Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default #22687

Merged
merged 10 commits into from
Feb 14, 2024
Merged

[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default #22687

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4bd7f2b
[bitnami/thanos] feat!: :recycle: :lock: Refactor and enable NetworkP…
javsalgar Jan 23, 2024
5dad86a
fix: :bug: Allow ingress for members of the chart
javsalgar Jan 25, 2024
5020ae7
Merge branch 'main' into fix/thanos-networkPolicy
javsalgar Jan 26, 2024
e27235b
fix: :bug: Add allowExternalEgress
javsalgar Jan 31, 2024
02f23d5
Merge branch 'main' into fix/thanos-networkPolicy
javsalgar Jan 31, 2024
7196c6b
test: :wrench: Update cypress endpoint
javsalgar Feb 1, 2024
72de828
Merge branch 'main' into fix/thanos-networkPolicy
javsalgar Feb 9, 2024
d194f18
Update values.yaml
javsalgar Feb 9, 2024
69bea13
Update README.md with readme-generator-for-helm
bitnami-bot Feb 9, 2024
bd5b095
chore: :recycle: Unify queryfrontend and query-frontend
javsalgar Feb 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bitnami/thanos/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ maintainers:
name: thanos
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/thanos
version: 12.23.2
version: 13.0.0
129 changes: 92 additions & 37 deletions bitnami/thanos/README.md
View file
Open in desktop

Large diffs are not rendered by default.

31 changes: 15 additions & 16 deletions bitnami/thanos/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,11 @@ CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}

{{- $query := (include "thanos.query.values" . | fromYaml) -}}
** Please be patient while the chart is being deployed **

Thanos chart was deployed enabling the following components:

{{- if $query.enabled }}
{{- if .Values.query.enabled }}
- Thanos Query
{{- end }}
{{- if .Values.bucketweb.enabled }}
Expand All @@ -23,45 +22,45 @@ Thanos chart was deployed enabling the following components:
- Thanos Store Gateway
{{- end }}

{{- if $query.enabled }}
{{- if .Values.query.enabled }}

Thanos Query can be accessed through following DNS name from within your cluster:

{{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ if $query.service.http }}{{ coalesce $query.service.ports.http $query.service.http.port }}{{ else }}{{ $query.service.ports.http }}{{ end }})
{{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.query.service.ports.http }})

To access Thanos Query from outside the cluster execute the following commands:

{{- if $query.ingress.enabled }}
{{- if .Values.query.ingress.enabled }}

1. Get the Thanos Query URL and associate Thanos Query hostname to your cluster external IP:

export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "Thanos Query URL: http{{ if $query.ingress.tls }}s{{ end }}://{{ $query.ingress.hostname }}/"
echo "$CLUSTER_IP {{ $query.ingress.hostname }}" | sudo tee -a /etc/hosts
echo "Thanos Query URL: http{{ if .Values.query.ingress.tls }}s{{ end }}://{{ .Values.query.ingress.hostname }}/"
echo "$CLUSTER_IP {{ .Values.query.ingress.hostname }}" | sudo tee -a /etc/hosts

{{- else }}

1. Get the Thanos Query URL by running these commands:

{{- if contains "NodePort" $query.service.type }}
{{- if contains "NodePort" .Values.query.service.type }}

export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}-query)
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "thanos.query.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "http://${NODE_IP}:${NODE_PORT}"

{{- else if contains "LoadBalancer" $query.service.type }}
{{- else if contains "LoadBalancer" .Values.query.service.type }}

NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}-query'
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "thanos.query.fullname" . }}'

export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query)
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-query -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }})
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "thanos.query.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"

{{- else if contains "ClusterIP" $query.service.type }}
{{- else if contains "ClusterIP" .Values.query.service.type }}

export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query)
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }}-query ${SERVICE_PORT}:${SERVICE_PORT} &
export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }})
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "thanos.query.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} &
echo "http://127.0.0.1:${SERVICE_PORT}"

{{- end }}
Expand Down
225 changes: 152 additions & 73 deletions bitnami/thanos/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,62 @@ Fully qualified app name for PostgreSQL
{{- end -}}
{{- end -}}

