GithubHelp home page GithubHelp logo

goatlas-io / atlas Goto Github PK

View Code? Open in Web Editor NEW
39.0 2.0 0.0 225 KB

Secure Distributed Thanos Deployment using an Observability Cluster

Home Page: https://goatlas.io

License: MIT License

Shell 3.12% Dockerfile 0.98% Makefile 1.02% Mustache 2.37% Go 92.51%
observability prometheus thanos monitoring envoy envoyproxy kubernetes

atlas's Introduction

Atlas

Status: BETA - I don't expect breaking changes, but still possible.

Atlas, forced by Zeus to support the heavens and the skies on his shoulders.

See Full Documentation

Overview

Atlas provides the ability to easily run a secure distributed Thanos deployment. Atlas at it's core is a small set of kubernetes operators that uses services and secrets resources as the underlying source of truth to populate a customized Envoy Aggreggated Service Discovery server which the Envoy proxies connect to and obtain their configurations to create the secure distributed envoy network that Thanos then traverses for connectivity.

Atlas provides Thanos Query the ability to connect to Thanos Sidecars securely over HTTP/2 authenticated via Mutual TLS. Additionally when an ingress on the observability cluster (where Atlas is installed) is configured properly, you can access every downstream cluster's individual Prometheus and Alert Manager web interfaces.

Finally Atlas provides the ability for EVERY downstream cluster's Prometheus instances to securely send alerts back to the observability alert managers over the HTTP/2 protected by Mutual TLS. This means that you can protect access to the alertmanager with something like an oauth2 proxy and not worry about how to allow the Prometheus instances to authenticate to it for sending alerts.

Atlas does not deploy Thanos or configure Thanos for you. Please see Atlas documentation on how to configure Thanos to use Atlas.

How It Works

Atlas leverages kubernetes services, label selectors, and annotations to configurable all the necessary components. By default Atlas is configured to work seamlessly with kube-prometheus-stack helm chart.

Atlas uses services defined with external IPs to represent a downstream cluster, when properly annotated it will configure the system for accessing the downstream cluster securely. Once Atlas discovers a properly configured service, it will create a helm-values secret for properly deploying an envoy proxy on the downstream cluster.

atlas's People

Contributors

ekristen avatar renovate-bot avatar renovate[bot] avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

atlas's Issues

Feature: Support Multiple Thanos Queries

One feature of Thanos is to point on Thanos Query at other Thanos Queries. By adding an additional annotation to the service resource that represents a downstream cluster, Atlas can separate out downstream clusters into separate DNS queries allowing multiple thanos query components to be used with Atlas.

Question

Hello,

I want to take a look at this, because we have an issue with getting the ingress working on grpc without envoy. However, the
Thanos part of Atlas is not clear to me. You do recommend to use the kube-prometheus-stack, but I am missing the Thanos server part. The kube-prometheus-stack doesn't have the Thanos server.

Can you clearify this for me? Which Thanos should I install and with options are mandatory?

Thanks!

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • fix(deps): update module github.com/gorilla/mux to v1.8.1
  • chore(deps): update actions/checkout action to v4
  • chore(deps): update actions/setup-go action to v5
  • chore(deps): update actions/setup-python action to v5
  • chore(deps): update actions/upload-artifact action to v4
  • chore(deps): update crazy-max/ghaction-github-pages action to v4
  • chore(deps): update docker/login-action action to v3
  • chore(deps): update goreleaser/goreleaser-action action to v6
  • fix(deps): update module github.com/rancher/wrangler to v3
  • ๐Ÿ” Create all rate-limited PRs at once ๐Ÿ”

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile
Dockerfile
  • golang 1.16.6
Dockerfile.gorelease
github-actions
.github/workflows/release-charts.yml
  • actions/checkout v2
.github/workflows/release-docs.yml
  • actions/checkout v2
  • actions/setup-python v2
  • crazy-max/ghaction-github-pages v2
.github/workflows/release.yml
  • actions/checkout v2
  • actions/checkout v2
  • actions/setup-go v2
  • docker/login-action v1
  • goreleaser/goreleaser-action v2
  • goreleaser/goreleaser-action v2
  • actions/upload-artifact v2
.github/workflows/tests.yml
  • actions/setup-go v2
  • actions/checkout v2
  • actions/setup-go v2
  • actions/checkout v2
gomod
go.mod
  • go 1.16
  • github.com/Masterminds/sprig v2.22.0+incompatible
  • github.com/bwmarrin/snowflake v0.3.0
  • github.com/envoyproxy/go-control-plane v0.9.9
  • github.com/golang/protobuf v1.5.0
  • github.com/gorilla/mux v1.8.0
  • github.com/mitchellh/hashstructure/v2 v2.0.2
  • github.com/prometheus/client_golang v1.11.0
  • github.com/rancher/wrangler v0.8.7
  • github.com/sirupsen/logrus v1.8.1
  • github.com/urfave/cli/v2 v2.3.0
  • google.golang.org/grpc v1.36.0
  • google.golang.org/protobuf v1.27.1
  • k8s.io/api v0.20.5
  • k8s.io/apimachinery v0.20.5
  • k8s.io/client-go v0.20.5
  • k8s.io/client-go v0.20.5
helm-values
charts/atlas/values.yaml
  • ghcr.io/goatlas-io/atlas v0.3.1
charts/envoy/values.yaml
  • envoyproxy/envoy v1.18.3
helmv3
charts/atlas/Chart.yaml
  • envoy 1.2.1
regex
pkg/commands/templates/helm-release.tmpl
  • envoy 1.2.1
  • Check this box to trigger a request for Renovate to run again on this repository

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.