Add support for missing objectstorage secret for thanos store (#307)

* Add support for missing objectstorage secret for thanos store

Signed-off-by: Vibhu Prashar <vibhu.sharma2929@gmail.com>

* Add review comments

Signed-off-by: Vibhu Prashar <vibhu.sharma2929@gmail.com>

---------

Signed-off-by: Vibhu Prashar <vibhu.sharma2929@gmail.com>

Makefile

@@ -42,6 +42,21 @@ lint: $(JSONNET_LINT) vendor
 vendor: | $(JB) jsonnetfile.json jsonnetfile.lock.json
 	$(JB) install
 
+.PHONY: deploy
+deploy:
+	kubectl create ns thanos
+	kubectl create ns minio
+	kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v$(PROM_OPERATOR_VERSION)/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+	kubectl create -f examples/development-minio/
+	kubectl create -f manifests/
+
+.PHONY: teardown
+teardown:
+	kubectl delete -f examples/development-minio/
+	kubectl delete -f manifests/
+	kubectl delete ns thanos
+	kubectl delete ns minio
+
 .PHONY: clean
 clean:
 	-rm -rf tmp/bin

README.md

@@ -23,13 +23,12 @@ This project is intended to be used as a library (i.e. the intent is not for you
 Though for a quickstart a compiled version of the Kubernetes [manifests](manifests) generated with this library (specifically with `example.jsonnet`) is checked into this repository in order to try the content out quickly. To try out the stack un-customized run:
  * Simply create the stack:
 ```shell
-$ kubectl create ns thanos
-$ kubectl create -f manifests/
+$ make deploy
 ```
 
  * And to teardown the stack:
 ```shell
-$ kubectl delete -f manifests/
+$ make teardown
 ```
 
 ## Customizing kube-thanos
@@ -77,7 +76,7 @@ local commonConfig = {
   config+:: {
     local cfg = self,
     namespace: 'thanos',
-    version: 'v0.29.0',
+    version: 'v0.31.0',
     image: 'quay.io/thanos/thanos:' + cfg.version,
     imagePullPolicy: 'IfNotPresent',
     objectStorageConfig: {
@@ -167,10 +166,15 @@ find manifests -type f ! -name '*.yaml' -delete
 # The following script generates all components, mostly used for testing
 
 rm -rf examples/all/manifests
+rm -rf examples/development-minio
 mkdir examples/all/manifests
+mkdir examples/development-minio
 
