UNCLASSIFIED - NO CUI

Test rq

Jeffrey Victorrequested to merge
test-rq into main

General MR

Summary

This MR migrates thanos to the bb-common implementations of Istio and NetworkPolicy resource generation.

Umbrella Branch

thanos-112-integrate-bb-common

Relevant logs/screenshots

Thanos UI:

image

Thanos queried from Grafana:

image

❯ helm test -n bigbang thanos
NAME: thanos
LAST DEPLOYED: Tue Feb  3 17:02:52 2026
NAMESPACE: thanos
STATUS: deployed
REVISION: 1
TEST SUITE:     allow-egress-from-thanos-cypress-test-to-anywhere-any-port
Last Started:   Tue Feb  3 11:28:19 2026
Last Completed: Tue Feb  3 11:28:19 2026
Phase:          Succeeded
TEST SUITE:     thanos-cypress-config
Last Started:   Tue Feb  3 11:28:18 2026
Last Completed: Tue Feb  3 11:28:19 2026
Phase:          Succeeded
TEST SUITE:     thanos-cypress-test
Last Started:   Tue Feb  3 11:28:20 2026
Last Completed: Tue Feb  3 11:30:55 2026
Phase:          Succeeded

Linked Issue

Integrate bb-common (#112) · Issue · big-bang/product/packages/thanos

Upgrade Notices

Upgrade Notices

The thanos package has been migrated to bb-common. While steps have been taken to maintain backwards compatibility with existing configurations by translating the old configuration into bb-common's more explicit syntax, Big Bang consumers are encouraged to migrate their values directly as soon as possible. Some appropriate configuration changes when consumers migrate are outlined below.

Storage (S3) Egress

Previously a wide-open (0.0.0.0/0) egress policy was created for the thanos-storegateway when the bundled minio was disabled, indicating the user wanted to store metrics in an external object storage implementation. This policy was not in line with Big Bang's wider security posture and has been removed. In its place, consumers are encouraged to define and use a bb-common definition for their storage subnets when external object storage is to be used:

networkPolicies:
  egress:
    definitions:
      storage-subnets:
        to:
        # repeat for each S3 CIDR
        - ipBlock: 
            cidr: <private-s3-endpoint-cidr> 
        ports:
        - port: 443
          protocol: TCP
    from:
      thanos-storegateway:
        to:
          definition:
            database-subnets: true

A default definition for storage-subnets is defined globally in Big Bang and passed down to the thanos package. You're encouraged to override the CIDRs defined there to match your infrastructure. Any changes made at that global level will propagate down into the thanos package.

Ingress Config

bb-common creates a consistent ingress configuration syntax across all Big Bang packages with its routes functionality. Take a look at to understand how to use it to expose various thanos services. docs/index.md · master · Big Bang / bigbang · GitLab

Edited by Jeffrey Victor

Merge request reports

UNCLASSIFIED - NO CUI