apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: openobserve namespace: openobserve spec: interval: 5m timeout: 30m postRenderers: - kustomize: patches: - target: group: apps version: v1 kind: Deployment name: openobserve-web patch: |- - op: add path: /spec/template/metadata/annotations/sidecar.istio.io~1inject value: "false" - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-init-first value: "true" - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject value: "true" - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-pre-populate-only value: "true" - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1auth-path value: auth/kubernetes - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1role value: openobserve - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-openobserve-env value: secrets/data/vault/apps/openobserve - op: add path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-openobserve-env value: |- {{- with secret "secrets/data/vault/apps/openobserve" -}} ZO_ROOT_USER_EMAIL={{ printf "%q" (index .Data.data "ZO_ROOT_USER_EMAIL") }} ZO_ROOT_USER_PASSWORD={{ printf "%q" (index .Data.data "ZO_ROOT_USER_PASSWORD") }} ZO_META_POSTGRES_DSN={{ printf "%q" (index .Data.data "ZO_META_POSTGRES_DSN") }} ZO_NATS_ADDR={{ printf "%q" (index .Data.data "ZO_NATS_ADDR") }} PGHOST={{ printf "%q" (index .Data.data "PGHOST") }} PGPORT={{ printf "%q" (index .Data.data "PGPORT") }} PGDATABASE={{ printf "%q" (index .Data.data "PGDATABASE") }} PGUSER={{ printf "%q" (index .Data.data "PGUSER") }} PGPASSWORD={{ printf "%q" (index .Data.data "PGPASSWORD") }} PGSSLMODE={{ printf "%q" (index .Data.data "PGSSLMODE") }} PGSSLROOTCERT={{ printf "%q" (index .Data.data "PGSSLROOTCERT") }} ZO_S3_ACCESS_KEY={{ printf "%q" (index .Data.data "ZO_S3_ACCESS_KEY") }} ZO_S3_SECRET_KEY={{ printf "%q" (index .Data.data "ZO_S3_SECRET_KEY") }} OPENOBSERVE_BASIC_AUTH={{ printf "%q" (index .Data.data "OPENOBSERVE_BASIC_AUTH") }} {{- end -}} - op: add path: /spec/template/spec/imagePullSecrets value: - name: regcred - op: replace path: /spec/strategy value: type: Recreate - op: replace path: /spec/template/spec/containers/0/command value: - /bin/sh - -ec - op: replace path: /spec/template/spec/containers/0/args value: - | set -a . /vault/secrets/openobserve-env set +a exec /openobserve - op: replace path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds value: 300 - op: replace path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds value: 60 values: universal-chart: services: openobserve: deployment: replicaCount: _default: 1 envs: - name: ZO_HTTP_PORT value: _default: "5080" - name: ZO_LOCAL_MODE value: _default: "false" - name: ZO_META_STORE value: _default: postgres - name: ZO_CLUSTER_COORDINATOR value: _default: nats - name: ZO_NATS_REPLICAS value: _default: "1" - name: ZO_S3_PROVIDER value: _default: s3 - name: ZO_S3_SERVER_URL value: _default: http://minio.minio.svc.cluster.local:9000 - name: ZO_S3_BUCKET_NAME value: _default: open-observe - name: ZO_S3_REGION_NAME value: _default: ru-central1 - name: ZO_TELEMETRY value: _default: "false" serviceAccount: enabled: true name: _default: openobserve-vault imagePullSecrets: create: _default: false name: _default: regcred openobserve: secret: create: false nats: enabled: true replicaCount: 1 persistence: enabled: true size: 10Gi storageClassName: csi-disk otelCollector: enabled: false vault: enabled: true