 ${JSONNET} -J vendor -m examples/all/manifests "${1-all.jsonnet}" | xargs -I{} sh -c "cat {} | ${GOJSONTOYAML} > {}.yaml; rm -f {}" -- {}
 find examples/all/manifests -type f ! -name '*.yaml' -delete
+
+${JSONNET} -J vendor -m examples/development-minio "${1-minio.jsonnet}" | xargs -I{} sh -c "cat {} | ${GOJSONTOYAML} > {}.yaml; rm -f {}" -- {}
+find examples/development-minio -type f ! -name '*.yaml' -delete
 ```
 
 > Note you need `jsonnet` (`go get github.com/google/go-jsonnet/cmd/jsonnet`) and `gojsontoyaml` (`go get github.com/brancz/gojsontoyaml`) installed to run `build.sh`. If you just want json output, not yaml, then you can skip the pipe and everything afterwards.

build.sh

@@ -21,7 +21,12 @@ find manifests -type f ! -name '*.yaml' -delete
 # The following script generates all components, mostly used for testing
 
 rm -rf examples/all/manifests
+rm -rf examples/development-minio
 mkdir examples/all/manifests
+mkdir examples/development-minio
 
 ${JSONNET} -J vendor -m examples/all/manifests "${1-all.jsonnet}" | xargs -I{} sh -c "cat {} | ${GOJSONTOYAML} > {}.yaml; rm -f {}" -- {}
 find examples/all/manifests -type f ! -name '*.yaml' -delete
+
+${JSONNET} -J vendor -m examples/development-minio "${1-minio.jsonnet}" | xargs -I{} sh -c "cat {} | ${GOJSONTOYAML} > {}.yaml; rm -f {}" -- {}
+find examples/development-minio -type f ! -name '*.yaml' -delete

example.jsonnet

@@ -6,7 +6,7 @@ local commonConfig = {
   config+:: {
     local cfg = self,
     namespace: 'thanos',
-    version: 'v0.29.0',
+    version: 'v0.31.0',
     image: 'quay.io/thanos/thanos:' + cfg.version,
     imagePullPolicy: 'IfNotPresent',
     objectStorageConfig: {

examples/development-minio/deployment.yaml → examples/development-minio/minio-deployment.yaml

@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: minio
+  namespace: thanos
 spec:
   selector:
     matchLabels:
@@ -14,22 +15,25 @@ spec:
         app.kubernetes.io/name: minio
     spec:
       containers:
-      - name: minio
-        image: minio/minio
-        command:
+      - command:
         - /bin/sh
         - -c
-        - "mkdir -p /storage/thanos && /opt/bin/minio server /storage"
+        - |
+          mkdir -p /storage/thanos && \
+          /usr/bin/docker-entrypoint.sh minio server /storage
         env:
-        - name: MINIO_ACCESS_KEY
-          value: "minio"
-        - name: MINIO_SECRET_KEY
-          value: "minio123"
+        - name: MINIO_ROOT_USER
+          value: minio
+        - name: MINIO_ROOT_PASSWORD
+          value: minio123
+        image: minio/minio:RELEASE.2023-05-27T05-56-19Z
+        imagePullPolicy: IfNotPresent
+        name: minio
         ports:
         - containerPort: 9000
         volumeMounts:
-        - name: storage
-          mountPath: "/storage"
+        - mountPath: /storage
+          name: storage
       volumes:
       - name: storage
         persistentVolumeClaim:

examples/development-minio/pvc.yaml → examples/development-minio/minio-pvc.yaml

@@ -1,12 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: minio
   labels:
     app.kubernetes.io/name: minio
+  name: minio
+  namespace: thanos
 spec:
   accessModes:
-    - ReadWriteOnce
+  - ReadWriteOnce
   resources:
     requests:
-      storage: 10Gi
+      storage: 5Gi

examples/development-minio/secret.yaml → examples/development-minio/minio-secret-thanos.yaml

@@ -2,13 +2,14 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: thanos-objectstorage
-type: Opaque
+  namespace: thanos
 stringData:
-  thanos.yaml: |-
+  thanos.yaml: |
     type: s3
     config:
       bucket: thanos
-      endpoint: minio:9000
+      endpoint: minio.thanos.svc.cluster.local:9000
       insecure: true
       access_key: minio
       secret_key: minio123
+type: Opaque

examples/development-minio/service.yaml → examples/development-minio/minio-service.yaml

@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   name: minio
+  namespace: thanos
 spec:
-  type: ClusterIP
   ports:
-    - port: 9000
-      targetPort: 9000
-      protocol: TCP
+  - port: 9000
+    protocol: TCP
+    targetPort: 9000
   selector:
     app.kubernetes.io/name: minio
+  type: ClusterIP

jsonnet/minio/minio.libsonnet

@@ -0,0 +1,107 @@
+// These are the defaults for this components configuration.
+// When calling the function to generate the component's manifest,
+// you can pass an object structured like the default to overwrite default values.
+local defaults = {
+  namespace: error 'must provide namespace',
+  buckets: error 'must provide buckets',
+  accessKey: error 'must provide accessKey',
+  secretKey: error 'must provide secretKey',
+
+  commonLabels:: { 'app.kubernetes.io/name': 'minio' },
+};
+
+function(params) {
+  local minio = self,
+
+  // Combine the defaults and the passed params to make the component's config.
+  config:: defaults + params,
+
+  deployment: {
+    apiVersion: 'apps/v1',
+    kind: 'Deployment',
+    metadata: {
+      name: 'minio',
+      namespace: minio.config.namespace,
+    },
+    spec: {
+      selector: {
+        matchLabels: minio.config.commonLabels,
+      },
+      strategy: { type: 'Recreate' },
+      template: {
+        metadata: {
+          labels: minio.config.commonLabels,
+        },
+        spec: {
+          containers: [
+            {
+              command: [
+                '/bin/sh',
+                '-c',
+                |||
+                  mkdir -p %s && \
