Skip to content

archive-staging-rke2: fix prometheus ingress configuration

Vincent Sellier requested to merge mr/4797 into master

For info, it's already applied in the cluster

  • The vhost was not matching what is declared in the thanos configuration
  • Use the let's encrypt production issuer (a valid certificate is needed by thanos)

Related to sysadm-environment#4797 (closed)

/cc @teams/sysadmin

Terraform will perform the following actions:

  # rancher2_app_v2.archive-staging-rke2-rancher-monitoring will be updated in-place
  ~ resource "rancher2_app_v2" "archive-staging-rke2-rancher-monitoring" {
        id                          = "c-m-9n5h9nrf.cattle-monitoring-system/rancher-monitoring"
        name                        = "rancher-monitoring"
      ~ values                      = <<-EOT
          - global:
          -   cattle:
          -     clusterId: c-m-9n5h9nrf
          -     clusterName: archive-staging-rke2
          -     systemDefaultRegistry: ""
          -   systemDefaultRegistry: ""
            nodeExporter:
              serviceMonitor:
                enabled: true
                relabelings:
                - action: replace
                  regex: ^(.*)$
                  replacement: $1
                  sourceLabels:
                  - __meta_kubernetes_pod_node_name
                  targetLabel: instance
            prometheus:
              enabled: true
              prometheusSpec:
                externalLabels:
                  cluster: archive-staging-rke2
                  domain: staging
                  environment: staging
                  infrastructure: kubernetes
                requests:
                  cpu: 250m
                  memory: 250Mi
                  retention: 30d
                thanos:
                  objectStorageConfig:
                    key: thanos.yaml
                    name: thanos-objstore-config-secret
              thanosIngress:
                annotations:
          -       cert-manager.io/cluster-issuer: letsencrypt-staging-gandi
          +       cert-manager.io/cluster-issuer: letsencrypt-production-gandi
                  metallb.universe.tf/allow-shared-ip: clusterIP
                  nginx.ingress.kubernetes.io/backend-protocol: GRPC
                enabled: true
                hosts:
          -     - k8s-archive-staging-rke2-thanos.internal.softwareheritage.org
          +     - k8s-archive-staging-rke2-thanos.internal.staging.swh.network
                loadBalancerIP: 192.168.100.119
                pathType: Prefix
                tls:
                - hosts:
          -       - k8s-archive-staging-rke2-thanos.internal.softwareheritage.org
          +       - k8s-archive-staging-rke2-thanos.internal.staging.swh.network
                  secretName: thanos-crt
        EOT
        # (13 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  # Warning: this attribute value will be marked as sensitive and will not
  # display in UI output after applying this change.
  ~ rancher2_cluster_archive_staging_rke2_summary = (sensitive value)

Merge request reports