diff --git a/go.mod b/go.mod index 9181db0d35..af9ba8ed9a 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/observatorium/observatorium v0.0.0-00010101000000-000000000000 github.com/openshift/api v3.9.0+incompatible github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.68.0 + github.com/prometheus/common v0.44.0 github.com/pyrra-dev/pyrra v0.7.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.28.2 @@ -50,7 +51,6 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.16.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/prometheus/prometheus v1.8.2-0.20220211202545-56e14463bccf // indirect github.com/rodaine/hclencoder v0.0.1 // indirect @@ -83,4 +83,4 @@ require ( ) // Delete when https://github.com/observatorium/observatorium/pull/543 is merged to main branch -replace github.com/observatorium/observatorium => github.com/thibaultmg/observatorium v0.0.0-20231109122152-cc47e5be397b +replace github.com/observatorium/observatorium => github.com/thibaultmg/observatorium v0.0.0-20231123172357-0705fe74fcd5 diff --git a/go.sum b/go.sum index 468d07d0f1..efd159a27f 100644 --- a/go.sum +++ b/go.sum @@ -1253,8 +1253,8 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/thibaultmg/observatorium v0.0.0-20231109122152-cc47e5be397b h1:HDy/lsnObTgZgeNnq/ZUwQ+5unJdR4gvd3JOKMarQKM= -github.com/thibaultmg/observatorium v0.0.0-20231109122152-cc47e5be397b/go.mod h1:P+7t9O8AitkuZjUhXC4LHw4iwAzTpIrs0tHz8X3xTvM= +github.com/thibaultmg/observatorium v0.0.0-20231123172357-0705fe74fcd5 h1:EQ3Qb3hsVxrhlWKl3DWettTcHwKGbGyJp4t6j0q4W3E= +github.com/thibaultmg/observatorium v0.0.0-20231123172357-0705fe74fcd5/go.mod h1:P+7t9O8AitkuZjUhXC4LHw4iwAzTpIrs0tHz8X3xTvM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tinylib/msgp v1.0.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= diff --git a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-compact-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-compact-default-template.yaml index 59080afc53..a226a21ac6 100755 --- a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-compact-default-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-compact-default-template.yaml @@ -15,7 +15,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-compact-default namespace: rhobs @@ -46,7 +46,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-compact-default namespace: rhobs @@ -59,7 +59,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default prometheus: app-sre name: observatorium-thanos-compact-default @@ -93,7 +93,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-compact-default namespace: rhobs @@ -115,7 +115,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default namespace: rhobs spec: @@ -185,7 +185,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-default terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-default updateStrategy: {} @@ -266,7 +266,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-receive-ingestor-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-receive-ingestor-default-template.yaml index 5d1df0abd7..dcf561f031 100755 --- a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-receive-ingestor-default-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-receive-ingestor-default-template.yaml @@ -13,7 +13,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-receive-ingestor-default namespace: rhobs @@ -48,7 +48,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-receive-ingestor-default namespace: rhobs @@ -61,7 +61,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default prometheus: app-sre name: observatorium-thanos-receive-ingestor-default @@ -95,7 +95,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 controller.receive.thanos.io: thanos-receive-controller controller.receive.thanos.io/hashring: default observatorium/tenant: default @@ -119,7 +119,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default namespace: rhobs spec: @@ -193,7 +193,7 @@ objects: valueFrom: fieldRef: fieldPath: metadata.name - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -286,7 +286,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-store-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-store-default-template.yaml index f740eba204..fed899d58c 100755 --- a/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-store-default-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/default/observatorium-metrics-store-default-template.yaml @@ -452,7 +452,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: hashmod-config-template-default namespace: rhobs @@ -486,7 +486,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-store-default namespace: rhobs @@ -517,7 +517,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-store-default namespace: rhobs @@ -530,7 +530,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default prometheus: app-sre name: observatorium-thanos-store-default @@ -564,7 +564,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: observatorium-thanos-store-default namespace: rhobs @@ -586,7 +586,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default namespace: rhobs spec: @@ -691,7 +691,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -806,7 +806,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: default name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-rule-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-rule-template.yaml new file mode 100755 index 0000000000..55a1a5df44 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-rule-template.yaml @@ -0,0 +1,322 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-query-rule +objects: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-query-rule + weight: null +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: query-rule-tls + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium +- apiVersion: v1 + imagePullSecrets: + - name: quay.io + kind: ServiceAccount + metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.application: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"observatorium-thanos-query-rule"}}' + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query-rule + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + prometheus: app-sre + name: observatorium-thanos-query-rule + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium +- apiVersion: apps/v1 + kind: Deployment + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + replicas: ${{REPLICAS}} + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-query-rule + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - query + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-telemeter.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-telemeter.rhobs.svc.cluster.local + - --log.format=logfmt + - --log.level=${LOG_LEVEL} + - --query.auto-downsampling + - --query.lookback-delta=15m + - --query.max-concurrent=10 + - --query.promql-engine=prometheus + - --query.replica-label=replica + - --query.replica-label=prometheus_replica + - --query.replica-label=rule_replica + - --query.timeout=15m + - | + --tracing.config=type: JAEGER + config: + service_name: thanos-query-rule + sampler_type: ratelimiting + sampler_param: 2 + - --web.prefix-header=X-Forwarded-Prefix + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: quay.io/thanos/thanos:v0.32.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-query-rule + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:4.15 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: observatorium-thanos-query-rule + terminationGracePeriodSeconds: 120 + volumes: + - name: tls + secret: + secretName: query-rule-tls +parameters: +- name: LOG_LEVEL + value: warn +- name: REPLICAS + value: "1" +- name: CPU_REQUEST + value: 250m +- name: MEMORY_LIMIT + value: 8Gi +- name: MEMORY_REQUEST + value: 2Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-template.yaml new file mode 100755 index 0000000000..3b6c0897c3 --- /dev/null +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-query-template.yaml @@ -0,0 +1,335 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-query +objects: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-query + weight: null +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: query-adhoc-tls + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium +- apiVersion: v1 + imagePullSecrets: + - name: quay.io + kind: ServiceAccount + metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.application: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"observatorium-thanos-query"}}' + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + prometheus: app-sre + name: observatorium-thanos-query + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium +- apiVersion: apps/v1 + kind: Deployment + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + name: observatorium-thanos-query + namespace: rhobs + spec: + replicas: ${{REPLICAS}} + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.5 + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-query + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - query + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-telemeter.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-telemeter.rhobs.svc.cluster.local + - --log.format=logfmt + - --log.level=${LOG_LEVEL} + - --query.auto-downsampling + - --query.lookback-delta=15m + - --query.max-concurrent=10 + - --query.promql-engine=prometheus + - --query.replica-label=replica + - --query.replica-label=prometheus_replica + - --query.replica-label=rule_replica + - --query.telemetry.request-duration-seconds-quantiles=0.10 + - --query.telemetry.request-duration-seconds-quantiles=0.25 + - --query.telemetry.request-duration-seconds-quantiles=0.75 + - --query.telemetry.request-duration-seconds-quantiles=1.25 + - --query.telemetry.request-duration-seconds-quantiles=1.75 + - --query.telemetry.request-duration-seconds-quantiles=2.50 + - --query.telemetry.request-duration-seconds-quantiles=3.00 + - --query.telemetry.request-duration-seconds-quantiles=5.00 + - --query.telemetry.request-duration-seconds-quantiles=10.00 + - --query.telemetry.request-duration-seconds-quantiles=15.00 + - --query.telemetry.request-duration-seconds-quantiles=30.00 + - --query.telemetry.request-duration-seconds-quantiles=60.00 + - --query.telemetry.request-duration-seconds-quantiles=120.00 + - --query.timeout=15m + - | + --tracing.config=type: JAEGER + config: + service_name: thanos-query + sampler_type: ratelimiting + sampler_param: 2 + - --web.prefix-header=X-Forwarded-Prefix + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: quay.io/thanos/thanos:v0.32.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-query + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:4.15 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: observatorium-thanos-query + terminationGracePeriodSeconds: 120 + volumes: + - name: tls + secret: + secretName: query-adhoc-tls +parameters: +- name: LOG_LEVEL + value: warn +- name: REPLICAS + value: "1" +- name: CPU_REQUEST + value: 250m +- name: MEMORY_LIMIT + value: 8Gi +- name: MEMORY_REQUEST + value: 2Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-receive-router-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-receive-router-template.yaml index cf03d5c619..89dbbb516d 100755 --- a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-receive-router-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-receive-router-template.yaml @@ -54,7 +54,7 @@ objects: - args: - --configmap-name=thanos-receive-hashring - --configmap-generated-name=thanos-receive-hashring-generated - - --file-name=hashring.json + - --file-name=hashrings.json - --namespace=rhobs env: - name: NAMESPACE @@ -68,10 +68,6 @@ objects: image: quay.io/observatorium/thanos-receive-controller:main-2023-09-22-f168dd7 imagePullPolicy: IfNotPresent name: observatorium-thanos-receive-controller - ports: - - containerPort: 8080 - name: http - protocol: TCP resources: limits: cpu: 24Mi @@ -184,7 +180,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 name: observatorium-thanos-receive-router-limits namespace: rhobs - apiVersion: apps/v1 @@ -196,7 +192,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 name: observatorium-thanos-receive-router namespace: rhobs spec: @@ -216,7 +212,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 namespace: rhobs spec: affinity: @@ -244,7 +240,7 @@ objects: - --log.format=logfmt - --log.level=${LOG_LEVEL} - --receive.hashrings-algorithm=ketama - - --receive.hashrings-file=/etc/thanos/hashring/hashring.json + - --receive.hashrings-file=/etc/thanos/hashring/hashrings.json - --receive.hashrings-file-refresh-interval=5s - --receive.limits-config-file=/etc/thanos/receive-limits/limits.yaml - --remote-write.address=0.0.0.0:19291 @@ -254,7 +250,7 @@ objects: service_name: thanos-receive-router sampler_type: ratelimiting sampler_param: 2 - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -356,7 +352,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 name: observatorium-thanos-receive-router namespace: rhobs spec: @@ -389,7 +385,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 name: observatorium-thanos-receive-router namespace: rhobs - apiVersion: monitoring.coreos.com/v1 @@ -401,7 +397,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-router app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 prometheus: app-sre name: observatorium-thanos-receive-router namespace: openshift-customer-monitoring diff --git a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml index 8d9a6fa05a..9a764201b7 100755 --- a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml @@ -15,7 +15,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-compact-rhel namespace: rhobs @@ -46,7 +46,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-compact-rhel namespace: rhobs @@ -59,7 +59,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel prometheus: app-sre name: observatorium-thanos-compact-rhel @@ -93,7 +93,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-compact-rhel namespace: rhobs @@ -115,7 +115,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel namespace: rhobs spec: @@ -185,7 +185,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-rhel terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-rhel updateStrategy: {} @@ -266,7 +266,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-receive-ingestor-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-receive-ingestor-rhel-template.yaml index 4bf57ca99b..eb35cfef0c 100755 --- a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-receive-ingestor-rhel-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-receive-ingestor-rhel-template.yaml @@ -13,7 +13,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-receive-ingestor-rhel namespace: rhobs @@ -48,7 +48,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-receive-ingestor-rhel namespace: rhobs @@ -61,7 +61,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel prometheus: app-sre name: observatorium-thanos-receive-ingestor-rhel @@ -95,7 +95,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 controller.receive.thanos.io: thanos-receive-controller controller.receive.thanos.io/hashring: rhel observatorium/tenant: rhel @@ -119,7 +119,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel namespace: rhobs spec: @@ -193,7 +193,7 @@ objects: valueFrom: fieldRef: fieldPath: metadata.name - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -286,7 +286,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-store-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-store-rhel-template.yaml index 2521ca25bc..3b6e886855 100755 --- a/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-store-rhel-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/rhel/observatorium-metrics-store-rhel-template.yaml @@ -452,7 +452,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: hashmod-config-template-rhel namespace: rhobs @@ -486,7 +486,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-store-rhel namespace: rhobs @@ -517,7 +517,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-store-rhel namespace: rhobs @@ -530,7 +530,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel prometheus: app-sre name: observatorium-thanos-store-rhel @@ -564,7 +564,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: observatorium-thanos-store-rhel namespace: rhobs @@ -586,7 +586,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel namespace: rhobs spec: @@ -691,7 +691,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -806,7 +806,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: rhel name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml index 2238cf9f93..d46135f149 100755 --- a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml @@ -15,7 +15,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-compact-telemeter namespace: rhobs @@ -46,7 +46,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-compact-telemeter namespace: rhobs @@ -59,7 +59,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter prometheus: app-sre name: observatorium-thanos-compact-telemeter @@ -93,7 +93,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-compact-telemeter namespace: rhobs @@ -115,7 +115,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter namespace: rhobs spec: @@ -185,7 +185,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-telemeter terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-telemeter updateStrategy: {} @@ -266,7 +266,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-compact app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-receive-ingestor-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-receive-ingestor-telemeter-template.yaml index 16488b517d..b2266547ce 100755 --- a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-receive-ingestor-telemeter-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-receive-ingestor-telemeter-template.yaml @@ -13,7 +13,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-receive-ingestor-telemeter namespace: rhobs @@ -48,7 +48,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-receive-ingestor-telemeter namespace: rhobs @@ -61,7 +61,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter prometheus: app-sre name: observatorium-thanos-receive-ingestor-telemeter @@ -95,7 +95,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 controller.receive.thanos.io: thanos-receive-controller controller.receive.thanos.io/hashring: telemeter observatorium/tenant: telemeter @@ -119,7 +119,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter namespace: rhobs spec: @@ -193,7 +193,7 @@ objects: valueFrom: fieldRef: fieldPath: metadata.name - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -286,7 +286,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-receive-ingestor app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: data spec: diff --git a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-store-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-store-telemeter-template.yaml index 67620f55c1..a680dc2852 100755 --- a/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-store-telemeter-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/telemeter/observatorium-metrics-store-telemeter-template.yaml @@ -452,7 +452,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: hashmod-config-template-telemeter namespace: rhobs @@ -486,7 +486,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-store-telemeter namespace: rhobs @@ -517,7 +517,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-store-telemeter namespace: rhobs @@ -530,7 +530,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter prometheus: app-sre name: observatorium-thanos-store-telemeter @@ -564,7 +564,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: observatorium-thanos-store-telemeter namespace: rhobs @@ -586,7 +586,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter namespace: rhobs spec: @@ -691,7 +691,7 @@ objects: bucket: $(OBJ_STORE_BUCKET) endpoint: $(OBJ_STORE_ENDPOINT) region: $(OBJ_STORE_REGION) - image: quay.io/thanos/thanos:v0.32.4 + image: quay.io/thanos/thanos:v0.32.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -806,7 +806,7 @@ objects: app.kubernetes.io/instance: observatorium app.kubernetes.io/name: thanos-store app.kubernetes.io/part-of: observatorium - app.kubernetes.io/version: v0.32.4 + app.kubernetes.io/version: v0.32.5 observatorium/tenant: telemeter name: data spec: diff --git a/resources/services/telemeter-prod-01/rhobs/default/observatorium-metrics-compact-default-template.yaml b/resources/services/telemeter-prod-01/rhobs/default/observatorium-metrics-compact-default-template.yaml index 59080afc53..6cee6e9928 100755 --- a/resources/services/telemeter-prod-01/rhobs/default/observatorium-metrics-compact-default-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/default/observatorium-metrics-compact-default-template.yaml @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-default terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-default updateStrategy: {} diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-rule-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-rule-template.yaml new file mode 100755 index 0000000000..2b5edd9820 --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-rule-template.yaml @@ -0,0 +1,322 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-query-rule +objects: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-query-rule + weight: null +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: query-rule-tls + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium +- apiVersion: v1 + imagePullSecrets: + - name: quay.io + kind: ServiceAccount + metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.application: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"observatorium-thanos-query-rule"}}' + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query-rule + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + prometheus: app-sre + name: observatorium-thanos-query-rule + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium +- apiVersion: apps/v1 + kind: Deployment + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query-rule + namespace: rhobs + spec: + replicas: ${{REPLICAS}} + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query-rule + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-query-rule + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - query + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-telemeter.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-telemeter.rhobs.svc.cluster.local + - --log.format=logfmt + - --log.level=${LOG_LEVEL} + - --query.auto-downsampling + - --query.lookback-delta=15m + - --query.max-concurrent=10 + - --query.promql-engine=prometheus + - --query.replica-label=replica + - --query.replica-label=prometheus_replica + - --query.replica-label=rule_replica + - --query.timeout=15m + - | + --tracing.config=type: JAEGER + config: + service_name: thanos-query-rule + sampler_type: ratelimiting + sampler_param: 2 + - --web.prefix-header=X-Forwarded-Prefix + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-query-rule + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:4.15 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: observatorium-thanos-query-rule + terminationGracePeriodSeconds: 120 + volumes: + - name: tls + secret: + secretName: query-rule-tls +parameters: +- name: LOG_LEVEL + value: warn +- name: REPLICAS + value: "1" +- name: CPU_REQUEST + value: 250m +- name: MEMORY_LIMIT + value: 8Gi +- name: MEMORY_REQUEST + value: 2Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-template.yaml new file mode 100755 index 0000000000..8f7e40163d --- /dev/null +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-query-template.yaml @@ -0,0 +1,335 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: observatorium-thanos-query +objects: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-prod-http + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query + namespace: rhobs + spec: + host: "" + port: + targetPort: https + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: observatorium-thanos-query + weight: null +- apiVersion: v1 + kind: Service + metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: query-adhoc-tls + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query + namespace: rhobs + spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: 10902 + - name: grpc + port: 10901 + protocol: TCP + targetPort: 10901 + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium +- apiVersion: v1 + imagePullSecrets: + - name: quay.io + kind: ServiceAccount + metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.application: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"observatorium-thanos-query"}}' + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query + namespace: rhobs +- apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + prometheus: app-sre + name: observatorium-thanos-query + namespace: openshift-customer-monitoring + spec: + endpoints: + - port: http + relabelings: + - action: replace + separator: / + sourceLabels: + - namespace + - pod + targetLabel: instance + namespaceSelector: + matchNames: + - rhobs + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium +- apiVersion: apps/v1 + kind: Deployment + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + name: observatorium-thanos-query + namespace: rhobs + spec: + replicas: ${{REPLICAS}} + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: observatorium + app.kubernetes.io/name: thanos-query + app.kubernetes.io/part-of: observatorium + app.kubernetes.io/version: v0.32.4 + namespace: rhobs + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - observatorium + - key: app.kubernetes.io/name + operator: In + values: + - thanos-query + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - query + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-receive-ingestor-telemeter.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-default.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-rhel.rhobs.svc.cluster.local + - --endpoint=dnssrv+_grpc._tcp.observatorium-thanos-store-telemeter.rhobs.svc.cluster.local + - --log.format=logfmt + - --log.level=${LOG_LEVEL} + - --query.auto-downsampling + - --query.lookback-delta=15m + - --query.max-concurrent=10 + - --query.promql-engine=prometheus + - --query.replica-label=replica + - --query.replica-label=prometheus_replica + - --query.replica-label=rule_replica + - --query.telemetry.request-duration-seconds-quantiles=0.10 + - --query.telemetry.request-duration-seconds-quantiles=0.25 + - --query.telemetry.request-duration-seconds-quantiles=0.75 + - --query.telemetry.request-duration-seconds-quantiles=1.25 + - --query.telemetry.request-duration-seconds-quantiles=1.75 + - --query.telemetry.request-duration-seconds-quantiles=2.50 + - --query.telemetry.request-duration-seconds-quantiles=3.00 + - --query.telemetry.request-duration-seconds-quantiles=5.00 + - --query.telemetry.request-duration-seconds-quantiles=10.00 + - --query.telemetry.request-duration-seconds-quantiles=15.00 + - --query.telemetry.request-duration-seconds-quantiles=30.00 + - --query.telemetry.request-duration-seconds-quantiles=60.00 + - --query.telemetry.request-duration-seconds-quantiles=120.00 + - --query.timeout=15m + - | + --tracing.config=type: JAEGER + config: + service_name: thanos-query + sampler_type: ratelimiting + sampler_param: 2 + - --web.prefix-header=X-Forwarded-Prefix + env: + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + image: quay.io/thanos/thanos:v0.32.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 8 + httpGet: + path: /-/healthy + port: 10902 + periodSeconds: 30 + timeoutSeconds: 1 + name: thanos + ports: + - containerPort: 10902 + name: http + protocol: TCP + - containerPort: 10901 + name: grpc + protocol: TCP + readinessProbe: + failureThreshold: 20 + httpGet: + path: /-/ready + port: 10902 + periodSeconds: 5 + resources: + limits: + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=dns:///otel-trace-writer-collector-headless.observatorium-tools.svc:14250 + - --reporter.type=grpc + - --agent.tags=pod.namespace=$(NAMESPACE),pod.name=$(POD) + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + image: quay.io/app-sre/jaegertracing-jaeger-agent:1.22.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 14271 + name: jaeger-agent + ports: + - containerPort: 5778 + name: configs + protocol: TCP + - containerPort: 6831 + name: jaeger-thrift + protocol: TCP + - containerPort: 14271 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14271 + initialDelaySeconds: 1 + resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 32m + memory: 64Mi + terminationMessagePolicy: FallbackToLogsOnError + - args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - -openshift-service-account=observatorium-thanos-query + - '-openshift-sar={"resource": "namespaces", "verb": "get", "name": "rhobs", + "namespace": "rhobs"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", + "name": "rhobs", "namespace": "rhobs"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret=${OAUTH_PROXY_COOKIE_SECRET} + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + image: quay.io/openshift/origin-oauth-proxy:4.15 + name: oauth-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: tls + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: observatorium-thanos-query + terminationGracePeriodSeconds: 120 + volumes: + - name: tls + secret: + secretName: query-adhoc-tls +parameters: +- name: LOG_LEVEL + value: warn +- name: REPLICAS + value: "1" +- name: CPU_REQUEST + value: 250m +- name: MEMORY_LIMIT + value: 8Gi +- name: MEMORY_REQUEST + value: 2Gi +- from: '[a-zA-Z0-9]{40}' + generate: expression + name: OAUTH_PROXY_COOKIE_SECRET diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-receive-router-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-receive-router-template.yaml index b6323aa20e..d68703f37f 100755 --- a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-receive-router-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-receive-router-template.yaml @@ -54,7 +54,7 @@ objects: - args: - --configmap-name=thanos-receive-hashring - --configmap-generated-name=thanos-receive-hashring-generated - - --file-name=hashring.json + - --file-name=hashrings.json - --namespace=rhobs env: - name: NAMESPACE @@ -68,10 +68,6 @@ objects: image: quay.io/observatorium/thanos-receive-controller:main-2023-09-22-f168dd7 imagePullPolicy: IfNotPresent name: observatorium-thanos-receive-controller - ports: - - containerPort: 8080 - name: http - protocol: TCP resources: limits: cpu: 24Mi @@ -239,7 +235,7 @@ objects: - --log.format=logfmt - --log.level=${LOG_LEVEL} - --receive.hashrings-algorithm=ketama - - --receive.hashrings-file=/etc/thanos/hashring/hashring.json + - --receive.hashrings-file=/etc/thanos/hashring/hashrings.json - --receive.hashrings-file-refresh-interval=5s - --receive.limits-config-file=/etc/thanos/receive-limits/limits.yaml - --remote-write.address=0.0.0.0:19291 diff --git a/resources/services/telemeter-prod-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml b/resources/services/telemeter-prod-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml index 8d9a6fa05a..1f6c9c156e 100755 --- a/resources/services/telemeter-prod-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/rhel/observatorium-metrics-compact-rhel-template.yaml @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-rhel terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-rhel updateStrategy: {} diff --git a/resources/services/telemeter-prod-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml b/resources/services/telemeter-prod-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml index 2238cf9f93..73f1957638 100755 --- a/resources/services/telemeter-prod-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/telemeter/observatorium-metrics-compact-telemeter-template.yaml @@ -247,14 +247,14 @@ objects: terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private - name: compact-tls + name: tls readOnly: true nodeSelector: kubernetes.io/os: linux serviceAccountName: observatorium-thanos-compact-telemeter terminationGracePeriodSeconds: 120 volumes: - - name: compact-tls + - name: tls secret: secretName: compact-tls-telemeter updateStrategy: {} diff --git a/services_go/instances/rhobs/rhobs.go b/services_go/instances/rhobs/rhobs.go index 50cd2746eb..26b0a5b1cb 100644 --- a/services_go/instances/rhobs/rhobs.go +++ b/services_go/instances/rhobs/rhobs.go @@ -76,7 +76,7 @@ func stageConfig() observatorium.Observatorium { Instance: "rhobs", MetricsInstances: observatorium.ObservatoriumMetrics{ Namespace: "rhobs", - ThanosImageTag: "v0.32.4", + ThanosImageTag: "v0.32.5", ReceiveControllerImageTag: "main-2023-09-22-f168dd7", ReceiveLimitsGlobal: receive.GlobalLimitsConfig{ MetaMonitoringURL: metaMonitoringURL, diff --git a/services_go/observatorium/metrics.go b/services_go/observatorium/metrics.go index c8ef9e2691..a734b59020 100644 --- a/services_go/observatorium/metrics.go +++ b/services_go/observatorium/metrics.go @@ -4,12 +4,14 @@ import ( _ "embed" "fmt" "maps" + "sort" "time" "github.com/bwplotka/mimic" "github.com/bwplotka/mimic/encoding" "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/memcached" "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/compactor" + "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/query" "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/receive" "github.com/observatorium/observatorium/configuration_go/abstr/kubernetes/thanos/store" "github.com/observatorium/observatorium/configuration_go/k8sutil" @@ -25,6 +27,7 @@ import ( routev1 "github.com/openshift/api/route/v1" templatev1 "github.com/openshift/api/template/v1" monv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + "github.com/prometheus/common/model" "gopkg.in/yaml.v3" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -55,10 +58,13 @@ type ObservatoriumMetrics struct { Namespace string ThanosImageTag string Instances []*ObservatoriumMetricsInstance - ReceiveRouterPreManifestsHook func(*receive.Router) ReceiveLimitsGlobal receive.GlobalLimitsConfig ReceiveLimitsDefault receive.DefaultLimitsConfig ReceiveControllerImageTag string + ReceiveRouterPreManifestsHook func(*receive.Router) + QueryRulePreManifestsHook func(*query.QueryDeployment) + QueryAdhocPreManifestsHook func(*query.QueryDeployment) + storesRegister []string } // ObservatoriumMetricsInstance contains the configuration for a metrics instance in an observatorium instance. @@ -83,7 +89,7 @@ type Tenants struct { } // Manifests generates the manifests for the metrics instance of observatorium. -func (o ObservatoriumMetrics) Manifests(generator *mimic.Generator) { +func (o *ObservatoriumMetrics) Manifests(generator *mimic.Generator) { makeFileName := func(name, instanceName string) string { return fmt.Sprintf("observatorium-metrics-%s-%s-template.yaml", name, instanceName) } @@ -99,11 +105,140 @@ func (o ObservatoriumMetrics) Manifests(generator *mimic.Generator) { } generator.Add("observatorium-metrics-receive-router-template.yaml", withStatusRemove(o.makeReceiveRouter())) + generator.Add("observatorium-metrics-query-rule-template.yaml", withStatusRemove(o.makeQueryConfig(true, o.QueryRulePreManifestsHook))) + generator.Add("observatorium-metrics-query-template.yaml", withStatusRemove(o.makeQueryConfig(false, o.QueryAdhocPreManifestsHook))) +} + +func (o *ObservatoriumMetrics) makeQueryConfig(isRuleQuery bool, preManifestHook func(*query.QueryDeployment)) encoding.Encoder { + queryDplt := query.NewQuery() + + // K8s config + if isRuleQuery { + queryDplt.Name = queryDplt.Name + "-rule" + queryDplt.CommonLabels[k8sutil.NameLabel] = queryDplt.CommonLabels[k8sutil.NameLabel] + "-rule" + // Regenerate the affinity to update the name selector + queryDplt.Affinity = k8sutil.NewAntiAffinity(nil, map[string]string{ + k8sutil.NameLabel: queryDplt.CommonLabels[k8sutil.NameLabel], + k8sutil.InstanceLabel: queryDplt.CommonLabels[k8sutil.InstanceLabel], + }) + } + queryDplt.Image = thanosImage + queryDplt.ImageTag = o.ThanosImageTag + queryDplt.Namespace = o.Namespace + queryDplt.Replicas = 1 + delete(queryDplt.PodResources.Limits, corev1.ResourceCPU) + queryDplt.PodResources.Requests[corev1.ResourceCPU] = resource.MustParse("250m") + queryDplt.PodResources.Requests[corev1.ResourceMemory] = resource.MustParse("2Gi") + queryDplt.PodResources.Limits[corev1.ResourceMemory] = resource.MustParse("8Gi") + var tlsSecret string + if isRuleQuery { + tlsSecret = "query-rule-tls" + } else { + tlsSecret = "query-adhoc-tls" + } + queryDplt.Sidecars = []k8sutil.ContainerProvider{ + makeJaegerAgent("observatorium-tools"), + makeOauthProxy(10902, o.Namespace, queryDplt.Name, tlsSecret), + } + + // Query config + queryDplt.Options.LogLevel = log.LogLevelWarn + queryDplt.Options.LogFormat = log.LogFormatLogfmt + queryDplt.Options.QueryReplicaLabel = []string{"replica", "prometheus_replica", "rule_replica"} + queryDplt.Options.Endpoint = append(queryDplt.Options.Endpoint, o.storesRegister...) + sort.Strings(queryDplt.Options.Endpoint) // sort to make the output deterministic and avoid noisy diffs + queryDplt.Options.QueryTimeout = model.Duration(15 * time.Minute) + queryDplt.Options.QueryLookbackDelta = model.Duration(15 * time.Minute) + queryDplt.Options.WebPrefixHeader = "X-Forwarded-Prefix" + queryDplt.Options.TracingConfig = &trclient.TracingConfig{ + Type: trclient.Jaeger, + Config: jaeger.Config{ + SamplerParam: 2, + SamplerType: jaeger.SamplerTypeRateLimiting, + ServiceName: queryDplt.CommonLabels[k8sutil.NameLabel], + }, + } + queryDplt.Options.QueryAutoDownsampling = true + queryDplt.Options.QueryPromQLEngine = "prometheus" + queryDplt.Options.QueryMaxConcurrent = 10 + if !isRuleQuery { + queryDplt.Options.QueryTelemetryRequestDurationSecondsQuantiles = []float64{0.1, 0.25, 0.75, 1.25, 1.75, 2.5, 3, 5, 10, 15, 30, 60, 120} + } + + // Execute preManifestsHook + if preManifestHook != nil { + preManifestHook(queryDplt) + } + + // Post process + manifests := queryDplt.Manifests() + postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), queryDplt.Namespace) + addQuayPullSecret(getObject[*corev1.ServiceAccount](manifests)) + service := getObject[*corev1.Service](manifests) + service.ObjectMeta.Annotations[servingCertSecretNameAnnotation] = tlsSecret + postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), queryDplt.Namespace) + // Add annotations for openshift oauth so that the route to access the query ui works + serviceAccount := getObject[*corev1.ServiceAccount](manifests) + if serviceAccount.Annotations == nil { + serviceAccount.Annotations = map[string]string{} + } + serviceAccount.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.application"] = fmt.Sprintf(`{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"%s"}}`, queryDplt.Name) + + // Add route for oauth-proxy + manifests["oauth-proxy-route"] = &routev1.Route{ + TypeMeta: metav1.TypeMeta{ + Kind: "Route", + APIVersion: routev1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: queryDplt.Name, + Namespace: o.Namespace, + Labels: maps.Clone(getObject[*appsv1.Deployment](manifests).ObjectMeta.Labels), + Annotations: map[string]string{ + "cert-manager.io/issuer-kind": "ClusterIssuer", + "cert-manager.io/issuer-name": "letsencrypt-prod-http", + }, + }, + Spec: routev1.RouteSpec{ + Port: &routev1.RoutePort{ + TargetPort: intstr.FromString("https"), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: queryDplt.Name, + }, + }, + } + + // Wrap in template, add parameters + defaultParams := defaultTemplateParams(defaultTemplateParamsConfig{ + LogLevel: string(queryDplt.Options.LogLevel), + Replicas: queryDplt.Replicas, + CPURequest: queryDplt.PodResources.Requests[corev1.ResourceCPU], + MemoryLimit: queryDplt.PodResources.Limits[corev1.ResourceMemory], + MemoryRequest: queryDplt.PodResources.Requests[corev1.ResourceMemory], + }) + template := openshift.WrapInTemplate("", manifests, metav1.ObjectMeta{ + Name: queryDplt.Name, + }, append(defaultParams, []templatev1.Parameter{ + { + Name: "OAUTH_PROXY_COOKIE_SECRET", + Generate: "expression", + From: "[a-zA-Z0-9]{40}", + }, + }...)) + + // Adding a special encoder wrapper to replace the templated values in the template with their corresponding template parameter. + return NewDefaultTemplateYAML(encoding.GhodssYAML(template[""]), queryDplt.Name) } // makeReceiveRouter creates a base receive router component that can be derived from using the preManifestsHook // for each tenant instance of the observatorium metrics. -func (o ObservatoriumMetrics) makeReceiveRouter() encoding.Encoder { +func (o *ObservatoriumMetrics) makeReceiveRouter() encoding.Encoder { router := receive.NewRouter() // K8s config @@ -219,7 +354,7 @@ func (o ObservatoriumMetrics) makeReceiveRouter() encoding.Encoder { controller.Options.ConfigMapName = baseHashringCm controller.Options.ConfigMapGeneratedName = generatedHashringCm controller.Options.Namespace = o.Namespace - controller.Options.FileName = "hashring.json" + controller.Options.FileName = "hashrings.json" controllerManifests := controller.Manifests() for k, v := range controllerManifests { @@ -243,7 +378,7 @@ func (o ObservatoriumMetrics) makeReceiveRouter() encoding.Encoder { } // makeReceiveIngestor creates a base receive ingestor component that can be derived from using the preManifestsHook -func (o ObservatoriumMetrics) makeTenantReceiveIngestor(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { +func (o *ObservatoriumMetrics) makeTenantReceiveIngestor(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { ingestor := receive.NewIngestor() ingestor.Name = fmt.Sprintf("%s-%s", ingestor.Name, instanceCfg.InstanceName) ingestor.CommonLabels[observatoriumInstanceLabel] = instanceCfg.InstanceName @@ -259,7 +394,6 @@ func (o ObservatoriumMetrics) makeTenantReceiveIngestor(instanceCfg *Observatori ingestor.PodResources.Limits[corev1.ResourceMemory] = resource.MustParse("24Gi") ingestor.Env = deleteObjStoreEnv(ingestor.Env) // delete the default objstore env vars ingestor.Env = append(ingestor.Env, objStoreEnvVars(instanceCfg.ObjStoreSecret)...) - ingestor.Env = append(ingestor.Env, k8sutil.NewEnvFromField("POD_NAME", "metadata.name")) ingestor.Sidecars = []k8sutil.ContainerProvider{makeJaegerAgent("observatorium-tools")} // Router config @@ -285,6 +419,9 @@ func (o ObservatoriumMetrics) makeTenantReceiveIngestor(instanceCfg *Observatori instanceCfg.ReceiveIngestorPreManifestsHook(ingestor) } + // Register the store for the query component + o.storesRegister = append(o.storesRegister, fmt.Sprintf("dnssrv+_grpc._tcp.%s.%s.svc.cluster.local", ingestor.Name, o.Namespace)) + // Post process manifests := ingestor.Manifests() postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), ingestor.Namespace) @@ -335,7 +472,7 @@ func (o ObservatoriumMetrics) makeTenantReceiveIngestor(instanceCfg *Observatori } // makeCompactor creates a base compactor component that can be derived from using the preManifestsHook. -func (o ObservatoriumMetrics) makeCompactor(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { +func (o *ObservatoriumMetrics) makeCompactor(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { // K8s config compactorSatefulset := compactor.NewCompactor() compactorSatefulset.Name = fmt.Sprintf("%s-%s", compactorSatefulset.Name, instanceCfg.InstanceName) @@ -461,7 +598,7 @@ func (o ObservatoriumMetrics) makeCompactor(instanceCfg *ObservatoriumMetricsIns } // makeStore creates a base store component that can be derived from using the preManifestsHook. -func (o ObservatoriumMetrics) makeStore(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { +func (o *ObservatoriumMetrics) makeStore(instanceCfg *ObservatoriumMetricsInstance) encoding.Encoder { // K8s config storeStatefulSet := store.NewStore() storeStatefulSet.Name = fmt.Sprintf("%s-%s", storeStatefulSet.Name, instanceCfg.InstanceName) @@ -577,6 +714,9 @@ func (o ObservatoriumMetrics) makeStore(instanceCfg *ObservatoriumMetricsInstanc instanceCfg.StorePreManifestsHook(storeStatefulSet) } + // Register the store for the query component + o.storesRegister = append(o.storesRegister, fmt.Sprintf("dnssrv+_grpc._tcp.%s.%s.svc.cluster.local", storeStatefulSet.Name, o.Namespace)) + // Post process manifests := storeStatefulSet.Manifests() postProcessServiceMonitor(getObject[*monv1.ServiceMonitor](manifests), storeStatefulSet.Namespace) @@ -704,7 +844,7 @@ func (o ObservatoriumMetrics) makeStore(instanceCfg *ObservatoriumMetricsInstanc return NewDefaultTemplateYAML(encoding.GhodssYAML(template[""]), storeStatefulSet.Name) } -func (o ObservatoriumMetrics) makeStoreCache(name, component, instanceName string, preManifestHook func(*memcached.MemcachedDeployment)) k8sutil.ObjectMap { +func (o *ObservatoriumMetrics) makeStoreCache(name, component, instanceName string, preManifestHook func(*memcached.MemcachedDeployment)) k8sutil.ObjectMap { // K8s config memcachedDeployment := memcached.NewMemcachedStatefulSet() memcachedDeployment.Name = name diff --git a/services_go/observatorium/sidecars.go b/services_go/observatorium/sidecars.go index 84836117f3..9b7de62513 100644 --- a/services_go/observatorium/sidecars.go +++ b/services_go/observatorium/sidecars.go @@ -45,13 +45,13 @@ func makeOauthProxy(upstreamPort int32, namespace, serviceAccount, tlsSecret str }, VolumeMounts: []corev1.VolumeMount{ { - Name: "compact-tls", + Name: "tls", MountPath: "/etc/tls/private", ReadOnly: true, }, }, Volumes: []corev1.Volume{ - k8sutil.NewPodVolumeFromSecret("compact-tls", tlsSecret), + k8sutil.NewPodVolumeFromSecret("tls", tlsSecret), }, } }