+                  /usr/bin/docker-entrypoint.sh minio server /storage
+                ||| % std.join(' ', ['/storage/%s' % bucket for bucket in minio.config.buckets]),
+              ],
+              env: [
+                {
+                  name: 'MINIO_ROOT_USER',
+                  value: minio.config.accessKey,
+                },
+                {
+                  name: 'MINIO_ROOT_PASSWORD',
+                  value: minio.config.secretKey,
+                },
+              ],
+              image: 'minio/minio:RELEASE.2023-05-27T05-56-19Z',
+              imagePullPolicy: 'IfNotPresent',
+              name: 'minio',
+              ports: [
+                { containerPort: 9000 },
+              ],
+              volumeMounts: [
+                { mountPath: '/storage', name: 'storage' },
+              ],
+            },
+          ],
+          volumes: [{
+            name: 'storage',
+            persistentVolumeClaim: { claimName: 'minio' },
+          }],
+        },
+      },
+    },
+  },
+
+  pvc: {
+    apiVersion: 'v1',
+    kind: 'PersistentVolumeClaim',
+    metadata: {
+      labels: minio.config.commonLabels,
+      name: 'minio',
+      namespace: minio.config.namespace,
+    },
+    spec: {
+      accessModes: ['ReadWriteOnce'],
+      resources: {
+        requests: { storage: '5Gi' },
+      },
+    },
+  },
+
+  service: {
+    apiVersion: 'v1',
+    kind: 'Service',
+    metadata: {
+      name: 'minio',
+      namespace: minio.config.namespace,
+    },
+    spec: {
+      ports: [
+        { port: 9000, protocol: 'TCP', targetPort: 9000 },
+      ],
+      selector: minio.config.commonLabels,
+      type: 'ClusterIP',
+    },
+  },
+}

manifests/thanos-query-deployment.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: query-layer
     app.kubernetes.io/instance: thanos-query
     app.kubernetes.io/name: thanos-query
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-query
   namespace: thanos
 spec:
@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/component: query-layer
         app.kubernetes.io/instance: thanos-query
         app.kubernetes.io/name: thanos-query
-        app.kubernetes.io/version: v0.29.0
+        app.kubernetes.io/version: v0.31.0
     spec:
       affinity:
         podAntiAffinity:
@@ -54,7 +54,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.hostIP
-        image: quay.io/thanos/thanos:v0.29.0
+        image: quay.io/thanos/thanos:v0.31.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 4

manifests/thanos-query-service.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: query-layer
     app.kubernetes.io/instance: thanos-query
     app.kubernetes.io/name: thanos-query
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-query
   namespace: thanos
 spec:

manifests/thanos-query-serviceAccount.yaml

@@ -6,6 +6,6 @@ metadata:
     app.kubernetes.io/component: query-layer
     app.kubernetes.io/instance: thanos-query
     app.kubernetes.io/name: thanos-query
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-query
   namespace: thanos

manifests/thanos-query-serviceMonitor.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: query-layer
     app.kubernetes.io/instance: thanos-query
     app.kubernetes.io/name: thanos-query
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-query
   namespace: thanos
 spec:

manifests/thanos-receive-ingestor-default-service.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: database-write-hashring
     app.kubernetes.io/instance: thanos-receive-ingestor-default
     app.kubernetes.io/name: thanos-receive
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
     controller.receive.thanos.io/hashring: default
   name: thanos-receive-ingestor-default
   namespace: thanos

manifests/thanos-receive-ingestor-default-statefulSet.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: database-write-hashring
     app.kubernetes.io/instance: thanos-receive-ingestor-default
     app.kubernetes.io/name: thanos-receive
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
     controller.receive.thanos.io: thanos-receive-controller
     controller.receive.thanos.io/hashring: default
   name: thanos-receive-ingestor-default
@@ -26,7 +26,7 @@ spec:
         app.kubernetes.io/component: database-write-hashring
         app.kubernetes.io/instance: thanos-receive-ingestor-default
         app.kubernetes.io/name: thanos-receive
-        app.kubernetes.io/version: v0.29.0
+        app.kubernetes.io/version: v0.31.0
         controller.receive.thanos.io/hashring: default
     spec:
       affinity:
@@ -90,7 +90,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.hostIP
-        image: quay.io/thanos/thanos:v0.29.0
+        image: quay.io/thanos/thanos:v0.31.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 8

manifests/thanos-receive-ingestor-serviceAccount.yaml

@@ -6,6 +6,6 @@ metadata:
     app.kubernetes.io/component: database-write-hashring
     app.kubernetes.io/instance: thanos-receive-ingestor
     app.kubernetes.io/name: thanos-receive
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-receive-ingestor
   namespace: thanos

manifests/thanos-receive-ingestor-serviceMonitor.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: database-write-hashring
     app.kubernetes.io/instance: thanos-receive-ingestor
     app.kubernetes.io/name: thanos-receive
-    app.kubernetes.io/version: v0.29.0
+    app.kubernetes.io/version: v0.31.0
   name: thanos-receive-ingestor
   namespace: thanos
 spec: