feat(infra): centralize monitoring backend storage to single MinIO #3380
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ze layout Converted flat directory structure to base/overlay pattern to support multi-environment (stage/production) deployment with cluster-specific SealedSecrets. Changed bucketDNS from true to false for path-style S3 access compatibility with Loki/Tempo. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Convert single-environment Application to multi-environment ApplicationSet with goTemplate generator for stage/production, matching the pattern used by other monitoring components. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Enable S3 storage config pointing to central monitoring-minio with env var expansion for credential injection via Reflector-replicated Secret. Disable embedded MinIO subchart (50Gi savings per env). Co-Authored-By: Claude Opus 4.5 <[email protected]>
Add S3 storage backend for trace data pointing to central monitoring-minio with env var expansion for credential injection. Ingester persistence retained for WAL (write-ahead log). Co-Authored-By: Claude Opus 4.5 <[email protected]>
Remove separate minio-credentials Secret. Instead, reference monitoring-user Secret directly from Loki/Tempo using secretKeyRef to map CONSOLE_ACCESS_KEY -> AWS_ACCESS_KEY_ID and CONSOLE_SECRET_KEY -> AWS_SECRET_ACCESS_KEY. Add Reflector annotations to monitoring-user for auto-replication to monitoring-loki and monitoring-tempo namespaces. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Generate SealedSecrets with kubeseal for both clusters: - tenant-config: admin credentials (unique per environment) - monitoring-user: S3 access credentials with Reflector annotations for auto-replication to monitoring-loki and monitoring-tempo namespaces Co-Authored-By: Claude Opus 4.5 <[email protected]>
|
✅ Syncing Preview App Succeeded Application: |
Co-Authored-By: Claude Opus 4.5 <[email protected]>
|
✅ Syncing Preview App Succeeded Application: |
|
✅ Syncing Preview App Succeeded Application: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Loki와 Tempo의 저장소를 중앙 MinIO(
monitoring-minio)로 통합합니다. Stage와 Production 환경 모두에 적용됩니다.변경 사항:
monitoring-userSecret을 SSOT로 관리, Reflector로monitoring-loki/monitoring-tempo네임스페이스에 자동 복제config.expand-env=true+secretKeyRef로 credential 주입 (CONSOLE_ACCESS_KEY → AWS_ACCESS_KEY_ID 매핑)UsersCreationFailed오류 해결 (admin과 동일한 credential 문제)Additional context
closes TAS-2497
Before submitting the PR, please make sure you do the following
fixes #123).