monitoring fixes

infrastructure/monitoring/loki.values.yaml

@@ -5,13 +5,14 @@ loki:
     configs:
       - from: "2024-04-01"
         store: tsdb
-        object_store: s3
+        object_store: filesystem
         schema: v13
         index:
           prefix: loki_index_
           period: 24h
+  auth_enabled: false
   pattern_ingester:
-      enabled: true
+    enabled: true
   limits_config:
     allow_structured_metadata: true
     volume_enabled: true
@@ -19,6 +20,12 @@ loki:
   ruler:
     enable_api: true
   storage:
+    bucketNames:
+      # don't care since we use the filesystem
+      chunks: NOTUSED
+      ruler: NOTUSED
+      admin: NOTUSED
+
     type: filesystem
     filesystem:
       chunks_directory: /var/loki/chunks
@@ -46,6 +53,12 @@ singleBinary:
     # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
     storageClass: nfs-client
 
+
+# -- Section for configuring optional Helm test
+helm:
+  enabled: false
+
+
 # Zero out replica counts of other deployment modes
 backend:
   replicas: 0

infrastructure/monitoring/namespace.yaml

@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: placeholder
+  labels:
+    pod-security.kubernetes.io/enforce: privileged 

infrastructure/monitoring/prometheus.values.yaml

@@ -6,7 +6,7 @@ server:
     log.level: debug
     storage.tsdb.min-block-duration: 2h # Don't change this, see docs/components/sidecar.md
     storage.tsdb.max-block-duration: 2h # Don't change this, see docs/components/sidecar.md
-  retention: 4h
+  retention: 180d
   service:
     annotations:
       prometheus.io/scrape: "true"
@@ -16,68 +16,69 @@ server:
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "10902"
-  sidecarContainers:
-    thanos-sidecar:
-      image: thanos
-      resources:
-        requests:
-          memory: "512Mi"
-      env:
-        - name: GOOGLE_APPLICATION_CREDENTIALS
-          value: /etc/secret/sa
-      args:
-        - "sidecar"
-        - "--log.level=debug"
-        - "--tsdb.path=/data/"
-        - "--prometheus.url=http://127.0.0.1:9090"
-        - "--objstore.config={type: GCS, config: {bucket: BUCKET_REPLACE_ME}}"
-        - "--reloader.config-file=/etc/prometheus-config/prometheus.yml"
-        - "--reloader.config-envsubst-file=/etc/prometheus-shared/prometheus.yml"
-        - "--reloader.rule-dir=/etc/prometheus-config/rules"
-      ports:
-        - name: sidecar-http
-          containerPort: 10902
-        - name: grpc
-          containerPort: 10901
-        - name: cluster
-          containerPort: 10900
-      volumeMounts:
-        - name: storage-volume
-          mountPath: /data
-        - name: thanos-storage-secret
-          mountPath: /etc/secret
-        - name: config-volume
-          mountPath: /etc/prometheus-config
-          readOnly: false
-        - name: prometheus-config-shared
-          mountPath: /etc/prometheus-shared/
-          readOnly: false
-  configPath: /etc/prometheus-shared/prometheus.yml
-  replicaCount: 1
-  persistentVolume:
-    size: 20Gi
-  extraVolumes: # spec.template.spec.volumes
-    - name: prometheus-config-shared
-      emptyDir: {}
-  extraVolumeMounts: # spec.template.spec.containers.volumeMounts for prometheus container
-    - name: prometheus-config-shared
-      mountPath: /etc/prometheus-shared/
-  resources:
-    requests:
-      memory: 1Gi
-  global:
-    scrape_interval: 5s
-    scrape_timeout: 4s
-    external_labels:
-      prometheus_group: KLUSTER
-      prometheus_replica: '$(HOSTNAME)'
-    evaluation_interval: 5s
-  extraSecretMounts:
-    - name: thanos-objstore-config
-      mountPath: /etc/secret/
-      subPath: sa
-      readOnly: false
-      secretName: thanos-storage-secret
+  # sidecarContainers:
+  #   thanos-sidecar:
+  #     image: thanos
+  #     resources:
+  #       requests:
+  #         memory: "512Mi"
+  #     env:
+  #       - name: GOOGLE_APPLICATION_CREDENTIALS
+  #         value: /etc/secret/sa
+  #     args:
+  #       - "sidecar"
+  #       - "--log.level=debug"
+  #       - "--tsdb.path=/data/"
+  #       - "--prometheus.url=http://127.0.0.1:9090"
+  #       - "--objstore.config={type: GCS, config: {bucket: BUCKET_REPLACE_ME}}"
+  #       - "--reloader.config-file=/etc/prometheus-config/prometheus.yml"
+  #       - "--reloader.config-envsubst-file=/etc/prometheus-shared/prometheus.yml"
+  #       - "--reloader.rule-dir=/etc/prometheus-config/rules"
+  #     ports:
+  #       - name: sidecar-http
+  #         containerPort: 10902
+  #       - name: grpc
+  #         containerPort: 10901
+  #       - name: cluster
+  #         containerPort: 10900
+  #     volumeMounts:
+  #       - name: storage-volume
+  #         mountPath: /data
+  #       - name: thanos-storage-secret
+  #         mountPath: /etc/secret
+  #       - name: config-volume
+  #         mountPath: /etc/prometheus-config
+  #         readOnly: false
+  #       - name: prometheus-config-shared
+  #         mountPath: /etc/prometheus-shared/
+  #         readOnly: false
+  # # configPath: /etc/prometheus-shared/prometheus.yml
+  # replicaCount: 1
+  # persistentVolume:
+  #   size: 20Gi
+  #   storageClass: nfs-client
+  # extraVolumes: # spec.template.spec.volumes
+  #   - name: prometheus-config-shared
+  #     emptyDir: {}
+  # extraVolumeMounts: # spec.template.spec.containers.volumeMounts for prometheus container
+  #   - name: prometheus-config-shared
+  #     mountPath: /etc/prometheus-shared/
+  # resources:
+  #   requests:
+  #     memory: 1Gi
+  # global:
+  #   scrape_interval: 5s
+  #   scrape_timeout: 4s
+  #   external_labels:
+  #     prometheus_group: KLUSTER
+  #     prometheus_replica: '$(HOSTNAME)'
+  #   evaluation_interval: 5s
+  # extraSecretMounts:
+  #   - name: thanos-storage-secret
+  #     mountPath: /etc/secret/
+  #     subPath: sa
+  #     readOnly: false
+  #     secretName: thanos-objstore-config
 
 # as thanos sidecar is taking care of the config reload
 # we can disable the prometheus configmap reload