Merge pull request 'Add yamllint to Woodpecker CI' (#154) from improce_ci into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Reviewed-on: #154 Reviewed-by: Aaron Riedel <git@ar21.de>
This commit is contained in:
commit
e868463399
67 changed files with 702 additions and 631 deletions
157
.drone.yml
157
.drone.yml
|
@ -1,87 +1,88 @@
|
||||||
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: deploy
|
name: deploy
|
||||||
steps:
|
steps:
|
||||||
- name: kustomize build dashboard (prod + staging)
|
- name: kustomize build dashboard (prod + staging)
|
||||||
image: git.ar21.de/aaron/kustomize-ci
|
image: git.ar21.de/aaron/kustomize-ci
|
||||||
commands:
|
commands:
|
||||||
- cd /deployment-repo
|
- cd /deployment-repo
|
||||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||||
- cd /deployment-repo/dashboard/overlays/prod
|
- cd /deployment-repo/dashboard/overlays/prod
|
||||||
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
|
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
|
||||||
- cd /deployment-repo/dashboard/overlays/staging
|
- cd /deployment-repo/dashboard/overlays/staging
|
||||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||||
volumes:
|
volumes:
|
||||||
- name: deployment-repo
|
- name: deployment-repo
|
||||||
path: /deployment-repo
|
path: /deployment-repo
|
||||||
when:
|
when:
|
||||||
branch:
|
branch:
|
||||||
- main
|
|
||||||
event:
|
|
||||||
- push
|
|
||||||
- name: kustomize build dashboard (staging)
|
|
||||||
image: git.ar21.de/aaron/kustomize-ci
|
|
||||||
commands:
|
|
||||||
- cd /deployment-repo
|
|
||||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
|
||||||
- cd /staging-repo
|
|
||||||
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
|
|
||||||
- cd /staging-repo/dashboard/overlays/staging
|
|
||||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
|
||||||
volumes:
|
|
||||||
- name: deployment-repo
|
|
||||||
path: /deployment-repo
|
|
||||||
- name: staging-repo
|
|
||||||
path: /staging-repo
|
|
||||||
when:
|
|
||||||
branch:
|
|
||||||
exclude:
|
|
||||||
- main
|
- main
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
- name: kustomize push dashboard changes (prod + staging)
|
- name: kustomize build dashboard (staging)
|
||||||
image: appleboy/drone-git-push
|
image: git.ar21.de/aaron/kustomize-ci
|
||||||
settings:
|
commands:
|
||||||
branch: main
|
- cd /deployment-repo
|
||||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||||
path: /deployment-repo
|
- cd /staging-repo
|
||||||
force: false
|
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
|
||||||
commit: true
|
- cd /staging-repo/dashboard/overlays/staging
|
||||||
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
|
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||||
ssh_key:
|
volumes:
|
||||||
from_secret: GITEA_SSH_KEY
|
- name: deployment-repo
|
||||||
volumes:
|
path: /deployment-repo
|
||||||
- name: deployment-repo
|
- name: staging-repo
|
||||||
path: /deployment-repo
|
path: /staging-repo
|
||||||
when:
|
when:
|
||||||
branch:
|
branch:
|
||||||
- main
|
exclude:
|
||||||
event:
|
- main
|
||||||
- push
|
event:
|
||||||
- name: kustomize push dashboard changes (staging)
|
- push
|
||||||
image: appleboy/drone-git-push
|
- name: kustomize push dashboard changes (prod + staging)
|
||||||
settings:
|
image: appleboy/drone-git-push
|
||||||
branch: main
|
settings:
|
||||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
branch: main
|
||||||
path: /deployment-repo
|
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||||
force: false
|
path: /deployment-repo
|
||||||
commit: true
|
force: false
|
||||||
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
|
commit: true
|
||||||
ssh_key:
|
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
|
||||||
from_secret: GITEA_SSH_KEY
|
ssh_key:
|
||||||
volumes:
|
from_secret: GITEA_SSH_KEY
|
||||||
- name: deployment-repo
|
volumes:
|
||||||
path: /deployment-repo
|
- name: deployment-repo
|
||||||
when:
|
path: /deployment-repo
|
||||||
branch:
|
when:
|
||||||
exclude:
|
branch:
|
||||||
- main
|
- main
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
|
- name: kustomize push dashboard changes (staging)
|
||||||
|
image: appleboy/drone-git-push
|
||||||
|
settings:
|
||||||
|
branch: main
|
||||||
|
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||||
|
path: /deployment-repo
|
||||||
|
force: false
|
||||||
|
commit: true
|
||||||
|
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
|
||||||
|
ssh_key:
|
||||||
|
from_secret: GITEA_SSH_KEY
|
||||||
|
volumes:
|
||||||
|
- name: deployment-repo
|
||||||
|
path: /deployment-repo
|
||||||
|
when:
|
||||||
|
branch:
|
||||||
|
exclude:
|
||||||
|
- main
|
||||||
|
event:
|
||||||
|
- push
|
||||||
volumes:
|
volumes:
|
||||||
- name: deployment-repo
|
- name: deployment-repo
|
||||||
temp: {}
|
temp: {}
|
||||||
- name: staging-repo
|
- name: staging-repo
|
||||||
temp: {}
|
temp: {}
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
exclude:
|
exclude:
|
||||||
|
|
8
.woodpecker/.yamllint.yaml
Normal file
8
.woodpecker/.yamllint.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
steps:
|
||||||
|
- name: linting
|
||||||
|
image: cytopia/yamllint:latest
|
||||||
|
commands:
|
||||||
|
- yamllint -f colored -s .
|
||||||
|
when:
|
||||||
|
- event: push
|
10
.yamllint
Normal file
10
.yamllint
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
yaml-files:
|
||||||
|
- '*.yaml'
|
||||||
|
- '*.yml'
|
||||||
|
- '.yamllint'
|
||||||
|
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length: disable
|
|
@ -28,12 +28,12 @@ spec:
|
||||||
project: default
|
project: default
|
||||||
sources:
|
sources:
|
||||||
- chart: woodpecker
|
- chart: woodpecker
|
||||||
repoURL: https://woodpecker-ci.org/
|
repoURL: https://woodpecker-ci.org/
|
||||||
targetRevision: 1.6.0
|
targetRevision: 1.6.0
|
||||||
helm:
|
helm:
|
||||||
releaseName: woodpecker
|
releaseName: woodpecker
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/woodpecker/values/values.yaml
|
- $values/woodpecker/values/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -45,7 +45,7 @@ spec:
|
||||||
namespace: woodpecker
|
namespace: woodpecker
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -65,7 +65,7 @@ spec:
|
||||||
namespace: paste
|
namespace: paste
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
selfHeal: false
|
selfHeal: false
|
||||||
prune: false
|
prune: false
|
||||||
|
|
|
@ -13,7 +13,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: traefik
|
releaseName: traefik
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/traefik/values.yaml
|
- $values/traefik/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -25,7 +25,7 @@ spec:
|
||||||
namespace: traefik
|
namespace: traefik
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: argo
|
releaseName: argo
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/argo/values.yaml
|
- $values/argo/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -55,7 +55,7 @@ spec:
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
selfHeal: true
|
selfHeal: true
|
||||||
prune: false
|
prune: false
|
||||||
|
@ -70,11 +70,11 @@ spec:
|
||||||
sources:
|
sources:
|
||||||
- repoURL: https://charts.longhorn.io
|
- repoURL: https://charts.longhorn.io
|
||||||
chart: longhorn
|
chart: longhorn
|
||||||
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
|
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
|
||||||
helm:
|
helm:
|
||||||
releaseName: longhorn
|
releaseName: longhorn
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/longhorn/values.yaml
|
- $values/longhorn/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -82,17 +82,17 @@ spec:
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
path: longhorn
|
path: longhorn
|
||||||
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
||||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||||
path: client/config/crd
|
path: client/config/crd
|
||||||
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
||||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||||
path: deploy/kubernetes/snapshot-controller
|
path: deploy/kubernetes/snapshot-controller
|
||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: longhorn-system
|
namespace: longhorn-system
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -110,7 +110,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: prometheus
|
releaseName: prometheus
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/prometheus/values.yaml
|
- $values/prometheus/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -122,30 +122,30 @@ spec:
|
||||||
namespace: prometheus
|
namespace: prometheus
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
- ServerSideApply=true
|
- ServerSideApply=true
|
||||||
- RespectIgnoreDifferences=true
|
- RespectIgnoreDifferences=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
ignoreDifferences:
|
ignoreDifferences:
|
||||||
- group: apps
|
- group: apps
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.spec.template.spec.initContainers[]?.resources'
|
- '.spec.template.spec.initContainers[]?.resources'
|
||||||
- '.spec.template.spec.containers[]?.resources'
|
- '.spec.template.spec.containers[]?.resources'
|
||||||
- group: apps
|
- group: apps
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.spec.template.spec.initContainers[]?.resources'
|
- '.spec.template.spec.initContainers[]?.resources'
|
||||||
- '.spec.template.spec.containers[]?.resources'
|
- '.spec.template.spec.containers[]?.resources'
|
||||||
- group: admissionregistration.k8s.io
|
- group: admissionregistration.k8s.io
|
||||||
kind: MutatingWebhookConfiguration
|
kind: MutatingWebhookConfiguration
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.webhooks[]?.clientConfig.caBundle'
|
- '.webhooks[]?.clientConfig.caBundle'
|
||||||
- group: admissionregistration.k8s.io
|
- group: admissionregistration.k8s.io
|
||||||
kind: ValidatingWebhookConfiguration
|
kind: ValidatingWebhookConfiguration
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.webhooks[]?.clientConfig.caBundle'
|
- '.webhooks[]?.clientConfig.caBundle'
|
||||||
---
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
|
@ -161,7 +161,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: cilium-cni
|
releaseName: cilium-cni
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/cilium/values.yaml
|
- $values/cilium/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -173,22 +173,22 @@ spec:
|
||||||
namespace: kube-cilium
|
namespace: kube-cilium
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
- ServerSideApply=true
|
- ServerSideApply=true
|
||||||
- RespectIgnoreDifferences=true
|
- RespectIgnoreDifferences=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
ignoreDifferences:
|
ignoreDifferences:
|
||||||
- group: apps
|
- group: apps
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.spec.template.spec.containers[]?.resources'
|
- '.spec.template.spec.containers[]?.resources'
|
||||||
- group: apps
|
- group: apps
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
jqPathExpressions:
|
jqPathExpressions:
|
||||||
- '.spec.template.spec.initContainers[]?.resources'
|
- '.spec.template.spec.initContainers[]?.resources'
|
||||||
- '.spec.template.spec.containers[]?.resources'
|
- '.spec.template.spec.containers[]?.resources'
|
||||||
- '.spec.template.metadata.annotations'
|
- '.spec.template.metadata.annotations'
|
||||||
---
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
|
@ -206,7 +206,7 @@ spec:
|
||||||
namespace: node-labeler
|
namespace: node-labeler
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -226,7 +226,7 @@ spec:
|
||||||
namespace: quota
|
namespace: quota
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -246,7 +246,7 @@ spec:
|
||||||
namespace: dashboard
|
namespace: dashboard
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -266,7 +266,7 @@ spec:
|
||||||
namespace: dashboard-staging
|
namespace: dashboard-staging
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -284,7 +284,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: loki
|
releaseName: loki
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/loki/values.yaml
|
- $values/loki/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -296,7 +296,7 @@ spec:
|
||||||
namespace: logs
|
namespace: logs
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -318,7 +318,7 @@ spec:
|
||||||
namespace: logs
|
namespace: logs
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -348,7 +348,7 @@ spec:
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -405,7 +405,7 @@ spec:
|
||||||
helm:
|
helm:
|
||||||
releaseName: cert-manager
|
releaseName: cert-manager
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/cert-manager/values.yaml
|
- $values/cert-manager/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
|
@ -417,7 +417,7 @@ spec:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -437,7 +437,7 @@ spec:
|
||||||
namespace: authentik
|
namespace: authentik
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
---
|
---
|
||||||
|
@ -457,6 +457,6 @@ spec:
|
||||||
namespace: thanos
|
namespace: thanos
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
||||||
namespace: test-deployments
|
namespace: test-deployments
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
|
|
||||||
automated:
|
automated:
|
||||||
selfHeal: false
|
selfHeal: false
|
||||||
|
|
12
argo/cm.yaml
12
argo/cm.yaml
|
@ -18,12 +18,12 @@ data:
|
||||||
hs.status = "Healthy"
|
hs.status = "Healthy"
|
||||||
return hs
|
return hs
|
||||||
resource.exclusions: |
|
resource.exclusions: |
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- cilium.io
|
- cilium.io
|
||||||
kinds:
|
kinds:
|
||||||
- CiliumIdentity
|
- CiliumIdentity
|
||||||
clusters:
|
clusters:
|
||||||
- "*"
|
- "*"
|
||||||
url: https://argo.services.yolokube.de
|
url: https://argo.services.yolokube.de
|
||||||
oidc.config: |
|
oidc.config: |
|
||||||
name: aaronID
|
name: aaronID
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
global:
|
global:
|
||||||
domain: argo.services.yolokube.de
|
domain: argo.services.yolokube.de
|
||||||
configs:
|
configs:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -37,20 +38,20 @@ metadata:
|
||||||
namespace: authentik
|
namespace: authentik
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "sso.services.yolokube.de"
|
- host: "sso.services.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: authentik-outpost
|
name: authentik-outpost
|
||||||
port:
|
port:
|
||||||
number: 9000
|
number: 9000
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- sso.services.yolokube.de
|
- sso.services.yolokube.de
|
||||||
secretName: authentik-tls-key
|
secretName: authentik-tls-key
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -76,21 +77,21 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- env:
|
||||||
- name: AUTHENTIK_HOST
|
- name: AUTHENTIK_HOST
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: authentik_host
|
key: authentik_host
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
- name: AUTHENTIK_TOKEN
|
- name: AUTHENTIK_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: token
|
key: token
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
- name: AUTHENTIK_INSECURE
|
- name: AUTHENTIK_INSECURE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: authentik_host_insecure
|
key: authentik_host_insecure
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
image: ghcr.io/goauthentik/proxy:2024.8.3
|
image: ghcr.io/goauthentik/proxy:2024.8.3
|
||||||
name: proxy
|
name: proxy
|
||||||
ports:
|
ports:
|
||||||
|
@ -104,22 +105,22 @@ spec:
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: authentik
|
name: authentik
|
||||||
namespace: authentik
|
namespace: authentik
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- X-authentik-username
|
- X-authentik-username
|
||||||
- X-authentik-groups
|
- X-authentik-groups
|
||||||
- X-authentik-email
|
- X-authentik-email
|
||||||
- X-authentik-name
|
- X-authentik-name
|
||||||
- X-authentik-uid
|
- X-authentik-uid
|
||||||
- X-authentik-jwt
|
- X-authentik-jwt
|
||||||
- X-authentik-grafana-role
|
- X-authentik-grafana-role
|
||||||
- X-authentik-meta-jwks
|
- X-authentik-meta-jwks
|
||||||
- X-authentik-meta-outpost
|
- X-authentik-meta-outpost
|
||||||
- X-authentik-meta-provider
|
- X-authentik-meta-provider
|
||||||
- X-authentik-meta-app
|
- X-authentik-meta-app
|
||||||
- X-authentik-meta-version
|
- X-authentik-meta-version
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -2,29 +2,29 @@
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: letsencrypt-prod
|
name: letsencrypt-prod
|
||||||
spec:
|
spec:
|
||||||
acme:
|
acme:
|
||||||
email: letsencrypt@ar21.de
|
email: letsencrypt@ar21.de
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
privateKeySecretRef:
|
privateKeySecretRef:
|
||||||
name: letsencrypt-prod-key
|
name: letsencrypt-prod-key
|
||||||
solvers:
|
solvers:
|
||||||
- http01:
|
- http01:
|
||||||
ingress:
|
ingress:
|
||||||
class: traefik
|
class: traefik
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: letsencrypt-staging
|
name: letsencrypt-staging
|
||||||
spec:
|
spec:
|
||||||
acme:
|
acme:
|
||||||
email: letsencrypt@ar21.de
|
email: letsencrypt@ar21.de
|
||||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
privateKeySecretRef:
|
privateKeySecretRef:
|
||||||
name: letsencrypt-staging-key
|
name: letsencrypt-staging-key
|
||||||
solvers:
|
solvers:
|
||||||
- http01:
|
- http01:
|
||||||
ingress:
|
ingress:
|
||||||
class: traefik
|
class: traefik
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
replicaCount: 3
|
replicaCount: 3
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
encryption:
|
encryption:
|
||||||
enabled: false
|
enabled: false
|
||||||
ipam:
|
ipam:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -21,17 +22,17 @@ spec:
|
||||||
app: dashboard
|
app: dashboard
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: dashboard
|
- name: dashboard
|
||||||
image: git.ar21.de/yolokube/dashboard:latest
|
image: git.ar21.de/yolokube/dashboard:latest
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /
|
||||||
port: 8080
|
port: 8080
|
||||||
initialDelaySeconds: 4
|
initialDelaySeconds: 4
|
||||||
periodSeconds: 3
|
periodSeconds: 3
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -55,17 +56,17 @@ metadata:
|
||||||
namespace: dashboard
|
namespace: dashboard
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "dashboard.services.yolokube.de"
|
- host: "dashboard.services.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: dashboard-service
|
name: dashboard-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- dashboard.services.yolokube.de
|
- dashboard.services.yolokube.de
|
||||||
secretName: dashboard-tls-key
|
secretName: dashboard-tls-key
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- dashboard.yaml
|
- dashboard.yaml
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
|
---
|
||||||
resources:
|
resources:
|
||||||
- ../../base
|
- ../../base
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
images:
|
images:
|
||||||
- name: git.ar21.de/yolokube/dashboard
|
- name: git.ar21.de/yolokube/dashboard
|
||||||
newName: git.ar21.de/yolokube/dashboard
|
newName: git.ar21.de/yolokube/dashboard
|
||||||
newTag: "96"
|
newTag: "96"
|
||||||
namespace: dashboard
|
namespace: dashboard
|
||||||
|
|
|
@ -1,31 +1,32 @@
|
||||||
|
---
|
||||||
resources:
|
resources:
|
||||||
- ../../base
|
- ../../base
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
images:
|
images:
|
||||||
- name: git.ar21.de/yolokube/dashboard
|
- name: git.ar21.de/yolokube/dashboard
|
||||||
newName: git.ar21.de/yolokube/dashboard
|
newName: git.ar21.de/yolokube/dashboard
|
||||||
newTag: staging-95
|
newTag: staging-95
|
||||||
namespace: dashboard-staging
|
namespace: dashboard-staging
|
||||||
patches:
|
patches:
|
||||||
- patch: |-
|
- patch: |-
|
||||||
- op: replace
|
- op: replace
|
||||||
path: /spec/rules/0/host
|
path: /spec/rules/0/host
|
||||||
value: "dashboard-staging.services.yolokube.de"
|
value: "dashboard-staging.services.yolokube.de"
|
||||||
target:
|
target:
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
name: dashboard-ingress
|
name: dashboard-ingress
|
||||||
- patch: |-
|
- patch: |-
|
||||||
- op: replace
|
- op: replace
|
||||||
path: /spec/tls/0/hosts/0
|
path: /spec/tls/0/hosts/0
|
||||||
value: "dashboard-staging.services.yolokube.de"
|
value: "dashboard-staging.services.yolokube.de"
|
||||||
target:
|
target:
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
name: dashboard-ingress
|
name: dashboard-ingress
|
||||||
- patch: |-
|
- patch: |-
|
||||||
- op: replace
|
- op: replace
|
||||||
path: /spec/replicas
|
path: /spec/replicas
|
||||||
value: 1
|
value: 1
|
||||||
target:
|
target:
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: dashboard-deployment
|
name: dashboard-deployment
|
||||||
|
|
|
@ -37,17 +37,17 @@ spec:
|
||||||
app: example
|
app: example
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: example
|
- name: example
|
||||||
image: testcontainers/helloworld
|
image: testcontainers/helloworld
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: "/var/www/html"
|
- mountPath: "/var/www/html"
|
||||||
name: example-volume
|
name: example-volume
|
||||||
volumes:
|
volumes:
|
||||||
- name: example-volume
|
- name: example-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: example-pvc
|
claimName: example-pvc
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -75,17 +75,17 @@ metadata:
|
||||||
namespace: example
|
namespace: example
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "example.apps.yolokube.de"
|
- host: "example.apps.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: example-service
|
name: example-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- example.apps.yolokube.de
|
- example.apps.yolokube.de
|
||||||
secretName: example-tls-key
|
secretName: example-tls-key
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
controller:
|
controller:
|
||||||
enableSnippets: true
|
enableSnippets: true
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loki:
|
loki:
|
||||||
auth_enabled: false
|
auth_enabled: false
|
||||||
persistence:
|
persistence:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: longhorn.io/v1beta1
|
apiVersion: longhorn.io/v1beta1
|
||||||
kind: RecurringJob
|
kind: RecurringJob
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -7,11 +8,11 @@ type: Opaque
|
||||||
data:
|
data:
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
|
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
|
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
|
||||||
#ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
|
# ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
|
||||||
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
|
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
|
||||||
#ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
|
# ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
|
||||||
#ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
|
# ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
|
||||||
#ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
|
# ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# this is the storageclass manifest for the logs and metrics volumes
|
# this is the storageclass manifest for the logs and metrics volumes
|
||||||
kind: StorageClass
|
kind: StorageClass
|
||||||
apiVersion: storage.k8s.io/v1
|
apiVersion: storage.k8s.io/v1
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
persistence:
|
persistence:
|
||||||
recurringJobSelector:
|
recurringJobSelector:
|
||||||
enable: true
|
enable: true
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
kind: VolumeSnapshotClass
|
kind: VolumeSnapshotClass
|
||||||
apiVersion: snapshot.storage.k8s.io/v1
|
apiVersion: snapshot.storage.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -37,17 +37,17 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 82
|
fsGroup: 82
|
||||||
containers:
|
containers:
|
||||||
- name: paste
|
- name: paste
|
||||||
image: privatebin/nginx-fpm-alpine
|
image: privatebin/nginx-fpm-alpine
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: "/srv/data"
|
- mountPath: "/srv/data"
|
||||||
name: paste-volume
|
name: paste-volume
|
||||||
volumes:
|
volumes:
|
||||||
- name: paste-volume
|
- name: paste-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: paste-pvc
|
claimName: paste-pvc
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -71,17 +71,17 @@ metadata:
|
||||||
namespace: paste
|
namespace: paste
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "paste.apps.yolokube.de"
|
- host: "paste.apps.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: paste-service
|
name: paste-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- paste.apps.yolokube.de
|
- paste.apps.yolokube.de
|
||||||
secretName: paste-tls-key
|
secretName: paste-tls-key
|
||||||
|
|
|
@ -10,114 +10,114 @@ spec:
|
||||||
groups:
|
groups:
|
||||||
- name: hardware
|
- name: hardware
|
||||||
rules:
|
rules:
|
||||||
- alert: MemoryHigh
|
- alert: MemoryHigh
|
||||||
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
|
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "Memory over 80%"
|
summary: "Memory over 80%"
|
||||||
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
|
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
|
||||||
- alert: DiskspaceLow
|
- alert: DiskspaceLow
|
||||||
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
|
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
|
||||||
for: 1m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "Free disk space at {{ $value }}%"
|
summary: "Free disk space at {{ $value }}%"
|
||||||
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
|
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
|
||||||
- alert: HostMemoryUnderMemoryPressure
|
- alert: HostMemoryUnderMemoryPressure
|
||||||
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
|
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host memory under memory pressure {{ $labels.node }}
|
summary: Host memory under memory pressure {{ $labels.node }}
|
||||||
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
- alert: HostUnusualDiskReadRate
|
- alert: HostUnusualDiskReadRate
|
||||||
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
|
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host unusual disk read rate {{ $labels.node }}
|
summary: Host unusual disk read rate {{ $labels.node }}
|
||||||
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
- alert: HostUnusualDiskWriteRate
|
- alert: HostUnusualDiskWriteRate
|
||||||
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
|
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
|
||||||
for: 3m
|
for: 3m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host unusual disk write rate {{ $labels.node }}
|
summary: Host unusual disk write rate {{ $labels.node }}
|
||||||
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
- alert: HostCpuStealNoisyNeighbor
|
- alert: HostCpuStealNoisyNeighbor
|
||||||
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
|
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
|
||||||
for: 1m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host CPU steal noisy neighbor {{ $labels.node }}
|
summary: Host CPU steal noisy neighbor {{ $labels.node }}
|
||||||
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
- alert: HostPhysicalComponentTooHot
|
- alert: HostPhysicalComponentTooHot
|
||||||
expr: node_hwmon_temp_celsius > 90
|
expr: node_hwmon_temp_celsius > 90
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host physical component too hot {{ $labels.node }}
|
summary: Host physical component too hot {{ $labels.node }}
|
||||||
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
|
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
|
||||||
- alert: SMARTbad
|
- alert: SMARTbad
|
||||||
expr: smartmon_device_smart_healthy < 1
|
expr: smartmon_device_smart_healthy < 1
|
||||||
for: 0m
|
for: 0m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
|
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
|
||||||
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
- alert: "SMARTcheck too old"
|
- alert: "SMARTcheck too old"
|
||||||
expr: (time() - smartmon_smartctl_run) > 10800
|
expr: (time() - smartmon_smartctl_run) > 10800
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "SMARTcheck not running"
|
summary: "SMARTcheck not running"
|
||||||
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||||
- alert: "ECC Memory errors"
|
- alert: "ECC Memory errors"
|
||||||
expr: (node_edac_correctable_errors_total) > 100
|
expr: (node_edac_correctable_errors_total) > 100
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "ECC errors on {{ $labels.node }}"
|
summary: "ECC errors on {{ $labels.node }}"
|
||||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
|
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
|
||||||
- alert: "ECC Memory uncorrectable errors"
|
- alert: "ECC Memory uncorrectable errors"
|
||||||
expr: (node_edac_uncorrectable_errors_total) > 0
|
expr: (node_edac_uncorrectable_errors_total) > 0
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
summary: "ECC errors on {{ $labels.node }}"
|
summary: "ECC errors on {{ $labels.node }}"
|
||||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
|
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
|
||||||
- name: etcdbackup
|
- name: etcdbackup
|
||||||
rules:
|
rules:
|
||||||
- alert: "etcdbackup too old"
|
- alert: "etcdbackup too old"
|
||||||
expr: (time() - etcdbackup_time) > 10800
|
expr: (time() - etcdbackup_time) > 10800
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "etcd backup not running"
|
summary: "etcd backup not running"
|
||||||
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||||
- alert: "etcdbackup failed"
|
- alert: "etcdbackup failed"
|
||||||
expr: etcdbackup_result > 0
|
expr: etcdbackup_result > 0
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "etcdbackup failed"
|
summary: "etcdbackup failed"
|
||||||
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
|
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
|
||||||
- name: kubernetes
|
- name: kubernetes
|
||||||
rules:
|
rules:
|
||||||
- alert: KubernetesUnhealthyPod
|
- alert: KubernetesUnhealthyPod
|
||||||
expr: kube_pod_container_status_waiting_reason == 1
|
expr: kube_pod_container_status_waiting_reason == 1
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
|
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
|
||||||
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."
|
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -11,6 +12,6 @@ spec:
|
||||||
app: longhorn-manager
|
app: longhorn-manager
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
matchNames:
|
matchNames:
|
||||||
- longhorn-system
|
- longhorn-system
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: manager
|
- port: manager
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
alertmanager:
|
alertmanager:
|
||||||
alertmanagerSpec:
|
alertmanagerSpec:
|
||||||
podAntiAffinity: "hard"
|
podAntiAffinity: "hard"
|
||||||
|
@ -8,11 +9,11 @@ alertmanager:
|
||||||
- "templates"
|
- "templates"
|
||||||
storage:
|
storage:
|
||||||
volumeClaimTemplate:
|
volumeClaimTemplate:
|
||||||
spec:
|
spec:
|
||||||
accessModes: ["ReadWriteOnce"]
|
accessModes: ["ReadWriteOnce"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 5Gi
|
storage: 5Gi
|
||||||
useExistingSecret: false
|
useExistingSecret: false
|
||||||
config:
|
config:
|
||||||
global:
|
global:
|
||||||
|
@ -27,20 +28,20 @@ alertmanager:
|
||||||
receiver: 'tg1'
|
receiver: 'tg1'
|
||||||
routes:
|
routes:
|
||||||
- matchers:
|
- matchers:
|
||||||
- severity=warning
|
- severity=warning
|
||||||
receiver: 'tg1'
|
receiver: 'tg1'
|
||||||
- matchers:
|
- matchers:
|
||||||
- severity=critical
|
- severity=critical
|
||||||
receiver: 'tg1'
|
receiver: 'tg1'
|
||||||
receivers:
|
receivers:
|
||||||
- name: tg1
|
- name: tg1
|
||||||
telegram_configs:
|
telegram_configs:
|
||||||
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
||||||
chat_id: -995270884
|
chat_id: -995270884
|
||||||
api_url: "https://api.telegram.org"
|
api_url: "https://api.telegram.org"
|
||||||
send_resolved: true
|
send_resolved: true
|
||||||
parse_mode: "HTML"
|
parse_mode: "HTML"
|
||||||
message: '{{ template "telegram.aaron" .}}'
|
message: '{{ template "telegram.aaron" .}}'
|
||||||
inhibit_rules:
|
inhibit_rules:
|
||||||
- source_matchers:
|
- source_matchers:
|
||||||
- severity = critical
|
- severity = critical
|
||||||
|
@ -97,7 +98,7 @@ grafana:
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
grafana.ini:
|
grafana.ini:
|
||||||
auth:
|
auth:
|
||||||
disable_login_form: true
|
disable_login_form: true
|
||||||
|
@ -168,12 +169,12 @@ prometheus:
|
||||||
replicas: 2
|
replicas: 2
|
||||||
storageSpec:
|
storageSpec:
|
||||||
volumeClaimTemplate:
|
volumeClaimTemplate:
|
||||||
spec:
|
spec:
|
||||||
storageClassName: longhorn
|
storageClassName: longhorn
|
||||||
accessModes: ["ReadWriteOnce"]
|
accessModes: ["ReadWriteOnce"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 10Gi
|
storage: 10Gi
|
||||||
serviceMonitorNamespaceSelector:
|
serviceMonitorNamespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
prometheus: yolokube
|
prometheus: yolokube
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,51 +1,51 @@
|
||||||
#---
|
# ---
|
||||||
#apiVersion: v1
|
# apiVersion: v1
|
||||||
#kind: Namespace
|
# kind: Namespace
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: egress
|
# name: egress
|
||||||
#---
|
# ---
|
||||||
#apiVersion: apps/v1
|
# apiVersion: apps/v1
|
||||||
#kind: Deployment
|
# kind: Deployment
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: egress-deployment
|
# name: egress-deployment
|
||||||
# namespace: egress
|
# namespace: egress
|
||||||
# labels:
|
# labels:
|
||||||
# app: egress
|
# app: egress
|
||||||
#spec:
|
# spec:
|
||||||
# replicas: 3
|
# replicas: 3
|
||||||
# selector:
|
# selector:
|
||||||
# matchLabels:
|
# matchLabels:
|
||||||
# app: egress
|
# app: egress
|
||||||
# template:
|
# template:
|
||||||
# metadata:
|
# metadata:
|
||||||
# labels:
|
# labels:
|
||||||
# app: egress
|
# app: egress
|
||||||
# spec:
|
# spec:
|
||||||
# containers:
|
# containers:
|
||||||
# - name: egress
|
# - name: egress
|
||||||
# image: curlimages/curl
|
# image: curlimages/curl
|
||||||
# command: ['/usr/bin/curl']
|
# command: ['/usr/bin/curl']
|
||||||
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
|
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
|
||||||
#---
|
# ---
|
||||||
#apiVersion: apps/v1
|
# apiVersion: apps/v1
|
||||||
#kind: Deployment
|
# kind: Deployment
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: egress6-deployment
|
# name: egress6-deployment
|
||||||
# namespace: egress
|
# namespace: egress
|
||||||
# labels:
|
# labels:
|
||||||
# app: egress6
|
# app: egress6
|
||||||
#spec:
|
# spec:
|
||||||
# replicas: 3
|
# replicas: 3
|
||||||
# selector:
|
# selector:
|
||||||
# matchLabels:
|
# matchLabels:
|
||||||
# app: egress6
|
# app: egress6
|
||||||
# template:
|
# template:
|
||||||
# metadata:
|
# metadata:
|
||||||
# labels:
|
# labels:
|
||||||
# app: egress6
|
# app: egress6
|
||||||
# spec:
|
# spec:
|
||||||
# containers:
|
# containers:
|
||||||
# - name: egress6
|
# - name: egress6
|
||||||
# image: curlimages/curl
|
# image: curlimages/curl
|
||||||
# command: ['/usr/bin/curl']
|
# command: ['/usr/bin/curl']
|
||||||
# args: ['-s', '-L', '-6', 'ip.hetzner.com']
|
# args: ['-s', '-L', '-6', 'ip.hetzner.com']
|
||||||
|
|
|
@ -23,10 +23,10 @@ spec:
|
||||||
app: test1
|
app: test1
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: test1
|
- name: test1
|
||||||
image: containous/whoami
|
image: containous/whoami
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -51,17 +51,17 @@ metadata:
|
||||||
namespace: aaron-test
|
namespace: aaron-test
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "test.services.yolokube.de"
|
- host: "test.services.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: test1-service
|
name: test1-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- test.services.yolokube.de
|
- test.services.yolokube.de
|
||||||
secretName: test2-tls-key
|
secretName: test2-tls-key
|
||||||
|
|
|
@ -1,88 +1,88 @@
|
||||||
### example app "privatebin" to test storage
|
# ## example app "privatebin" to test storage
|
||||||
#---
|
# ---
|
||||||
#apiVersion: v1
|
# apiVersion: v1
|
||||||
#kind: Namespace
|
# kind: Namespace
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: paste
|
# name: paste
|
||||||
#---
|
# ---
|
||||||
#apiVersion: v1
|
# apiVersion: v1
|
||||||
#kind: PersistentVolumeClaim
|
# kind: PersistentVolumeClaim
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: paste-pvc
|
# name: paste-pvc
|
||||||
# namespace: paste
|
# namespace: paste
|
||||||
#spec:
|
# spec:
|
||||||
# accessModes:
|
# accessModes:
|
||||||
# - ReadWriteOnce
|
# - ReadWriteOnce
|
||||||
# volumeMode: Filesystem
|
# volumeMode: Filesystem
|
||||||
# resources:
|
# resources:
|
||||||
# requests:
|
# requests:
|
||||||
# storage: 8Gi
|
# storage: 8Gi
|
||||||
#---
|
# ---
|
||||||
#apiVersion: apps/v1
|
# apiVersion: apps/v1
|
||||||
#kind: Deployment
|
# kind: Deployment
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: paste-deployment
|
# name: paste-deployment
|
||||||
# namespace: paste
|
# namespace: paste
|
||||||
# labels:
|
# labels:
|
||||||
# app: paste
|
# app: paste
|
||||||
#spec:
|
# spec:
|
||||||
# replicas: 1
|
# replicas: 1
|
||||||
# selector:
|
# selector:
|
||||||
# matchLabels:
|
# matchLabels:
|
||||||
# app: paste
|
# app: paste
|
||||||
# template:
|
# template:
|
||||||
# metadata:
|
# metadata:
|
||||||
# labels:
|
# labels:
|
||||||
# app: paste
|
# app: paste
|
||||||
# spec:
|
# spec:
|
||||||
# securityContext:
|
# securityContext:
|
||||||
# fsGroup: 82
|
# fsGroup: 82
|
||||||
# containers:
|
# containers:
|
||||||
# - name: paste
|
# - name: paste
|
||||||
# image: privatebin/nginx-fpm-alpine
|
# image: privatebin/nginx-fpm-alpine
|
||||||
# ports:
|
# ports:
|
||||||
# - containerPort: 8080
|
# - containerPort: 8080
|
||||||
# volumeMounts:
|
# volumeMounts:
|
||||||
# - mountPath: "/srv/data"
|
# - mountPath: "/srv/data"
|
||||||
# name: paste-volume
|
# name: paste-volume
|
||||||
# volumes:
|
# volumes:
|
||||||
# - name: paste-volume
|
# - name: paste-volume
|
||||||
# persistentVolumeClaim:
|
# persistentVolumeClaim:
|
||||||
# claimName: paste-pvc
|
# claimName: paste-pvc
|
||||||
#---
|
# ---
|
||||||
#apiVersion: v1
|
# apiVersion: v1
|
||||||
#kind: Service
|
# kind: Service
|
||||||
#metadata:
|
# metadata:
|
||||||
# name: paste-service
|
# name: paste-service
|
||||||
# namespace: paste
|
# namespace: paste
|
||||||
#spec:
|
# spec:
|
||||||
# selector:
|
# selector:
|
||||||
# app: paste
|
# app: paste
|
||||||
# ports:
|
# ports:
|
||||||
# - protocol: TCP
|
# - protocol: TCP
|
||||||
# port: 80
|
# port: 80
|
||||||
# targetPort: 8080
|
# targetPort: 8080
|
||||||
#---
|
# ---
|
||||||
#apiVersion: networking.k8s.io/v1
|
# apiVersion: networking.k8s.io/v1
|
||||||
#kind: Ingress
|
# kind: Ingress
|
||||||
#metadata:
|
# metadata:
|
||||||
# annotations:
|
# annotations:
|
||||||
# kubernetes.io/tls-acme: "true"
|
# kubernetes.io/tls-acme: "true"
|
||||||
# name: paste-ingress
|
# name: paste-ingress
|
||||||
# namespace: paste
|
# namespace: paste
|
||||||
#spec:
|
# spec:
|
||||||
# rules:
|
# rules:
|
||||||
# - host: "paste.apps.yolokube.de"
|
# - host: "paste.apps.yolokube.de"
|
||||||
# http:
|
# http:
|
||||||
# paths:
|
# paths:
|
||||||
# - pathType: Prefix
|
# - pathType: Prefix
|
||||||
# path: "/"
|
# path: "/"
|
||||||
# backend:
|
# backend:
|
||||||
# service:
|
# service:
|
||||||
# name: paste-service
|
# name: paste-service
|
||||||
# port:
|
# port:
|
||||||
# number: 80
|
# number: 80
|
||||||
# tls:
|
# tls:
|
||||||
# - hosts:
|
# - hosts:
|
||||||
# - paste.apps.yolokube.de
|
# - paste.apps.yolokube.de
|
||||||
# secretName: paste-tls-key
|
# secretName: paste-tls-key
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -95,17 +95,17 @@ metadata:
|
||||||
namespace: thanos
|
namespace: thanos
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "thanos.services.yolokube.de"
|
- host: "thanos.services.yolokube.de"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: querier
|
name: querier
|
||||||
port:
|
port:
|
||||||
name: http
|
name: http
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- thanos.services.yolokube.de
|
- thanos.services.yolokube.de
|
||||||
secretName: thanos-tls-key
|
secretName: thanos-tls-key
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: IngressClass
|
kind: IngressClass
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
deployment:
|
deployment:
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
minReadySeconds: 120
|
minReadySeconds: 120
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
controlPlane:
|
controlPlane:
|
||||||
distro:
|
distro:
|
||||||
k8s:
|
k8s:
|
||||||
|
@ -18,7 +19,7 @@ controlPlane:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
proxy:
|
proxy:
|
||||||
extraSANs:
|
extraSANs:
|
||||||
- vcluster.k8s.ar21.de
|
- vcluster.k8s.ar21.de
|
||||||
exportKubeConfig:
|
exportKubeConfig:
|
||||||
server: https://vcluster.k8s.ar21.de:443
|
server: https://vcluster.k8s.ar21.de:443
|
||||||
sync:
|
sync:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRouteTCP
|
kind: IngressRouteTCP
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -7,9 +8,9 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: HostSNI(`vcluster.k8s.ar21.de`)
|
- match: HostSNI(`vcluster.k8s.ar21.de`)
|
||||||
services:
|
services:
|
||||||
- name: ar
|
- name: ar
|
||||||
port: 443
|
port: 443
|
||||||
tls:
|
tls:
|
||||||
passthrough: true
|
passthrough: true
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
controlPlane:
|
controlPlane:
|
||||||
distro:
|
distro:
|
||||||
k8s:
|
k8s:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: viaduct.ai/v1
|
apiVersion: viaduct.ai/v1
|
||||||
kind: ksops
|
kind: ksops
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
|
---
|
||||||
server:
|
server:
|
||||||
ingress:
|
ingress:
|
||||||
# -- Enable the ingress for the server component
|
# -- Enable the ingress for the server component
|
||||||
enabled: true
|
enabled: true
|
||||||
# -- Add annotations to the ingress
|
# -- Add annotations to the ingress
|
||||||
annotations:
|
annotations:
|
||||||
# kubernetes.io/ingress.class: nginx
|
# kubernetes.io/ingress.class: nginx
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
hosts:
|
hosts:
|
||||||
- host: woodpecker.ar21.de
|
- host: woodpecker.ar21.de
|
||||||
|
@ -15,7 +16,7 @@ server:
|
||||||
servicePort: 80
|
servicePort: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- woodpecker.ar21.de
|
- woodpecker.ar21.de
|
||||||
secretName: woodpecker-tls-key
|
secretName: woodpecker-tls-key
|
||||||
statefulSet:
|
statefulSet:
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
Loading…
Reference in a new issue