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: observatorium-thanos-store-rhel + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: rhel + serviceName: observatorium-thanos-store-rhel + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: rhel-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: rhel-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: rhel-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: rhel-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: rhel-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-rhel + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: rhel + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-shared-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-shared-template.yaml new file mode 100755 index 0000000000..428c1b60d0 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-shared-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-shared +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: list-pods-shared + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: list-pods-shared + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-shared + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-shared + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: hashmod-config-template-shared + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + prometheus: app-sre + name: observatorium-thanos-store-shared + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: observatorium-thanos-store-shared + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: shared + serviceName: observatorium-thanos-store-shared + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: shared-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: shared-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: shared-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: shared-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: shared-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-shared + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: shared + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml new file mode 100755 index 0000000000..bb07caaab7 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml @@ -0,0 +1,407 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-store-telemeter +objects: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: list-pods-telemeter + namespace: rhobs + rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: list-pods-telemeter + namespace: rhobs + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: list-pods-telemeter + subjects: + - kind: ServiceAccount + name: observatorium-thanos-store-telemeter + namespace: rhobs +- apiVersion: v1 + data: + entrypoint.sh: "#!/bin/bash\n\n# Kubernetes replicas are named with the following + convention \"-\". \n# This parameter expansion removes + all characters until the last hyphen, capturing only the ordinal.\nexport ORDINAL_INDEX=${HOSTNAME##*-}\n# + This parameter expansion removes all characters after the last hyphen, capturing + only the statefulset name.\nexport STATEFULSET_NAME=\"${HOSTNAME%-*}\"\nexport + THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} + -o=jsonpath='{.status.replicas}')\n\n# Logging parameters\necho \"generating + store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} + HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}\"\n\ncat + </tmp/config/hashmod-config.yaml\n- action: hashmod\n source_labels: + [\"__block_id\"]\n target_label: shard\n modulus: ${THANOS_STORE_REPLICAS}\n- + action: keep\n source_labels: [\"shard\"]\n regex: ${ORDINAL_INDEX}\nEOF\n" + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: hashmod-config-template-telemeter + namespace: rhobs +- apiVersion: policy/v1 + kind: PodDisruptionBudget + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + selector: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + prometheus: app-sre + name: observatorium-thanos-store-telemeter + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter +- apiVersion: apps/v1 + kind: StatefulSet + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: observatorium-thanos-store-telemeter + namespace: rhobs + spec: + replicas: ${THANOS_REPLICAS} + selector: + matchLabels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + observatorium/tenant: telemeter + serviceName: observatorium-thanos-store-telemeter + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-store + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - store + - --data-dir=/var/thanos/store + - --ignore-deletion-marks-delay=24h0m0s + - --log.format=logfmt + - --log.level=${THANOS_LOG_LEVEL} + - --max-time=-22h0m0s + - --objstore.config=$(OBJSTORE_CONFIG) + - --selector.relabel-config-file=/tmp/config/hashmod-config.yaml + - --store.enable-index-header-lazy-reader=true + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: aws_access_key_id + name: telemeter-tenant-s3 + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: aws_secret_access_key + name: telemeter-tenant-s3 + - name: OBJ_STORE_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: telemeter-tenant-s3 + - name: OBJ_STORE_REGION + valueFrom: + secretKeyRef: + key: aws_region + name: telemeter-tenant-s3 + - name: OBJ_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: telemeter-tenant-s3 + - name: OBJSTORE_CONFIG + value: | + type: S3 + config: + bucket: $(OBJ_STORE_BUCKET) + endpoint: $(OBJ_STORE_ENDPOINT) + region: $(OBJ_STORE_REGION) + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${THANOS_MEMORY_LIMIT} + requests: + cpu: ${THANOS_CPU_REQUEST} + memory: ${THANOS_MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/thanos/store + name: data + - mountPath: /etc/config + name: hashmod-config + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - /tmp/entrypoint/entrypoint.sh + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/ubi8-ubi + imagePullPolicy: IfNotPresent + name: init-hashmod-file + resources: {} + volumeMounts: + - mountPath: /tmp/entrypoint + name: hashmod-config-template + - mountPath: /etc/config + name: hashmod-config + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsUser: 65534 + serviceAccountName: observatorium-thanos-store-telemeter + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: hashmod-config + - configMap: + defaultMode: 511 + name: thanos-store + name: hashmod-config-template + updateStrategy: {} + volumeClaimTemplates: + - metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: object-store-gateway + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-store + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + observatorium/tenant: telemeter + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + storageClassName: gp2 +parameters: +- name: THANOS_LOG_LEVEL + value: warn +- name: THANOS_REPLICAS + value: "1" +- name: THANOS_CPU_REQUEST + value: "4" +- name: THANOS_MEMORY_LIMIT + value: 80Gi +- name: THANOS_MEMORY_REQUEST + value: 20Gi diff --git a/services_go/instances/rhobs/rhobs.go b/services_go/instances/rhobs/rhobs.go new file mode 100644 index 0000000000..6fa4bb65f1 --- /dev/null +++ b/services_go/instances/rhobs/rhobs.go @@ -0,0 +1,80 @@ +package rhobs + +import ( + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/compactor" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/store" + "github.com/rhobs/configuration/services_go/observatorium" +) + +func ClusterConfigs() []observatorium.Observatorium { + return []observatorium.Observatorium{ + { + Cluster: "app-sre-stage-01", + Namespace: "rhobs", + Instance: "rhobs", + ThanosImageTag: "v0.32.4", + Stores: []observatorium.ThanosTenantConfig[store.StoreStatefulSet]{ + { + Tenant: "default", + ObjStoreSecret: "default-tenant-s3", + }, + { + Tenant: "rhel", + ObjStoreSecret: "rhel-tenant-s3", + }, + { + Tenant: "telemeter", + ObjStoreSecret: "telemeter-tenant-s3", + }, + }, + Compactors: []observatorium.ThanosTenantConfig[compactor.CompactorStatefulSet]{ + { + Tenant: "default", + ObjStoreSecret: "default-tenant-s3", + }, + { + Tenant: "rhel", + ObjStoreSecret: "rhel-tenant-s3", + }, + { + Tenant: "telemeter", + ObjStoreSecret: "telemeter-tenant-s3", + }, + }, + }, + { + Cluster: "telemeter-prod-01", + Namespace: "rhobs", + Instance: "rhobs", + ThanosImageTag: "v0.32.4", + Stores: []observatorium.ThanosTenantConfig[store.StoreStatefulSet]{ + { + Tenant: "default", + ObjStoreSecret: "default-tenant-s3", + }, + { + Tenant: "rhel", + ObjStoreSecret: "rhel-tenant-s3", + }, + { + Tenant: "telemeter", + ObjStoreSecret: "telemeter-tenant-s3", + }, + }, + Compactors: []observatorium.ThanosTenantConfig[compactor.CompactorStatefulSet]{ + { + Tenant: "default", + ObjStoreSecret: "default-tenant-s3", + }, + { + Tenant: "rhel", + ObjStoreSecret: "rhel-tenant-s3", + }, + { + Tenant: "telemeter", + ObjStoreSecret: "telemeter-tenant-s3", + }, + }, + }, + } +} diff --git a/services_go/observatorium/assets/store-auto-shard-relabel-configMap.sh b/services_go/observatorium/assets/store-auto-shard-relabel-configMap.sh new file mode 100755 index 0000000000..2a6e47ae93 --- /dev/null +++ b/services_go/observatorium/assets/store-auto-shard-relabel-configMap.