From 2b7ee1fe51e3f502bf58d42e7f5ab1ea0a808739 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Thu, 8 Jan 2026 13:37:22 +0900 Subject: [PATCH] FEAT(loki): configure storage and HA - Rename extraVolume to avoid duplicate name - Add emptyDir for /var/loki cache - Migrate to shared storage with MinIO - Configure HA with 2 replicas - Revert to single replica for Single Binary mode --- goldilocks/helm-values.yaml | 1 + grafana/helm-values.yaml | 18 +++++++++++++--- grafana/manifests/secret.yaml | 19 +++++++++++++++++ loki/argocd.yaml | 1 + loki/helm-values.yaml | 40 +++++++++++++++++++++++++---------- 5 files changed, 65 insertions(+), 14 deletions(-) diff --git a/goldilocks/helm-values.yaml b/goldilocks/helm-values.yaml index f40ef3b..1e37d34 100644 --- a/goldilocks/helm-values.yaml +++ b/goldilocks/helm-values.yaml @@ -47,6 +47,7 @@ dashboard: # Controller configuration controller: enabled: true + replicaCount: 2 resources: requests: diff --git a/grafana/helm-values.yaml b/grafana/helm-values.yaml index b7130be..557c4e4 100644 --- a/grafana/helm-values.yaml +++ b/grafana/helm-values.yaml @@ -11,9 +11,21 @@ admin: passwordKey: admin-password persistence: - enabled: true - size: 2Gi - storageClassName: local-path + enabled: false + +# PostgreSQL database - use existing bluemayne superuser +env: + GF_DATABASE_TYPE: postgres + GF_DATABASE_HOST: postgresql-rw.postgresql.svc.cluster.local:5432 + GF_DATABASE_NAME: grafana + GF_DATABASE_USER: bluemayne + GF_DATABASE_SSL_MODE: disable + +envValueFrom: + GF_DATABASE_PASSWORD: + secretKeyRef: + name: grafana-db-password + key: password initChownData: enabled: false diff --git a/grafana/manifests/secret.yaml b/grafana/manifests/secret.yaml index db69951..1b3e071 100644 --- a/grafana/manifests/secret.yaml +++ b/grafana/manifests/secret.yaml @@ -20,3 +20,22 @@ spec: remoteRef: key: grafana property: ADMIN_PASSWORD +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: grafana-db-password + namespace: grafana +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: grafana-db-password + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: postgresql + property: PASSWORD diff --git a/loki/argocd.yaml b/loki/argocd.yaml index 2fa5e77..0f0028e 100644 --- a/loki/argocd.yaml +++ b/loki/argocd.yaml @@ -27,3 +27,4 @@ spec: managedNamespaceMetadata: labels: goldilocks.fairwinds.com/enabled: 'true' + minio-s3: enabled diff --git a/loki/helm-values.yaml b/loki/helm-values.yaml index 0695433..40e5b2f 100644 --- a/loki/helm-values.yaml +++ b/loki/helm-values.yaml @@ -1,22 +1,35 @@ # Loki Helm Values # Chart: https://grafana.github.io/helm-charts -# Simple single binary deployment +# Single binary deployment with S3 (MinIO) storage loki: - # Use filesystem storage (simple setup) + # Use S3 storage (MinIO) storage: - type: filesystem - + type: s3 + s3: + endpoint: http://minio.minio.svc.cluster.local:9000 + region: us-east-1 + bucketNames: + chunks: loki + ruler: loki + admin: loki + s3ForcePathStyle: true + insecure: true + bucketNames: + chunks: loki + ruler: loki + admin: loki + # Single binary mode for simplicity commonConfig: replication_factor: 1 - + # Schema config schemaConfig: configs: - from: "2024-01-01" store: tsdb - object_store: filesystem + object_store: s3 schema: v13 index: prefix: index_ @@ -37,18 +50,23 @@ deploymentMode: SingleBinary singleBinary: replicas: 1 - # Note: Single Binary mode cannot run more than 1 replica without object storage backend persistence: - enabled: true - size: 5Gi # Reduced from 10Gi to save storage - storageClass: local-path + enabled: false + extraEnvFrom: + - secretRef: + name: minio-s3-credentials + extraVolumes: + - name: tmp + emptyDir: {} + extraVolumeMounts: + - name: tmp + mountPath: /var/loki resources: requests: cpu: 23m memory: 462Mi limits: memory: 462Mi - # Note: Affinity not needed for single replica # Disable components not needed in single binary mode backend: