Parameters

The parent key for all of the following parameters is thanos.

namespace

type

string

default

syn-thanos

The namespace in which to deploy this component.

createNamespace

type

bool

default

true

If this parameter is set to `false, the component won’t create the specified namespace. This is required for all but one instance if multiple component instances are deployed into the same namespace.

cluster_kubernetes_version

type

string

default

"1.18"

The Kubernetes version of the cluster on which the component is deployed.

jsonnetfile_parameters

type

dict

Parameters for rendering the jsonnetfile.jsonnet. We pass parameter cluster_kubernetes_version and cluster fact distribution to Jsonnet to enable smart dependency version selection for the kube-thanos and thanos-mixin Jsonnet libraries.

This is necessary because we need to ensure that this component and other components (for example rancher-monitoring and openshift4-monitoring) use the same kube-thanos and thanos-mixin library versions.

Otherwise we get random changes in the cluster catalog at best and incompatible library versions at worst depending on which dependency version wins when jsonnet-bundler fetches the Jsonnet libraries.

jsonnetfile_parameters.thanos_mixin_version

type

string

default

''

This parameter is used as the library version for thanos-mixin over the autodetected version based on the cluster’s Kubernetes version and distribution.

Only set this parameter if you really need a specific thanos-mixin version for this component and have read the parameter description for jsonnetfile_parameters carefully.

jsonnetfile_parameters.kube_thanos_version

type

string

default

''

This parameter is used as the library version for kube-thanos over the autodetected version based on the cluster’s Kubernetes version and distribution.

Only set this parameter if you really need a specific kube-thanos version for this component and have read the parameter description for jsonnetfile_parameters carefully.

dashboards.enabled

type

bool

default

false

If the Grafana dashboards should be rendered in a ConfigMap. This will increase the compile time drastically when enabled.

dashboards.namespace

type

string

default

syn-thanos

The namespace in which to create the Grafana dashboard ConfigMaps.

commonConfig

type

dict

Common configuration for all Thanos components. See all.jsonnet for available options.

query

type

dict

Configuration for the Thanos Query component. See all.jsonnet for available options.

Especially the stores list is important as it needs to be populated by the Thanos store API endpoints this Query should use.

enabled

type

bool

default

true

If the Query component should be deployed.

serviceType

type

string

default

ClusterIP

Service type for query service. Can be used to expose the Query endpoint externally via LoadBalancer type.

query_alerts.enabled

type

dict

default
"*": true
ThanosQueryGrpcClientErrorRate: false
ThanosQueryGrpcServerErrorRate: false

Configuration for the Thanos Query alerts. Available alerts can be found here. From Kubernetes version v1.22 (OCP v4.9) alerts include upstream runbooks.

"": true allows enabling all alerts. AlertName: true enables a single alert. AlertName: false allows disabling a single alert if "": true is set.

query_alerts.patches

type

dict

default

{}

This parameter allows patching upstream Query in the hierarchy. Available alerts can be found here.

"*": {} allows patching all alerts. AlertName: {} patches a single alert.

query_alerts.custom

type

dict

example
ThanosDidSomething:
  enabled: false
  rule:
    annotations:
      description: Thanos did something.
      message: Thanos did something.
      runbook: https://hub.syn.tools/thanos/runbooks/ThanosDidSomething.html
    expr: |
      thanos_doing_something > 1
    for: 10m
    labels:
      severity: warning

Allows setting custom rules.

.custom.*.enabled

type

boolean

Controls if the custom rule is enabled.

.custom.*.rule

type

dict

The rule defintion.

queryRbacProxy

type

dict

Configuration for the RBAC proxy sidecar that authenticates requests to Thanos Query when exposed. Users are authenticated with OAuth and authorized using Kubernetes RBAC. It’s recommended to deploy the proxy together with an Ingress.

Only OpenShift is currently supported.

The proxy redirects browser requests without authentication headers to OpenShift OAuth. Once authenticated, the proxy does authorization by issuing a SubjectAccessReview on behalf of the requesting user against the service named queryRbacProxy.serviceName.

enabled

type

bool

default

false

Whether the RBAC proxy should be deployed.

ingress

type

dict

Configuration of an Ingress resource to expose the Thanos Query frontend via RBAC proxy.

ingress.enabled

type

bool

default

true

Whether the Ingress should be deployed.

ingress.host

type

string

required

yes

The hostname to expose. This parameter is required and component compilation fails unless enabled is false.

ingress.annotations

type

dict

default

{cert-manager.io/cluster-issuer: letsencrypt-production}

The annotations of the Ingress resource. With default annotations the TLS certificate gets provisioned by Let’s Encrypt via cert-manager.

objectStorageConfig

type

dict

Configuration for the Thanos Object Storage. See Object Storage & Data Format for available options. This configuration will be stored in a K8s secret.

store

type

dict

Configuration for the Thanos Store component. See all.jsonnet for available options.

enabled

type

bool

default

false

If the Store component should be deployed. It will require an objectStorageConfig if enabled.

additionalArgs

type

array

default

[]

Additional args that should be passed to the statefulset.

store_alerts.enabled

type

dict

default
"*": true

Configuration for the Thanos Store alerts. Available alerts can be found here. From Kubernetes version v1.22 (OCP v4.9) alerts include upstream runbooks.

"": true allows enabling all alerts. AlertName: true enables a single alert. AlertName: false allows disabling a single alert if "": true is set.

store_alerts.patches

type

dict

default

{}

This parameter allows patching upstream Store in the hierarchy. Available alerts can be found here.

"*": {} allows patching all alerts. AlertName: {} patches a single alert.

store_alerts.custom

type

dict

example
ThanosDidSomething:
  enabled: false
  rule:
    annotations:
      description: Thanos did something.
      message: Thanos did something.
      runbook: https://hub.syn.tools/thanos/runbooks/ThanosDidSomething.html
    expr: |
      thanos_doing_something > 1
    for: 10m
    labels:
      severity: warning

Allows setting custom rules.

.custom.*.enabled

type

boolean

Controls if the custom rule is enabled.

.custom.*.rule

type

dict

The rule defintion.

compactor

type

dict

Configuration for the Thanos Compactor component. See all.jsonnet for available options.

enabled

type

bool

default

false

If the Compactor component should be deployed. It will require an objectStorageConfig if enabled.

extraArgs

type

array

default

null

If the Compactor component should receive additional arguments. Those extraArgs are extending the command line arguments of the Compactor container.

compactor_alerts.enabled

type

dict

default
"*": true

Configuration for the Thanos Compactor alerts. Available alerts can be found here. From Kubernetes version v1.22 (OCP v4.9) alerts include upstream runbooks.

"": true allows enabling all alerts. AlertName: true enables a single alert. AlertName: false allows disabling a single alert if "": true is set.

compactor_alerts.patches

type

dict

default

{}

This parameter allows patching upstream Compactor in the hierarchy. Available alerts can be found here.

"*": {} allows patching all alerts. AlertName: {} patches a single alert.

compactor_alerts.custom

type

dict

example
ThanosDidSomething:
  enabled: false
  rule:
    annotations:
      description: Thanos did something.
      message: Thanos did something.
      runbook: https://hub.syn.tools/thanos/runbooks/ThanosDidSomething.html
    expr: |
      thanos_doing_something > 1
    for: 10m
    labels:
      severity: warning

Allows setting custom rules.

.custom.*.enabled

type

boolean

Controls if the custom rule is enabled.

.custom.*.rule

type

dict

The rule defintion.

bucket

type

dict

Configuration for the Thanos Bucket Web component. See all.jsonnet for available options.

enabled

type

bool

default

false

If the Bucket Web component should be deployed. It will require an objectStorageConfig if enabled.

receive

type

dict

Configuration for the Thanos Receiver component. See all.jsonnet for available options.

enabled

If the Receiver component should be deployed. It will require an objectStorageConfig if enabled.

receive_alerts.enabled

type

dict

default
"*": true
ThanosReceiveConfigReloadFailure: false
ThanosReceiveTrafficBelowThreshold: false

Configuration for the Thanos Receiver alerts. Available alerts can be found here. From Kubernetes version v1.22 (OCP v4.9) alerts include upstream runbooks.

"": true allows enabling all alerts. AlertName: true enables a single alert. AlertName: false allows disabling a single alert if "": true is set.

receive_alerts.patches

type

dict

default

{}

This parameter allows patching upstream Receiver in the hierarchy. Available alerts can be found here.

"*": {} allows patching all alerts. AlertName: {} patches a single alert.

receive_alerts.custom

type

dict

example
ThanosDidSomething:
  enabled: false
  rule:
    annotations:
      description: Thanos did something.
      message: Thanos did something.
      runbook: https://hub.syn.tools/thanos/runbooks/ThanosDidSomething.html
    expr: |
      thanos_doing_something > 1
    for: 10m
    labels:
      severity: warning

Allows setting custom rules.

.custom.*.enabled

type

boolean

Controls if the custom rule is enabled.

.custom.*.rule

type

dict

The rule defintion.

images

type

dictionary

Dictionary containing the container images used by this component.

Example

parameters:
  thanos:
    namespace: example-namespace
    commonConfig:
      version: v0.17.2
    query:
      replicas: 3
    store:
      enabled: true
    bucket:
      enabled: true
    objectStorageConfig:
      type: S3
      config:
        bucket: thanos-metrics
        endpoint: s3.example.com
        access_key: ?{vaultkv:${cluster:tenant}/${cluster:name}/thanos/access_key}
        secret_key: ?{vaultkv:${cluster:tenant}/${cluster:name}/thanos/secret_key}