chore: helm thanos support (#16110)

Co-authored-by: Ashwanth Goli <iamashwanth@gmail.com>
11 months ago · 5ea628ca29
parent b1c1c5ab0b
commit 5ea628ca29
5 changed files with 231 additions and 4 deletions
--- a/.github/workflows/helm-diff-ci.yml
+++ b/.github/workflows/helm-diff-ci.yml
@ -271,6 +271,53 @@ jobs:
          path: formatted_diff_output.md
          retention-days: 2

+  simple-thanos-values-diff:
+    name: Simple Thanos Values Scenario
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+
+      - name: Add required Helm repositories
+        run: |
+          helm repo add minio https://charts.min.io/
+          helm repo add grafana https://grafana.github.io/helm-charts
+          helm repo add grafana-operator https://grafana.github.io/helm-charts
+          helm repo update
+
+      - name: Build helm dependencies
+        run: |
+          helm dependency build production/helm/loki
+
+      - name: Generate latest manifests
+        run: |
+          helm template loki-release grafana/loki -f production/helm/loki/scenarios/simple-thanos-values.yaml > release-manifest.yaml
+
+      - name: Generate current manifest
+        run: |
+          helm template loki-release production/helm/loki -f production/helm/loki/scenarios/simple-thanos-values.yaml > current-manifest.yaml
+
+      - name: Compare manifests
+        run: |
+          diff current-manifest.yaml release-manifest.yaml > helm_diff_output.txt || true
+
+      - name: Convert Helm Diff Output to Markdown
+        id: convert_diff
+        run: |
+          cat helm_diff_output.txt >> formatted_diff_output.md
+
+      - name: Upload diff output as artifact
+        uses: actions/upload-artifact@v4
+        id: upload_diff
+        with:
+          name: simple-thanos-diff-output
+          path: formatted_diff_output.md
+          retention-days: 2
+
  summary-diff-outputs:
    name: Summary Diffs
    runs-on: ubuntu-latest
@ -281,6 +328,7 @@ jobs:
      - ingress-values-diff
      - legacy-monitoring-values-diff
      - simple-scalable-aws-kube-irsa-values-diff
+      - simple-thanos-values-diff

    steps:
      - name: Checkout code
@ -313,6 +361,12 @@ jobs:
          name: simple-scalable-aws-kube-irsa-diff-output
          path: simple-scalable-aws-kube-irsa-values-diff

+      - uses: actions/download-artifact@v4
+        with:
+          name: simple-thanos-diff-output
+          path: simple-thanos-values-diff
+
+      # TODO: Make step more generic and dynamic add the scenarios as needed
      - name: Combine diff outputs
        run: |
          echo "## Helm Diff Output - Summary" > formatted_diff_output.md
@ -367,6 +421,16 @@ jobs:
          echo "</details>" >> formatted_diff_output.md
          echo "" >> formatted_diff_output.md

