Skip to content
Snippets Groups Projects
Commit 1b11cf73 authored by Jan David Mol's avatar Jan David Mol
Browse files

L2SS-2316: Fetch MINIO access key from Vault

parent 478ffa8b
No related branches found
No related tags found
1 merge request!22L2SS-2316: Fetch MINIO access key from Vault
......@@ -19,8 +19,6 @@ job "daily-backup-grafana-to-s3" {
}
env {
MINIO_HOSTNAME = "https://s3.lofar.net:443"
MINIO_ACCESS_KEY = "minioadmin"
MINIO_SECRET_KEY = "minioadmin"
MINIO_BUCKET = "grafana-backup"
GRAFANA_URL = "https://monitoring.lofar.net:443"
}
......@@ -32,12 +30,23 @@ job "daily-backup-grafana-to-s3" {
template {
env = true
destination = "secrets/file.env"
destination = "secrets/grafana.env"
data = <<EOH
GRAFANA_TOKEN = "{{with secret "kv-v2/data/grafana/garibaldi"}}{{.Data.data.token}}{{end}}"
EOH
}
template {
env = true
destination = "secrets/minio.env"
data = <<EOH
{{with secret "kv-v2/data/minio/central-management"}}
MINIO_ROOT_USER = "{{.Data.data.username}}"
MINIO_ROOT_PASSWORD = "{{.Data.data.password}}"
{{end}}
EOH
}
resources {
cpu = 2500
memory = 512
......
......@@ -35,7 +35,7 @@ job "logs" {
mount {
type = "bind"
source = "local/loki/"
source = "secrets/loki/"
target = "/etc/loki/"
}
}
......@@ -55,8 +55,10 @@ job "logs" {
storage:
s3:
endpoint: s3.lofar.net
access_key_id: minioadmin
secret_access_key: minioadmin
{{with secret "kv-v2/data/minio/central-management"}}
access_key_id: "{{.Data.data.username}}"
secret_access_key: "{{.Data.data.password}}"
{{end}}
bucketnames: central-logs
s3forcepathstyle: true
region: NL
......@@ -98,12 +100,17 @@ job "logs" {
log_level: warn
EOH
destination = "local/loki/config.yaml"
destination = "secrets/loki/config.yaml"
}
resources {
cpu = 2048
memory = 8096
}
vault {
change_mode = "noop"
policies = ["default"]
}
}
}
......
......@@ -170,11 +170,16 @@ job "metrics" {
mount {
type = "bind"
source = "local/mimir/"
source = "secrets/mimir/"
target = "/etc/mimir/"
}
}
vault {
change_mode = "noop"
policies = ["default"]
}
template {
data = <<EOH
# Do not use this configuration in production.
......@@ -190,8 +195,10 @@ job "metrics" {
backend: s3
s3:
endpoint: s3.lofar.net
access_key_id: minioadmin
secret_access_key: minioadmin
{{with secret "kv-v2/data/minio/central-management"}}
access_key_id: "{{.Data.data.username}}"
secret_access_key: "{{.Data.data.password}}"
{{end}}
bucket_name: central-metrics
# Blocks storage requires a prefix when using a common object storage bucket.
......@@ -250,7 +257,7 @@ job "metrics" {
log_level: warn
EOH
destination = "local/mimir/config.yaml"
destination = "secrets/mimir/config.yaml"
}
resources {
cpu = 2048
......
......@@ -34,7 +34,7 @@ job "tracing" {
mount {
type = "bind"
source = "local/tempo/"
source = "secrets/tempo/"
target = "/etc/tempo/"
}
}
......@@ -63,8 +63,10 @@ storage:
s3:
bucket: central-tracing
endpoint: s3.lofar.net
access_key: minioadmin
secret_key: minioadmin
{{with secret "kv-v2/data/minio/central-management"}}
access_key: "{{.Data.data.username}}"
secret_key: "{{.Data.data.password}}"
{{end}}
forcepathstyle: true
wal:
path: /tmp/tempo/wal # where to store the the wal locally
......@@ -76,12 +78,17 @@ overrides:
metrics_generator:
EOH
destination = "local/tempo/config.yaml"
destination = "secrets/tempo/config.yaml"
}
resources {
cpu = 2048
memory = 8096
}
vault {
change_mode = "noop"
policies = ["default"]
}
}
}
......
......@@ -14,6 +14,6 @@ secrets {
metaurl="redis://operations-valkey.service.consul:26379/0"
bucket="https://s3.lofar.net/csi-volumes/operations"
storage="minio"
access-key="minioadmin"
secret-key="minioadmin"
access-key="csi"
secret-key="<insert password of csi minio user>"
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment