add thanos deployment
All checks were successful
ci/woodpecker/push/dashboard Pipeline was successful

This commit is contained in:
Aaron Riedel 2024-10-02 21:09:23 +02:00
parent a11c8da81d
commit f3cdde60ae
Signed by: aaron
GPG key ID: 643004654D40D577
7 changed files with 699 additions and 0 deletions

5
thanos/0-namespace.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: thanos

View file

@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: thanos
namespace: thanos

View file

@ -0,0 +1,45 @@
apiVersion: v1
kind: Secret
metadata:
namespace: thanos
name: objstore
stringData:
objstore.yml: ENC[AES256_GCM,data:qsYeR6sqW88D3+38dkKazcrY84UmihQcJQaUZmQKOMb4Cz0M4jwGOMd0RcKMdCF5iPRCj3/3KhGKzeeoZC1OCfUk5gQxjcEptFRjwiK2FWQcg/Ddq+2Htk1yL5kNWgXYuCSeHiCPXnnl+ys4ST3StaSO01fWD38Bxf/Koqm28Z8xpUOlBlu6SShLh4vHCA0iQbTe4wewuitVA/csCNZ2Gxx94ptTChQEqSJFdXx0pGwsS98=,iv:Iit7bfMnzYTrxvrw6YHvR+8sYi1IXtO0xWO7Ds0vDFw=,tag:O09md7EQE6bEEkHZ/w5njQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmU1l0WDBFQ2V6M2RTQzhS
RCtLSlFRdGxMU29samt0TmJ0NDFJYlh3aFVBCkR5T3dkMEk1LzNabkJheWpoYmkx
QUtSZG1wRWVOTXlGVHVVSGRySUkzekEKLS0tIHhQU1lyMGFPZEhqMUhtN3grUXlW
MXNaUjBCSjlycDRqcU9wcmtFL1VUdk0KhK+4GJ7Rfckegjul1Fcm1lCuIqkKcbcf
dqrjCMNXFktkeVuYsxyNoNpHn9AXQu4dt/3hKcmQOqmkA45Ro3xnNg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WEt1ekFaM0xJYk4rKzFX
WURJb2NRUmRCQW5jRktYTlp1cHMxWWgyVEhvCnNuRWZhT0U2Rm1vWFVQbHBKeVJi
ZlpjZTVYZm9LeXJaWnczM0h4dFg5NUUKLS0tIGZ2MWtQTzhxSVBtY0hGYlFLTDl1
K0xqVE4zZUN1aVdTemsxb2hURG9nWWsKhfbSLoYYvovM+CuFwxYyKtd8J6qj91nx
bH0xspOG5prCPgZkPkzv5wkCdbdyyq6+IQkX4FR88PSvSjTGSPYeeg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Zm04R0ZWUllMbGJnUWhG
NUJOWHpiTzhITXRlMG1CTlFNOGErRyszSms4CkQybTZTNlkrQ1ZIRkV6LzAwQ1gr
dTcyMkFqKy9jNTVqVHVEblhuTCsvWTgKLS0tIHRvOGFwUEhuYkszYTFQWkwzSGI0
VkYvNjZOVDBTdFJJUFZIYnNhb2hWRnMKAWseSbZvJVARlBxfF1c02D6k+RDUw23H
/mIWAjW5IhFOU2oiP3qyl8vWk67z4rEro0+MMWaiPFY6V9wfjQlKWQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-02T18:44:40Z"
mac: ENC[AES256_GCM,data:e4ZUc6HyoMP+36hC+Z5H+uSY4WQhdabfRmsYsvmDoduiFrjcgIB5BuvWcsguS7X9ppAw5xWxXPMVQKguwNwInvrDGpyNtv2uLmEt17QakhGwSFMuQS/0jWVtOKa3o7YofbrEe7HiTsEhKY7ltyc0OEsv64w+x3Bk4F9dbbONfv0=,iv:IQiIClmY7pluN/4CIHJkka5U6TscgzbxCxRODp0HD/s=,tag:RxVdqnLa032JU90+LeS0Fg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0

111
thanos/3-querier.yaml Normal file
View file

@ -0,0 +1,111 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: thanos
name: querier
spec:
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: querier
template:
metadata:
labels:
app.kubernetes.io/name: querier
spec:
serviceAccount: thanos
securityContext:
runAsUser: 1001
fsGroup: 1001
containers:
- name: querier
image: quay.io/thanos/thanos:v0.36.1
args:
- query
- --log.level=info
- --endpoint.info-timeout=30s
- --grpc-address=0.0.0.0:10901
- --http-address=0.0.0.0:10902
- --query.replica-label=prometheus_replica
- --store=storegateway.thanos.svc.cluster.local:10901
- --store=receiver-store-1.thanos.svc.cluster.local:10907
- --store=receiver-store-2.thanos.svc.cluster.local:10907
ports:
- name: http
containerPort: 10902
protocol: TCP
- name: grpc
containerPort: 10901
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
httpGet:
path: /-/ready
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 2Gi
---
apiVersion: v1
kind: Service
metadata:
namespace: thanos
name: querier
spec:
type: ClusterIP
ports:
- port: 9090
targetPort: http
protocol: TCP
name: http
- port: 10901
targetPort: grpc
protocol: TCP
name: grpc
selector:
app.kubernetes.io/name: querier
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
name: thanos-ingress
namespace: thanos
spec:
rules:
- host: "thanos.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: querier
port:
name: http
tls:
- hosts:
- thanos.services.yolokube.de
secretName: thanos-tls-key

118
thanos/4-storegateway.yaml Normal file
View file

@ -0,0 +1,118 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: thanos
name: storegateway
spec:
replicas: 1
serviceName: storegateway
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: storegateway
template:
metadata:
labels:
app.kubernetes.io/name: storegateway
spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
command:
- sh
- -c
- |
mkdir -p /data
chown -R "1001:1001" /data
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
containers:
- name: storegateway
image: quay.io/thanos/thanos:v0.36.1
securityContext:
runAsUser: 1001
args:
- store
- --chunk-pool-size=2GB
- --log.level=debug
- --grpc-address=0.0.0.0:10901
- --http-address=0.0.0.0:10902
- --data-dir=/data
- --objstore.config-file=/conf/objstore.yml
ports:
- name: http
containerPort: 10902
protocol: TCP
- name: grpc
containerPort: 10901
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
httpGet:
path: /-/ready
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml
subPath: objstore.yml
- name: data
mountPath: /data
volumes:
- name: objstore
secret:
secretName: objstore
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
namespace: thanos
name: storegateway
spec:
type: ClusterIP
ports:
- port: 9090
targetPort: http
protocol: TCP
name: http
- port: 10901
targetPort: grpc
protocol: TCP
name: grpc
selector:
app.kubernetes.io/name: storegateway

105
thanos/5-compactor.yaml Normal file
View file

@ -0,0 +1,105 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: thanos
name: compactor
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: thanos
name: compactor
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: compactor
template:
metadata:
labels:
app.kubernetes.io/name: compactor
spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
command:
- sh
- -c
- |
mkdir -p /data
chown -R "1001:1001" /data
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
containers:
- name: compactor
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
args:
- compact
- --log.level=info
- --http-address=0.0.0.0:10902
- --data-dir=/data
- --retention.resolution-raw=7d
- --retention.resolution-5m=30d
- --retention.resolution-1h=180d
- --consistency-delay=30m
- --objstore.config-file=/conf/objstore.yml
- --wait
ports:
- name: http
containerPort: 10902
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
httpGet:
path: /-/ready
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 256Mi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml
subPath: objstore.yml
- name: data
mountPath: /data
volumes:
- name: objstore
secret:
secretName: objstore
- name: data
persistentVolumeClaim:
claimName: compactor

309
thanos/6-receiver.yaml Normal file
View file

@ -0,0 +1,309 @@
---
apiVersion: v1
kind: Secret
metadata:
name: hashring
namespace: thanos
stringData:
hashring.json: |-
[
{
"endpoints": [
"receiver-store-1.thanos.svc.cluster.local:10907",
"receiver-store-2.thanos.svc.cluster.local:10907"
]
}
]
---
apiVersion: v1
kind: Service
metadata:
name: receiver-store-1
namespace: thanos
spec:
type: ClusterIP
ports:
- port: 10907
targetPort: grpc
protocol: TCP
name: grpc
selector:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-1
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: receiver-1
namespace: thanos
spec:
replicas: 1
serviceName: receiver
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-1
template:
metadata:
labels:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-1
spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
imagePullPolicy: Always
command:
- sh
- -c
- |
mkdir -p /data
chown -R "1001:1001" /data
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
containers:
- name: receiver
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
args:
- receive
- --tsdb.path=/data
- --tsdb.retention=15d
- --log.level=info
- --grpc-address=0.0.0.0:10907
- --http-address=0.0.0.0:10909
- --receive.replication-factor=1
- --label
- receive_replica="0"
- --label
- receive_cluster="main"
- --receive.tenant-label-name
- yolokube
- --objstore.config-file=/conf/objstore.yml
- --remote-write.address=0.0.0.0:10908
- --receive.hashrings-algorithm=ketama
- --receive.hashrings-file=/conf/hashring.json
- --receive.local-endpoint=receiver-store-1.thanos.svc.cluster.local:10907
ports:
- name: http
containerPort: 10909
protocol: TCP
- name: grpc
containerPort: 10907
protocol: TCP
- name: remote-write
containerPort: 10908
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
httpGet:
path: /-/ready
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 500m
memory: 4Gi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml
subPath: objstore.yml
- name: data
mountPath: /data
- name: hashring
mountPath: /conf/hashring.json
subPath: hashring.json
volumes:
- name: objstore
secret:
secretName: objstore
- name: hashring
secret:
secretName: hashring
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: receiver-store-2
namespace: thanos
spec:
type: ClusterIP
ports:
- port: 10907
targetPort: grpc
protocol: TCP
name: grpc
selector:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-2
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: receiver-2
namespace: thanos
spec:
replicas: 1
serviceName: receiver
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-2
template:
metadata:
labels:
app.kubernetes.io/name: receiver
app.kubernetes.io/instance: receiver-2
spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
imagePullPolicy: Always
command:
- sh
- -c
- |
mkdir -p /data
chown -R "1001:1001" /data
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
containers:
- name: receiver
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
args:
- receive
- --tsdb.path=/data
- --tsdb.retention=15d
- --log.level=info
- --grpc-address=0.0.0.0:10907
- --http-address=0.0.0.0:10909
- --receive.replication-factor=1
- --label
- receive_replica="0"
- --label
- receive_cluster="main"
- --receive.tenant-label-name
- yolokube
- --objstore.config-file=/conf/objstore.yml
- --remote-write.address=0.0.0.0:10908
- --receive.hashrings-algorithm=ketama
- --receive.hashrings-file=/conf/hashring.json
- --receive.local-endpoint=receiver-store-2.thanos.svc.cluster.local:10907
ports:
- name: http
containerPort: 10909
protocol: TCP
- name: grpc
containerPort: 10907
protocol: TCP
- name: remote-write
containerPort: 10908
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
httpGet:
path: /-/ready
port: http
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 500m
memory: 4Gi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml
subPath: objstore.yml
- name: data
mountPath: /data
- name: hashring
mountPath: /conf/hashring.json
subPath: hashring.json
volumes:
- name: objstore
secret:
secretName: objstore
- name: hashring
secret:
secretName: hashring
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: receiver-write
namespace: thanos
spec:
type: ClusterIP
ports:
- port: 10908
targetPort: remote-write
protocol: TCP
name: remote-write
selector:
app.kubernetes.io/name: receiver