FEAT(loki): configure storage and HA

- Rename extraVolume to avoid duplicate name
- Add emptyDir for /var/loki cache
- Migrate to shared storage with MinIO
- Configure HA with 2 replicas
- Revert to single replica for Single Binary mode

goldilocks/helm-values.yaml

@@ -47,6 +47,7 @@ dashboard:
 # Controller configuration
 controller:
   enabled: true
+  replicaCount: 2
 
   resources:
     requests:

grafana/helm-values.yaml

@@ -11,9 +11,21 @@ admin:
   passwordKey: admin-password
 
 persistence:
-  enabled: true
+  enabled: false
-  size: 2Gi
+
-  storageClassName: local-path
+# PostgreSQL database - use existing bluemayne superuser
+env:
+  GF_DATABASE_TYPE: postgres
+  GF_DATABASE_HOST: postgresql-rw.postgresql.svc.cluster.local:5432
+  GF_DATABASE_NAME: grafana
+  GF_DATABASE_USER: bluemayne
+  GF_DATABASE_SSL_MODE: disable
+
+envValueFrom:
+  GF_DATABASE_PASSWORD:
+    secretKeyRef:
+      name: grafana-db-password
+      key: password
 
 initChownData:
   enabled: false

grafana/manifests/secret.yaml

@@ -20,3 +20,22 @@ spec:
       remoteRef:
         key: grafana
         property: ADMIN_PASSWORD
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: grafana-db-password
+  namespace: grafana
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: grafana-db-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: postgresql
+        property: PASSWORD

loki/argocd.yaml

@@ -27,3 +27,4 @@ spec:
     managedNamespaceMetadata:
       labels:
         goldilocks.fairwinds.com/enabled: 'true'
+        minio-s3: enabled

loki/helm-values.yaml

@@ -1,22 +1,35 @@
 # Loki Helm Values
 # Chart: https://grafana.github.io/helm-charts
-# Simple single binary deployment
+# Single binary deployment with S3 (MinIO) storage
 
 loki:
-  # Use filesystem storage (simple setup)
+  # Use S3 storage (MinIO)
   storage:
-    type: filesystem
+    type: s3
-  
+    s3:
+      endpoint: http://minio.minio.svc.cluster.local:9000
+      region: us-east-1
+      bucketNames:
+        chunks: loki
+        ruler: loki
+        admin: loki
+      s3ForcePathStyle: true
+      insecure: true
+    bucketNames:
+      chunks: loki
+      ruler: loki
+      admin: loki
+
   # Single binary mode for simplicity
   commonConfig:
     replication_factor: 1
-  
+
   # Schema config
   schemaConfig:
     configs:
       - from: "2024-01-01"
         store: tsdb
-        object_store: filesystem
+        object_store: s3
         schema: v13
         index:
           prefix: index_
@@ -37,18 +50,23 @@ deploymentMode: SingleBinary
 
 singleBinary:
   replicas: 1
-  # Note: Single Binary mode cannot run more than 1 replica without object storage backend
   persistence:
-    enabled: true
+    enabled: false
-    size: 5Gi  # Reduced from 10Gi to save storage
+  extraEnvFrom:
-    storageClass: local-path
+    - secretRef:
+        name: minio-s3-credentials
+  extraVolumes:
+    - name: tmp
+      emptyDir: {}
+  extraVolumeMounts:
+    - name: tmp
+      mountPath: /var/loki
   resources:
     requests:
       cpu: 23m
       memory: 462Mi
     limits:
       memory: 462Mi
-  # Note: Affinity not needed for single replica
 
 # Disable components not needed in single binary mode
 backend: