Fix thanos upgrades from 1.1.1 (!3336) · Merge requests · Sylva-projects / sylva-core

What does this MR do and why?

This MR brings multiple improvement to fix upgrades from 1.1.1 (in independent commits)

reinstall thanos unconditionally while upgrading from 1.1.1

This is also required for capo as objStore reconfiguration is not working. As minio tenant is deleted, data will be lost in any case, it won't hurt to reinstall thanos.
Add missing dependencies on minio-tenant-init

thanos-init and loki-init should respectively depend on their respective minio-tenant-init units (this dependency is probably not mandatory, as externalSecret produced by these units will only become ready when secret will be synced, but it is preferable to have an explicit dependency)
Change minio secret paths in vault

As we are re-installing minio when migrating from 1.1.1 to 1.2, we'll be generating new RandomSecrets when minio-monitoring-tenant-init unit will be replaced by minio-monitoring-init. But in that change, RandomSecret name remains the same (minio-monitoring-user)

Alongside with that change we've also granted the permission to delete secrets to secret-writer role (in e440277e) in order to enable vault-config-operator to delete or updatge these objects.

Unfortunately we've observed that this configuration change applies at an uncontrolled moment as vault CRD has no status reflecting the configuration change.

Consequently, the RandomSecret may be updated way later, leading to mismatch between minio and thanos.

In order to overcome that issue, we change the secret path in vault.
Rename minio-tenant-init files

They should not refer to monitoring as the're used for various minio tenants.

Edited Nov 21, 2024 by Francois Eleouet