From 9b052b49cfbc4484c7f0c40a067798fdc7614cf7 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Thu, 8 Jan 2026 20:47:49 +0900
Subject: [PATCH] FEAT(thanos): add Thanos for Prometheus HA

- Add Thanos Query, Store Gateway, Compactor
- Enable Prometheus Sidecar with S3 (MinIO) storage
- Configure OCI registry for Bitnami chart
- Fix Vault secret path and image settings
- Add nodeSelector for master node
---
 prometheus/manifests/secret.yaml |  8 ++++----
 thanos/argocd.yaml               |  2 +-
 thanos/helm-values.yaml          | 11 ++++++++---
 thanos/manifests/secret.yaml     |  8 ++++----
 4 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/prometheus/manifests/secret.yaml b/prometheus/manifests/secret.yaml
index 4325345..4dfc781 100644
--- a/prometheus/manifests/secret.yaml
+++ b/prometheus/manifests/secret.yaml
@@ -43,9 +43,9 @@ spec:
   data:
     - secretKey: access_key
       remoteRef:
-        key: secret/minio
-        property: root-user
+        key: minio
+        property: ROOT_USER
     - secretKey: secret_key
       remoteRef:
-        key: secret/minio
-        property: root-password
+        key: minio
+        property: ROOT_PASSWORD
diff --git a/thanos/argocd.yaml b/thanos/argocd.yaml
index b888132..e593784 100644
--- a/thanos/argocd.yaml
+++ b/thanos/argocd.yaml
@@ -8,7 +8,7 @@ metadata:
 spec:
   project: default
   sources:
-  - repoURL: https://charts.bitnami.com/bitnami
+  - repoURL: registry-1.docker.io/bitnamicharts
     chart: thanos
     targetRevision: 17.3.1
     helm:
diff --git a/thanos/helm-values.yaml b/thanos/helm-values.yaml
index baf3ac8..3e96530 100644
--- a/thanos/helm-values.yaml
+++ b/thanos/helm-values.yaml
@@ -7,6 +7,12 @@
 # - Store Gateway: reads historical data from MinIO
 # - Compactor: compacts and downsamples data in MinIO
 
+# Use quay.io image to avoid Docker Hub rate limits
+image:
+  registry: quay.io
+  repository: thanos/thanos
+  tag: v0.37.2
+
 # Object storage configuration (MinIO S3)
 # Uses secret created by ExternalSecret
 existingObjstoreSecret: thanos-objstore-secret
@@ -24,9 +30,8 @@ query:
     sidecarsService: prometheus-kube-prometheus-thanos-discovery
     sidecarsNamespace: prometheus
 
-  # Store endpoints for historical data
-  stores:
-    - dnssrv+_grpc._tcp.thanos-storegateway.thanos.svc.cluster.local
+  # Store endpoints - chart automatically adds storegateway
+  # No need to specify manually
 
   # Deduplication settings
   extraFlags:
diff --git a/thanos/manifests/secret.yaml b/thanos/manifests/secret.yaml
index 89a9ba5..ab418bd 100644
--- a/thanos/manifests/secret.yaml
+++ b/thanos/manifests/secret.yaml
@@ -24,9 +24,9 @@ spec:
   data:
     - secretKey: access_key
       remoteRef:
-        key: secret/minio
-        property: root-user
+        key: minio
+        property: ROOT_USER
     - secretKey: secret_key
       remoteRef:
-        key: secret/minio
-        property: root-password
+        key: minio
+        property: ROOT_PASSWORD