diff --git a/.github/configs/helm-lint.yaml b/.github/configs/helm-lint.yaml index 27c1dbd12..9a692cb6a 100644 --- a/.github/configs/helm-lint.yaml +++ b/.github/configs/helm-lint.yaml @@ -16,6 +16,7 @@ chart-dirs: - service-proxy/charts/1.0.0 - logshipper - opentelemetry + - thanos chart-repos: - cert-manager=https://charts.jetstack.io - alerts=https://prometheus-community.github.io/helm-charts diff --git a/thanos/charts/Chart.lock b/thanos/charts/Chart.lock new file mode 100644 index 000000000..64c9c6ea5 --- /dev/null +++ b/thanos/charts/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-prometheus-stack + repository: https://prometheus-community.github.io/helm-charts + version: 68.3.0 +digest: sha256:08cff037b4b6c972c9b75b8d9f3e3005b33e02f2d1952de905b62da064b2cc0b +generated: "2025-01-24T11:15:31.449929+01:00" diff --git a/thanos/charts/Chart.yaml b/thanos/charts/Chart.yaml index f79ead034..3b840e8e8 100644 --- a/thanos/charts/Chart.yaml +++ b/thanos/charts/Chart.yaml @@ -3,18 +3,23 @@ apiVersion: v2 description: Base chart for thanos monitoring deployments -icon: https://raw.githubusercontent.com/thanos-io/thanos/main/docs/img/Thanos-logo_fullmedium.png +icon: https://raw.githubusercontent.com/thanos-io/thanos/main/docs/img/Thanos-logo_fullmedium.png type: application maintainers: - name: viennaa - name: richardtief -name: thanos +name: thanos sources: - https://github.com/cloudoperators/greenhouse-extensions -version: 0.1.3 +version: 0.1.4 # thanos-release appVersion: v0.35.0 keywords: - thanos - storage - metrics +dependencies: + - name: kube-prometheus-stack + alias: prometheus-operator + repository: https://prometheus-community.github.io/helm-charts + version: 68.3.0 diff --git a/thanos/charts/charts/kube-prometheus-stack-68.3.0.tgz b/thanos/charts/charts/kube-prometheus-stack-68.3.0.tgz new file mode 100644 index 000000000..b81a4318e Binary files /dev/null and b/thanos/charts/charts/kube-prometheus-stack-68.3.0.tgz differ diff --git a/thanos/charts/ci/test-values.yaml b/thanos/charts/ci/test-values.yaml new file mode 100644 index 000000000..eba00f6ad --- /dev/null +++ b/thanos/charts/ci/test-values.yaml @@ -0,0 +1,23 @@ +prometheus-operator: + defaultRules: + create: true + labels: + thanos-ruler: thanos + prometheusOperator: + enabled: true + crds: + enabled: true + +ci: + enabled: true + +thanos: + ruler: + matchLabel: thanos + alertmanagers: + enabled: true + authentication: + enabled: true + ssoCert: xxx + ssoKey: xxx + hosts: diff --git a/thanos/charts/templates/compactor.yaml b/thanos/charts/templates/compactor.yaml index c0929cb60..c3448895a 100644 --- a/thanos/charts/templates/compactor.yaml +++ b/thanos/charts/templates/compactor.yaml @@ -88,7 +88,7 @@ spec: - name: objectstore-secret secret: defaultMode: 420 - secretName: {{ include "release.name" . }}-metrics-objectstore + secretName: {{ include "release.name" . }}-metrics-objectstore - name: data-volume persistentVolumeClaim: claimName: {{ include "release.name" . }}-compactor diff --git a/thanos/charts/templates/ruler/_alertmanager.yaml.tpl b/thanos/charts/templates/ruler/_alertmanager.yaml.tpl new file mode 100644 index 000000000..5df89e73d --- /dev/null +++ b/thanos/charts/templates/ruler/_alertmanager.yaml.tpl @@ -0,0 +1,14 @@ +{{- define "alertmanagers.config" }} +alertmanagers: + - scheme: https + timeout: 10s + api_version: v2 + {{- if .Values.thanos.ruler.alertmanagers.authentication.enabled }} + http_config: + tls_config: + cert_file: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert/sso.crt + key_file: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert/sso.key + {{- end }} + static_configs: +{{ toYaml .Values.thanos.ruler.alertmanagers.hosts | indent 8 }} +{{- end }} \ No newline at end of file diff --git a/thanos/charts/templates/ruler/alertmanager-config.yaml b/thanos/charts/templates/ruler/alertmanager-config.yaml new file mode 100644 index 000000000..5f1a35e7a --- /dev/null +++ b/thanos/charts/templates/ruler/alertmanager-config.yaml @@ -0,0 +1,11 @@ +{{ if .Values.thanos.ruler.alertmanagers.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: thanos-ruler-{{ include "release.name" . }}-alertmanager-config + labels: + thanos: {{ include "release.name" . }} +data: + alertManagerConfig.yaml: | + {{ include "alertmanagers.config" . | indent 4 | b64enc }} +{{ end }} \ No newline at end of file diff --git a/thanos/charts/templates/ruler/alertmanager-sso-secret.yaml b/thanos/charts/templates/ruler/alertmanager-sso-secret.yaml new file mode 100644 index 000000000..9c7ee903d --- /dev/null +++ b/thanos/charts/templates/ruler/alertmanager-sso-secret.yaml @@ -0,0 +1,10 @@ +{{ if and .Values.thanos.ruler.alertmanagers.authentication.enabled .Values.thanos.ruler.alertmanagers.enabled }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert +data: + sso.crt: {{ required ".Values.thanos.ruler.alertmanagers.authentication.ssoCert missing" .Values.thanos.ruler.alertmanagers.authentication.ssoCert | b64enc }} + sso.key: {{ required ".Values.thanos.ruler.alertmanagers.authentication.ssoKey missing" .Values.thanos.ruler.alertmanagers.authentication.ssoKey | b64enc }} +{{ end }} \ No newline at end of file diff --git a/thanos/charts/templates/ruler/ruler.yaml b/thanos/charts/templates/ruler/ruler.yaml new file mode 100644 index 000000000..c25f8a39c --- /dev/null +++ b/thanos/charts/templates/ruler/ruler.yaml @@ -0,0 +1,44 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +{{ if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.thanos.ruler.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ThanosRuler +metadata: + # FullName = thanos-ruler- + name: {{ include "release.name" . }} +spec: + image: "{{ .Values.thanos.image.repository }}:{{ .Values.thanos.image.tag | default .Chart.AppVersion }}" + {{- if .Values.thanos.ruler.externalPrefix }} + externalPrefix: {{ .Values.thanos.ruler.externalPrefix }} + routePrefix: {{ .Values.thanos.ruler.externalPrefix }} + {{- end }} + podMetadata: + labels: + {{- include "plugin.labels" . | nindent 6 }} + {{- include "thanos.labels" . | nindent 6 }} + ruleSelector: + matchLabels: + thanos-ruler: {{ .Values.thanos.ruler.matchLabel | default .Release.Name }} + queryEndpoints: + - {{ include "release.name" . }}-query:10902 + {{ if .Values.thanos.ruler.alertmanagers.enabled }} + alertmanagersConfig: + key: alertManagerConfig.yaml # Key name for alert manager config yaml + name: thanos-ruler-{{ include "release.name" . }}-alertmanager-config # Secret name containing alert manager config + {{ end }} + # Select rules from all namespaces. + ruleNamespaceSelector: {} + {{ if and .Values.thanos.ruler.alertmanagers.authentication.enabled .Values.thanos.ruler.alertmanagers.enabled }} + containers: + - name: thanos-ruler + volumeMounts: + - mountPath: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert + name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert + readOnly: true + volumes: + - name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert + secret: + secretName: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert + {{ end }} +{{ end }} \ No newline at end of file diff --git a/thanos/charts/templates/store.yaml b/thanos/charts/templates/store.yaml index a19715c12..d2250d720 100644 --- a/thanos/charts/templates/store.yaml +++ b/thanos/charts/templates/store.yaml @@ -103,6 +103,6 @@ spec: - name: objectstore-secret secret: defaultMode: 420 - secretName: {{ include "release.name" . }}-metrics-objectstore + secretName: {{ include "release.name" . }}-metrics-objectstore - name: data emptyDir: {} diff --git a/thanos/charts/templates/tests/test-ci.yaml b/thanos/charts/templates/tests/test-ci.yaml new file mode 100644 index 000000000..e9bc8a320 --- /dev/null +++ b/thanos/charts/templates/tests/test-ci.yaml @@ -0,0 +1,11 @@ +{{- if .Values.ci.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "release.name" . }}-metrics-objectstore +data: +# Dummy filesystem config as objectstore + thanos.yaml: >- + dHlwZTogRklMRVNZU1RFTQpjb25maWc6CiAgZGlyZWN0b3J5OiAiL3Rlc3QiCnByZWZpeDogIiIKCgogICMga3ViZWN0bCBjcmVhdGUgc2VjcmV0IGdlbmVyaWMgb2JqZWN0LXN0b3JlLXNlY3JldCAtLWZyb20tZmlsZT10aGFub3MueWFtbD0uL3Rlc3Qtc2VjcmV0LnlhbWwgLW4gZGVtbwo= +type: Opaque +{{- end -}} \ No newline at end of file diff --git a/thanos/charts/templates/tests/test-permissions.yaml b/thanos/charts/templates/tests/test-permissions.yaml index 699dc72e6..28238fb70 100644 --- a/thanos/charts/templates/tests/test-permissions.yaml +++ b/thanos/charts/templates/tests/test-permissions.yaml @@ -31,7 +31,7 @@ rules: resources: ["deployments", "statefulsets"] verbs: ["get", "list"] - apiGroups: [""] - resources: ["pods", "persistentvolumeclaims", "services"] + resources: ["pods", "persistentvolumeclaims", "services", "configmaps"] verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/thanos/charts/templates/tests/test-thanos-config.yaml b/thanos/charts/templates/tests/test-thanos-config.yaml index 2ad58f1e2..250e94f27 100644 --- a/thanos/charts/templates/tests/test-thanos-config.yaml +++ b/thanos/charts/templates/tests/test-thanos-config.yaml @@ -34,8 +34,16 @@ data: try "at most 4 times every 5s to get pods named '{{ .Release.Name }}-store' and verify that '.status.phase' is 'running'" } + {{ if .Values.thanos.ruler.enabled }} + @test "Verify succesful creation, running status and rulefiles population of Thanos Ruler" { + verify "there is 1 statefulset named 'thanos-ruler-{{ .Release.Name }}'" + verify "there is 1 service named 'thanos-ruler-operated'" + try "at most 3 times every 5s to get pods named 'thanos-ruler-{{ .Release.Name }}' and verify that '.status.phase' is 'running'" + try "at most 3 times every 5s to get configmaps named '.*(ruler)+.*(rulefiles)+.*' and verify that '.data' matches '.*yaml.*'" + } + {{ end }} + @test "Verify successful creation and bound status of {{ .Release.Name }} persistent volume claims" { try "at most 3 times every 5s to get persistentvolumeclaims named '{{ .Release.Name }}-compactor' and verify that '.status.phase' is 'Bound'" } - {{- end -}} diff --git a/thanos/charts/templates/tests/test-thanos.yaml b/thanos/charts/templates/tests/test-thanos.yaml index 37c21a32f..d8a8fe0c4 100644 --- a/thanos/charts/templates/tests/test-thanos.yaml +++ b/thanos/charts/templates/tests/test-thanos.yaml @@ -28,4 +28,4 @@ spec: configMap: name: {{ .Release.Name }}-test restartPolicy: Never -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/thanos/charts/values.yaml b/thanos/charts/values.yaml index 493166ef2..99d932a2e 100644 --- a/thanos/charts/values.yaml +++ b/thanos/charts/values.yaml @@ -2,9 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 global: - ## Labels to apply to all resources - ## commonLabels: {} thanos: @@ -13,9 +11,9 @@ thanos: # defaults to .Chart.appVersion tag: # defaults to IfNotPresent - pullPolicy: + pullPolicy: grpcAddress: - # used across the stack + # used across the stack httpAddress: query: @@ -36,36 +34,39 @@ thanos: routePrefix: additionalArgs: [] - #- something.route-foo=/lol - - deploymentLabels: {} - + # - something.route-foo=/lol + deploymentLabels: {} containerLabels: serviceLabels: annotations: - stores: [] + stores: [] store: # adding additional arguments additionalArgs: [] - deploymentLabels: {} + deploymentLabels: {} containerLabels: - #TODO use + # TODO use serviceLabels: annotations: + chunkPoolSize: + + indexCacheSize: + + logLevel: + compactor: # if this is a standalone Thanos Query, we wouldn't want a compactor enabled: true # TODO: store secret needs to be present and can not be provisioned automatically - logLevel: containerLabels: [] @@ -74,7 +75,7 @@ thanos: labels: [] annotations: [] - + # adding additional arguments additionalArgs: [] @@ -93,7 +94,7 @@ thanos: # seconds cleanupInterval: - # seconds + # seconds waitInterval: volume: @@ -103,6 +104,23 @@ thanos: size: labels: [] + ruler: + enabled: true + + labels: + + alertLabels: + + matchLabel: + + alertmanagers: + enabled: true + authentication: + enabled: true + ssoCert: + ssoKey: + hosts: + testFramework: enabled: true image: @@ -110,3 +128,37 @@ testFramework: repository: cloudoperators/greenhouse-extensions-integration-test tag: main imagePullPolicy: IfNotPresent + +# Only used for TESTING !!! see test-values.yaml +# The kube-monitoring plugin is taking care of deploying the Prometheus Operator +# Thanos Plugin leverages it for its CI +ci: + enabled: false +prometheus-operator: + defaultRules: + create: false + dashboards: + create: false + kubernetesServiceMonitors: + enabled: false + cleanPrometheusOperatorObjectNames: false + crds: + enabled: false + windowsMonitoring: + enabled: false + grafana: + enabled: false + thanosRuler: + enabled: false + prometheus: + enabled: false + nodeExporter: + enabled: false + kubeStateMetrics: + enabled: false + prometheusOperator: + enabled: false + alertmanager: + enabled: false + ingress: + enabled: false diff --git a/thanos/plugindefinition.yaml b/thanos/plugindefinition.yaml index 29bf9c526..27826e9a5 100644 --- a/thanos/plugindefinition.yaml +++ b/thanos/plugindefinition.yaml @@ -10,7 +10,7 @@ spec: helmChart: name: thanos repository: "oci://ghcr.io/cloudoperators/greenhouse-extensions/charts" - version: 0.1.3 + version: 0.1.4 options: - default: null description: CLI param for Thanos Query @@ -84,4 +84,4 @@ spec: name: thanos.query.web.routePrefix required: false type: string - version: 0.2.2 + version: 0.2.3