Add yamllint to Woodpecker CI #154

Merged
tom merged 3 commits from improce_ci into main 2024-10-07 13:45:49 +02:00
65 changed files with 684 additions and 631 deletions
Showing only changes of commit e00cc2d4dd - Show all commits

View file

@ -1,88 +1,89 @@
---
kind: pipeline
name: deploy
steps:
- name: kustomize build dashboard (prod + staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /deployment-repo/dashboard/overlays/prod
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
- cd /deployment-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
- main
event:
- push
- name: kustomize build dashboard (staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes:
- name: deployment-repo
path: /deployment-repo
- name: staging-repo
path: /staging-repo
when:
branch:
exclude:
- name: kustomize build dashboard (prod + staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /deployment-repo/dashboard/overlays/prod
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
- cd /deployment-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
- main
event:
- push
- name: kustomize push dashboard changes (prod + staging)
image: appleboy/drone-git-push
settings:
branch: main
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
path: /deployment-repo
force: false
commit: true
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
ssh_key:
from_secret: GITEA_SSH_KEY
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
- main
event:
- push
- name: kustomize push dashboard changes (staging)
image: appleboy/drone-git-push
settings:
branch: main
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
path: /deployment-repo
force: false
commit: true
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
ssh_key:
from_secret: GITEA_SSH_KEY
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
exclude:
event:
- push
- name: kustomize build dashboard (staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
- git clone https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
- cd /staging-repo/dashboard/overlays/staging
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
volumes:
- name: deployment-repo
path: /deployment-repo
- name: staging-repo
path: /staging-repo
when:
branch:
exclude:
- main
event:
- push
- name: kustomize push dashboard changes (prod + staging)
image: appleboy/drone-git-push
settings:
branch: main
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
path: /deployment-repo
force: false
commit: true
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
ssh_key:
from_secret: GITEA_SSH_KEY
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
- main
event:
- push
event:
- push
- name: kustomize push dashboard changes (staging)
image: appleboy/drone-git-push
settings:
branch: main
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
path: /deployment-repo
force: false
commit: true
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
ssh_key:
from_secret: GITEA_SSH_KEY
volumes:
- name: deployment-repo
path: /deployment-repo
when:
branch:
exclude:
- main
event:
- push
volumes:
- name: deployment-repo
temp: {}
- name: staging-repo
temp: {}
- name: deployment-repo
temp: {}
- name: staging-repo
temp: {}
when:
event:
exclude:
- pull_request
- pull_request

View file

@ -28,12 +28,12 @@ spec:
project: default
sources:
- chart: woodpecker
repoURL: https://woodpecker-ci.org/
repoURL: https://woodpecker-ci.org/
targetRevision: 1.6.0
helm:
releaseName: woodpecker
valueFiles:
- $values/woodpecker/values/values.yaml
- $values/woodpecker/values/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -45,7 +45,7 @@ spec:
namespace: woodpecker
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -65,7 +65,7 @@ spec:
namespace: paste
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
selfHeal: false
prune: false

View file

@ -13,7 +13,7 @@ spec:
helm:
releaseName: traefik
valueFiles:
- $values/traefik/values.yaml
- $values/traefik/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -25,7 +25,7 @@ spec:
namespace: traefik
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -43,7 +43,7 @@ spec:
helm:
releaseName: argo
valueFiles:
- $values/argo/values.yaml
- $values/argo/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -55,7 +55,7 @@ spec:
namespace: argocd
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
selfHeal: true
prune: false
@ -70,11 +70,11 @@ spec:
sources:
- repoURL: https://charts.longhorn.io
chart: longhorn
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
helm:
releaseName: longhorn
valueFiles:
- $values/longhorn/values.yaml
- $values/longhorn/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -82,17 +82,17 @@ spec:
targetRevision: HEAD
path: longhorn
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
path: client/config/crd
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
path: deploy/kubernetes/snapshot-controller
destination:
server: https://kubernetes.default.svc
namespace: longhorn-system
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -110,7 +110,7 @@ spec:
helm:
releaseName: prometheus
valueFiles:
- $values/prometheus/values.yaml
- $values/prometheus/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -122,30 +122,30 @@ spec:
namespace: prometheus
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
automated:
prune: false
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- group: apps
kind: DaemonSet
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
- group: apps
kind: Deployment
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- group: apps
kind: DaemonSet
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
---
apiVersion: argoproj.io/v1alpha1
kind: Application
@ -161,7 +161,7 @@ spec:
helm:
releaseName: cilium-cni
valueFiles:
- $values/cilium/values.yaml
- $values/cilium/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -173,22 +173,22 @@ spec:
namespace: kube-cilium
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
automated:
prune: false
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
- '.spec.template.spec.containers[]?.resources'
- group: apps
kind: DaemonSet
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- '.spec.template.metadata.annotations'
- group: apps
kind: Deployment
jqPathExpressions:
- '.spec.template.spec.containers[]?.resources'
- group: apps
kind: DaemonSet
jqPathExpressions:
- '.spec.template.spec.initContainers[]?.resources'
- '.spec.template.spec.containers[]?.resources'
- '.spec.template.metadata.annotations'
---
apiVersion: argoproj.io/v1alpha1
kind: Application
@ -206,7 +206,7 @@ spec:
namespace: node-labeler
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -226,7 +226,7 @@ spec:
namespace: quota
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -246,7 +246,7 @@ spec:
namespace: dashboard
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -266,7 +266,7 @@ spec:
namespace: dashboard-staging
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -284,7 +284,7 @@ spec:
helm:
releaseName: loki
valueFiles:
- $values/loki/values.yaml
- $values/loki/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -296,7 +296,7 @@ spec:
namespace: logs
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -318,7 +318,7 @@ spec:
namespace: logs
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -348,7 +348,7 @@ spec:
namespace: kube-system
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -405,7 +405,7 @@ spec:
helm:
releaseName: cert-manager
valueFiles:
- $values/cert-manager/values.yaml
- $values/cert-manager/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
@ -417,7 +417,7 @@ spec:
namespace: cert-manager
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -437,7 +437,7 @@ spec:
namespace: authentik
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false
---
@ -457,6 +457,6 @@ spec:
namespace: thanos
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
prune: false

View file

@ -35,7 +35,7 @@ spec:
namespace: test-deployments
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true
automated:
selfHeal: false

View file

@ -18,12 +18,12 @@ data:
hs.status = "Healthy"
return hs
resource.exclusions: |
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
clusters:
- "*"
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
clusters:
- "*"
url: https://argo.services.yolokube.de
oidc.config: |
name: aaronID

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -1,3 +1,4 @@
---
global:
domain: argo.services.yolokube.de
configs:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@ -37,20 +38,20 @@ metadata:
namespace: authentik
spec:
rules:
- host: "sso.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: authentik-outpost
port:
number: 9000
- host: "sso.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: authentik-outpost
port:
number: 9000
tls:
- hosts:
- sso.services.yolokube.de
secretName: authentik-tls-key
- hosts:
- sso.services.yolokube.de
secretName: authentik-tls-key
---
apiVersion: apps/v1
kind: Deployment
@ -76,21 +77,21 @@ spec:
spec:
containers:
- env:
- name: AUTHENTIK_HOST
valueFrom:
secretKeyRef:
key: authentik_host
name: authentik-outpost-api
- name: AUTHENTIK_TOKEN
valueFrom:
secretKeyRef:
key: token
name: authentik-outpost-api
- name: AUTHENTIK_INSECURE
valueFrom:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
- name: AUTHENTIK_HOST
valueFrom:
secretKeyRef:
key: authentik_host
name: authentik-outpost-api
- name: AUTHENTIK_TOKEN
valueFrom:
secretKeyRef:
key: token
name: authentik-outpost-api
- name: AUTHENTIK_INSECURE
valueFrom:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.8.3
name: proxy
ports:
@ -104,22 +105,22 @@ spec:
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authentik
namespace: authentik
name: authentik
namespace: authentik
spec:
forwardAuth:
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-grafana-role
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
forwardAuth:
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-grafana-role
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -2,29 +2,29 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
name: letsencrypt-prod
spec:
acme:
email: letsencrypt@ar21.de
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: traefik
acme:
email: letsencrypt@ar21.de
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: traefik
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
name: letsencrypt-staging
spec:
acme:
email: letsencrypt@ar21.de
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: traefik
acme:
email: letsencrypt@ar21.de
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: traefik

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

View file

@ -1,3 +1,4 @@
---
namespace: cert-manager
replicaCount: 3
podDisruptionBudget:

View file

@ -1,3 +1,4 @@
---
encryption:
enabled: false
ipam:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@ -21,17 +22,17 @@ spec:
app: dashboard
spec:
containers:
- name: dashboard
image: git.ar21.de/yolokube/dashboard:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 4
periodSeconds: 3
- name: dashboard
image: git.ar21.de/yolokube/dashboard:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 4
periodSeconds: 3
---
apiVersion: v1
kind: Service
@ -55,17 +56,17 @@ metadata:
namespace: dashboard
spec:
rules:
- host: "dashboard.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: dashboard-service
port:
number: 80
- host: "dashboard.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: dashboard-service
port:
number: 80
tls:
- hosts:
- dashboard.services.yolokube.de
secretName: dashboard-tls-key
- hosts:
- dashboard.services.yolokube.de
secretName: dashboard-tls-key

View file

@ -1,4 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dashboard.yaml
- dashboard.yaml

View file

@ -1,9 +1,10 @@
---
resources:
- ../../base
- ../../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "96"
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "96"
namespace: dashboard

View file

@ -1,31 +1,32 @@
---
resources:
- ../../base
- ../../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-95
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-95
namespace: dashboard-staging
patches:
- patch: |-
- op: replace
path: /spec/rules/0/host
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- op: replace
path: /spec/replicas
value: 1
target:
kind: Deployment
name: dashboard-deployment
- patch: |-
- op: replace
path: /spec/rules/0/host
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- op: replace
path: /spec/replicas
value: 1
target:
kind: Deployment
name: dashboard-deployment

View file

@ -37,17 +37,17 @@ spec:
app: example
spec:
containers:
- name: example
image: testcontainers/helloworld
ports:
- containerPort: 8080
volumeMounts:
- mountPath: "/var/www/html"
name: example-volume
- name: example
image: testcontainers/helloworld
ports:
- containerPort: 8080
volumeMounts:
- mountPath: "/var/www/html"
name: example-volume
volumes:
- name: example-volume
persistentVolumeClaim:
claimName: example-pvc
- name: example-volume
persistentVolumeClaim:
claimName: example-pvc
---
apiVersion: v1
kind: Service
@ -75,17 +75,17 @@ metadata:
namespace: example
spec:
rules:
- host: "example.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example-service
port:
number: 80
- host: "example.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example-service
port:
number: 80
tls:
- hosts:
- example.apps.yolokube.de
secretName: example-tls-key
- hosts:
- example.apps.yolokube.de
secretName: example-tls-key

View file

@ -1,3 +1,4 @@
---
controller:
enableSnippets: true
hostNetwork: true

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -1,3 +1,4 @@
---
loki:
auth_enabled: false
persistence:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: longhorn.io/v1beta1
kind: RecurringJob
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:
@ -7,11 +8,11 @@ type: Opaque
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
#ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
# ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
#ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
#ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
#ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
# ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
# ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
# ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
sops:
kms: []
gcp_kms: []

View file

@ -1,3 +1,4 @@
---
# this is the storageclass manifest for the logs and metrics volumes
kind: StorageClass
apiVersion: storage.k8s.io/v1
@ -12,4 +13,4 @@ parameters:
staleReplicaTimeout: "30"
fromBackup: ""
fsType: "ext4"
dataLocality: "disabled"
dataLocality: "disabled"

View file

@ -1,3 +1,4 @@
---
persistence:
recurringJobSelector:
enable: true

View file

@ -1,3 +1,4 @@
---
kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
metadata:
@ -16,4 +17,4 @@ metadata:
driver: driver.longhorn.io
deletionPolicy: Delete
parameters:
type: snap
type: snap

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@ -78,4 +79,4 @@ subjects:
roleRef:
kind: ClusterRole
name: worker-node-labeler-role
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io

View file

@ -37,17 +37,17 @@ spec:
securityContext:
fsGroup: 82
containers:
- name: paste
image: privatebin/nginx-fpm-alpine
ports:
- containerPort: 8080
volumeMounts:
- mountPath: "/srv/data"
name: paste-volume
- name: paste
image: privatebin/nginx-fpm-alpine
ports:
- containerPort: 8080
volumeMounts:
- mountPath: "/srv/data"
name: paste-volume
volumes:
- name: paste-volume
persistentVolumeClaim:
claimName: paste-pvc
- name: paste-volume
persistentVolumeClaim:
claimName: paste-pvc
---
apiVersion: v1
kind: Service
@ -71,17 +71,17 @@ metadata:
namespace: paste
spec:
rules:
- host: "paste.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: paste-service
port:
number: 80
- host: "paste.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: paste-service
port:
number: 80
tls:
- hosts:
- paste.apps.yolokube.de
secretName: paste-tls-key
- hosts:
- paste.apps.yolokube.de
secretName: paste-tls-key

View file

@ -10,114 +10,114 @@ spec:
groups:
- name: hardware
rules:
- alert: MemoryHigh
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
for: 5m
labels:
severity: warning
annotations:
summary: "Memory over 80%"
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
- alert: DiskspaceLow
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
for: 1m
labels:
severity: warning
annotations:
summary: "Free disk space at {{ $value }}%"
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
- alert: HostMemoryUnderMemoryPressure
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
for: 2m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure {{ $labels.node }}
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate {{ $labels.node }}
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
for: 3m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate {{ $labels.node }}
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
for: 1m
labels:
severity: warning
annotations:
summary: Host CPU steal noisy neighbor {{ $labels.node }}
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot
expr: node_hwmon_temp_celsius > 90
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot {{ $labels.node }}
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
- alert: SMARTbad
expr: smartmon_device_smart_healthy < 1
for: 0m
labels:
severity: critical
annotations:
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: "SMARTcheck too old"
expr: (time() - smartmon_smartctl_run) > 10800
labels:
severity: warning
annotations:
summary: "SMARTcheck not running"
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "ECC Memory errors"
expr: (node_edac_correctable_errors_total) > 100
labels:
severity: warning
annotations:
summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
- alert: "ECC Memory uncorrectable errors"
expr: (node_edac_uncorrectable_errors_total) > 0
labels:
severity: critical
annotations:
summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
- alert: MemoryHigh
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
for: 5m
labels:
severity: warning
annotations:
summary: "Memory over 80%"
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
- alert: DiskspaceLow
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
for: 1m
labels:
severity: warning
annotations:
summary: "Free disk space at {{ $value }}%"
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
- alert: HostMemoryUnderMemoryPressure
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
for: 2m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure {{ $labels.node }}
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate {{ $labels.node }}
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
for: 3m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate {{ $labels.node }}
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
for: 1m
labels:
severity: warning
annotations:
summary: Host CPU steal noisy neighbor {{ $labels.node }}
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot
expr: node_hwmon_temp_celsius > 90
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot {{ $labels.node }}
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
- alert: SMARTbad
expr: smartmon_device_smart_healthy < 1
for: 0m
labels:
severity: critical
annotations:
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: "SMARTcheck too old"
expr: (time() - smartmon_smartctl_run) > 10800
labels:
severity: warning
annotations:
summary: "SMARTcheck not running"
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "ECC Memory errors"
expr: (node_edac_correctable_errors_total) > 100
labels:
severity: warning
annotations:
summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
- alert: "ECC Memory uncorrectable errors"
expr: (node_edac_uncorrectable_errors_total) > 0
labels:
severity: critical
annotations:
summary: "ECC errors on {{ $labels.node }}"
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
- name: etcdbackup
rules:
- alert: "etcdbackup too old"
expr: (time() - etcdbackup_time) > 10800
labels:
severity: warning
annotations:
summary: "etcd backup not running"
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "etcdbackup failed"
expr: etcdbackup_result > 0
labels:
severity: warning
annotations:
summary: "etcdbackup failed"
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
- alert: "etcdbackup too old"
expr: (time() - etcdbackup_time) > 10800
labels:
severity: warning
annotations:
summary: "etcd backup not running"
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
- alert: "etcdbackup failed"
expr: etcdbackup_result > 0
labels:
severity: warning
annotations:
summary: "etcdbackup failed"
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
- name: kubernetes
rules:
- alert: KubernetesUnhealthyPod
expr: kube_pod_container_status_waiting_reason == 1
for: 5m
labels:
severity: warning
annotations:
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."
- alert: KubernetesUnhealthyPod
expr: kube_pod_container_status_waiting_reason == 1
for: 5m
labels:
severity: warning
annotations:
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
@ -11,6 +12,6 @@ spec:
app: longhorn-manager
namespaceSelector:
matchNames:
- longhorn-system
- longhorn-system
endpoints:
- port: manager
- port: manager

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
@ -12,4 +13,4 @@ data:
{{ .Annotations.description }}
{{ end }}
{{ end }}
{{ end }}

View file

@ -1,3 +1,4 @@
---
alertmanager:
alertmanagerSpec:
podAntiAffinity: "hard"
@ -8,11 +9,11 @@ alertmanager:
- "templates"
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
useExistingSecret: false
config:
global:
@ -27,20 +28,20 @@ alertmanager:
receiver: 'tg1'
routes:
- matchers:
- severity=warning
- severity=warning
receiver: 'tg1'
- matchers:
- severity=critical
- severity=critical
receiver: 'tg1'
receivers:
- name: tg1
telegram_configs:
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
chat_id: -995270884
api_url: "https://api.telegram.org"
send_resolved: true
parse_mode: "HTML"
message: '{{ template "telegram.aaron" .}}'
- name: tg1
telegram_configs:
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
chat_id: -995270884
api_url: "https://api.telegram.org"
send_resolved: true
parse_mode: "HTML"
message: '{{ template "telegram.aaron" .}}'
inhibit_rules:
- source_matchers:
- severity = critical
@ -97,7 +98,7 @@ grafana:
persistence:
enabled: true
accessModes:
- ReadWriteMany
- ReadWriteMany
grafana.ini:
auth:
disable_login_form: true
@ -168,12 +169,12 @@ prometheus:
replicas: 2
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: longhorn
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
spec:
storageClassName: longhorn
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
serviceMonitorNamespaceSelector:
matchLabels:
prometheus: yolokube

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@ -109,4 +110,4 @@ subjects:
roleRef:
kind: ClusterRole
name: quotad-role
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io

View file

@ -1,51 +1,51 @@
#---
#apiVersion: v1
#kind: Namespace
#metadata:
# name: egress
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# name: egress-deployment
# namespace: egress
# labels:
# app: egress
#spec:
# replicas: 3
# selector:
# matchLabels:
# app: egress
# template:
# metadata:
# labels:
# app: egress
# spec:
# containers:
# - name: egress
# image: curlimages/curl
# command: ['/usr/bin/curl']
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# name: egress6-deployment
# namespace: egress
# labels:
# app: egress6
#spec:
# replicas: 3
# selector:
# matchLabels:
# app: egress6
# template:
# metadata:
# labels:
# app: egress6
# spec:
# containers:
# - name: egress6
# image: curlimages/curl
# command: ['/usr/bin/curl']
# args: ['-s', '-L', '-6', 'ip.hetzner.com']
# ---
# apiVersion: v1
# kind: Namespace
# metadata:
# name: egress
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: egress-deployment
# namespace: egress
# labels:
# app: egress
# spec:
# replicas: 3
# selector:
# matchLabels:
# app: egress
# template:
# metadata:
# labels:
# app: egress
# spec:
# containers:
# - name: egress
# image: curlimages/curl
# command: ['/usr/bin/curl']
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: egress6-deployment
# namespace: egress
# labels:
# app: egress6
# spec:
# replicas: 3
# selector:
# matchLabels:
# app: egress6
# template:
# metadata:
# labels:
# app: egress6
# spec:
# containers:
# - name: egress6
# image: curlimages/curl
# command: ['/usr/bin/curl']
# args: ['-s', '-L', '-6', 'ip.hetzner.com']

View file

@ -23,10 +23,10 @@ spec:
app: test1
spec:
containers:
- name: test1
image: containous/whoami
ports:
- containerPort: 80
- name: test1
image: containous/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
@ -51,17 +51,17 @@ metadata:
namespace: aaron-test
spec:
rules:
- host: "test.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: test1-service
port:
number: 80
- host: "test.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: test1-service
port:
number: 80
tls:
- hosts:
- test.services.yolokube.de
secretName: test2-tls-key
- hosts:
- test.services.yolokube.de
secretName: test2-tls-key

View file

@ -1,88 +1,88 @@
### example app "privatebin" to test storage
#---
#apiVersion: v1
#kind: Namespace
#metadata:
# name: paste
#---
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# name: paste-pvc
# namespace: paste
#spec:
# accessModes:
# - ReadWriteOnce
# volumeMode: Filesystem
# resources:
# requests:
# storage: 8Gi
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# name: paste-deployment
# namespace: paste
# labels:
# app: paste
#spec:
# replicas: 1
# selector:
# matchLabels:
# app: paste
# template:
# metadata:
# labels:
# app: paste
# spec:
# securityContext:
# fsGroup: 82
# containers:
# - name: paste
# image: privatebin/nginx-fpm-alpine
# ports:
# - containerPort: 8080
# volumeMounts:
# - mountPath: "/srv/data"
# name: paste-volume
# volumes:
# - name: paste-volume
# persistentVolumeClaim:
# claimName: paste-pvc
#---
#apiVersion: v1
#kind: Service
#metadata:
# name: paste-service
# namespace: paste
#spec:
# selector:
# app: paste
# ports:
# - protocol: TCP
# port: 80
# targetPort: 8080
#---
#apiVersion: networking.k8s.io/v1
#kind: Ingress
#metadata:
# annotations:
# kubernetes.io/tls-acme: "true"
# name: paste-ingress
# namespace: paste
#spec:
# rules:
# - host: "paste.apps.yolokube.de"
# http:
# paths:
# - pathType: Prefix
# path: "/"
# backend:
# service:
# name: paste-service
# port:
# number: 80
# tls:
# - hosts:
# - paste.apps.yolokube.de
# secretName: paste-tls-key
# ## example app "privatebin" to test storage
# ---
# apiVersion: v1
# kind: Namespace
# metadata:
# name: paste
# ---
# apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: paste-pvc
# namespace: paste
# spec:
# accessModes:
# - ReadWriteOnce
# volumeMode: Filesystem
# resources:
# requests:
# storage: 8Gi
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: paste-deployment
# namespace: paste
# labels:
# app: paste
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: paste
# template:
# metadata:
# labels:
# app: paste
# spec:
# securityContext:
# fsGroup: 82
# containers:
# - name: paste
# image: privatebin/nginx-fpm-alpine
# ports:
# - containerPort: 8080
# volumeMounts:
# - mountPath: "/srv/data"
# name: paste-volume
# volumes:
# - name: paste-volume
# persistentVolumeClaim:
# claimName: paste-pvc
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: paste-service
# namespace: paste
# spec:
# selector:
# app: paste
# ports:
# - protocol: TCP
# port: 80
# targetPort: 8080
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# annotations:
# kubernetes.io/tls-acme: "true"
# name: paste-ingress
# namespace: paste
# spec:
# rules:
# - host: "paste.apps.yolokube.de"
# http:
# paths:
# - pathType: Prefix
# path: "/"
# backend:
# service:
# name: paste-service
# port:
# number: 80
# tls:
# - hosts:
# - paste.apps.yolokube.de
# secretName: paste-tls-key

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -95,17 +95,17 @@ metadata:
namespace: thanos
spec:
rules:
- host: "thanos.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: querier
port:
name: http
- host: "thanos.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: querier
port:
name: http
tls:
- hosts:
- thanos.services.yolokube.de
secretName: thanos-tls-key
- hosts:
- thanos.services.yolokube.de
secretName: thanos-tls-key

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@ -17,4 +18,4 @@ data:
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
NUxqM3dhMQo=
NUxqM3dhMQo=

View file

@ -1,6 +1,7 @@
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx
spec:
controller: traefik.io/ingress-controller
controller: traefik.io/ingress-controller

View file

@ -1,3 +1,4 @@
---
deployment:
kind: DaemonSet
minReadySeconds: 120

View file

@ -1,3 +1,4 @@
---
controlPlane:
distro:
k8s:
@ -18,7 +19,7 @@ controlPlane:
replicas: 3
proxy:
extraSANs:
- vcluster.k8s.ar21.de
- vcluster.k8s.ar21.de
exportKubeConfig:
server: https://vcluster.k8s.ar21.de:443
sync:

View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
@ -7,9 +8,9 @@ spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`vcluster.k8s.ar21.de`)
services:
- name: ar
port: 443
- match: HostSNI(`vcluster.k8s.ar21.de`)
services:
- name: ar
port: 443
tls:
passthrough: true

View file

@ -1,3 +1,4 @@
---
controlPlane:
distro:
k8s:

View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

View file

@ -1,10 +1,11 @@
---
server:
ingress:
# -- Enable the ingress for the server component
enabled: true
# -- Add annotations to the ingress
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: woodpecker.ar21.de
@ -15,7 +16,7 @@ server:
servicePort: 80
tls:
- hosts:
- woodpecker.ar21.de
- woodpecker.ar21.de
secretName: woodpecker-tls-key
statefulSet:
replicaCount: 1