Merge pull request 'Add yamllint to Woodpecker CI' (#154) from improce_ci into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful

Reviewed-on: #154
Reviewed-by: Aaron Riedel <git@ar21.de>
This commit is contained in:
Tom Neuber 2024-10-07 13:45:49 +02:00
commit e868463399
67 changed files with 702 additions and 631 deletions

View file

@ -1,88 +1,89 @@
---
kind: pipeline kind: pipeline
name: deploy name: deploy
steps: steps:
- name: kustomize build dashboard (prod + staging) - name: kustomize build dashboard (prod + staging)
image: git.ar21.de/aaron/kustomize-ci image: git.ar21.de/aaron/kustomize-ci
commands: commands:
- cd /deployment-repo - cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git . - git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /deployment-repo/dashboard/overlays/prod - cd /deployment-repo/dashboard/overlays/prod
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml - kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
- cd /deployment-repo/dashboard/overlays/staging - cd /deployment-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml - kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes: volumes:
- name: deployment-repo - name: deployment-repo
path: /deployment-repo path: /deployment-repo
when: when:
branch: branch:
- main
event:
- push
- name: kustomize build dashboard (staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes:
- name: deployment-repo
path: /deployment-repo
- name: staging-repo
path: /staging-repo
when:
branch:
exclude:
- main - main
event: event:
- push - push
- name: kustomize push dashboard changes (prod + staging) - name: kustomize build dashboard (staging)
image: appleboy/drone-git-push image: git.ar21.de/aaron/kustomize-ci
settings: commands:
branch: main - cd /deployment-repo
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git - git clone https://git.ar21.de/yolokube/core-deployments.git .
path: /deployment-repo - cd /staging-repo
force: false - git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
commit: true - cd /staging-repo/dashboard/overlays/staging
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]" - kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
ssh_key: volumes:
from_secret: GITEA_SSH_KEY - name: deployment-repo
volumes: path: /deployment-repo
- name: deployment-repo - name: staging-repo
path: /deployment-repo path: /staging-repo
when: when:
branch: branch:
- main exclude:
event: - main
- push event:
- name: kustomize push dashboard changes (staging) - push
image: appleboy/drone-git-push - name: kustomize push dashboard changes (prod + staging)
settings: image: appleboy/drone-git-push
branch: main settings:
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git branch: main
path: /deployment-repo remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
force: false path: /deployment-repo
commit: true force: false
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]" commit: true
ssh_key: commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
from_secret: GITEA_SSH_KEY ssh_key:
volumes: from_secret: GITEA_SSH_KEY
- name: deployment-repo volumes:
path: /deployment-repo - name: deployment-repo
when: path: /deployment-repo
branch: when:
exclude: branch:
- main - main
event: event:
- push - push
- name: kustomize push dashboard changes (staging)
image: appleboy/drone-git-push
settings:
branch: main
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
path: /deployment-repo
force: false
commit: true
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
ssh_key:
from_secret: GITEA_SSH_KEY
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
exclude:
- main
event:
- push
volumes: volumes:
- name: deployment-repo - name: deployment-repo
temp: {} temp: {}
- name: staging-repo - name: staging-repo
temp: {} temp: {}
when: when:
event: event:
exclude: exclude:
- pull_request - pull_request

View file

@ -0,0 +1,8 @@
---
steps:
- name: linting
image: cytopia/yamllint:latest
commands:
- yamllint -f colored -s .
when:
- event: push

10
.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
extends: default
rules:
line-length: disable

View file

@ -28,12 +28,12 @@ spec:
project: default project: default
sources: sources:
- chart: woodpecker - chart: woodpecker
repoURL: https://woodpecker-ci.org/ repoURL: https://woodpecker-ci.org/
targetRevision: 1.6.0 targetRevision: 1.6.0
helm: helm:
releaseName: woodpecker releaseName: woodpecker
valueFiles: valueFiles:
- $values/woodpecker/values/values.yaml - $values/woodpecker/values/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -45,7 +45,7 @@ spec:
namespace: woodpecker namespace: woodpecker
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -65,7 +65,7 @@ spec:
namespace: paste namespace: paste
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
selfHeal: false selfHeal: false
prune: false prune: false

View file

@ -13,7 +13,7 @@ spec:
helm: helm:
releaseName: traefik releaseName: traefik
valueFiles: valueFiles:
- $values/traefik/values.yaml - $values/traefik/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -25,7 +25,7 @@ spec:
namespace: traefik namespace: traefik
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -43,7 +43,7 @@ spec:
helm: helm:
releaseName: argo releaseName: argo
valueFiles: valueFiles:
- $values/argo/values.yaml - $values/argo/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -55,7 +55,7 @@ spec:
namespace: argocd namespace: argocd
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
selfHeal: true selfHeal: true
prune: false prune: false
@ -70,11 +70,11 @@ spec:
sources: sources:
- repoURL: https://charts.longhorn.io - repoURL: https://charts.longhorn.io
chart: longhorn chart: longhorn
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/ targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
helm: helm:
releaseName: longhorn releaseName: longhorn
valueFiles: valueFiles:
- $values/longhorn/values.yaml - $values/longhorn/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -82,17 +82,17 @@ spec:
targetRevision: HEAD targetRevision: HEAD
path: longhorn path: longhorn
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git - repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/ targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
path: client/config/crd path: client/config/crd
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git - repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/ targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
path: deploy/kubernetes/snapshot-controller path: deploy/kubernetes/snapshot-controller
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: longhorn-system namespace: longhorn-system
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -110,7 +110,7 @@ spec:
helm: helm:
releaseName: prometheus releaseName: prometheus
valueFiles: valueFiles:
- $values/prometheus/values.yaml - $values/prometheus/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -122,30 +122,30 @@ spec:
namespace: prometheus namespace: prometheus
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
- ServerSideApply=true - ServerSideApply=true
- RespectIgnoreDifferences=true - RespectIgnoreDifferences=true
automated: automated:
prune: false prune: false
ignoreDifferences: ignoreDifferences:
- group: apps - group: apps
kind: Deployment kind: Deployment
jqPathExpressions: jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources' - '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources' - '.spec.template.spec.containers[]?.resources'
- group: apps - group: apps
kind: DaemonSet kind: DaemonSet
jqPathExpressions: jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources' - '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources' - '.spec.template.spec.containers[]?.resources'
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
jqPathExpressions: jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle' - '.webhooks[]?.clientConfig.caBundle'
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
jqPathExpressions: jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle' - '.webhooks[]?.clientConfig.caBundle'
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
@ -161,7 +161,7 @@ spec:
helm: helm:
releaseName: cilium-cni releaseName: cilium-cni
valueFiles: valueFiles:
- $values/cilium/values.yaml - $values/cilium/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -173,22 +173,22 @@ spec:
namespace: kube-cilium namespace: kube-cilium
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
- ServerSideApply=true - ServerSideApply=true
- RespectIgnoreDifferences=true - RespectIgnoreDifferences=true
automated: automated:
prune: false prune: false
ignoreDifferences: ignoreDifferences:
- group: apps - group: apps
kind: Deployment kind: Deployment
jqPathExpressions: jqPathExpressions:
- '.spec.template.spec.containers[]?.resources' - '.spec.template.spec.containers[]?.resources'
- group: apps - group: apps
kind: DaemonSet kind: DaemonSet
jqPathExpressions: jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources' - '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources' - '.spec.template.spec.containers[]?.resources'
- '.spec.template.metadata.annotations' - '.spec.template.metadata.annotations'
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
@ -206,7 +206,7 @@ spec:
namespace: node-labeler namespace: node-labeler
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -226,7 +226,7 @@ spec:
namespace: quota namespace: quota
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -246,7 +246,7 @@ spec:
namespace: dashboard namespace: dashboard
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -266,7 +266,7 @@ spec:
namespace: dashboard-staging namespace: dashboard-staging
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -284,7 +284,7 @@ spec:
helm: helm:
releaseName: loki releaseName: loki
valueFiles: valueFiles:
- $values/loki/values.yaml - $values/loki/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -296,7 +296,7 @@ spec:
namespace: logs namespace: logs
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -318,7 +318,7 @@ spec:
namespace: logs namespace: logs
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -348,7 +348,7 @@ spec:
namespace: kube-system namespace: kube-system
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -405,7 +405,7 @@ spec:
helm: helm:
releaseName: cert-manager releaseName: cert-manager
valueFiles: valueFiles:
- $values/cert-manager/values.yaml - $values/cert-manager/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
@ -417,7 +417,7 @@ spec:
namespace: cert-manager namespace: cert-manager
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -437,7 +437,7 @@ spec:
namespace: authentik namespace: authentik
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
--- ---
@ -457,6 +457,6 @@ spec:
namespace: thanos namespace: thanos
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false

View file

@ -35,7 +35,7 @@ spec:
namespace: test-deployments namespace: test-deployments
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
selfHeal: false selfHeal: false

View file

@ -18,12 +18,12 @@ data:
hs.status = "Healthy" hs.status = "Healthy"
return hs return hs
resource.exclusions: | resource.exclusions: |
- apiGroups: - apiGroups:
- cilium.io - cilium.io
kinds: kinds:
- CiliumIdentity - CiliumIdentity
clusters: clusters:
- "*" - "*"
url: https://argo.services.yolokube.de url: https://argo.services.yolokube.de
oidc.config: | oidc.config: |
name: aaronID name: aaronID

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
global: global:
domain: argo.services.yolokube.de domain: argo.services.yolokube.de
configs: configs:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
@ -37,20 +38,20 @@ metadata:
namespace: authentik namespace: authentik
spec: spec:
rules: rules:
- host: "sso.services.yolokube.de" - host: "sso.services.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: authentik-outpost name: authentik-outpost
port: port:
number: 9000 number: 9000
tls: tls:
- hosts: - hosts:
- sso.services.yolokube.de - sso.services.yolokube.de
secretName: authentik-tls-key secretName: authentik-tls-key
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -76,21 +77,21 @@ spec:
spec: spec:
containers: containers:
- env: - env:
- name: AUTHENTIK_HOST - name: AUTHENTIK_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: authentik_host key: authentik_host
name: authentik-outpost-api name: authentik-outpost-api
- name: AUTHENTIK_TOKEN - name: AUTHENTIK_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: token key: token
name: authentik-outpost-api name: authentik-outpost-api
- name: AUTHENTIK_INSECURE - name: AUTHENTIK_INSECURE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: authentik_host_insecure key: authentik_host_insecure
name: authentik-outpost-api name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.8.3 image: ghcr.io/goauthentik/proxy:2024.8.3
name: proxy name: proxy
ports: ports:
@ -104,22 +105,22 @@ spec:
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: authentik name: authentik
namespace: authentik namespace: authentik
spec: spec:
forwardAuth: forwardAuth:
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true trustForwardHeader: true
authResponseHeaders: authResponseHeaders:
- X-authentik-username - X-authentik-username
- X-authentik-groups - X-authentik-groups
- X-authentik-email - X-authentik-email
- X-authentik-name - X-authentik-name
- X-authentik-uid - X-authentik-uid
- X-authentik-jwt - X-authentik-jwt
- X-authentik-grafana-role - X-authentik-grafana-role
- X-authentik-meta-jwks - X-authentik-meta-jwks
- X-authentik-meta-outpost - X-authentik-meta-outpost
- X-authentik-meta-provider - X-authentik-meta-provider
- X-authentik-meta-app - X-authentik-meta-app
- X-authentik-meta-version - X-authentik-meta-version

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -2,29 +2,29 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-prod name: letsencrypt-prod
spec: spec:
acme: acme:
email: letsencrypt@ar21.de email: letsencrypt@ar21.de
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-prod-key name: letsencrypt-prod-key
solvers: solvers:
- http01: - http01:
ingress: ingress:
class: traefik class: traefik
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-staging name: letsencrypt-staging
spec: spec:
acme: acme:
email: letsencrypt@ar21.de email: letsencrypt@ar21.de
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-staging-key name: letsencrypt-staging-key
solvers: solvers:
- http01: - http01:
ingress: ingress:
class: traefik class: traefik

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
namespace: cert-manager namespace: cert-manager
replicaCount: 3 replicaCount: 3
podDisruptionBudget: podDisruptionBudget:

View file

@ -1,3 +1,4 @@
---
encryption: encryption:
enabled: false enabled: false
ipam: ipam:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
@ -21,17 +22,17 @@ spec:
app: dashboard app: dashboard
spec: spec:
containers: containers:
- name: dashboard - name: dashboard
image: git.ar21.de/yolokube/dashboard:latest image: git.ar21.de/yolokube/dashboard:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8080 - containerPort: 8080
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
port: 8080 port: 8080
initialDelaySeconds: 4 initialDelaySeconds: 4
periodSeconds: 3 periodSeconds: 3
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -55,17 +56,17 @@ metadata:
namespace: dashboard namespace: dashboard
spec: spec:
rules: rules:
- host: "dashboard.services.yolokube.de" - host: "dashboard.services.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: dashboard-service name: dashboard-service
port: port:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- dashboard.services.yolokube.de - dashboard.services.yolokube.de
secretName: dashboard-tls-key secretName: dashboard-tls-key

View file

@ -1,4 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- dashboard.yaml - dashboard.yaml

View file

@ -1,9 +1,10 @@
---
resources: resources:
- ../../base - ../../base
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
images: images:
- name: git.ar21.de/yolokube/dashboard - name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard
newTag: "96" newTag: "96"
namespace: dashboard namespace: dashboard

View file

@ -1,31 +1,32 @@
---
resources: resources:
- ../../base - ../../base
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
images: images:
- name: git.ar21.de/yolokube/dashboard - name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard
newTag: staging-95 newTag: staging-95
namespace: dashboard-staging namespace: dashboard-staging
patches: patches:
- patch: |- - patch: |-
- op: replace - op: replace
path: /spec/rules/0/host path: /spec/rules/0/host
value: "dashboard-staging.services.yolokube.de" value: "dashboard-staging.services.yolokube.de"
target: target:
kind: Ingress kind: Ingress
name: dashboard-ingress name: dashboard-ingress
- patch: |- - patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
value: "dashboard-staging.services.yolokube.de" value: "dashboard-staging.services.yolokube.de"
target: target:
kind: Ingress kind: Ingress
name: dashboard-ingress name: dashboard-ingress
- patch: |- - patch: |-
- op: replace - op: replace
path: /spec/replicas path: /spec/replicas
value: 1 value: 1
target: target:
kind: Deployment kind: Deployment
name: dashboard-deployment name: dashboard-deployment

View file

@ -37,17 +37,17 @@ spec:
app: example app: example
spec: spec:
containers: containers:
- name: example - name: example
image: testcontainers/helloworld image: testcontainers/helloworld
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: volumeMounts:
- mountPath: "/var/www/html" - mountPath: "/var/www/html"
name: example-volume name: example-volume
volumes: volumes:
- name: example-volume - name: example-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: example-pvc claimName: example-pvc
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -75,17 +75,17 @@ metadata:
namespace: example namespace: example
spec: spec:
rules: rules:
- host: "example.apps.yolokube.de" - host: "example.apps.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: example-service name: example-service
port: port:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- example.apps.yolokube.de - example.apps.yolokube.de
secretName: example-tls-key secretName: example-tls-key

View file

@ -1,3 +1,4 @@
---
controller: controller:
enableSnippets: true enableSnippets: true
hostNetwork: true hostNetwork: true

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
loki: loki:
auth_enabled: false auth_enabled: false
persistence: persistence:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: longhorn.io/v1beta1 apiVersion: longhorn.io/v1beta1
kind: RecurringJob kind: RecurringJob
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -7,11 +8,11 @@ type: Opaque
data: data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str] AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str] AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
#ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment] # ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str] AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
#ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment] # ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
#ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment] # ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
#ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment] # ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []

View file

@ -1,3 +1,4 @@
---
# this is the storageclass manifest for the logs and metrics volumes # this is the storageclass manifest for the logs and metrics volumes
kind: StorageClass kind: StorageClass
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
@ -12,4 +13,4 @@ parameters:
staleReplicaTimeout: "30" staleReplicaTimeout: "30"
fromBackup: "" fromBackup: ""
fsType: "ext4" fsType: "ext4"
dataLocality: "disabled" dataLocality: "disabled"

View file

@ -1,3 +1,4 @@
---
persistence: persistence:
recurringJobSelector: recurringJobSelector:
enable: true enable: true

View file

@ -1,3 +1,4 @@
---
kind: VolumeSnapshotClass kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1 apiVersion: snapshot.storage.k8s.io/v1
metadata: metadata:
@ -16,4 +17,4 @@ metadata:
driver: driver.longhorn.io driver: driver.longhorn.io
deletionPolicy: Delete deletionPolicy: Delete
parameters: parameters:
type: snap type: snap

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
@ -78,4 +79,4 @@ subjects:
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: worker-node-labeler-role name: worker-node-labeler-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

View file

@ -37,17 +37,17 @@ spec:
securityContext: securityContext:
fsGroup: 82 fsGroup: 82
containers: containers:
- name: paste - name: paste
image: privatebin/nginx-fpm-alpine image: privatebin/nginx-fpm-alpine
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: volumeMounts:
- mountPath: "/srv/data" - mountPath: "/srv/data"
name: paste-volume name: paste-volume
volumes: volumes:
- name: paste-volume - name: paste-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: paste-pvc claimName: paste-pvc
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -71,17 +71,17 @@ metadata:
namespace: paste namespace: paste
spec: spec:
rules: rules:
- host: "paste.apps.yolokube.de" - host: "paste.apps.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: paste-service name: paste-service
port: port:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- paste.apps.yolokube.de - paste.apps.yolokube.de
secretName: paste-tls-key secretName: paste-tls-key

View file

@ -10,114 +10,114 @@ spec:
groups: groups:
- name: hardware - name: hardware
rules: rules:
- alert: MemoryHigh - alert: MemoryHigh
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80 expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "Memory over 80%" summary: "Memory over 80%"
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%" description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
- alert: DiskspaceLow - alert: DiskspaceLow
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5 expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
for: 1m for: 1m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "Free disk space at {{ $value }}%" summary: "Free disk space at {{ $value }}%"
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}" description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
- alert: HostMemoryUnderMemoryPressure - alert: HostMemoryUnderMemoryPressure
expr: rate(node_vmstat_pgmajfault[1m]) > 1000 expr: rate(node_vmstat_pgmajfault[1m]) > 1000
for: 2m for: 2m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host memory under memory pressure {{ $labels.node }} summary: Host memory under memory pressure {{ $labels.node }}
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate - alert: HostUnusualDiskReadRate
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200 expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host unusual disk read rate {{ $labels.node }} summary: Host unusual disk read rate {{ $labels.node }}
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate - alert: HostUnusualDiskWriteRate
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200 expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
for: 3m for: 3m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host unusual disk write rate {{ $labels.node }} summary: Host unusual disk write rate {{ $labels.node }}
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor - alert: HostCpuStealNoisyNeighbor
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10 expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
for: 1m for: 1m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host CPU steal noisy neighbor {{ $labels.node }} summary: Host CPU steal noisy neighbor {{ $labels.node }}
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot - alert: HostPhysicalComponentTooHot
expr: node_hwmon_temp_celsius > 90 expr: node_hwmon_temp_celsius > 90
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host physical component too hot {{ $labels.node }} summary: Host physical component too hot {{ $labels.node }}
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}" description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
- alert: SMARTbad - alert: SMARTbad
expr: smartmon_device_smart_healthy < 1 expr: smartmon_device_smart_healthy < 1
for: 0m for: 0m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }} summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: "SMARTcheck too old" - alert: "SMARTcheck too old"
expr: (time() - smartmon_smartctl_run) > 10800 expr: (time() - smartmon_smartctl_run) > 10800
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "SMARTcheck not running" summary: "SMARTcheck not running"
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.' description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "ECC Memory errors" - alert: "ECC Memory errors"
expr: (node_edac_correctable_errors_total) > 100 expr: (node_edac_correctable_errors_total) > 100
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "ECC errors on {{ $labels.node }}" summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.' description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
- alert: "ECC Memory uncorrectable errors" - alert: "ECC Memory uncorrectable errors"
expr: (node_edac_uncorrectable_errors_total) > 0 expr: (node_edac_uncorrectable_errors_total) > 0
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "ECC errors on {{ $labels.node }}" summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.' description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
- name: etcdbackup - name: etcdbackup
rules: rules:
- alert: "etcdbackup too old" - alert: "etcdbackup too old"
expr: (time() - etcdbackup_time) > 10800 expr: (time() - etcdbackup_time) > 10800
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "etcd backup not running" summary: "etcd backup not running"
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.' description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "etcdbackup failed" - alert: "etcdbackup failed"
expr: etcdbackup_result > 0 expr: etcdbackup_result > 0
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "etcdbackup failed" summary: "etcdbackup failed"
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix." description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
- name: kubernetes - name: kubernetes
rules: rules:
- alert: KubernetesUnhealthyPod - alert: KubernetesUnhealthyPod
expr: kube_pod_container_status_waiting_reason == 1 expr: kube_pod_container_status_waiting_reason == 1
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}" summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}." description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
@ -11,6 +12,6 @@ spec:
app: longhorn-manager app: longhorn-manager
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- longhorn-system - longhorn-system
endpoints: endpoints:
- port: manager - port: manager

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -12,4 +13,4 @@ data:
{{ .Annotations.description }} {{ .Annotations.description }}
{{ end }} {{ end }}
{{ end }} {{ end }}

View file

@ -1,3 +1,4 @@
---
alertmanager: alertmanager:
alertmanagerSpec: alertmanagerSpec:
podAntiAffinity: "hard" podAntiAffinity: "hard"
@ -8,11 +9,11 @@ alertmanager:
- "templates" - "templates"
storage: storage:
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 5Gi storage: 5Gi
useExistingSecret: false useExistingSecret: false
config: config:
global: global:
@ -27,20 +28,20 @@ alertmanager:
receiver: 'tg1' receiver: 'tg1'
routes: routes:
- matchers: - matchers:
- severity=warning - severity=warning
receiver: 'tg1' receiver: 'tg1'
- matchers: - matchers:
- severity=critical - severity=critical
receiver: 'tg1' receiver: 'tg1'
receivers: receivers:
- name: tg1 - name: tg1
telegram_configs: telegram_configs:
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key' - bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
chat_id: -995270884 chat_id: -995270884
api_url: "https://api.telegram.org" api_url: "https://api.telegram.org"
send_resolved: true send_resolved: true
parse_mode: "HTML" parse_mode: "HTML"
message: '{{ template "telegram.aaron" .}}' message: '{{ template "telegram.aaron" .}}'
inhibit_rules: inhibit_rules:
- source_matchers: - source_matchers:
- severity = critical - severity = critical
@ -97,7 +98,7 @@ grafana:
persistence: persistence:
enabled: true enabled: true
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
grafana.ini: grafana.ini:
auth: auth:
disable_login_form: true disable_login_form: true
@ -168,12 +169,12 @@ prometheus:
replicas: 2 replicas: 2
storageSpec: storageSpec:
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
storageClassName: longhorn storageClassName: longhorn
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi
serviceMonitorNamespaceSelector: serviceMonitorNamespaceSelector:
matchLabels: matchLabels:
prometheus: yolokube prometheus: yolokube

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
@ -109,4 +110,4 @@ subjects:
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: quotad-role name: quotad-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

View file

@ -1,51 +1,51 @@
#--- # ---
#apiVersion: v1 # apiVersion: v1
#kind: Namespace # kind: Namespace
#metadata: # metadata:
# name: egress # name: egress
#--- # ---
#apiVersion: apps/v1 # apiVersion: apps/v1
#kind: Deployment # kind: Deployment
#metadata: # metadata:
# name: egress-deployment # name: egress-deployment
# namespace: egress # namespace: egress
# labels: # labels:
# app: egress # app: egress
#spec: # spec:
# replicas: 3 # replicas: 3
# selector: # selector:
# matchLabels: # matchLabels:
# app: egress # app: egress
# template: # template:
# metadata: # metadata:
# labels: # labels:
# app: egress # app: egress
# spec: # spec:
# containers: # containers:
# - name: egress # - name: egress
# image: curlimages/curl # image: curlimages/curl
# command: ['/usr/bin/curl'] # command: ['/usr/bin/curl']
# args: ['-s', '-L', '-4', 'ip.hetzner.com'] # args: ['-s', '-L', '-4', 'ip.hetzner.com']
#--- # ---
#apiVersion: apps/v1 # apiVersion: apps/v1
#kind: Deployment # kind: Deployment
#metadata: # metadata:
# name: egress6-deployment # name: egress6-deployment
# namespace: egress # namespace: egress
# labels: # labels:
# app: egress6 # app: egress6
#spec: # spec:
# replicas: 3 # replicas: 3
# selector: # selector:
# matchLabels: # matchLabels:
# app: egress6 # app: egress6
# template: # template:
# metadata: # metadata:
# labels: # labels:
# app: egress6 # app: egress6
# spec: # spec:
# containers: # containers:
# - name: egress6 # - name: egress6
# image: curlimages/curl # image: curlimages/curl
# command: ['/usr/bin/curl'] # command: ['/usr/bin/curl']
# args: ['-s', '-L', '-6', 'ip.hetzner.com'] # args: ['-s', '-L', '-6', 'ip.hetzner.com']

View file

@ -23,10 +23,10 @@ spec:
app: test1 app: test1
spec: spec:
containers: containers:
- name: test1 - name: test1
image: containous/whoami image: containous/whoami
ports: ports:
- containerPort: 80 - containerPort: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -51,17 +51,17 @@ metadata:
namespace: aaron-test namespace: aaron-test
spec: spec:
rules: rules:
- host: "test.services.yolokube.de" - host: "test.services.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: test1-service name: test1-service
port: port:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- test.services.yolokube.de - test.services.yolokube.de
secretName: test2-tls-key secretName: test2-tls-key

View file

@ -1,88 +1,88 @@
### example app "privatebin" to test storage # ## example app "privatebin" to test storage
#--- # ---
#apiVersion: v1 # apiVersion: v1
#kind: Namespace # kind: Namespace
#metadata: # metadata:
# name: paste # name: paste
#--- # ---
#apiVersion: v1 # apiVersion: v1
#kind: PersistentVolumeClaim # kind: PersistentVolumeClaim
#metadata: # metadata:
# name: paste-pvc # name: paste-pvc
# namespace: paste # namespace: paste
#spec: # spec:
# accessModes: # accessModes:
# - ReadWriteOnce # - ReadWriteOnce
# volumeMode: Filesystem # volumeMode: Filesystem
# resources: # resources:
# requests: # requests:
# storage: 8Gi # storage: 8Gi
#--- # ---
#apiVersion: apps/v1 # apiVersion: apps/v1
#kind: Deployment # kind: Deployment
#metadata: # metadata:
# name: paste-deployment # name: paste-deployment
# namespace: paste # namespace: paste
# labels: # labels:
# app: paste # app: paste
#spec: # spec:
# replicas: 1 # replicas: 1
# selector: # selector:
# matchLabels: # matchLabels:
# app: paste # app: paste
# template: # template:
# metadata: # metadata:
# labels: # labels:
# app: paste # app: paste
# spec: # spec:
# securityContext: # securityContext:
# fsGroup: 82 # fsGroup: 82
# containers: # containers:
# - name: paste # - name: paste
# image: privatebin/nginx-fpm-alpine # image: privatebin/nginx-fpm-alpine
# ports: # ports:
# - containerPort: 8080 # - containerPort: 8080
# volumeMounts: # volumeMounts:
# - mountPath: "/srv/data" # - mountPath: "/srv/data"
# name: paste-volume # name: paste-volume
# volumes: # volumes:
# - name: paste-volume # - name: paste-volume
# persistentVolumeClaim: # persistentVolumeClaim:
# claimName: paste-pvc # claimName: paste-pvc
#--- # ---
#apiVersion: v1 # apiVersion: v1
#kind: Service # kind: Service
#metadata: # metadata:
# name: paste-service # name: paste-service
# namespace: paste # namespace: paste
#spec: # spec:
# selector: # selector:
# app: paste # app: paste
# ports: # ports:
# - protocol: TCP # - protocol: TCP
# port: 80 # port: 80
# targetPort: 8080 # targetPort: 8080
#--- # ---
#apiVersion: networking.k8s.io/v1 # apiVersion: networking.k8s.io/v1
#kind: Ingress # kind: Ingress
#metadata: # metadata:
# annotations: # annotations:
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
# name: paste-ingress # name: paste-ingress
# namespace: paste # namespace: paste
#spec: # spec:
# rules: # rules:
# - host: "paste.apps.yolokube.de" # - host: "paste.apps.yolokube.de"
# http: # http:
# paths: # paths:
# - pathType: Prefix # - pathType: Prefix
# path: "/" # path: "/"
# backend: # backend:
# service: # service:
# name: paste-service # name: paste-service
# port: # port:
# number: 80 # number: 80
# tls: # tls:
# - hosts: # - hosts:
# - paste.apps.yolokube.de # - paste.apps.yolokube.de
# secretName: paste-tls-key # secretName: paste-tls-key

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -95,17 +95,17 @@ metadata:
namespace: thanos namespace: thanos
spec: spec:
rules: rules:
- host: "thanos.services.yolokube.de" - host: "thanos.services.yolokube.de"
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: querier name: querier
port: port:
name: http name: http
tls: tls:
- hosts: - hosts:
- thanos.services.yolokube.de - thanos.services.yolokube.de
secretName: thanos-tls-key secretName: thanos-tls-key

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
@ -17,4 +18,4 @@ data:
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
NUxqM3dhMQo= NUxqM3dhMQo=

View file

@ -1,6 +1,7 @@
---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: IngressClass kind: IngressClass
metadata: metadata:
name: nginx name: nginx
spec: spec:
controller: traefik.io/ingress-controller controller: traefik.io/ingress-controller

View file

@ -1,3 +1,4 @@
---
deployment: deployment:
kind: DaemonSet kind: DaemonSet
minReadySeconds: 120 minReadySeconds: 120

View file

@ -1,3 +1,4 @@
---
controlPlane: controlPlane:
distro: distro:
k8s: k8s:
@ -18,7 +19,7 @@ controlPlane:
replicas: 3 replicas: 3
proxy: proxy:
extraSANs: extraSANs:
- vcluster.k8s.ar21.de - vcluster.k8s.ar21.de
exportKubeConfig: exportKubeConfig:
server: https://vcluster.k8s.ar21.de:443 server: https://vcluster.k8s.ar21.de:443
sync: sync:

View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP kind: IngressRouteTCP
metadata: metadata:
@ -7,9 +8,9 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: HostSNI(`vcluster.k8s.ar21.de`) - match: HostSNI(`vcluster.k8s.ar21.de`)
services: services:
- name: ar - name: ar
port: 443 port: 443
tls: tls:
passthrough: true passthrough: true

View file

@ -1,3 +1,4 @@
---
controlPlane: controlPlane:
distro: distro:
k8s: k8s:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
generators: generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1 apiVersion: viaduct.ai/v1
kind: ksops kind: ksops
metadata: metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View file

@ -1,10 +1,11 @@
---
server: server:
ingress: ingress:
# -- Enable the ingress for the server component # -- Enable the ingress for the server component
enabled: true enabled: true
# -- Add annotations to the ingress # -- Add annotations to the ingress
annotations: annotations:
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: woodpecker.ar21.de - host: woodpecker.ar21.de
@ -15,7 +16,7 @@ server:
servicePort: 80 servicePort: 80
tls: tls:
- hosts: - hosts:
- woodpecker.ar21.de - woodpecker.ar21.de
secretName: woodpecker-tls-key secretName: woodpecker-tls-key
statefulSet: statefulSet:
replicaCount: 1 replicaCount: 1