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Kubernetes replicas are named with the following convention "-". +# This parameter expansion removes all characters until the last hyphen, capturing only the ordinal. +export ORDINAL_INDEX=${HOSTNAME##*-} +# This parameter expansion removes all characters after the last hyphen, capturing only the statefulset name. +export STATEFULSET_NAME="${HOSTNAME%-*}" +export THANOS_STORE_REPLICAS=$(kubectl get statefulset ${STATEFULSET_NAME} -n ${NAMESPACE} -o=jsonpath='{.status.replicas}') + +# Logging parameters +echo "generating store hashmod config with ORDINAL_INDEX=${ORDINAL_INDEX} THANOS_STORE_REPLICAS=${STATEFULSET_NAME} HOSTNAME=${HOSTNAME} NAMESPACE=${NAMESPACE} THANOS_STORE_REPLICAS=${THANOS_STORE_REPLICAS}" + +cat </tmp/config/hashmod-config.yaml +- action: hashmod + source_labels: ["__block_id"] + target_label: shard + modulus: ${THANOS_STORE_REPLICAS} +- action: keep + source_labels: ["shard"] + regex: ${ORDINAL_INDEX} +EOF diff --git a/services_go/observatorium/encoders.go b/services_go/observatorium/encoders.go new file mode 100644 index 0000000000..c6eb900e46 --- /dev/null +++ b/services_go/observatorium/encoders.go @@ -0,0 +1,85 @@ +package observatorium + +import ( + "bytes" + "io" + "regexp" + + "github.com/bwplotka/mimic/encoding" +) + +// statusRemoveEncoder is a YAML encoder wrapper that allows cleaning of the output. +// Wihtout this, the manifests would contain a status section that is not needed. +type statusRemoveEncoder struct { + encoder encoding.Encoder + reader io.Reader +} + +func (c *statusRemoveEncoder) Read(p []byte) (n int, err error) { + if c.reader == nil { + yamlData, err := io.ReadAll(c.encoder) + if err != nil { + panic(err) + } + + // Remove status sections from manifests + yamlData = regexp.MustCompile(`(?m)^( {2})status:\n( {4}.*\n)+`).ReplaceAll(yamlData, []byte{}) + yamlData = regexp.MustCompile(`(?m)^ +status: \{\}\n`).ReplaceAll(yamlData, []byte{}) + c.reader = bytes.NewBuffer(yamlData) + } + + return c.reader.Read(p) +} + +func (c *statusRemoveEncoder) EncodeComment(lines string) []byte { + return c.encoder.EncodeComment(lines) +} + +// templateYAML is a YAML encoder wrapper that allows templating of the output. +// This is used when the target value is not typed as a string in Go. +type templateYAML struct { + encoder encoding.Encoder + reader io.Reader + replacements [][]string // regexp, replace tuples +} + +func NewDefaultTemplateYAML(encoder encoding.Encoder) *templateYAML { + return &templateYAML{ + encoder: encoder, + replacements: [][]string{ + // (?s) is a flag that allows . to match newlines + // .*? is a non-greedy match of any character + // these matchers assume that the main container (thanos) is the first container in the pod + {`(?s)(containers:\n.*?limits:.*?memory: )\S+`, "${1}$${THANOS_MEMORY_LIMIT}"}, // replace memory limit + {`(?s)(containers:\n.*?requests:.*?memory: )\S+`, "${1}$${THANOS_MEMORY_REQUEST}"}, // replace memory request + {`(?s)(containers:\n.*?limits:.*?cpu: )\S+`, "${1}$${THANOS_CPU_REQUEST}"}, // replace cpu request + {`(?s)(kind: (Deployment|StatefulSet).*?replicas: )\d+`, "${1}$${THANOS_REPLICAS}"}, // replace replicas + {`(?s)(containers:\n.*?\s+--log\.level=)\w+`, "${1}$${THANOS_LOG_LEVEL}"}, // replace thanos log level + }, + } +} + +func (c *templateYAML) Read(p []byte) (n int, err error) { + if c.reader == nil { + yamlData, err := io.ReadAll(c.encoder) + if err != nil { + panic(err) + } + + for _, r := range c.replacements { + yamlData = regexp.MustCompile(r[0]).ReplaceAll(yamlData, []byte(r[1])) + } + + c.reader = bytes.NewBuffer(yamlData) + } + + return c.reader.Read(p) +} + +func (c *templateYAML) EncodeComment(lines string) []byte { + return c.encoder.EncodeComment(lines) +} + +func (c *templateYAML) AddReplacement(reg, replace string) { + c.replacements = append(c.replacements, []string{reg, replace}) +} diff --git a/services_go/observatorium/metrics.go b/services_go/observatorium/metrics.go new file mode 100644 index 0000000000..9474781c93 --- /dev/null +++ b/services_go/observatorium/metrics.go @@ -0,0 +1,454 @@ +package observatorium + +import ( + _ "embed" + "fmt" + "maps" + "time" + + "github.com/bwplotka/mimic/encoding" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/compactor" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/store" + "github.com/observatorium/observatorium/configuration_go/k8sutil" + "github.com/observatorium/observatorium/configuration_go/openshift" + "github.com/observatorium/observatorium/configuration_go/schemas/thanos/common" + "github.com/observatorium/observatorium/configuration_go/schemas/thanos/objstore" + objstore3 "github.com/observatorium/observatorium/configuration_go/schemas/thanos/objstore/s3" + trclient "github.com/observatorium/observatorium/configuration_go/schemas/thanos/tracing/client" + "github.com/observatorium/observatorium/configuration_go/schemas/thanos/tracing/jaeger" + routev1 "github.com/openshift/api/route/v1" + templatev1 "github.com/openshift/api/template/v1" + monv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + "gopkg.in/yaml.v3" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + policyv1 "k8s.io/api/policy/v1" + rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +const ( + thanosImage = "quay.io/thanos/thanos" + monitoringNamespace = "openshift-customer-monitoring" + servingCertSecretNameAnnotation = "service.alpha.openshift.io/serving-cert-secret-name" + tenantLabel = "observatorium/tenant" +) + +//go:embed assets/store-auto-shard-relabel-configMap.sh +var storeAutoShardRelabelConfigMap string + +// makeCompactor creates a base compactor component that can be derived from using the preManifestsHook. +func makeCompactor(namespace, imageTag string, cfg ThanosTenantConfig[compactor.CompactorStatefulSet]) encoding.Encoder { + // K8s config + compactorSatefulset := compactor.NewCompactor() + compactorSatefulset.Name = fmt.Sprintf("%s-%s", compactorSatefulset.Name, cfg.Tenant) + compactorSatefulset.CommonLabels[tenantLabel] = cfg.Tenant + compactorSatefulset.Image = thanosImage + compactorSatefulset.ImageTag = imageTag + compactorSatefulset.Namespace = namespace + compactorSatefulset.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].PodAffinityTerm.Namespaces = []string{} + compactorSatefulset.Replicas = 1 + delete(compactorSatefulset.PodResources.Limits, corev1.ResourceCPU) + compactorSatefulset.PodResources.Requests[corev1.ResourceCPU] = resource.MustParse("200m") + compactorSatefulset.PodResources.Requests[corev1.ResourceMemory] = resource.MustParse("1Gi") + compactorSatefulset.PodResources.Limits[corev1.ResourceMemory] = resource.MustParse("5Gi") + compactorSatefulset.VolumeType = "gp2" + compactorSatefulset.VolumeSize = "500Gi" + compactorSatefulset.Env = deleteObjStoreEnv(compactorSatefulset.Env) // delete the default objstore env vars + compactorSatefulset.Env = append(compactorSatefulset.Env, objStoreEnvVars(cfg.ObjStoreSecret)...) + tlsSecret := "compact-tls-" + cfg.Tenant + compactorSatefulset.Sidecars = []k8sutil.ContainerProvider{makeOauthProxy(10902, namespace, compactorSatefulset.Name, tlsSecret)} + + // Compactor config + compactorSatefulset.Options.LogLevel = common.LogLevelWarn + compactorSatefulset.Options.RetentionResolutionRaw = 0 + compactorSatefulset.Options.RetentionResolution5m = 0 + compactorSatefulset.Options.RetentionResolution1h = 0 + compactorSatefulset.Options.DeleteDelay = 24 * time.Hour + compactorSatefulset.Options.CompactConcurrency = 1 + compactorSatefulset.Options.DownsampleConcurrency = 1 + compactorSatefulset.Options.DeduplicationReplicaLabel = "replica" + compactorSatefulset.Options.AddExtraOpts("--debug.max-compaction-level=3") + + // Execute preManifestsHook + if cfg.PreManifestsHook != nil { + cfg.PreManifestsHook(compactorSatefulset) + } + + // Post process + manifests := compactorSatefulset.Manifests() + service := getObject[*corev1.Service](manifests) + service.ObjectMeta.Annotations[servingCertSecretNameAnnotation] = tlsSecret + postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), compactorSatefulset.Namespace) + + // Add pod disruption budget + labels := maps.Clone(getObject[*appsv1.StatefulSet](manifests).ObjectMeta.Labels) + delete(labels, k8sutil.VersionLabel) + manifests["store-pdb"] = &policyv1.PodDisruptionBudget{ + TypeMeta: metav1.TypeMeta{ + Kind: "PodDisruptionBudget", + APIVersion: policyv1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: compactorSatefulset.Name, + Namespace: namespace, + Labels: labels, + }, + Spec: policyv1.PodDisruptionBudgetSpec{ + MaxUnavailable: &intstr.IntOrString{ + + Type: intstr.Int, + IntVal: 1, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: labels, + }, + }, + } + + // Add route for oauth-proxy + manifests["oauth-proxy-route"] = &routev1.Route{ + TypeMeta: metav1.TypeMeta{ + Kind: "Route", + APIVersion: routev1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: compactorSatefulset.Name, + Namespace: namespace, + Labels: labels, + Annotations: map[string]string{ + "cert-manager.io/issuer-kind": "ClusterIssuer", + "cert-manager.io/issuer-name": "letsencrypt-prod-http", + }, + }, + Spec: routev1.RouteSpec{ + Port: &routev1.RoutePort{ + TargetPort: intstr.FromString("https"), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: compactorSatefulset.Name, + }, + }, + } + + // Wrap in template, add parameters + defaultParams := defaultTemplateParams(defaultTemplateParamsConfig{ + LogLevel: string(compactorSatefulset.Options.LogLevel), + Replicas: compactorSatefulset.Replicas, + CPURequest: compactorSatefulset.PodResources.Requests[corev1.ResourceCPU], + MemoryLimit: compactorSatefulset.PodResources.Limits[corev1.ResourceMemory], + MemoryRequest: compactorSatefulset.PodResources.Requests[corev1.ResourceMemory], + }) + template := openshift.WrapInTemplate("", manifests, metav1.ObjectMeta{ + Name: compactorSatefulset.Name, + }, append(defaultParams, []templatev1.Parameter{ + { + Name: "OAUTH_PROXY_COOKIE_SECRET", + Generate: "expression", + From: "[a-zA-Z0-9]{40}", + }, + }...)) + + // Adding a special encoder wrapper to replace the templated values in the template with their corresponding template parameter. + return NewDefaultTemplateYAML(encoding.GhodssYAML(template[""])) +} + +// makeStore creates a base store component that can be derived from using the preManifestsHook. +func makeStore(namespace, imageTag string, cfg ThanosTenantConfig[store.StoreStatefulSet]) encoding.Encoder { + // K8s config + storeStatefulSet := store.NewStore() + storeStatefulSet.Name = fmt.Sprintf("%s-%s", storeStatefulSet.Name, cfg.Tenant) + storeStatefulSet.CommonLabels[tenantLabel] = cfg.Tenant + storeStatefulSet.Image = thanosImage + storeStatefulSet.ImageTag = imageTag + storeStatefulSet.Namespace = namespace + storeStatefulSet.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].PodAffinityTerm.Namespaces = []string{} + storeStatefulSet.Replicas = 1 + delete(storeStatefulSet.PodResources.Limits, corev1.ResourceCPU) + storeStatefulSet.PodResources.Requests[corev1.ResourceCPU] = resource.MustParse("4") + storeStatefulSet.PodResources.Requests[corev1.ResourceMemory] = resource.MustParse("20Gi") + storeStatefulSet.PodResources.Limits[corev1.ResourceMemory] = resource.MustParse("80Gi") + storeStatefulSet.VolumeType = "gp2" + storeStatefulSet.VolumeSize = "500Gi" + storeStatefulSet.Env = deleteObjStoreEnv(storeStatefulSet.Env) // delete the default objstore env vars + storeStatefulSet.Env = append(storeStatefulSet.Env, objStoreEnvVars(cfg.ObjStoreSecret)...) + storeStatefulSet.Sidecars = []k8sutil.ContainerProvider{makeJaegerAgent("observatorium-tools")} + + // Store auto-sharding using a configMap and an initContainer + // The configMap contains a script that will be executed by the initContainer + // The script generates the relabeling config based on the replica ordinal and the number of replicas + // The relabeling config is then written to a volume shared with the store container + storeStatefulSet.ConfigMaps[fmt.Sprintf("hashmod-config-template-%s", cfg.Tenant)] = map[string]string{ + "entrypoint.sh": storeAutoShardRelabelConfigMap, + } + initContainer := corev1.Container{ + Name: "init-hashmod-file", + Image: "quay.io/app-sre/ubi8-ubi", + ImagePullPolicy: corev1.PullIfNotPresent, + Args: []string{ + "/tmp/entrypoint/entrypoint.sh", + }, + Env: []corev1.EnvVar{ + { + Name: "NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "hashmod-config-template", + MountPath: "/tmp/entrypoint", + }, + { + Name: "hashmod-config", + MountPath: "/etc/config", + }, + }, + } + + // Store config + storeStatefulSet.Options.LogLevel = common.LogLevelWarn + storeStatefulSet.Options.LogFormat = common.LogFormatLogfmt + storeStatefulSet.Options.IgnoreDeletionMarksDelay = 24 * time.Hour + maxTimeDur := time.Duration(-22) * time.Hour + storeStatefulSet.Options.MaxTime = &common.TimeOrDurationValue{Dur: &maxTimeDur} + storeStatefulSet.Options.SelectorRelabelConfigFile = "/tmp/config/hashmod-config.yaml" + storeStatefulSet.Options.TracingConfig = &trclient.TracingConfig{ + Type: trclient.Jaeger, + Config: jaeger.Config{ + SamplerParam: 2, + SamplerType: jaeger.SamplerTypeRateLimiting, + ServiceName: "thanos-store", + }, + } + storeStatefulSet.Options.StoreEnableIndexHeaderLazyReader = true // Enables parallel rolling update of store nodes. + + // Execute preManifestHook + if cfg.PreManifestsHook != nil { + cfg.PreManifestsHook(storeStatefulSet) + } + + // Post process + manifests := storeStatefulSet.Manifests() + postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), storeStatefulSet.Namespace) + statefulset := getObject[*appsv1.StatefulSet](manifests) + defaultMode := int32(0777) + // Add volumes and volume mounts for the initContainer + statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, corev1.Volume{ + Name: "hashmod-config", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, corev1.Volume{ + Name: "hashmod-config-template", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: storeStatefulSet.CommonLabels[k8sutil.NameLabel], + }, + DefaultMode: &defaultMode, + }, + }, + }) + statefulset.Spec.Template.Spec.InitContainers = append(statefulset.Spec.Template.Spec.InitContainers, initContainer) + mainContainer := &statefulset.Spec.Template.Spec.Containers[0] + mainContainer.VolumeMounts = append(mainContainer.VolumeMounts, corev1.VolumeMount{ + Name: "hashmod-config", + MountPath: "/etc/config", + }) + + // add rbac for reading the number of replicas from the statefulset in the initContainer + labels := maps.Clone(statefulset.ObjectMeta.Labels) + delete(labels, k8sutil.VersionLabel) + listPodsRole := &rbacv1.Role{ + TypeMeta: metav1.TypeMeta{ + Kind: "Role", + APIVersion: rbacv1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("list-pods-%s", cfg.Tenant), + Namespace: namespace, + Labels: labels, + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{"apps"}, + Resources: []string{"statefulsets"}, + Verbs: []string{"get", "list"}, + }, + }, + } + + manifests["list-pods-rbac"] = listPodsRole + + manifests["list-pods-rbac-binding"] = &rbacv1.RoleBinding{ + TypeMeta: metav1.TypeMeta{ + Kind: "RoleBinding", + APIVersion: rbacv1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("list-pods-%s", cfg.Tenant), + Namespace: namespace, + Labels: labels, + }, + Subjects: []rbacv1.Subject{ + { + + Kind: "ServiceAccount", + Name: statefulset.Spec.Template.Spec.ServiceAccountName, + Namespace: namespace, + }, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "Role", + Name: listPodsRole.Name, + APIGroup: "rbac.authorization.k8s.io", + }, + } + + // Add pod disruption budget + manifests["store-pdb"] = &policyv1.PodDisruptionBudget{ + TypeMeta: metav1.TypeMeta{ + Kind: "PodDisruptionBudget", + APIVersion: policyv1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: storeStatefulSet.Name, + Namespace: namespace, + Labels: labels, + }, + Spec: policyv1.PodDisruptionBudgetSpec{ + MaxUnavailable: &intstr.IntOrString{ + + Type: intstr.Int, + IntVal: 1, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: labels, + }, + }, + } + + // Wrap in template + template := openshift.WrapInTemplate("", manifests, metav1.ObjectMeta{ + Name: storeStatefulSet.Name, + }, defaultTemplateParams(defaultTemplateParamsConfig{ + LogLevel: string(storeStatefulSet.Options.LogLevel), + Replicas: storeStatefulSet.Replicas, + CPURequest: storeStatefulSet.PodResources.Requests[corev1.ResourceCPU], + MemoryLimit: storeStatefulSet.PodResources.Limits[corev1.ResourceMemory], + MemoryRequest: storeStatefulSet.PodResources.Requests[corev1.ResourceMemory], + })) + + // Adding a special encoder wrapper to replace the templated values in the template with their corresponding template parameter. + return NewDefaultTemplateYAML(encoding.GhodssYAML(template[""])) +} + +type kubeObject interface { + *corev1.Service | *appsv1.StatefulSet | *monv1.ServiceMonitor | *corev1.ServiceAccount +} + +// getObject returns the first object of type T from the given map of kubernetes objects. +// This helper can be used for doing post processing on the objects. +func getObject[T kubeObject](manifests k8sutil.ObjectMap) T { + for _, obj := range manifests { + if service, ok := obj.(T); ok { + return service + } + } + + panic(fmt.Sprintf("could not find object of type %T", *new(T))) +} + +// postProcessServiceMonitor updates the service monitor to work with the app-sre prometheus. +func postProcessServiceMonitor(serviceMonitor *monv1.ServiceMonitor, namespaceSelector string) { + serviceMonitor.ObjectMeta.Namespace = monitoringNamespace + serviceMonitor.Spec.NamespaceSelector.MatchNames = []string{namespaceSelector} + serviceMonitor.ObjectMeta.Labels["prometheus"] = "app-sre" +} + +// deleteObjStoreEnv deletes the objstore env var from the list of env vars. +// This env var is included by default by the observatorium config for each thanos component. +func deleteObjStoreEnv(objStoreEnv []corev1.EnvVar) []corev1.EnvVar { + for i, env := range objStoreEnv { + if env.Name == "OBJSTORE_CONFIG" { + return append(objStoreEnv[:i], objStoreEnv[i+1:]...) + } + } + + return objStoreEnv +} + +// objStoreEnvVars returns the env vars required for the objstore config. +// Base env vars are taken from the s3 secret generated by app-interface. +// The objstore config env var is generated by aggregating the other env vars. +func objStoreEnvVars(objstoreSecret string) []corev1.EnvVar { + objStoreCfg, err := yaml.Marshal(objstore.BucketConfig{ + Type: objstore.S3, + Config: objstore3.Config{ + Bucket: "$(OBJ_STORE_BUCKET)", + Endpoint: "$(OBJ_STORE_ENDPOINT)", + Region: "$(OBJ_STORE_REGION)", + }, + }) + if err != nil { + panic(err) + } + + return []corev1.EnvVar{ + k8sutil.NewEnvFromSecret("AWS_ACCESS_KEY_ID", objstoreSecret, "aws_access_key_id"), + k8sutil.NewEnvFromSecret("AWS_SECRET_ACCESS_KEY", objstoreSecret, "aws_secret_access_key"), + k8sutil.NewEnvFromSecret("OBJ_STORE_BUCKET", objstoreSecret, "bucket"), + k8sutil.NewEnvFromSecret("OBJ_STORE_REGION", objstoreSecret, "aws_region"), + k8sutil.NewEnvFromSecret("OBJ_STORE_ENDPOINT", objstoreSecret, "endpoint"), + { + Name: "OBJSTORE_CONFIG", + Value: string(objStoreCfg), + }, + } +} + +type defaultTemplateParamsConfig struct { + LogLevel string + Replicas int32 + CPURequest resource.Quantity + MemoryLimit resource.Quantity + MemoryRequest resource.Quantity +} + +// defaultTemplateParams returns the default template parameters for the thanos components. +func defaultTemplateParams(cfg defaultTemplateParamsConfig) []templatev1.Parameter { + return []templatev1.Parameter{ + { + Name: "THANOS_LOG_LEVEL", + Value: cfg.LogLevel, + }, + { + Name: "THANOS_REPLICAS", + Value: fmt.Sprintf("%d", cfg.Replicas), + }, + { + Name: "THANOS_CPU_REQUEST", + Value: cfg.CPURequest.String(), + }, + { + Name: "THANOS_MEMORY_LIMIT", + Value: cfg.MemoryLimit.String(), + }, + { + Name: "THANOS_MEMORY_REQUEST", + Value: cfg.MemoryRequest.String(), + }, + } +} diff --git a/services_go/observatorium/observatorium.go b/services_go/observatorium/observatorium.go new file mode 100644 index 0000000000..255625533c --- /dev/null +++ b/services_go/observatorium/observatorium.go @@ -0,0 +1,51 @@ +package observatorium + +import ( + "github.com/bwplotka/mimic" + "github.com/bwplotka/mimic/encoding" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/compactor" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/store" +) + +// TenantInstanceConfiguration is the configuration for a single tenant in an instance of observatorium. +// type TenantInstanceConfiguration struct { +// IngestRateLimit []struct{} +// QueryRateLimit []struct{} +// IngestHardTenant bool +// Authorizers map[string]rbac.Authorizer +// // Tenant *obs_api.tenant +// } + +type ThanosTenantConfig[T compactor.CompactorStatefulSet | store.StoreStatefulSet] struct { + Tenant string + ObjStoreSecret string + PreManifestsHook func(*T) +} + +// Observatorium is an instance of observatorium. +// It contains the configuration for the instance and the ability to generate the manifests for the instance. +type Observatorium struct { + Cluster string + Instance string + Namespace string + ThanosImageTag string + Stores []ThanosTenantConfig[store.StoreStatefulSet] + Compactors []ThanosTenantConfig[compactor.CompactorStatefulSet] +} + +// Manifests generates the manifests for the instance of observatorium. +func (o *Observatorium) Manifests(generator *mimic.Generator) { + components := map[string]encoding.Encoder{} // filename -> yaml encoder + + for _, storeCfg := range o.Stores { + components["observatorium-metrics-store-"+storeCfg.Tenant] = makeStore(o.Namespace, o.ThanosImageTag, storeCfg) + } + + for _, compactorCfg := range o.Compactors { + components["observatorium-metrics-compact-"+compactorCfg.Tenant] = makeCompactor(o.Namespace, o.ThanosImageTag, compactorCfg) + } + + for name, encoder := range components { + generator.With(o.Cluster, o.Instance).Add(name+"-template.yaml", &statusRemoveEncoder{encoder: encoder}) + } +} diff --git a/services_go/observatorium/sidecars.go b/services_go/observatorium/sidecars.go new file mode 100644 index 0000000000..e45a599776 --- /dev/null +++ b/services_go/observatorium/sidecars.go @@ -0,0 +1,112 @@ +package observatorium + +import ( + "fmt" + + "github.com/observatorium/observatorium/configuration_go/k8sutil" + corev1 "k8s.io/api/core/v1" +) + +// makeOauthProxy creates a container for the oauth-proxy sidecar. +// It contains a template parameter OAUTH_PROXY_COOKIE_SECRET that must be added to the template parameters. +func makeOauthProxy(upstreamPort int32, namespace, serviceAccount, tlsSecret string) *k8sutil.Container { + proxyPort := int32(8443) + + return &k8sutil.Container{ + Name: "oauth-proxy", + Image: "quay.io/openshift/origin-oauth-proxy", + ImageTag: "v4.13.0", + Args: []string{ + "-provider=openshift", + fmt.Sprintf("-https-address=:%d", proxyPort), + "-http-address=", + "-email-domain=*", + fmt.Sprintf("-upstream=http://localhost:%d", upstreamPort), + fmt.Sprintf("-openshift-service-account=%s", serviceAccount), + fmt.Sprintf(`-openshift-sar={"resource": "namespaces", "verb": "get", "name": "%s", "namespace": "%s"}`, namespace, namespace), + fmt.Sprintf(`-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "name": "%s", "namespace": "%s"}}`, namespace, namespace), + "-tls-cert=/etc/tls/private/tls.crt", + "-tls-key=/etc/tls/private/tls.key", + "-client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token", + "-cookie-secret=${OAUTH_PROXY_COOKIE_SECRET}", // replaced by openshift template parameter + "-openshift-ca=/etc/pki/tls/cert.pem", + "-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", + }, + Resources: k8sutil.NewResourcesRequirements("100m", "200m", "100Mi", "200Mi"), + Ports: []corev1.ContainerPort{ + { + Name: "https", + ContainerPort: proxyPort, + Protocol: corev1.ProtocolTCP, + }, + }, + ServicePorts: []corev1.ServicePort{ + k8sutil.NewServicePort("https", int(proxyPort), int(proxyPort)), + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "compact-tls", + MountPath: "/etc/tls/private", + ReadOnly: true, + }, + }, + Volumes: []corev1.Volume{ + k8sutil.NewPodVolumeFromSecret("compact-tls", tlsSecret), + }, + } +} + +// makeJaegerAgent creates a container for the jaeger-agent sidecar. +func makeJaegerAgent(collectorNamespace string) *k8sutil.Container { + metricsPort := int32(14271) + livelinesProbe := k8sutil.NewProbe("/", int(metricsPort), k8sutil.ProbeConfig{FailureThreshold: 5}) + readinessProbe := k8sutil.NewProbe("/", int(metricsPort), k8sutil.ProbeConfig{InitialDelaySeconds: 1}) + return &k8sutil.Container{ + Name: "jaeger-agent", + Image: "quay.io/app-sre/jaegertracing-jaeger-agent", + ImageTag: "1.22.0", + Args: []string{ + fmt.Sprintf("--reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.%s.svc:14250", collectorNamespace), + "--reporter.type=grpc", + "--agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD)", + }, + Resources: k8sutil.NewResourcesRequirements("32m", "128m", "64Mi", "128Mi"), + Ports: []corev1.ContainerPort{ + { + Name: "configs", + ContainerPort: 5778, + Protocol: corev1.ProtocolTCP, + }, + { + Name: "jaeger-thrift", + ContainerPort: 6831, + Protocol: corev1.ProtocolTCP, + }, + { + Name: "metrics", + ContainerPort: metricsPort, + Protocol: corev1.ProtocolTCP, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "POD", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.name", + }, + }, + }, + }, + LivenessProbe: &livelinesProbe, + ReadinessProbe: &readinessProbe, + } +} diff --git a/services_go/services.go b/services_go/services.go new file mode 100644 index 0000000000..28990d7384 --- /dev/null +++ b/services_go/services.go @@ -0,0 +1,14 @@ +package services + +import ( + "github.com/bwplotka/mimic" + "github.com/rhobs/configuration/services_go/instances/rhobs" +) + +// Generate generates the manifests for all observatorium instances. +func Generate(gen *mimic.Generator) { + rhobsConfigs := rhobs.ClusterConfigs() + for _, obsCfg := range rhobsConfigs { + obsCfg.Manifests(gen) + } +}