KinD variant
This folder contains the variant to use when deploying locally using a KinD cluster and an S3 bucket deployed using the MinIO module of the DevOps Stack.
Usage
This module can be declared by adding the following block on your Terraform configuration:
module "thanos" {
source = "git::https://github.com/camptocamp/devops-stack-module-thanos//kind?ref=<RELEASE>"
cluster_name = module.kind.cluster_name
argocd_namespace = local.argocd_namespace
base_domain = module.kind.base_domain
cluster_issuer = local.cluster_issuer
metrics_storage = {
bucket_name = "thanos" # Name given to the bucket
endpoint = module.minio.endpoint
access_key = "readwrite_user" # Name given to the read-write user created by the module MinIO.
secret_access_key = module.minio.readwrite_secret_key
}
thanos = {
oidc = module.oidc.oidc
}
depends_on = [module.oidc]
}As you can see, a minimum requirement for this module is an S3 bucket that uses a user with read/write permissions, both created in the MinIO module we provide (more information below).
| There are multiple other options that can be set, as in the other modules, but we will not go into detail as this variant is mainly for test and development purposes. You can check the documentation on the other modules to get an idea. |
If there is a need to configure something besides the common settings that we have provided, you can customize the chart’s values.yaml by adding an Helm configuration as an HCL structure:
module "thanos" {
source = "git::https://github.com/camptocamp/devops-stack-module-thanos.git//eks"
cluster_name = var.cluster_name
argocd_namespace = module.cluster.argocd_namespace
base_domain = module.cluster.base_domain
cluster_issuer = var.cluster_issuer
metrics_storage = {
bucket_name = "thanos" # Name given to the bucket
endpoint = module.minio.endpoint
access_key = "readwrite_user" # Name given to the read-write user created by the module MinIO.
secret_access_key = module.minio.readwrite_secret_key
}
thanos = {
oidc = module.oidc.oidc
}
helm_values = [{ # Note the curly brackets here
thanos = {
map = {
string = "string"
bool = true
}
sequence = [
{
key1 = "value1"
key2 = "value2"
},
{
key1 = "value1"
key2 = "value2"
},
]
sequence2 = [
"string1",
"string2"
]
}
}]
depends_on = [module.argocd_bootstrap]
}S3 Bucket
| You are in charge of creating an S3 bucket for Thanos to store the archived metrics. |
We’ve decided to keep the creation of this bucket outside of this module, mainly because the persistence of the data should not be related to the instantiation of the module itself.
You can create an S3 bucket using the MinIO module by simply adding the bucket name to that module’s declaration.
module "minio" {
source = "git::https://github.com/camptocamp/devops-stack-module-minio?ref=<RELEASE>"
cluster_name = module.kind.cluster_name
base_domain = module.kind.base_domain
argocd_namespace = local.argocd_namespace
minio_buckets = [
"thanos", # <--
"loki",
]
depends_on = [module.ingress, module.cert-manager]
}
Do not forget that the bucket configuration also needs to be passed to the module kube-prometheus-stack.
|
OIDC
| This module was developed with OIDC in mind. |
There is an OIDC proxy container deployed as a sidecar on each pod that has a web interface. Consequently, the thanos variable is expected to have a map oidc containing at least the Issuer URL, the Client ID, and the Client Secret.
You can pass these values by pointing an output from another module (as above), or by defining them explicitly:
module "thanos" {
...
thanos = {
oidc = {
issuer_url = "<URL>"
client_id = "<ID>"
client_secret = "<SECRET>"
}
}
...
}Resource Configuration
Since the resource requirements are not the same on every deployment and because the consumed resources also influence the cost associated, we refrained from configuring default resource requirements for the components of Thanos. We did, however, set memory limits for some of the pods (query, storegateway and compactor all have a 1 GB memory limit). These values should be customized as you see fit, although there is not really a need in a test deployment.
Technical Reference
Dependencies
Required Inputs
The following input variables are required:
argocd_namespace
Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
Type: string
base_domain
Description: Base domain of the cluster. Value used for the ingress' URL of the application.
Type: string
cluster_name
Description: Name given to the cluster. Value used for the ingress' URL of the application.
Type: string
metrics_storage
Description: MinIO S3 bucket configuration values for the bucket where the archived metrics will be stored.
Type:
object({
bucket_name = string
endpoint = string
access_key = string
secret_access_key = string
})Optional Inputs
The following input variables are optional (have default values):
app_autosync
Description: Automated sync options for the Argo CD Application resource.
Type:
object({
allow_empty = optional(bool)
prune = optional(bool)
self_heal = optional(bool)
})Default:
{
"allow_empty": false,
"prune": true,
"self_heal": true
}cluster_issuer
Description: SSL certificate issuer to use. Usually you would configure this value as letsencrypt-staging or letsencrypt-prod on your root *.tf files.
Type: string
Default: "ca-issuer"
dependency_ids
Description: IDs of the other modules on which this module depends on.
Type: map(string)
Default: {}
helm_values
Description: Helm chart value overrides. They should be passed as a list of HCL structures.
Type: any
Default: []
namespace
Description: Namespace where the applications’s Kubernetes resources should be created. Namespace will be created in case it doesn’t exist.
Type: string
Default: "thanos"
target_revision
Description: Override of target revision of the application chart.
Type: string
Default: "v1.0.0"
thanos
Description: Most frequently used Thanos settings. This variable is merged with the local value thanos_defaults, which contains some sensible defaults. You can check the default values on the local.tf file. If there still is anything other that needs to be customized, you can always pass on configuration values using the variable helm_values.
Type: any
Default: {}
Outputs
The following outputs are exported:
id
Description: ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.
Reference in table format
Show tables
= Modules
| Name | Source | Version |
|---|---|---|
= Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
Automated sync options for the Argo CD Application resource. |
|
|
no |
|
Namespace used by Argo CD where the Application and AppProject resources should be created. |
|
n/a |
yes |
|
Base domain of the cluster. Value used for the ingress' URL of the application. |
|
n/a |
yes |
|
SSL certificate issuer to use. Usually you would configure this value as |
|
|
no |
|
Name given to the cluster. Value used for the ingress' URL of the application. |
|
n/a |
yes |
|
IDs of the other modules on which this module depends on. |
|
|
no |
|
Helm chart value overrides. They should be passed as a list of HCL structures. |
|
|
no |
|
MinIO S3 bucket configuration values for the bucket where the archived metrics will be stored. |
|
n/a |
yes |
|
Namespace where the applications’s Kubernetes resources should be created. Namespace will be created in case it doesn’t exist. |
|
|
no |
|
Override of target revision of the application chart. |
|
|
no |
|
Most frequently used Thanos settings. This variable is merged with the local value |
|
|
no |
= Outputs
| Name | Description |
|---|---|
ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place. |