cloudoperators · richardtief · Jan 28, 2025 · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024
@@ -16,6 +16,7 @@ chart-dirs:
   - service-proxy/charts/1.0.0
   - logshipper
   - opentelemetry
+  - thanos
 chart-repos:
   - cert-manager=https://charts.jetstack.io
   - alerts=https://prometheus-community.github.io/helm-charts

@@ -0,0 +1,6 @@
+dependencies:
+- name: kube-prometheus-stack
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 68.3.0
+digest: sha256:08cff037b4b6c972c9b75b8d9f3e3005b33e02f2d1952de905b62da064b2cc0b
+generated: "2025-01-24T11:15:31.449929+01:00"
@@ -3,18 +3,23 @@
 
 apiVersion: v2
 description: Base chart for thanos monitoring deployments
-icon: https://raw.githubusercontent.com/thanos-io/thanos/main/docs/img/Thanos-logo_fullmedium.png 
+icon: https://raw.githubusercontent.com/thanos-io/thanos/main/docs/img/Thanos-logo_fullmedium.png
 type: application
 maintainers:
   - name: viennaa
   - name: richardtief
-name: thanos 
+name: thanos
 sources:
   - https://github.com/cloudoperators/greenhouse-extensions
-version: 0.1.3
+version: 0.1.4
 # thanos-release
 appVersion: v0.35.0
 keywords:
   - thanos
   - storage
   - metrics
+dependencies:
+  - name: kube-prometheus-stack
+    alias: prometheus-operator
+    repository: https://prometheus-community.github.io/helm-charts
+    version: 68.3.0
@@ -0,0 +1,22 @@
+prometheus-operator:
+  defaultRules:
+    create: true
+    labels:
+      thanos-ruler: thanos
+  prometheusOperator:
+    enabled: true
+  crds:
+    enabled: true
+
+ci:
+  enabled: true
+
+thanos:
+  ruler:
+    matchLabel: thanos
+    alertmanagers:
+      authentication:
+        enabled: true
+        ssoCert:
+        ssoKey:
+      hosts:
@@ -88,7 +88,7 @@ spec:
       - name: objectstore-secret
         secret:
           defaultMode: 420
-          secretName: {{ include "release.name" . }}-metrics-objectstore 
+          secretName: {{ include "release.name" . }}-metrics-objectstore
       - name: data-volume
         persistentVolumeClaim:
           claimName: {{ include "release.name" . }}-compactor

@@ -0,0 +1,14 @@
+{{- define "alertmanagers.config" }}
+alertmanagers:
+  - scheme: https
+    timeout: 10s
+    api_version: v2
+    {{- if .Values.thanos.ruler.alertmanagers.authentication.enabled }}
+    http_config:
+      tls_config:
+        cert_file: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert/sso.crt
+        key_file: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert/sso.key
+    {{- end }}
+    static_configs:
+{{ toYaml .Values.thanos.ruler.alertmanagers.hosts | indent 8 }}
+{{- end }}
@@ -0,0 +1,11 @@
+{{ if .Values.thanos.ruler.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "release.name" . }}-alertmanager-config
+  labels:
+    thanos: {{ include "release.name" . }}
+data:
+  alertManagerConfig.yaml: |
+{{ template "alertmanagers.config" . }}
+{{ end }}
@@ -0,0 +1,10 @@
+{{ if .Values.thanos.ruler.alertmanagers.authentication.enabled }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert
+data:
+  sso.crt: {{ required ".Values.thanos.ruler.alertmanagers.authentication.ssoCert missing" .Values.thanos.ruler.alertmanagers.authentication.ssoCert }}
+  sso.key: {{ required ".Values.thanos.ruler.alertmanagers.authentication.ssoKey missing" .Values.thanos.ruler.alertmanagers.authentication.ssoKey }}
+{{ end }}
@@ -0,0 +1,44 @@
+{{/* 
+SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{ if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.thanos.ruler.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ThanosRuler
+metadata:
+  name: {{ include "release.name" . }} # ressources name = thanos-ruler-<name>
+  labels:
+    {{- include "plugin.labels" . | nindent 4 }}
+    {{- include "thanos.labels" . | nindent 4 }}
+    {{- if .Values.thanos.ruler.labels }}
+    {{ toYaml .Values.thanos.ruler.labels | nindent 4 }}
+    {{- end }}
+spec:
+  image: "{{ .Values.thanos.image.repository }}:{{ .Values.thanos.image.tag | default .Chart.AppVersion }}"
+  ruleSelector:
+    matchLabels:
+      thanos-ruler: {{ .Values.thanos.ruler.matchLabel | default .Release.Name }}
+  queryEndpoints:
+    - {{ include "release.name" . }}-query:10902
+  alertmanagersConfig:
+    key: alertManagerConfig.yaml # Key name for alert manager config yaml
+    name: {{ include "release.name" . }}-alertmanager-config # Secret name containing alert manager config
+  # The labels to add to any alert when communicating with Alertmanager
+  labels:
+    {{ toYaml .Values.thanos.ruler.alertLabels | nindent 4 }}
+  # Select rules from all namespaces.
+  ruleNamespaceSelector: {}  
+{{ if .Values.thanos.ruler.alertmanagers.authentication.enabled }}
+  containers:
+    - name: thanos-ruler
+      volumeMounts:
+        - mountPath: /etc/thanos/secrets/thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert
+          name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert
+          readOnly: true
+  volumes:
+    - name: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert
+      secret:
+        secretName: thanos-ruler-{{ include "release.name" . }}-alertmanager-sso-cert
+{{ end }}
+{{ end }}
@@ -103,6 +103,6 @@ spec:
       - name: objectstore-secret
         secret:
           defaultMode: 420
-          secretName: {{ include "release.name" . }}-metrics-objectstore 
+          secretName: {{ include "release.name" . }}-metrics-objectstore
       - name: data
         emptyDir: {}
@@ -0,0 +1,11 @@
+{{- if .Values.ci.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "release.name" . }}-metrics-objectstore
+data:
+# Dummy filesystem config as objectstore
+  thanos.yaml: >-
+    dHlwZTogRklMRVNZU1RFTQpjb25maWc6CiAgZGlyZWN0b3J5OiAiL3Rlc3QiCnByZWZpeDogIiIKCgogICMga3ViZWN0bCBjcmVhdGUgc2VjcmV0IGdlbmVyaWMgb2JqZWN0LXN0b3JlLXNlY3JldCAtLWZyb20tZmlsZT10aGFub3MueWFtbD0uL3Rlc3Qtc2VjcmV0LnlhbWwgLW4gZGVtbwo=
+type: Opaque
+{{- end -}}
@@ -31,7 +31,7 @@ rules:
     resources: ["deployments", "statefulsets"]
     verbs: ["get", "list"]
   - apiGroups: [""]
-    resources: ["pods", "persistentvolumeclaims", "services"]
+    resources: ["pods", "persistentvolumeclaims", "services", "configmaps"]
     verbs: ["get", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1

@@ -34,8 +34,16 @@ data:
         try "at most 4 times every 5s to get pods named '{{ .Release.Name }}-store' and verify that '.status.phase' is 'running'"
     }
 
+    {{ if .Values.thanos.ruler.enabled }}
+    @test "Verify succesful creation, running status and rulefiles population of Thanos Ruler" {
+        verify "there is 1 statefulset named 'thanos-ruler-{{ .Release.Name }}'"
+        verify "there is 1 service named 'thanos-ruler-operated'"
+        try "at most 3 times every 5s to get pods named 'thanos-ruler-{{ .Release.Name }}' and verify that '.status.phase' is 'running'"
+        try "at most 3 times every 5s to get configmaps named '.*(ruler)+.*(rulefiles)+.*' and verify that '.data' matches '.*yaml.*'"
+    }
+    {{ end }}
+
     @test "Verify successful creation and bound status of {{ .Release.Name }} persistent volume claims" {
         try "at most 3 times every 5s to get persistentvolumeclaims named '{{ .Release.Name }}-compactor' and verify that '.status.phase' is 'Bound'"
     }
-
 {{- end -}}
@@ -28,4 +28,4 @@ spec:
       configMap:
         name: {{ .Release.Name }}-test
   restartPolicy: Never
-{{- end -}}
+{{- end -}}
@@ -2,9 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 global:
-
   ## Labels to apply to all resources
-  ##
   commonLabels: {}
 
 thanos:
@@ -13,9 +11,9 @@ thanos:
     # defaults to .Chart.appVersion
     tag:
     # defaults to IfNotPresent
-    pullPolicy: 
+    pullPolicy:
   grpcAddress:
-  # used across the stack 
+  # used across the stack
   httpAddress:
 
   query:
@@ -36,36 +34,39 @@ thanos:
       routePrefix:
 
     additionalArgs: []
-      #- something.route-foo=/lol 
-
-    deploymentLabels: {} 
-
+      # - something.route-foo=/lol
+    deploymentLabels: {}
     containerLabels:
 
     serviceLabels:
 
     annotations:
 
-    stores: [] 
+    stores: []
 
   store:
     # adding additional arguments
     additionalArgs: []
 
-    deploymentLabels: {} 
+    deploymentLabels: {}
 
     containerLabels:
 
-    #TODO use
+    # TODO use
     serviceLabels:
 
     annotations:
 
+    chunkPoolSize:
+
+    indexCacheSize:
+
+    logLevel:
+
   compactor:
     # if this is a standalone Thanos Query, we wouldn't want a compactor
     enabled: true
     # TODO: store secret needs to be present and can not be provisioned automatically
-
     logLevel:
 
     containerLabels: []
@@ -74,7 +75,7 @@ thanos:
 
     labels: []
     annotations: []
- 
+
     # adding additional arguments
     additionalArgs: []
 
@@ -93,7 +94,7 @@ thanos:
       # seconds
       cleanupInterval:
 
-      # seconds 
+      # seconds
       waitInterval:
 
     volume:
@@ -103,10 +104,60 @@ thanos:
       size:
       labels: []
 
+  ruler:
+    enabled: true
+
+    labels:
+
+    alertLabels:
+
+    matchLabel:
+
+    alertmanagers:
+      authentication:
+        enabled: true
+        ssoCert:
+        ssoKey:
+      hosts:
+
 testFramework:
   enabled: true
   image:
     registry: ghcr.io
     repository: cloudoperators/greenhouse-extensions-integration-test
     tag: main
   imagePullPolicy: IfNotPresent
+
+# Only used for TESTING !!! see test-values.yaml
+# The kube-monitoring plugin is taking care of deploying the Prometheus Operator
+# Thanos Plugin leverages it for its CI
+ci:
+  enabled: false
+prometheus-operator:
+  defaultRules:
+    create: false
+  dashboards:
+    create: false
+  kubernetesServiceMonitors:
+    enabled: false
+  cleanPrometheusOperatorObjectNames: false
+  crds:
+    enabled: false
+  windowsMonitoring:
+    enabled: false
+  grafana:
+    enabled: false
+  thanosRuler:
+    enabled: false
+  prometheus:
+    enabled: false
+  nodeExporter:
+    enabled: false
+  kubeStateMetrics:
+    enabled: false
+  prometheusOperator:
+    enabled: false
+  alertmanager:
+    enabled: false
+    ingress:
+      enabled: false
@@ -10,7 +10,7 @@ spec:
     helmChart:
         name: thanos
         repository: "oci://ghcr.io/cloudoperators/greenhouse-extensions/charts"
-        version: 0.1.3
+        version: 0.1.4
     options:
         - default: null
           description: CLI param for Thanos Query