Created
February 23, 2020 22:45
-
-
Save jjo/9794210d2ac383c9b4aefe147e164155 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Deploy an additional thanos-store-gateway instance in to feed | |
# thanos-querier with TSDB from a different cluster S3 bucket | |
# (no direct connectivity between clusters) | |
# There `clusterfoo` is the "remote" cluster, running under | |
# a different AWS_ACCOUNT_NUM, using kiam to assume a role | |
# able to read the S3 bucket. | |
--- | |
apiVersion: apps/v1beta2 | |
kind: StatefulSet | |
metadata: | |
labels: | |
name: clusterfoo-thanos-store-gateway | |
name: clusterfoo-thanos-store-gateway | |
namespace: thanos | |
spec: | |
# Total time "coverage" will be: DAYS_OFFSET + (replicas * DAYS_PER_POD) | |
replicas: 5 | |
selector: | |
matchLabels: | |
name: clusterfoo-thanos-store-gateway | |
thanos-store-api: "true" | |
serviceName: clusterfoo-thanos-store-gateway | |
template: | |
metadata: | |
annotations: | |
# Using kiam for AWS authn, here assuming a role at a different AWS account | |
iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_NUM>:role/k8s-prometheus-role | |
prometheus.io/scrape: "true" | |
labels: | |
name: clusterfoo-thanos-store-gateway | |
thanos-store-api: "true" | |
spec: | |
containers: | |
- args: | |
- --block-sync-concurrency=2 | |
- --chunk-pool-size=250MB | |
- --data-dir=/data | |
- --index-cache-size=512MB | |
- --log.level=debug | |
- --objstore.config-file=/config/thanos.yaml | |
command: | |
- /init/thanos-store.sh | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
image: quay.io/thanos/thanos:v0.10.1 | |
imagePullPolicy: IfNotPresent | |
name: thanos-store-gateway | |
ports: | |
- containerPort: 10901 | |
name: grpc-nometrics | |
- containerPort: 10902 | |
name: http | |
resources: | |
limits: | |
cpu: "2" | |
memory: 6Gi | |
requests: | |
cpu: 0.5 | |
memory: 3Gi | |
stdin: false | |
tty: false | |
volumeMounts: | |
- mountPath: /data | |
name: data | |
- mountPath: /init | |
name: init | |
- mountPath: /config | |
name: s3-config | |
imagePullSecrets: [] | |
initContainers: | |
- args: [] | |
command: | |
- bash | |
- -c | |
- | | |
get_times() { | |
# Use number after '-' as factor, e.g. 'foo-bar-0' -> '0' | |
typeset -i factor=${1/*-/} | |
echo --min-time=-$((DAYS_OFFSET+DAYS_PER_POD*(factor+1)))d --max-time=-$((DAYS_OFFSET+DAYS_PER_POD*(factor)))d | |
} | |
# Blow if any below envvar is unset | |
: ${MY_POD_NAME:?} ${DAYS_PER_POD:?} ${DAYS_OFFSET:?} | |
printf "#!/bin/sh\nexec thanos store $(get_times ${MY_POD_NAME}) \${@} \n" | install -m755 /dev/stdin /init/thanos-store.sh | |
echo "INFO replica=${MY_POD_NAME} /init/thanos-store.sh:" | |
cat /init/thanos-store.sh | |
env: | |
- name: DAYS_OFFSET | |
value: "0" | |
- name: DAYS_PER_POD | |
value: "14" | |
- name: MY_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
image: bitnami/minideb:buster | |
imagePullPolicy: IfNotPresent | |
name: thanos-init | |
ports: [] | |
resources: | |
limits: | |
cpu: "0.1" | |
memory: 200Mi | |
requests: | |
cpu: "0.1" | |
memory: 200Mi | |
stdin: false | |
tty: false | |
volumeMounts: | |
- mountPath: /init | |
name: init | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- emptyDir: {} | |
name: data | |
- emptyDir: {} | |
name: init | |
- configMap: | |
name: clusterfoo-thanos-s3-config | |
name: s3-config | |
updateStrategy: | |
type: RollingUpdate | |
volumeClaimTemplates: [] | |
--- | |
apiVersion: v1 | |
data: | |
thanos.yaml: | | |
type: S3 | |
config: | |
bucket: thanos.clusterfoo.example.com | |
endpoint: s3.amazonaws.com | |
kind: ConfigMap | |
metadata: | |
labels: | |
name: clusterfoo-thanos-s3-config | |
name: clusterfoo-thanos-s3-config | |
namespace: thanos |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment