feat: infra - remove openobserve, add loki

This commit is contained in:
Ryan Yin
2025-06-08 14:18:23 +08:00
parent 77ed0378d1
commit e12afe7cea
11 changed files with 139 additions and 105 deletions

View File

@@ -79,6 +79,7 @@
".pki"
".steam" # steam games
".var" # flatpak app's data
".terraform.d/plugin-cache" # terraform's plugin cache
# cloud native
{

22
infra/minio/loki/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,22 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/aminueza/minio" {
version = "3.5.2"
constraints = "3.5.2"
hashes = [
"h1:3G/Q/dlf4ItE5tvE1zvSDUW4bYvwdCMVsHNAhMq9328=",
"zh:5513c7b20eac89b7bc27b1f762ff03058b4c75456523d5065c41be170fc1ce53",
"zh:597ec8ab8169ab4d044b7d442e65b03bbce2516c15f718510e8c80b5fc451be6",
"zh:608ff0eb5929b840c11efee1da0273b81d21a8149d8f2d259989597068b48253",
"zh:71bee58a6ba43d2a2aadd604c0e04f621fa67cb82ab3633fc5d1366689a5be6b",
"zh:9871556bcc3d5daab3cd8e302d1d07bc5693038e1abf8bd11aaf07a439d67a0b",
"zh:a3272fbb1ac7dff2481e778284709a5d8b85eda61f26239867eaed9ede57e90a",
"zh:a5048a378d5b075a6afac14197fc0fc57f97788cd697749621c07cec7156344c",
"zh:a8f28d070653cbd78ca85f9e54d9391a164828de598d481ed53d04882944dcb7",
"zh:cbf6895d80828f66fdaa234c6fcf87c329c41eb72391a6d29056b917bce65426",
"zh:cd48186b94cee7757a59f848dd6a2bd1d2faa76738a849261ca7cf14e7ca76c2",
"zh:cdefdf9bb591ab19c3176c7c8796762e2626ebde0d49971b49393f6bf28533ba",
"zh:ef16beff601be117a837cd47a1813be24ee0463d4f36a5d5f7e42a19d6c02b3d",
]
}

View File

@@ -0,0 +1,3 @@
# Buckets for Grafana Loki
Store Log data.

90
infra/minio/loki/loki.tf Normal file
View File

@@ -0,0 +1,90 @@
# ==============================================
# Buckets
# ==============================================
resource "minio_s3_bucket" "k3s-test-1-loki-chunks" {
bucket = "k3s-test-1-loki-chunks"
acl = "private"
}
resource "minio_s3_bucket" "k3s-test-1-loki-ruler" {
bucket = "k3s-test-1-loki-ruler"
acl = "private"
}
resource "minio_s3_bucket" "k3s-test-1-loki-admin" {
bucket = "k3s-test-1-loki-admin"
acl = "private"
}
# ==============================================
# User & Permission
# ==============================================
resource "minio_iam_user" "loki" {
name = "loki"
force_destroy = true
tags = {
env = "prod"
managedBy = "terraform"
}
}
resource "minio_iam_service_account" "loki" {
target_user = minio_iam_user.loki.name
}
resource "minio_iam_policy" "loki" {
name = "loki"
policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ObjectFullAccess",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::k3s-test-1-loki-chunks/*",
"arn:aws:s3:::k3s-test-1-loki-ruler/*",
"arn:aws:s3:::k3s-test-1-loki-admin/*"
]
}
]
}
EOF
}
resource "minio_iam_user_policy_attachment" "loki-1" {
user_name = minio_iam_user.loki.id
policy_name = minio_iam_policy.loki.id
}
# ======================================================
output "loki-chunks_url" {
value = minio_s3_bucket.k3s-test-1-loki-chunks.bucket_domain_name
}
output "loki-ruler_url" {
value = minio_s3_bucket.k3s-test-1-loki-ruler.bucket_domain_name
}
output "loki-admin_url" {
value = minio_s3_bucket.k3s-test-1-loki-admin.bucket_domain_name
}
output "loki_accesskey" {
value = minio_iam_service_account.loki.access_key
}
output "loki_secretkey" {
value = minio_iam_service_account.loki.secret_key
sensitive = true
}

View File

@@ -25,7 +25,7 @@ terraform {
required_providers {
minio = {
source = "aminueza/minio"
version = "2.5.0"
version = "3.5.2"
}
}
}

View File

@@ -1,6 +1,6 @@
# for provider
#
# export MINIO_PASSWORD=="xxx"
# export MINIO_PASSWORD="xxx"
# for terraform's s3 backend
#
@@ -10,3 +10,7 @@
terraform init
terraform plan
terraform apply
# show secret key
terraform output loki_secretkey

View File

@@ -1,22 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/aminueza/minio" {
version = "2.5.0"
constraints = "2.5.0"
hashes = [
"h1:RrjfsRy+fBVh7VF3r9u7uCCSjAdR5APa6sqbc9b8GfU=",
"zh:066cdb289dbfd1675e22fe58c8b42e2732f24fc1528b1919a78dfe28f80e8b30",
"zh:26d5e55106259e69493b95058178ec3d6b2395f03a8fe832af1be0e4d89ef42c",
"zh:6247e19de9ec6ef719cfcb174b8f08085c0fd5118b3b0de3fb9bb150702b4ad8",
"zh:70c3cbab0ba8edeec0db2e175bcdb47255c92f3153f839c4e8f2b0fe8c1366f4",
"zh:713793b4b93ae62070b18983ff525390de6c84547cab4220aa068437149f5035",
"zh:72de3e532d4bc7c7a4a872aaf00d7e4dfa09f3730668a738bb881d6734248f02",
"zh:9090f9288d7bc9f23043c1e65d8535e91f10413a16699d4a18add811b25fa167",
"zh:9847284aecb52718468feccb914d67e8befb8bff8345275cb03c3209b338f68b",
"zh:aa09ba1aa6fec278198ff352cc7f2977cfe567d31fd948c54fba5db82b4cd7ec",
"zh:ca28efbf60400918b9dadd18ecbf683065bf9329b35cbf3826718d8d50f10263",
"zh:cb21b119202ac6a30724beb89aefbb8660762b0e9b7165f1e22d59720dd0f110",
"zh:f36b4c9fe4795e892b3be2c80a22461f373541f81d335b51afa963097ab29624",
]
}

View File

@@ -1,64 +0,0 @@
resource "minio_s3_bucket" "openobserve" {
bucket = "openobserve"
acl = "private"
}
resource "minio_iam_user" "openobserve" {
name = "openobserve"
force_destroy = true
tags = {
env = "prod"
managedBy = "terraform"
}
}
resource "minio_iam_policy" "openobserve" {
name = "openobserve"
policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ObjectFullAccess",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::openobserve/*"
}
]
}
EOF
}
resource "minio_iam_user_policy_attachment" "openobserve-1" {
user_name = minio_iam_user.openobserve.id
policy_name = minio_iam_policy.openobserve.id
}
resource "minio_iam_service_account" "openobserve" {
target_user = minio_iam_user.openobserve.name
}
# ======================================================
output "openobserve_id" {
value = minio_s3_bucket.openobserve.id
}
output "openobserve_url" {
value = minio_s3_bucket.openobserve.bucket_domain_name
}
output "openobserve_accesskey" {
value = minio_iam_service_account.openobserve.access_key
}
output "openobserve_secretkey" {
value = minio_iam_service_account.openobserve.secret_key
sensitive = true
}

View File

@@ -2,21 +2,21 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/aminueza/minio" {
version = "2.5.0"
constraints = "2.5.0"
version = "3.5.2"
constraints = "3.5.2"
hashes = [
"h1:RrjfsRy+fBVh7VF3r9u7uCCSjAdR5APa6sqbc9b8GfU=",
"zh:066cdb289dbfd1675e22fe58c8b42e2732f24fc1528b1919a78dfe28f80e8b30",
"zh:26d5e55106259e69493b95058178ec3d6b2395f03a8fe832af1be0e4d89ef42c",
"zh:6247e19de9ec6ef719cfcb174b8f08085c0fd5118b3b0de3fb9bb150702b4ad8",
"zh:70c3cbab0ba8edeec0db2e175bcdb47255c92f3153f839c4e8f2b0fe8c1366f4",
"zh:713793b4b93ae62070b18983ff525390de6c84547cab4220aa068437149f5035",
"zh:72de3e532d4bc7c7a4a872aaf00d7e4dfa09f3730668a738bb881d6734248f02",
"zh:9090f9288d7bc9f23043c1e65d8535e91f10413a16699d4a18add811b25fa167",
"zh:9847284aecb52718468feccb914d67e8befb8bff8345275cb03c3209b338f68b",
"zh:aa09ba1aa6fec278198ff352cc7f2977cfe567d31fd948c54fba5db82b4cd7ec",
"zh:ca28efbf60400918b9dadd18ecbf683065bf9329b35cbf3826718d8d50f10263",
"zh:cb21b119202ac6a30724beb89aefbb8660762b0e9b7165f1e22d59720dd0f110",
"zh:f36b4c9fe4795e892b3be2c80a22461f373541f81d335b51afa963097ab29624",
"h1:3G/Q/dlf4ItE5tvE1zvSDUW4bYvwdCMVsHNAhMq9328=",
"zh:5513c7b20eac89b7bc27b1f762ff03058b4c75456523d5065c41be170fc1ce53",
"zh:597ec8ab8169ab4d044b7d442e65b03bbce2516c15f718510e8c80b5fc451be6",
"zh:608ff0eb5929b840c11efee1da0273b81d21a8149d8f2d259989597068b48253",
"zh:71bee58a6ba43d2a2aadd604c0e04f621fa67cb82ab3633fc5d1366689a5be6b",
"zh:9871556bcc3d5daab3cd8e302d1d07bc5693038e1abf8bd11aaf07a439d67a0b",
"zh:a3272fbb1ac7dff2481e778284709a5d8b85eda61f26239867eaed9ede57e90a",
"zh:a5048a378d5b075a6afac14197fc0fc57f97788cd697749621c07cec7156344c",
"zh:a8f28d070653cbd78ca85f9e54d9391a164828de598d481ed53d04882944dcb7",
"zh:cbf6895d80828f66fdaa234c6fcf87c329c41eb72391a6d29056b917bce65426",
"zh:cd48186b94cee7757a59f848dd6a2bd1d2faa76738a849261ca7cf14e7ca76c2",
"zh:cdefdf9bb591ab19c3176c7c8796762e2626ebde0d49971b49393f6bf28533ba",
"zh:ef16beff601be117a837cd47a1813be24ee0463d4f36a5d5f7e42a19d6c02b3d",
]
}

View File

@@ -2,7 +2,7 @@ terraform {
required_providers {
minio = {
source = "aminueza/minio"
version = "2.5.0"
version = "3.5.2"
}
}
}

View File

@@ -1,6 +1,6 @@
# for provider
#
# export MINIO_PASSWORD=="xxx"
# export MINIO_PASSWORD="xxx"
#
terraform init
terraform plan