thanos update to 17.3.3-bb.3
Package Merge Request
Package Changes
https://repo1.dso.mil/big-bang/product/packages/thanos/-/blob/17.3.3-bb.3/CHANGELOG.md
Package MR
big-bang/product/packages/thanos!144 (merged)
For Issue
Closes big-bang/product/packages/thanos#112 (closed)
Upgrade Notices
The thanos package has been migrated to bb-common. While steps have been taken to maintain backwards compatibility with existing configurations by translating the old configuration into bb-common's more explicit syntax, Big Bang consumers are encouraged to migrate their values directly as soon as possible. Some appropriate configuration changes when consumers migrate are outlined below.
Storage (S3) Egress
Previously a wide-open (0.0.0.0/0) egress policy was created for the thanos-storegateway when the bundled minio was disabled, indicating the user wanted to store metrics in an external object storage implementation. This policy was not in line with Big Bang's wider security posture and has been removed. In its place, consumers are encouraged to define and use a bb-common definition for their storage subnets when external object storage is to be used:
networkPolicies:
egress:
definitions:
storage-subnets:
to:
# repeat for each S3 CIDR
- ipBlock:
cidr: <private-s3-endpoint-cidr>
ports:
- port: 443
protocol: TCP
from:
thanos-storegateway:
to:
definition:
database-subnets: trueA default definition for storage-subnets is defined globally in Big Bang and passed down to the thanos package. You're encouraged to override the CIDRs defined there to match your infrastructure. Any changes made at that global level will propagate down into the thanos package.
Ingress Config
bb-common creates a consistent ingress configuration syntax across all Big Bang packages with its routes functionality. Take a look at the routes documentation to understand how to use it to expose various thanos services.