+          echo "<details>" >> formatted_diff_output.md
+          echo "" >> formatted_diff_output.md
+          echo "<summary>Simple Thanos Scenario</summary>" >> formatted_diff_output.md
+          echo "" >> formatted_diff_output.md
+          echo '```diff' >> formatted_diff_output.md
+          cat simple-thanos-values-diff/formatted_diff_output.md >> formatted_diff_output.md
+          echo '```' >> formatted_diff_output.md
+          echo "</details>" >> formatted_diff_output.md
+          echo "" >> formatted_diff_output.md
+
      - name: Post diff as PR comment
        uses: marocchino/sticky-pull-request-comment@v2
        with:
--- a/docs/sources/setup/install/helm/reference.md
+++ b/docs/sources/setup/install/helm/reference.md
@ -6311,7 +6311,7 @@ null
 		<tr>
 			<td>loki.storage</td>
 			<td>object</td>
-			<td>Storage config. Providing this will automatically populate all necessary storage configs in the templated config.</td>
+			<td>In case of using thanos storage, enable use_thanos_objstore and the configuration should be done inside the object_store section.</td>
 			<td><pre lang="json">
 {
  "azure": {
@ -6335,6 +6335,27 @@ null
    "enableHttp2": true,
    "requestTimeout": "0s"
  },
+  "object_store": {
+    "azure": {
+      "account_key": null,
+      "account_name": null
+    },
+    "gcs": {
+      "bucket_name": null,
+      "service_account": null
+    },
+    "prefix": null,
+    "s3": {
+      "access_key_id": null,
+      "endpoint": null,
+      "http": {},
+      "insecure": false,
+      "region": null,
+      "secret_access_key": null,
+      "sse": {}
+    },
+    "type": "s3"
+  },
  "s3": {
    "accessKeyId": null,
    "backoff_config": {},
@ -6369,7 +6390,8 @@ null
    "user_id": null,
    "username": null
  },
-  "type": "s3"
+  "type": "s3",
+  "use_thanos_objstore": false
 }
 </pre>
 </td>
--- a/production/helm/loki/scenarios/simple-thanos-values.yaml
+++ b/production/helm/loki/scenarios/simple-thanos-values.yaml
@ -0,0 +1,53 @@
+---
+loki:
+  commonConfig:
+    replication_factor: 1
+  useTestSchema: true
+
+  storage:
+    type: s3
+
+    use_thanos_objstore: true
+
+    object_store:
+      type: s3
+
+      s3:
+        access_key_id: thanos-minio
+        secret_access_key: thanos-minio123
+        region: us-east-1
+        insecure: true
+        endpoint: http://minio.minio.svc.cluster.local:9000
+        http:
+          tls_config:
+            insecure_skip_verify: true
+
+       # GCS configuration (when type is "GCS")
+      gcs:
+        bucket_name: test-gcs  # Name of the bucket
+        service_account: service-account-test.json  # Optional service account JSON
+
+      # Azure configuration (when type is "AZURE")
+      azure:
+        account_name: azure-test  # Storage account name
+        account_key: 1234567890  # Optional storage account key
+
+    bucketNames:
+      chunks: chunks_thanos
+      ruler: ruler_thanos
+      admin: admin_thanos
+
+enterprise:
+  enabled: true
+  adminApi:
+    enabled: true
+
+minio:
+  enabled: true
+
+read:
+  replicas: 1
+write:
+  replicas: 1
+backend:
+  replicas: 1
--- a/production/helm/loki/templates/_helpers.tpl
+++ b/production/helm/loki/templates/_helpers.tpl
@ -204,6 +204,10 @@ Docker image name for kubectl container
 Generated storage config for loki common config
 */}}
 {{- define "loki.commonStorageConfig" -}}
+{{- if .Values.loki.storage.use_thanos_objstore -}}
+object_store:
+  {{- include "loki.thanosStorageConfig" (dict "ctx" . "bucketName" .Values.loki.storage.bucketNames.chunks) | nindent 2 }}
+{{- else }}
 {{- if .Values.minio.enabled -}}
 s3:
  endpoint: {{ include "loki.minio" $ }}
@ -308,6 +312,7 @@ filesystem:
 {{- end -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}

 {{/*
 Storage config for ruler
@ -424,10 +429,21 @@ ruler:
 {{- end }}
 {{- end }}

+{{/* Ruler Thanos Storage Config */}}
+{{- define "loki.rulerThanosStorageConfig" -}}
+{{- if and .Values.loki.storage.use_thanos_objstore .Values.ruler.enabled}}
+  backend: {{ .Values.loki.storage.object_store.type }}
+  {{- include "loki.thanosStorageConfig" (dict "ctx" . "bucketName" .Values.loki.storage.bucketNames.ruler) | nindent 2 }}
+{{- end }}
+{{- end }}
+
 {{/* Enterprise Logs Admin API storage config */}}
 {{- define "enterprise-logs.adminAPIStorageConfig" }}
 storage:
-  {{- if .Values.minio.enabled }}
+  {{- if .Values.loki.storage.use_thanos_objstore }}
+  backend: {{ .Values.loki.storage.object_store.type }}
+    {{- include "loki.thanosStorageConfig" (dict "ctx" . "bucketName" .Values.loki.storage.bucketNames.admin) | nindent 2 }}
+  {{- else if .Values.minio.enabled }}
  backend: "s3"
  s3:
    bucket_name: admin
@ -593,7 +609,6 @@ Generate list of ingress service paths based on deployment type
 {{- end -}}
 {{- end -}}

-
 {{/*
 Ingress service paths for distributed deployment
 */}}
@ -1130,3 +1145,40 @@ This function needs to be called with a context object containing the following
 {{- define "loki.configMapOrSecretContentHash" -}}
 {{ get (include (print .ctx.Template.BasePath .name) .ctx | fromYaml) "data" | toYaml | sha256sum }}
 {{- end }}
+
+{{/* Thanos object storage configuration helper to build
+the thanos_storage_config model*/}}
+{{- define "loki.thanosStorageConfig" -}}
+{{- $bucketName := .bucketName }}
+{{- with .ctx.Values.loki.storage.object_store }}
+{{- if eq .type "s3" }}
+s3:
+  {{- with .s3 }}
+  bucket_name: {{ $bucketName }}
+  endpoint: {{ .endpoint }}
+  access_key_id: {{ .access_key_id }}
+  secret_access_key: {{ .secret_access_key }}
+  region: {{ .region }}
+  insecure: {{ .insecure }}
+  http:
+    {{ toYaml .http | nindent 4 }}
+  sse:
+    {{ toYaml .sse | nindent 4 }}
+  {{- end }}
+{{- else if eq .type "gcs" }}
+gcs:
+  {{- with .gcs }}
+  bucket_name: {{ $bucketName }}
+  service_account: {{ .service_account }}
+  {{- end }}
+{{- else if eq .type "azure" }}
+azure:
+  {{- with .azure }}
+  container_name: {{ $bucketName }}
+  account_name: {{ .account_name }}
+  account_key: {{ .account_key }}
+  {{- end }}
+{{- end }}
+prefix: {{ .prefix }}
+{{- end }}
+{{- end }}
--- a/production/helm/loki/values.yaml
+++ b/production/helm/loki/values.yaml
@ -209,6 +209,11 @@ loki:
    {{ include "loki.rulerConfig" . }}
    {{- end }}

+    {{- if and .Values.loki.storage.use_thanos_objstore .Values.ruler.enabled}}
+    ruler_storage:
+      {{- include "loki.rulerThanosStorageConfig" . | nindent 2 }}
+    {{- end }}
+
    {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }}
    table_manager:
      retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }}
@ -325,6 +330,7 @@ loki:
    replication_factor: 3
    compactor_address: '{{ include "loki.compactorAddress" . }}'
  # -- Storage config. Providing this will automatically populate all necessary storage configs in the templated config.
+  # -- In case of using thanos storage, enable use_thanos_objstore and the configuration should be done inside the object_store section.
  storage:
    # Loki requires a bucket for chunks and the ruler. GEL requires a third bucket for the admin API.
    # Please provide these values if you are using object storage.
@ -384,6 +390,36 @@ loki:
      chunks_directory: /var/loki/chunks
      rules_directory: /var/loki/rules
      admin_api_directory: /var/loki/admin
+
+    # Loki now supports using thanos storage clients for connecting to object storage backend.
+    # This will become the default way to configure storage in a future releases.
+    use_thanos_objstore: false
+
+    object_store:
+      # Type of object store. Valid options are: s3, gcs, azure
+      type: s3
+      prefix: null  # Optional prefix for storage keys
+
+      # S3 configuration (when type is "s3")
+      s3:
+        endpoint: null     # S3 endpoint URL
+        region: null       # Optional region
+        access_key_id: null      # Optional access key
+        secret_access_key: null  # Optional secret key
+        insecure: false       # Optional. Enable if using self-signed TLS
+        sse: {}         # Optional server-side encryption configuration
+        http: {}       # Optional HTTP client configuration
+
+      # GCS configuration (when type is "gcs")
+      gcs:
+        bucket_name: null  # Name of the bucket
+        service_account: null  # Optional service account JSON
+
+      # Azure configuration (when type is "azure")
+      azure:
+        account_name: null  # Storage account name
+        account_key: null  # Optional storage account key
+
  # -- Configure memcached as an external cache for chunk and results cache. Disabled by default
  # must enable and specify a host for each cache you would like to use.
  memcached: