kube-prometheus-stack: Support for secrets store CSI driver

[github-actions[bot]]

kube-prometheus-stack: Support for secrets store CSI driver

https://github.com/prometheus-community/helm-charts/pull/1158

secretProviderClass:

secretProviderClass:

provider: gcp

parameters:

secrets: |

• resourceName: "projects/portefaix-prod/secrets/thanos_config/versions/latest"

fileName: "object-store.yaml"

objectStorageConfigFile: /var/secrets/object-store.yaml

https://github.com/portefaix/portefaix/blob/ce13ffcf0bfa9a2f4051f6e4a52bed8cd57f1a26/kubernetes/overlays/gcp/prod/monitoring/kube-prometheus-stack/kube-prometheus-stack.yaml#L100

# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: kube-prometheus-stack
  namespace: monitoring
spec:
  # chart:
  #   spec:
  #     version: 12.0.4
  values:
    alertmanager:
      serviceAccount:
        create: true
        name: alertmanager
        annotations:
          iam.gke.io/gcp-service-account: portefaix-prod-alertmanager@portefaix-prod.iam.gserviceaccount.com
      ingress:
        enabled: true
        annotations:
          kubernetes.io/ingress.class: nginx
          cert-manager.io/cluster-issuer: 'letsencrypt-prod'
          nginx.ingress.kubernetes.io/auth-url: https://forwardauth.gcp.portefaix.xyz/verify?uri=$scheme://$host$request_uri
          nginx.ingress.kubernetes.io/auth-signin: "https://forwardauth.gcp.portefaix.xyz/?uri=$scheme://$host$request_uri"
        hosts:
          - alertmanager.gcp.portefaix.xyz
        path: /
        pathType: ImplementationSpecific
        tls:
          - secretName: alertmanager.gcp.portefaix.xyz-tls
            hosts:
              - alertmanager.gcp.portefaix.xyz
      alertmanagerSpec:
        externalUrl: https://alertmanager.gcp.portefaix.xyz

    prometheus:
      serviceAccount:
        create: true
        name: prometheus
        annotations:
          iam.gke.io/gcp-service-account: portefaix-prod-prometheus@portefaix-prod.iam.gserviceaccount.com
      thanosIngress:
        enabled: true
        annotations:
          kubernetes.io/ingress.class: nginx
          cert-manager.io/cluster-issuer: 'letsencrypt-prod'
          nginx.ingress.kubernetes.io/auth-url: https://forwardauth.gcp.portefaix.xyz/verify?uri=$scheme://$host$request_uri
          nginx.ingress.kubernetes.io/auth-signin: "https://forwardauth.gcp.portefaix.xyz/?uri=$scheme://$host$request_uri"
        hosts:
          - prometheus-sidecar.gcp.portefaix.xyz
        path:
          - /
        pathType: ImplementationSpecific
        tls:
          - secretName: prometheus-sidecar.gcp.portefaix.xyz-tls
            hosts:
              - prometheus-sidecar.gcp.portefaix.xyz
      ingress:
        enabled: true
        annotations:
          kubernetes.io/ingress.class: nginx
          cert-manager.io/cluster-issuer: 'letsencrypt-prod'
          nginx.ingress.kubernetes.io/auth-url: https://forwardauth.gcp.portefaix.xyz/verify?uri=$scheme://$host$request_uri
          nginx.ingress.kubernetes.io/auth-signin: "https://forwardauth.gcp.portefaix.xyz/?uri=$scheme://$host$request_uri"
        hosts:
          - prometheus.gcp.portefaix.xyz
        path:
        - /
        pathType: ImplementationSpecific
        tls:
          - secretName: prometheus.gcp.portefaix.xyz-tls
            hosts:
              - prometheus.gcp.portefaix.xyz
      prometheusSpec:
        externalUrl: https://prometheus.gcp.portefaix.xyz
        storageSpec:
          volumeClaimTemplate:
            spec:
              storageClassName: "standard"
              resources:
                requests:
                  storage: 10Gi
        thanosIngress:
          enabled: true

        # TODO: kube-prometheus-stack: Support for secrets store CSI driver
        # labels: kind/feature, priority/medium, lifecycle/frozen, area/kubernetes, cloud/gcp
        # https://github.com/prometheus-community/helm-charts/pull/1158

        # thanos:
        #   secretProviderClass:
        #     secretProviderClass:
        #       provider: gcp
        #       parameters:
        #         secrets: |
        #           - resourceName: "projects/portefaix-prod/secrets/thanos_config/versions/latest"
        #             fileName: "object-store.yaml"
        #     objectStorageConfigFile: /var/secrets/object-store.yaml
        #   # TODO: kube-prometheus-stack: Extra Volumes on thanos-sidecar container
        #   # labels: kind/feature, priority/medium, lifecycle/frozen, area/kubernetes, cloud/gcp
        #   # https://github.com/prometheus-operator/prometheus-operator/pull/3966
        #   volumes:
        #   volumesMounts:
        #     - mountPath: "/var/secrets"
        #       name: mysecret

c6e874b0a8f6bfd98aa26609302e7078ac7da7aa

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.