{{/*
Return the proper Thanos bucketweb fullname
*/}}
{{- define "thanos.bucketweb.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "bucketweb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos compactor fullname
*/}}
{{- define "thanos.compactor.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "compactor" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos query-frontend fullname
*/}}
{{- define "thanos.query-frontend.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "query-frontend" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos query fullname
*/}}
{{- define "thanos.query.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "query" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos receive-distributor fullname
*/}}
{{- define "thanos.receive-distributor.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "receive-distributor" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos receive fullname
*/}}
{{- define "thanos.receive.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "receive" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos compactor fullname
*/}}
{{- define "thanos.ruler.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "ruler" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos storegateway fullname
*/}}
{{- define "thanos.storegateway.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "storegateway" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Return the proper Thanos image name
*/}}
Expand Down Expand Up @@ -104,40 +160,22 @@ Return true if a secret object should be created
{{- end -}}
{{- end -}}

{{/*
Return a YAML of either .Values.query or .Values.querier
If .Values.querier is used, we merge in the defaults from .Values.query, giving preference to .Values.querier
*/}}
{{- define "thanos.query.values" -}}
{{- if .Values.querier -}}
{{- if .Values.query -}}
{{- mergeOverwrite .Values.query .Values.querier | toYaml -}}
{{- else -}}
{{- .Values.querier | toYaml -}}
{{- end -}}
{{- else -}}
{{- .Values.query | toYaml -}}
{{- end -}}
{{- end -}}

{{/*
Return the Thanos Query Service Discovery configuration configmap.
*/}}
{{- define "thanos.query.SDConfigmapName" -}}
{{- $query := (include "thanos.query.values" . | fromYaml) -}}
{{- if $query.existingSDConfigmap -}}
{{- printf "%s" (tpl $query.existingSDConfigmap $) -}}
{{- if .Values.query.existingSDConfigmap -}}
{{- printf "%s" (tpl .Values.query.existingSDConfigmap $) -}}
{{- else -}}
{{- printf "%s-query-sd-configmap" (include "common.names.fullname" .) -}}
{{- printf "%s-query-sd" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a configmap object should be created
*/}}
{{- define "thanos.query.createSDConfigmap" -}}
{{- $query := (include "thanos.query.values" . | fromYaml) -}}
{{- if and $query.sdConfig (not $query.existingSDConfigmap) }}
{{- if and .Values.query.sdConfig (not .Values.query.existingSDConfigmap) }}
{{- true -}}
{{- else -}}
{{- end -}}
Expand All @@ -150,7 +188,7 @@ Return the Thanos Ruler configuration configmap.
{{- if .Values.ruler.existingConfigmap -}}
{{- printf "%s" (tpl .Values.ruler.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-ruler-configmap" (include "common.names.fullname" .) -}}
{{- printf "%s-ruler" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

Expand All @@ -161,11 +199,10 @@ Return the queryURL used by Thanos Ruler.
{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.ingress.enabled .Values.queryFrontend.ingress.hostname .Values.queryFrontend.ingress.overrideAlertQueryURL -}}
{{- printf "http://%s" (tpl .Values.queryFrontend.ingress.hostname .) -}}
{{- else -}}
{{- $query := (include "thanos.query.values" . | fromYaml) -}}
{{- if .Values.ruler.queryURL -}}
{{- printf "%s" (tpl .Values.ruler.queryURL $) -}}
{{- else -}}
{{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int $query.service.ports.http) -}}
{{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int .Values.query.service.ports.http) -}}
{{- end -}}
{{- end -}}
{{- end -}}
Expand All @@ -187,7 +224,7 @@ Return the Thanos storegateway configuration configmap.
{{- if .Values.storegateway.existingConfigmap -}}
{{- printf "%s" (tpl .Values.storegateway.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-storegateway-configmap" (include "common.names.fullname" .) -}}
{{- printf "%s-storegateway" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

Expand All @@ -198,7 +235,7 @@ Return the Thanos Query Frontend configuration configmap.
{{- if .Values.queryFrontend.existingConfigmap -}}
{{- printf "%s" (tpl .Values.queryFrontend.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-query-frontend-configmap" (include "common.names.fullname" .) -}}
{{- printf "%s-query-frontend" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

Expand All @@ -222,6 +259,94 @@ Return true if a configmap object should be created
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (bucketweb)
*/}}
{{- define "thanos.bucketweb.serviceAccountName" -}}
{{- if .Values.bucketweb.serviceAccount.create -}}
{{ default (include "thanos.bucketweb.fullname" .) .Values.bucketweb.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.bucketweb.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (compactor)
*/}}
{{- define "thanos.compactor.serviceAccountName" -}}
{{- if .Values.compactor.serviceAccount.create -}}
{{ default (include "thanos.compactor.fullname" .) .Values.compactor.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.compactor.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (query)
*/}}
{{- define "thanos.query.serviceAccountName" -}}
{{- if .Values.query.serviceAccount.create -}}
{{ default (include "thanos.query.fullname" .) .Values.query.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.query.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (queryFrontend)
*/}}
{{- define "thanos.query-frontend.serviceAccountName" -}}
{{- if .Values.queryFrontend.serviceAccount.create -}}
{{ default (include "thanos.query-frontend.fullname" .) .Values.queryFrontend.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.queryFrontend.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (receive)
*/}}
{{- define "thanos.receive.serviceAccountName" -}}
{{- if .Values.receive.serviceAccount.create -}}
{{ default (include "thanos.receive.fullname" .) .Values.receive.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.receive.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (receiveDistributor)
*/}}
{{- define "thanos.receive-distributor.serviceAccountName" -}}
{{- if .Values.receiveDistributor.serviceAccount.create -}}
{{ default (include "thanos.receive-distributor.fullname" .) .Values.receiveDistributor.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.receiveDistributor.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (ruler)
*/}}
{{- define "thanos.ruler.serviceAccountName" -}}
{{- if .Values.ruler.serviceAccount.create -}}
{{ default (include "thanos.ruler.fullname" .) .Values.ruler.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.ruler.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use (storegateway)
*/}}
{{- define "thanos.storegateway.serviceAccountName" -}}
{{- if .Values.storegateway.serviceAccount.create -}}
{{ default (include "thanos.storegateway.fullname" .) .Values.storegateway.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.storegateway.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{/*
Return the Thanos Compactor pvc name
*/}}
Expand Down Expand Up @@ -345,51 +470,6 @@ false
{{- end }}
{{- end }}

{{/* Service account name
Usage:
{{ include "thanos.serviceAccountName" (dict "component" "bucketweb" "context" $) }}
*/}}
{{- define "thanos.serviceAccountName" -}}
{{- $component := index .context.Values .component -}}
{{- if eq .component "query-frontend" -}}
{{- $component = index .context.Values "queryFrontend" -}}
{{- else if eq .component "receive-distributor" -}}
{{- $component = index .context.Values "receiveDistributor" -}}
{{- end -}}
{{- if not (include "thanos.serviceAccount.useExisting" (dict "component" .component "context" .context)) -}}
{{- if $component.serviceAccount.create -}}
{{- if eq .context.Values.serviceAccount.name "" -}}
{{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) $component.serviceAccount.name }}
{{- else -}}
{{ default (printf "%s-%s" (.context.Values.serviceAccount.name) .component) $component.serviceAccount.name }}
{{- end -}}
{{- else if .context.Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .context) .context.Values.serviceAccount.name }}
{{- else -}}
{{ default "default" (coalesce $component.serviceAccount.name .context.Values.serviceAccount.name ) }}
{{- end -}}
{{- else -}}
{{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) (coalesce $component.serviceAccount.existingServiceAccount .context.Values.existingServiceAccount) }}
{{- end -}}
{{- end -}}

{{/* Service account use existing
{{- include "thanos.serviceAccount.useExisting" (dict "component" "bucketweb" "context" $) -}}
*/}}
{{- define "thanos.serviceAccount.useExisting" -}}
{{- $component := index .context.Values .component -}}
{{- if eq .component "query-frontend" -}}
{{- $component = index .context.Values "queryFrontend" -}}
{{- else if eq .component "receive-distributor" -}}
{{- $component = index .context.Values "receiveDistributor" -}}
{{- end -}}
{{- if .context.Values.existingServiceAccount -}}
{{- true -}}
{{- else if $component.serviceAccount.existingServiceAccount -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a hashring configmap object should be created
*/}}
Expand All @@ -400,7 +480,6 @@ Return true if a hashring configmap object should be created
{{- end -}}
{{- end -}}


{{/*
Return the Thanos receive hashring configuration configmap.
*/}}
Expand Down
2 changes: 1 addition & 1 deletion bitnami/thanos/templates/alert-rule/query.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "common.names.fullname" . }}-query
name: {{ include "thanos.query.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
Expand Down
Loading
Loading