diff --git a/chart/templates/grafana/values.yaml b/chart/templates/grafana/values.yaml
index 89bb3553a5c29b0fe458bc03e5a5be2edb8a2d36..d6f8d481a9350df15c2208dfae7ca0cefda5d8c9 100644
--- a/chart/templates/grafana/values.yaml
+++ b/chart/templates/grafana/values.yaml
@@ -104,6 +104,14 @@ datasources:
datasourcesbb.yaml:
apiVersion: 1
datasources:
+ {{- if .Values.addons.mimir.enabled }}
+ - name: Mimir
+ type: prometheus
+ uid: mimir
+ access: proxy
+ url: http://mimir-mimir-nginx.mimir.svc.cluster.local/prometheus
+ editable: true
+ {{- end }}
{{- if .Values.monitoring.enabled }}
{{- if .Values.addons.thanos.enabled }}
- name: Thanos
diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 59af854f207b7afea3339286b83054bf9a58660b..14fb1e97194ffe1135469f6fd8595e74bfc6da8d 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -246,6 +246,13 @@ policies:
- twistlock-defender-ds*
- volume-upgrade*
{{- end }}
+ {{- if .Values.addons.mimir.enabled }}
+ - resources:
+ namespaces:
+ - mimir
+ names:
+ - mimir-mimir-smoke-test-*
+ {{- end }}
# Kyverno Beta feature - https://kyverno.io/docs/writing-policies/verify-images/
require-image-signature:
@@ -1039,6 +1046,11 @@ policies:
- monitoring-monitoring-kube-operator*
- prometheus-monitoring-monitoring-kube-prometheus*
- monitoring-alloy-*
+ - namespace: mimir
+ pods:
+ allow:
+ - mimir-mimir-rollout-operator-*
+ - mimir-mimir-minio*
- namespace: anchore
pods:
allow:
diff --git a/chart/templates/mimir/_postrenderers.tpl b/chart/templates/mimir/_postrenderers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..3c0f56234e61f4713f97a95d692deebaa7a5862c
--- /dev/null
+++ b/chart/templates/mimir/_postrenderers.tpl
@@ -0,0 +1,35 @@
+{{- define "mimir.istioPostRenderers" }}
+- kustomize:
+ patches:
+ - patch: |
+ - op: add
+ path: /spec/ports/1/appProtocol
+ value: tcp
+ target:
+ kind: Service
+ name: .*-headless$
+ - patch: |
+ - op: add
+ path: /spec/ports/1/appProtocol
+ value: grpc
+ target:
+ kind: Service
+ name: ^.+-(?:alertmanager|compactor|distributor|ingester(-zone.*)?|overrides-exporter|querier|query-frontend|store-gateway(-zone.*))$
+ - patch: |
+ - op: add
+ path: /spec/template/metadata/labels/app.kubernetes.io~1part-of
+ value: memberlist
+ target:
+ kind: Deployment
+ name: ^.+-query-frontend$
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/ports/-
+ value:
+ containerPort: 7946
+ name: memberlist
+ protocol: TCP
+ target:
+ kind: Deployment
+ name: ^.+-query-frontend$
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mimir/git-credentials.yaml b/chart/templates/mimir/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0e20f2ce19d538f4adf38a9b3765ad495dc1adfd
--- /dev/null
+++ b/chart/templates/mimir/git-credentials.yaml
@@ -0,0 +1,7 @@
+{{- $gitCredsSecretDict := dict
+ "name" "mimir"
+ "targetScope" .Values.addons.mimir
+ "releaseName" .Release.Name
+ "releaseNamespace" .Release.Namespace
+}}
+{{- include "gitCredsSecret" $gitCredsSecretDict | nindent 0 -}}
\ No newline at end of file
diff --git a/chart/templates/mimir/gitrepository.yaml b/chart/templates/mimir/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f124c50495b171f0232fa4017c3221c8676b3b9b
--- /dev/null
+++ b/chart/templates/mimir/gitrepository.yaml
@@ -0,0 +1,23 @@
+{{- if and (eq .Values.addons.mimir.sourceType "git") (not .Values.offline) .Values.addons.mimir.enabled }}
+{{- $gitCredsDict := dict
+ "name" "mimir"
+ "packageGitScope" .Values.addons.mimir.git
+ "rootScope" .
+ "releaseName" .Release.Name
+}}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: mimir
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: mimir
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.addons.mimir.git.repo }}
+ ref:
+ {{- include "validRef" .Values.addons.mimir.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCredsExtended" $gitCredsDict | nindent 2 }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mimir/helmrelease.yaml b/chart/templates/mimir/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7edb611c575748236b602dd2781290a5fa94b49d
--- /dev/null
+++ b/chart/templates/mimir/helmrelease.yaml
@@ -0,0 +1,74 @@
+{{- $fluxSettingsMimir := merge .Values.addons.mimir.flux .Values.flux -}}
+{{- if .Values.addons.mimir.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: mimir
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: mimir
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/mimir/values.yaml") . | sha256sum }}
+spec:
+ targetNamespace: mimir
+ chart:
+ spec:
+ {{- if eq .Values.addons.mimir.sourceType "git" }}
+ chart: {{ .Values.addons.mimir.git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: mimir
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ .Values.addons.mimir.helmRepo.chartName }}
+ version: {{ .Values.addons.mimir.helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ .Values.addons.mimir.helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- $repoType := include "getRepoType" (dict "repoName" .Values.addons.mimir.helmRepo.repoName "allRepos" $.Values.helmRepositories) -}}
+ {{- if (and .Values.addons.mimir.helmRepo.cosignVerify (eq $repoType "oci")) }} # Needs to be an OCI repo
+ verify:
+ provider: cosign
+ secretRef:
+ name: {{ printf "%s-cosign-pub" .Values.addons.mimir.helmRepo.repoName }}
+ {{- end }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsMimir | nindent 2 }}
+ {{- if or .Values.addons.mimir.postRenderers .Values.istio.enabled }}
+ postRenderers:
+ {{- if .Values.istio.enabled }}
+ {{ include "mimir.istioPostRenderers" . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.addons.mimir.postRenderers }}
+ {{ toYaml . | nindent 2 }}
+ {{- end }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-mimir-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-mimir-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-mimir-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ # TODO: DRY this up
+ {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.monitoring.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+status: {}
diff --git a/chart/templates/mimir/imagepullsecret.yaml b/chart/templates/mimir/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..38a173cb50759b1033934d4a983cd26c57ffba2e
--- /dev/null
+++ b/chart/templates/mimir/imagepullsecret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.addons.mimir.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: mimir
+ labels:
+ app.kubernetes.io/name: mimir
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mimir/namespace.yaml b/chart/templates/mimir/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..76be13619901f000f193976481704f31b74e6378
--- /dev/null
+++ b/chart/templates/mimir/namespace.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.addons.mimir.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: mimir
+ labels:
+ app.kubernetes.io/name: mimir
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ istio-injection: {{ dig "istio" "injection" "enabled" .Values.grafana }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mimir/secret-objectstore.yaml b/chart/templates/mimir/secret-objectstore.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..599d0c4bb355c3322aba84a1bd7fbf6611904004
--- /dev/null
+++ b/chart/templates/mimir/secret-objectstore.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.addons.mimir.s3ObjectStorage.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mimir-objstore-secret
+ namespace: mimir
+ labels:
+ app.kubernetes.io/name: mimir
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/opaque
+data:
+ AWS_SECRET_ACCESS_KEY: {{ .Values.addons.mimir.s3ObjectStorage.accessSecret | b64enc }}
+ AWS_ACCESS_KEY_ID: {{ .Values.addons.mimir.s3ObjectStorage.accessKey | b64enc }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mimir/values.yaml b/chart/templates/mimir/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d521b2164e9c9518cfe089ecf68df2275b9aaec7
--- /dev/null
+++ b/chart/templates/mimir/values.yaml
@@ -0,0 +1,100 @@
+{{- /* Create secret */ -}}
+{{- if .Values.addons.mimir.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.addons.mimir "name" "mimir" "defaults" (include "bigbang.defaults.mimir" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.mimir" -}}
+{{- $minioEnabled := (.Values.addons.mimir.minioObjectStorage.enabled) }}
+{{- $s3Enabled := (.Values.addons.mimir.s3ObjectStorage.enabled) }}
+{{- $mimirEnterpriseEnabled := (.Values.addons.mimir.enterprise.enabled) }}
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+
+networkPolicies:
+ enabled: {{ .Values.networkPolicies.enabled }}
+ controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+ hardened:
+ enabled: {{ or
+ (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
+ (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
+ (dig "hardened" "enabled" false .Values.istio.values)
+ (dig "istio" "hardened" "enabled" false .Values.grafana.values)
+ (dig "istio" "hardened" "enabled" false .Values.loki.values)
+ (dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
+ (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
+ (dig "istio" "hardened" "enabled" false .Values.addons.mimir.values)
+ }}
+ {{- if and (or (dig "values" "istio" "hardened" "enabled" false .Values.addons.mimir) (dig "hardened" "enabled" false .Values.istio.values)) (contains "s3" .Values.addons.mimir.s3ObjectStorage.endpoint) }}
+ customServiceEntries:
+ - name: egress-object-store
+ enabled: true
+ spec:
+ hosts:
+ - {{(printf "%s.s3.dualstack.%s.amazonaws.com" .Values.addons.mimir.s3ObjectStorage.bucketName .Values.addons.mimir.s3ObjectStorage.region) }}
+ location: MESH_EXTERNAL
+ ports:
+ - number: 443
+ protocol: TLS
+ name: https
+ resolution: DNS
+ {{- end }}
+
+{{- if $minioEnabled }}
+minio-tenant:
+ enabled: true
+ tenant:
+ configSecret:
+ accessKey: {{ .Values.addons.mimir.minioObjectStorage.configSecret.accessKey }}
+ secretKey: {{ .Values.addons.mimir.minioObjectStorage.configSecret.secretKey }}
+ defaultUserCredentials:
+ username: {{ .Values.addons.mimir.minioObjectStorage.defaultUserCredentials.username }}
+ password: {{ .Values.addons.mimir.minioObjectStorage.defaultUserCredentials.password }}
+{{- end }}
+
+mimir-distributed:
+ query_scheduler:
+ enabled: {{ not .Values.istio.enabled }}
+ {{- if or $minioEnabled $s3Enabled }}
+ {{- if $s3Enabled }}
+ global:
+ extraEnvFrom:
+ - secretRef:
+ name: mimir-objstore-secret
+ {{- end }}
+ mimir:
+ structuredConfig:
+ {{- if $mimirEnterpriseEnabled }}
+ admin_client:
+ backend: s3
+ {{- end }}
+ alertmanager_storage:
+ backend: s3
+ blocks_storage:
+ backend: s3
+ ruler_storage:
+ backend: s3
+ common:
+ storage:
+ backend: s3
+ s3:
+ {{- if $minioEnabled }}
+ access_key_id: {{ .Values.addons.mimir.minioObjectStorage.defaultUserCredentials.username }}
+ endpoint: minio.mimir.svc.cluster.local
+ insecure: true
+ secret_access_key: {{ .Values.addons.mimir.minioObjectStorage.defaultUserCredentials.password }}
+ bucket_name: mimir
+ {{- else }}
+ {{- if $s3Enabled }}
+ access_key_id: "${AWS_ACCESS_KEY_ID}" # This is a secret injected via an environment variable
+ endpoint: {{ .Values.addons.mimir.s3ObjectStorage.endpoint }}
+ insecure: {{ .Values.addons.mimir.s3ObjectStorage.insecure }}
+ secret_access_key: "${AWS_SECRET_ACCESS_KEY}" # This is a secret injected via an environment variable
+ region: {{ .Values.addons.mimir.s3ObjectStorage.region }}
+ bucket_name: {{ .Values.addons.mimir.s3ObjectStorage.bucketName }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/monitoring/values.yaml b/chart/templates/monitoring/values.yaml
index 94f09c3356b1a178394e80473ea72b8be6d80dff..b470485b3af69a240af5df72dbeb1ef1f06c2844 100644
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -164,6 +164,23 @@ prometheus:
insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
{{- end }}
+ {{- if .Values.addons.mimir.enabled }}
+ remoteWrite:
+ {{- if .Values.istio.enabled }}
+ # I promise it's not a typo; the port is 80 even though it's TLS
+ - url: https://mimir-mimir-nginx.mimir.svc.cluster.local:80/api/v1/push
+ {{- else }}
+ - url: http://mimir-mimir-nginx.mimir.svc.cluster.local/api/v1/push
+ {{- end }}
+ {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.mimir.values) "STRICT") }}
+ tlsConfig:
+ caFile: /etc/prom-certs/root-cert.pem
+ certFile: /etc/prom-certs/cert-chain.pem
+ keyFile: /etc/prom-certs/key.pem
+ insecureSkipVerify: true
+ {{- end }}
+ {{- end }}
+
{{- if $thanosEnabled }}
thanos:
diff --git a/chart/values.schema.json b/chart/values.schema.json
index b3a51f10e0fbddf1badc73cad20ca10161790c8f..3733ee0e04c695f33bccf51d8f8870bd3df79646 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -1253,6 +1253,13 @@
"$ref": "#/$defs/basePackage"
}
]
+ },
+ "mimir": {
+ "allOf": [
+ {
+ "$ref": "#/$defs/basePackage"
+ }
+ ]
}
}
},
diff --git a/chart/values.yaml b/chart/values.yaml
index 51a60dc51d5002aa6fb654ecd6be7ec50218cd3a..74ef7f706644aa9cf7a37605e2a8e779ba41897b 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -2116,6 +2116,68 @@ addons:
# -- Flux reconciliation overrides specifically for the alloy package
flux: {}
+ mimir:
+ # -- Toggle deployment of Mimir
+ enabled: false
+
+ # -- Choose source type of "git" or "helmRepo"
+ sourceType: "git"
+
+ git:
+ repo: https://repo1.dso.mil/big-bang/product/packages/mimir.git
+ tag: "5.5.1-bb.3"
+ path: "./chart"
+ helmRepo:
+ repoName: "registry1"
+ chartName: "mimir"
+ tag: "5.5.1-bb.3"
+
+ # -- Enable Mimir Enterprise
+ enterprise:
+ enabled: false
+
+ # -- Enable Big Bang MinIO dependency chart for Mimir
+ minioObjectStorage:
+ enabled: false
+ # -- MinIO root credentials
+ configSecret:
+ accessKey: "minio"
+ secretKey: "minio123" # default key, change this!
+ # Configures the Big Bang MinIO Tenant User Credentials
+ defaultUserCredentials:
+ username: "mimir-user"
+ password: "supersecret"
+
+ # -- Configure Mimir to use S3 bucket
+ s3ObjectStorage:
+ enabled: false
+
+ # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
+ endpoint: ""
+
+ # -- S3 compatible region to use for connection information.
+ region: ""
+
+ # -- Access key for connecting to object storage endpoint.
+ accessKey: ""
+
+ # -- Secret key for connecting to object storage endpoint.
+ # Unencoded string data. This should be placed in the secret values and then encrypted
+ accessSecret: ""
+
+ # -- Bucket name for the Mimir bucket as YAML
+ bucketName: ""
+
+ # -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object
+ insecure: false
+
+ values: {}
+
+ postRenderers: []
+
+ # -- Flux reconciliation overrides specifically for the alloy package
+ flux: {}
+
# -- Wrapper chart for integrating Big Bang components alongside a package
wrapper:
# -- Choose source type of "git" or "helmRepo"
diff --git a/docs/packages.md b/docs/packages.md
index c81fa54ca7d2cd647ca5bacb7299f11349b6b33c..b7d4a8b1e7104580b349ba9b54d947f65563591a 100644
--- a/docs/packages.md
+++ b/docs/packages.md
@@ -93,6 +93,7 @@
| [Metrics Server](https://repo1.dso.mil/big-bang/product/packages/metrics-server) |  | Yes | No | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1738) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1968) |
| [Thanos](https://repo1.dso.mil/big-bang/product/packages/thanos) |  | Yes | No | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/3113) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/3113) |
| [Alloy](https://repo1.dso.mil/big-bang/product/packages/alloy) |  | No | No | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/5031) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/product/packages/alloy/-/blob/main/chart/values.yaml?ref_type=heads#L202) |
+| [Mimir](https://repo1.dso.mil/big-bang/product/packages/mimir) |  | No | No | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/5378) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/product/packages/mimir/-/blob/main/chart/values.yaml?ref_type=heads#L213) |
| [bbctl](https://repo1.dso.mil/big-bang/product/packages/bbctl) |  | No | No | No | N/A |
| [haproxy](https://repo1.dso.mil/big-bang/product/packages/haproxy) |  | No | No | No | [Yes (STRICT)](https://repo1.dso.mil/big-bang/product/packages/haproxy/-/blob/main/chart/values.yaml?ref_type=heads#L569) |
diff --git a/docs/understanding-bigbang/package-architecture/mimir.md b/docs/understanding-bigbang/package-architecture/mimir.md
new file mode 100644
index 0000000000000000000000000000000000000000..2568453db292970a67fffb6e1458dc10a4008ac6
--- /dev/null
+++ b/docs/understanding-bigbang/package-architecture/mimir.md
@@ -0,0 +1,122 @@
+# Mimir
+
+Mimir is an open source, horizontally scalable, highly available, multi-tenant
+Time Series Database (TSDB) for long-term storage for Prometheus.
+
+## Architecture
+
+While Mimir itself supports a number of deployment modes including monolith,
+simple-scalable, and microservice-based paradigms, the community supports only
+microservice-based via `helm install`, so that is the only deployment mode
+supported by Big Bang.
+
+### Write Path
+
+```mermaid
+flowchart TD
+ subgraph "Mimir Components"
+ Gateway
+ Distributor[Distributor]
+ subgraph "Ingesters"
+ Ingester[Ingester]
+ Ingester2[Ingester]
+ Ingester3[Ingester]
+ end
+ Store-Gateway[Store Gateway<br/>Caches bucket index]
+ Compactor[Compactor<br/>Optimizes storage]
+ end
+ Storage[("Object Storage (S3)")]
+
+ Prom[Prometheus Scrapers] --> Gateway
+ Gateway --> Distributor
+ Distributor --> Ingesters
+ Ingesters --> Store-Gateway
+ Compactor --> Storage
+ Store-Gateway --> Storage
+```
+
+### Read Path
+
+```mermaid
+flowchart BT
+Storage[("Object Storage (S3)")]
+ subgraph "Mimir Components"
+ subgraph Queriers
+ Querier0[Querier]
+ Querier1[Querier]
+ Querier2[Querier]
+ end
+ subgraph Ingesters
+ Ingester0[Ingester]
+ Ingester1[Ingester]
+ Ingester2[Ingester]
+ end
+ subgraph QueryScheduler[Optional]
+ QS[Query Scheduler]
+ end
+ StoreGateway[Store Gateway]
+ QueryFrontend[Query Frontend]
+ Memcached["Memcached (optional)"]
+ Gateway
+ end
+
+ Storage --> StoreGateway
+ StoreGateway --> Queriers
+ Ingesters --> Queriers
+ Queriers --> QueryScheduler
+ QueryScheduler --> QueryFrontend
+ QueryFrontend --> Gateway
+ Gateway --> Reader["Grafana, Kiali, etc."]
+```
+
+### Multitenancy
+
+While multitenancy is one of Mimir's standout features compared to other
+long-term Prometheus storage options, no tenancy decisions are made by Big Bang.
+By default in Big Bang, all metrics consumed by Mimir belong to the 'anonymous'
+tenant.
+
+## Big Bang Touchpoints
+
+### Licensing
+
+Grafana Mimir is open-source,
+[licensed under AGPL v3.0](https://github.com/grafana/mimir/blob/main/LICENSE).
+
+### UI
+
+While Mimir is a Prometheus-compatible storage backend, it does not expose the
+Prometheus UI. It is expected that Mimir will be consumed entirely via its API.
+Mimir does have an administrative interface that is useful for debugging and
+diagnostics, but the Big Bang team does not expose this by default.
+
+### Storage
+
+Mimir is designed to work with an external S3-compatible object storage service.
+It can function by writing metrics to disk directly. In Big Bang, it is
+configured to do so when Minio is not enabled and no other object storage
+configuration is provided.
+
+### Logging
+
+Grafana Mimir writes its logs to stderr. These logs will be picked up by the
+logging collector configured within the cluster.
+
+### High Availability
+
+Grafana Mimir is only community supported in a highly-scalable
+microservice-based deployment mode. The Big Bang team makes no assumptions about
+consumer scaling needs and leaves the exact configuration for a performant
+deployment up to the Big Bang consumer. By default, the components are deployed
+with at least n+1 availability.
+
+Grafana publishes
+[a guide](https://grafana.com/docs/mimir/latest/manage/run-production-environment/planning-capacity/)
+for Mimir capacity planning that can be helpful when performing scaling
+configuration.
+
+### Health Checks
+
+Grafana Mimir is configured with standard liveness and readiness probes. In
+addition to the health of Mimir itself, cluster administrators can port-forward
+the admin UI to get an overall view of cluster and gossip ring health.
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 664813b530a39f7be716871ee874fcf9d3cccabf..7b4558cd8afe31d71296dd82b2282be787d498ec 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -270,6 +270,7 @@ gatekeeper:
- thanos/thanos-cypress-test
- twistlock/twistlock-cypress-test
- vault/vault-cypress-test
+ - mimir/mimir-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
@@ -412,6 +413,7 @@ gatekeeper:
- thanos/thanos-cypress-test
- twistlock/twistlock-cypress-test
- vault/vault-cypress-test
+ - mimir/mimir-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
@@ -601,6 +603,7 @@ kyvernoPolicies:
- keycloak
- jaeger
- kyverno-reporter
+ - mimir
- monitoring
- vault
- logging
@@ -642,6 +645,7 @@ kyvernoPolicies:
- keycloak
- kyverno-reporter
- jaeger
+ - mimir
- monitoring
- vault
- logging
@@ -690,6 +694,7 @@ kyvernoPolicies:
- keycloak
- kyverno-reporter
- jaeger
+ - mimir
- monitoring
- vault
- logging
@@ -1885,7 +1890,6 @@ addons:
capabilities:
drop:
- ALL
-
bbtests:
# There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/big-bang/product/packages/minio/-/issues/7
@@ -1899,6 +1903,53 @@ addons:
MINIO_PORT: ''
MINIO_HOST: 'https://minio-api.dev.bigbang.mil'
+ mimir:
+ enabled: false
+ values:
+ istio:
+ hardened:
+ customServiceEntries:
+ - name: "cypress-service-entries-mimir"
+ enabled: true
+ spec:
+ hosts:
+ - 'registry.npmjs.org'
+ - 'download.cypress.io'
+ - 'cdn.cypress.io'
+ - 'repo1.dso.mil'
+ - 'grafana.dev.bigbang.mil'
+ - 'optimizationguide-pa.googleapis.com'
+ - 'clientservices.googleapis.com'
+ - 'accounts.google.com'
+ - 'redirector.gvt1.com'
+ - 'content-autofill.googleapis.com'
+ - 'safebrowsing.googleapis.com'
+ location: MESH_EXTERNAL
+ ports:
+ - number: 443
+ protocol: TLS
+ name: https
+ resolution: DNS
+ bbtests:
+ enabled: true
+ cypress:
+ artifacts: true
+ envs:
+ cypress_grafana_url: 'https://grafana.dev.bigbang.mil'
+ scripts:
+ envs:
+ MIMIR_URL: 'http://mimir-mimir-distributor.mimir.svc:8080'
+ minioObjectStorage:
+ enabled: true
+ networkPolicies:
+ enabled: true
+ imagePullSecrets:
+ - name: private-registry
+ console:
+ persistence:
+ size: 5Gi
+ localVolumeUpgrade: true
+
mattermostOperator:
enabled: false