KinD variant

This folder contains the variant to use when deploying locally using a KinD cluster and an S3 bucket deployed using the MinIO module of the DevOps Stack.

Usage

This module can be declared by adding the following block on your Terraform configuration:

module "thanos" {
  source = "git::https://github.com/camptocamp/devops-stack-module-thanos//kind?ref=<RELEASE>"

  cluster_name     = module.kind.cluster_name
  argocd_namespace = local.argocd_namespace
  base_domain      = module.kind.base_domain
  cluster_issuer   = local.cluster_issuer

  metrics_storage = {
    bucket_name       = "thanos" # Name given to the bucket
    endpoint          = module.minio.endpoint
    access_key        = "readwrite_user" # Name given to the read-write user created by the module MinIO.
    secret_access_key = module.minio.readwrite_secret_key
  }

  thanos = {
    oidc = module.oidc.oidc
  }

  depends_on = [module.oidc]
}

As you can see, a minimum requirement for this module is an S3 bucket that uses a user with read/write permissions, both created in the MinIO module we provide (more information below).

There are multiple other options that can be set, as in the other modules, but we will not go into detail as this variant is mainly for test and development purposes. You can check the documentation on the other modules to get an idea.

If there is a need to configure something besides the common settings that we have provided, you can customize the chart’s values.yaml by adding an Helm configuration as an HCL structure:

module "thanos" {
  source = "git::https://github.com/camptocamp/devops-stack-module-thanos.git//eks"

  cluster_name            = var.cluster_name
  argocd_namespace        = module.cluster.argocd_namespace
  base_domain             = module.cluster.base_domain
  cluster_issuer          = var.cluster_issuer

  metrics_storage = {
    bucket_name       = "thanos" # Name given to the bucket
    endpoint          = module.minio.endpoint
    access_key        = "readwrite_user" # Name given to the read-write user created by the module MinIO.
    secret_access_key = module.minio.readwrite_secret_key
  }

  thanos = {
    oidc = module.oidc.oidc
  }

  helm_values = [{ # Note the curly brackets here
    thanos = {
      map = {
        string = "string"
        bool   = true
      }
      sequence = [
        {
          key1 = "value1"
          key2 = "value2"
        },
        {
          key1 = "value1"
          key2 = "value2"
        },
      ]
      sequence2 = [
        "string1",
        "string2"
      ]
    }
  }]

  depends_on = [module.argocd_bootstrap]
}

S3 Bucket

You are in charge of creating an S3 bucket for Thanos to store the archived metrics.

We’ve decided to keep the creation of this bucket outside of this module, mainly because the persistence of the data should not be related to the instantiation of the module itself.

You can create an S3 bucket using the MinIO module by simply adding the bucket name to that module’s declaration.

module "minio" {
  source = "git::https://github.com/camptocamp/devops-stack-module-minio?ref=<RELEASE>"

  cluster_name     = module.kind.cluster_name
  base_domain      = module.kind.base_domain
  argocd_namespace = local.argocd_namespace

  minio_buckets = [
    "thanos", # <--
    "loki",
  ]

  depends_on = [module.ingress, module.cert-manager]
}
Do not forget that the bucket configuration also needs to be passed to the module kube-prometheus-stack.

OIDC

This module was developed with OIDC in mind.

There is an OIDC proxy container deployed as a sidecar on each pod that has a web interface. Consequently, the thanos variable is expected to have a map oidc containing at least the Issuer URL, the Client ID, and the Client Secret.

You can pass these values by pointing an output from another module (as above), or by defining them explicitly:

module "thanos" {
  ...

  thanos = {
    oidc = {
      issuer_url    = "<URL>"
      client_id     = "<ID>"
      client_secret = "<SECRET>"
    }
  }

  ...
}

Resource Configuration

Since the resource requirements are not the same on every deployment and because the consumed resources also influence the cost associated, we refrained from configuring default resource requirements for the components of Thanos. We did, however, set memory limits for some of the pods (query, storegateway and compactor all have a 1 GB memory limit). These values should be customized as you see fit, although there is not really a need in a test deployment.

Technical Reference

Dependencies

module.oidc

This module needs an OIDC provider to function and consequently it must be one deployed after the module oidc.

module.minio

This module needs to have the configuration for the S3 bucket and consequently it must be one deployed after the module minio.

Modules

The following Modules are called:

thanos

Source: ../

Version:

Required Inputs

The following input variables are required:

argocd_namespace

Description: Namespace used by Argo CD where the Application and AppProject resources should be created.

Type: string

base_domain

Description: Base domain of the cluster. Value used for the ingress' URL of the application.

Type: string

cluster_name

Description: Name given to the cluster. Value used for the ingress' URL of the application.

Type: string

metrics_storage

Description: MinIO S3 bucket configuration values for the bucket where the archived metrics will be stored.

Type:

object({
    bucket_name       = string
    endpoint          = string
    access_key        = string
    secret_access_key = string
  })

Optional Inputs

The following input variables are optional (have default values):

app_autosync

Description: Automated sync options for the Argo CD Application resource.

Type:

object({
    allow_empty = optional(bool)
    prune       = optional(bool)
    self_heal   = optional(bool)
  })

Default:

{
  "allow_empty": false,
  "prune": true,
  "self_heal": true
}

cluster_issuer

Description: SSL certificate issuer to use. Usually you would configure this value as letsencrypt-staging or letsencrypt-prod on your root *.tf files.

Type: string

Default: "ca-issuer"

dependency_ids

Description: IDs of the other modules on which this module depends on.

Type: map(string)

Default: {}

helm_values

Description: Helm chart value overrides. They should be passed as a list of HCL structures.

Type: any

Default: []

namespace

Description: Namespace where the applications’s Kubernetes resources should be created. Namespace will be created in case it doesn’t exist.

Type: string

Default: "thanos"

target_revision

Description: Override of target revision of the application chart.

Type: string

Default: "v1.0.0"

thanos

Description: Most frequently used Thanos settings. This variable is merged with the local value thanos_defaults, which contains some sensible defaults. You can check the default values on the local.tf file. If there still is anything other that needs to be customized, you can always pass on configuration values using the variable helm_values.

Type: any

Default: {}

Outputs

The following outputs are exported:

id

Description: ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.

Reference in table format

Show tables

= Modules

Name Source Version

= Inputs

Name Description Type Default Required

Automated sync options for the Argo CD Application resource.

object({
    allow_empty = optional(bool)
    prune       = optional(bool)
    self_heal   = optional(bool)
  })
{
  "allow_empty": false,
  "prune": true,
  "self_heal": true
}

no

Namespace used by Argo CD where the Application and AppProject resources should be created.

string

n/a

yes

Base domain of the cluster. Value used for the ingress' URL of the application.

string

n/a

yes

SSL certificate issuer to use. Usually you would configure this value as letsencrypt-staging or letsencrypt-prod on your root *.tf files.

string

"ca-issuer"

no

Name given to the cluster. Value used for the ingress' URL of the application.

string

n/a

yes

IDs of the other modules on which this module depends on.

map(string)

{}

no

Helm chart value overrides. They should be passed as a list of HCL structures.

any

[]

no

MinIO S3 bucket configuration values for the bucket where the archived metrics will be stored.

object({
    bucket_name       = string
    endpoint          = string
    access_key        = string
    secret_access_key = string
  })

n/a

yes

Namespace where the applications’s Kubernetes resources should be created. Namespace will be created in case it doesn’t exist.

string

"thanos"

no

Override of target revision of the application chart.

string

"v1.0.0"

no

Most frequently used Thanos settings. This variable is merged with the local value thanos_defaults, which contains some sensible defaults. You can check the default values on the local.tf file. If there still is anything other that needs to be customized, you can always pass on configuration values using the variable helm_values.

any

{}

no

= Outputs

Name Description

id

ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.