Skip to content
Snippets Groups Projects
Commit 1b11cf73 authored by Jan David Mol's avatar Jan David Mol
Browse files

L2SS-2316: Fetch MINIO access key from Vault

parent 478ffa8b
Branches
No related tags found
1 merge request!22L2SS-2316: Fetch MINIO access key from Vault
...@@ -19,8 +19,6 @@ job "daily-backup-grafana-to-s3" { ...@@ -19,8 +19,6 @@ job "daily-backup-grafana-to-s3" {
} }
env { env {
MINIO_HOSTNAME = "https://s3.lofar.net:443" MINIO_HOSTNAME = "https://s3.lofar.net:443"
MINIO_ACCESS_KEY = "minioadmin"
MINIO_SECRET_KEY = "minioadmin"
MINIO_BUCKET = "grafana-backup" MINIO_BUCKET = "grafana-backup"
GRAFANA_URL = "https://monitoring.lofar.net:443" GRAFANA_URL = "https://monitoring.lofar.net:443"
} }
...@@ -32,12 +30,23 @@ job "daily-backup-grafana-to-s3" { ...@@ -32,12 +30,23 @@ job "daily-backup-grafana-to-s3" {
template { template {
env = true env = true
destination = "secrets/file.env" destination = "secrets/grafana.env"
data = <<EOH data = <<EOH
GRAFANA_TOKEN = "{{with secret "kv-v2/data/grafana/garibaldi"}}{{.Data.data.token}}{{end}}" GRAFANA_TOKEN = "{{with secret "kv-v2/data/grafana/garibaldi"}}{{.Data.data.token}}{{end}}"
EOH EOH
} }
template {
env = true
destination = "secrets/minio.env"
data = <<EOH
{{with secret "kv-v2/data/minio/central-management"}}
MINIO_ROOT_USER = "{{.Data.data.username}}"
MINIO_ROOT_PASSWORD = "{{.Data.data.password}}"
{{end}}
EOH
}
resources { resources {
cpu = 2500 cpu = 2500
memory = 512 memory = 512
......
...@@ -35,7 +35,7 @@ job "logs" { ...@@ -35,7 +35,7 @@ job "logs" {
mount { mount {
type = "bind" type = "bind"
source = "local/loki/" source = "secrets/loki/"
target = "/etc/loki/" target = "/etc/loki/"
} }
} }
...@@ -55,8 +55,10 @@ job "logs" { ...@@ -55,8 +55,10 @@ job "logs" {
storage: storage:
s3: s3:
endpoint: s3.lofar.net endpoint: s3.lofar.net
access_key_id: minioadmin {{with secret "kv-v2/data/minio/central-management"}}
secret_access_key: minioadmin access_key_id: "{{.Data.data.username}}"
secret_access_key: "{{.Data.data.password}}"
{{end}}
bucketnames: central-logs bucketnames: central-logs
s3forcepathstyle: true s3forcepathstyle: true
region: NL region: NL
...@@ -98,12 +100,17 @@ job "logs" { ...@@ -98,12 +100,17 @@ job "logs" {
log_level: warn log_level: warn
EOH EOH
destination = "local/loki/config.yaml" destination = "secrets/loki/config.yaml"
} }
resources { resources {
cpu = 2048 cpu = 2048
memory = 8096 memory = 8096
} }
vault {
change_mode = "noop"
policies = ["default"]
}
} }
} }
......
...@@ -170,11 +170,16 @@ job "metrics" { ...@@ -170,11 +170,16 @@ job "metrics" {
mount { mount {
type = "bind" type = "bind"
source = "local/mimir/" source = "secrets/mimir/"
target = "/etc/mimir/" target = "/etc/mimir/"
} }
} }
vault {
change_mode = "noop"
policies = ["default"]
}
template { template {
data = <<EOH data = <<EOH
# Do not use this configuration in production. # Do not use this configuration in production.
...@@ -190,8 +195,10 @@ job "metrics" { ...@@ -190,8 +195,10 @@ job "metrics" {
backend: s3 backend: s3
s3: s3:
endpoint: s3.lofar.net endpoint: s3.lofar.net
access_key_id: minioadmin {{with secret "kv-v2/data/minio/central-management"}}
secret_access_key: minioadmin access_key_id: "{{.Data.data.username}}"
secret_access_key: "{{.Data.data.password}}"
{{end}}
bucket_name: central-metrics bucket_name: central-metrics
# Blocks storage requires a prefix when using a common object storage bucket. # Blocks storage requires a prefix when using a common object storage bucket.
...@@ -250,7 +257,7 @@ job "metrics" { ...@@ -250,7 +257,7 @@ job "metrics" {
log_level: warn log_level: warn
EOH EOH
destination = "local/mimir/config.yaml" destination = "secrets/mimir/config.yaml"
} }
resources { resources {
cpu = 2048 cpu = 2048
......
...@@ -34,7 +34,7 @@ job "tracing" { ...@@ -34,7 +34,7 @@ job "tracing" {
mount { mount {
type = "bind" type = "bind"
source = "local/tempo/" source = "secrets/tempo/"
target = "/etc/tempo/" target = "/etc/tempo/"
} }
} }
...@@ -63,8 +63,10 @@ storage: ...@@ -63,8 +63,10 @@ storage:
s3: s3:
bucket: central-tracing bucket: central-tracing
endpoint: s3.lofar.net endpoint: s3.lofar.net
access_key: minioadmin {{with secret "kv-v2/data/minio/central-management"}}
secret_key: minioadmin access_key: "{{.Data.data.username}}"
secret_key: "{{.Data.data.password}}"
{{end}}
forcepathstyle: true forcepathstyle: true
wal: wal:
path: /tmp/tempo/wal # where to store the the wal locally path: /tmp/tempo/wal # where to store the the wal locally
...@@ -76,12 +78,17 @@ overrides: ...@@ -76,12 +78,17 @@ overrides:
metrics_generator: metrics_generator:
EOH EOH
destination = "local/tempo/config.yaml" destination = "secrets/tempo/config.yaml"
} }
resources { resources {
cpu = 2048 cpu = 2048
memory = 8096 memory = 8096
} }
vault {
change_mode = "noop"
policies = ["default"]
}
} }
} }
......
...@@ -14,6 +14,6 @@ secrets { ...@@ -14,6 +14,6 @@ secrets {
metaurl="redis://operations-valkey.service.consul:26379/0" metaurl="redis://operations-valkey.service.consul:26379/0"
bucket="https://s3.lofar.net/csi-volumes/operations" bucket="https://s3.lofar.net/csi-volumes/operations"
storage="minio" storage="minio"
access-key="minioadmin" access-key="csi"
secret-key="minioadmin" secret-key="<insert password of csi minio user>"
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment