Add yamllint to Woodpecker CI #154
65 changed files with 684 additions and 631 deletions
159
.drone.yml
159
.drone.yml
|
@ -1,88 +1,89 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: deploy
|
||||
steps:
|
||||
- name: kustomize build dashboard (prod + staging)
|
||||
image: git.ar21.de/aaron/kustomize-ci
|
||||
commands:
|
||||
- cd /deployment-repo
|
||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /deployment-repo/dashboard/overlays/prod
|
||||
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
|
||||
- cd /deployment-repo/dashboard/overlays/staging
|
||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
- name: kustomize build dashboard (staging)
|
||||
image: git.ar21.de/aaron/kustomize-ci
|
||||
commands:
|
||||
- cd /deployment-repo
|
||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /staging-repo
|
||||
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /staging-repo/dashboard/overlays/staging
|
||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
- name: staging-repo
|
||||
path: /staging-repo
|
||||
when:
|
||||
branch:
|
||||
exclude:
|
||||
- name: kustomize build dashboard (prod + staging)
|
||||
image: git.ar21.de/aaron/kustomize-ci
|
||||
commands:
|
||||
- cd /deployment-repo
|
||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /deployment-repo/dashboard/overlays/prod
|
||||
- kustomize build -o /deployment-repo/dashboard/prod/dashboard.yaml
|
||||
- cd /deployment-repo/dashboard/overlays/staging
|
||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
- name: kustomize push dashboard changes (prod + staging)
|
||||
image: appleboy/drone-git-push
|
||||
settings:
|
||||
branch: main
|
||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||
path: /deployment-repo
|
||||
force: false
|
||||
commit: true
|
||||
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
|
||||
ssh_key:
|
||||
from_secret: GITEA_SSH_KEY
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
- name: kustomize push dashboard changes (staging)
|
||||
image: appleboy/drone-git-push
|
||||
settings:
|
||||
branch: main
|
||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||
path: /deployment-repo
|
||||
force: false
|
||||
commit: true
|
||||
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
|
||||
ssh_key:
|
||||
from_secret: GITEA_SSH_KEY
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
exclude:
|
||||
event:
|
||||
- push
|
||||
- name: kustomize build dashboard (staging)
|
||||
image: git.ar21.de/aaron/kustomize-ci
|
||||
commands:
|
||||
- cd /deployment-repo
|
||||
- git clone https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /staging-repo
|
||||
- git clone -b $DRONE_BRANCH https://git.ar21.de/yolokube/core-deployments.git .
|
||||
- cd /staging-repo/dashboard/overlays/staging
|
||||
- kustomize build -o /deployment-repo/dashboard/staging/dashboard.yaml
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
- name: staging-repo
|
||||
path: /staging-repo
|
||||
when:
|
||||
branch:
|
||||
exclude:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
- name: kustomize push dashboard changes (prod + staging)
|
||||
image: appleboy/drone-git-push
|
||||
settings:
|
||||
branch: main
|
||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||
path: /deployment-repo
|
||||
force: false
|
||||
commit: true
|
||||
commit_message: "KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} (done automagically via Drone pipeline) [CI SKIP]"
|
||||
ssh_key:
|
||||
from_secret: GITEA_SSH_KEY
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
event:
|
||||
- push
|
||||
- name: kustomize push dashboard changes (staging)
|
||||
image: appleboy/drone-git-push
|
||||
settings:
|
||||
branch: main
|
||||
remote: ssh://git@git.ar21.de:2222/yolokube/core-deployments.git
|
||||
path: /deployment-repo
|
||||
force: false
|
||||
commit: true
|
||||
commit_message: "KUSTOMIZE BUILD STAGING: rebuild dashboard deployment with kustomize ${DRONE_BUILD_NUMBER} [CI SKIP]"
|
||||
ssh_key:
|
||||
from_secret: GITEA_SSH_KEY
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
path: /deployment-repo
|
||||
when:
|
||||
branch:
|
||||
exclude:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
volumes:
|
||||
- name: deployment-repo
|
||||
temp: {}
|
||||
- name: staging-repo
|
||||
temp: {}
|
||||
- name: deployment-repo
|
||||
temp: {}
|
||||
- name: staging-repo
|
||||
temp: {}
|
||||
when:
|
||||
event:
|
||||
exclude:
|
||||
- pull_request
|
||||
- pull_request
|
||||
|
|
|
@ -28,12 +28,12 @@ spec:
|
|||
project: default
|
||||
sources:
|
||||
- chart: woodpecker
|
||||
repoURL: https://woodpecker-ci.org/
|
||||
repoURL: https://woodpecker-ci.org/
|
||||
targetRevision: 1.6.0
|
||||
helm:
|
||||
releaseName: woodpecker
|
||||
valueFiles:
|
||||
- $values/woodpecker/values/values.yaml
|
||||
- $values/woodpecker/values/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -45,7 +45,7 @@ spec:
|
|||
namespace: woodpecker
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -65,7 +65,7 @@ spec:
|
|||
namespace: paste
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
selfHeal: false
|
||||
prune: false
|
||||
|
|
|
@ -13,7 +13,7 @@ spec:
|
|||
helm:
|
||||
releaseName: traefik
|
||||
valueFiles:
|
||||
- $values/traefik/values.yaml
|
||||
- $values/traefik/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -25,7 +25,7 @@ spec:
|
|||
namespace: traefik
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -43,7 +43,7 @@ spec:
|
|||
helm:
|
||||
releaseName: argo
|
||||
valueFiles:
|
||||
- $values/argo/values.yaml
|
||||
- $values/argo/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -55,7 +55,7 @@ spec:
|
|||
namespace: argocd
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
selfHeal: true
|
||||
prune: false
|
||||
|
@ -70,11 +70,11 @@ spec:
|
|||
sources:
|
||||
- repoURL: https://charts.longhorn.io
|
||||
chart: longhorn
|
||||
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
|
||||
targetRevision: 1.7.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/
|
||||
helm:
|
||||
releaseName: longhorn
|
||||
valueFiles:
|
||||
- $values/longhorn/values.yaml
|
||||
- $values/longhorn/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -82,17 +82,17 @@ spec:
|
|||
targetRevision: HEAD
|
||||
path: longhorn
|
||||
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||
path: client/config/crd
|
||||
- repoURL: https://github.com/kubernetes-csi/external-snapshotter.git
|
||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||
targetRevision: v6.3.2 # <-- needs to be updated when longhorn version is changed. Find the correct version here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/csi-volume-snapshot-associated-with-longhorn-snapshot/
|
||||
path: deploy/kubernetes/snapshot-controller
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: longhorn-system
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -110,7 +110,7 @@ spec:
|
|||
helm:
|
||||
releaseName: prometheus
|
||||
valueFiles:
|
||||
- $values/prometheus/values.yaml
|
||||
- $values/prometheus/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -122,30 +122,30 @@ spec:
|
|||
namespace: prometheus
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
- RespectIgnoreDifferences=true
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
- RespectIgnoreDifferences=true
|
||||
automated:
|
||||
prune: false
|
||||
ignoreDifferences:
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: apps
|
||||
kind: DaemonSet
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: MutatingWebhookConfiguration
|
||||
jqPathExpressions:
|
||||
- '.webhooks[]?.clientConfig.caBundle'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
jqPathExpressions:
|
||||
- '.webhooks[]?.clientConfig.caBundle'
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: apps
|
||||
kind: DaemonSet
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: MutatingWebhookConfiguration
|
||||
jqPathExpressions:
|
||||
- '.webhooks[]?.clientConfig.caBundle'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
jqPathExpressions:
|
||||
- '.webhooks[]?.clientConfig.caBundle'
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
|
@ -161,7 +161,7 @@ spec:
|
|||
helm:
|
||||
releaseName: cilium-cni
|
||||
valueFiles:
|
||||
- $values/cilium/values.yaml
|
||||
- $values/cilium/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -173,22 +173,22 @@ spec:
|
|||
namespace: kube-cilium
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
- RespectIgnoreDifferences=true
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
- RespectIgnoreDifferences=true
|
||||
automated:
|
||||
prune: false
|
||||
ignoreDifferences:
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: apps
|
||||
kind: DaemonSet
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- '.spec.template.metadata.annotations'
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- group: apps
|
||||
kind: DaemonSet
|
||||
jqPathExpressions:
|
||||
- '.spec.template.spec.initContainers[]?.resources'
|
||||
- '.spec.template.spec.containers[]?.resources'
|
||||
- '.spec.template.metadata.annotations'
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
|
@ -206,7 +206,7 @@ spec:
|
|||
namespace: node-labeler
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -226,7 +226,7 @@ spec:
|
|||
namespace: quota
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -246,7 +246,7 @@ spec:
|
|||
namespace: dashboard
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -266,7 +266,7 @@ spec:
|
|||
namespace: dashboard-staging
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -284,7 +284,7 @@ spec:
|
|||
helm:
|
||||
releaseName: loki
|
||||
valueFiles:
|
||||
- $values/loki/values.yaml
|
||||
- $values/loki/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -296,7 +296,7 @@ spec:
|
|||
namespace: logs
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -318,7 +318,7 @@ spec:
|
|||
namespace: logs
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -348,7 +348,7 @@ spec:
|
|||
namespace: kube-system
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -405,7 +405,7 @@ spec:
|
|||
helm:
|
||||
releaseName: cert-manager
|
||||
valueFiles:
|
||||
- $values/cert-manager/values.yaml
|
||||
- $values/cert-manager/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
|
@ -417,7 +417,7 @@ spec:
|
|||
namespace: cert-manager
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -437,7 +437,7 @@ spec:
|
|||
namespace: authentik
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
|
@ -457,6 +457,6 @@ spec:
|
|||
namespace: thanos
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
|||
namespace: test-deployments
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
||||
|
||||
automated:
|
||||
selfHeal: false
|
||||
|
|
12
argo/cm.yaml
12
argo/cm.yaml
|
@ -18,12 +18,12 @@ data:
|
|||
hs.status = "Healthy"
|
||||
return hs
|
||||
resource.exclusions: |
|
||||
- apiGroups:
|
||||
- cilium.io
|
||||
kinds:
|
||||
- CiliumIdentity
|
||||
clusters:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- cilium.io
|
||||
kinds:
|
||||
- CiliumIdentity
|
||||
clusters:
|
||||
- "*"
|
||||
url: https://argo.services.yolokube.de
|
||||
oidc.config: |
|
||||
name: aaronID
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
global:
|
||||
domain: argo.services.yolokube.de
|
||||
configs:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
@ -37,20 +38,20 @@ metadata:
|
|||
namespace: authentik
|
||||
spec:
|
||||
rules:
|
||||
- host: "sso.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: authentik-outpost
|
||||
port:
|
||||
number: 9000
|
||||
- host: "sso.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: authentik-outpost
|
||||
port:
|
||||
number: 9000
|
||||
tls:
|
||||
- hosts:
|
||||
- sso.services.yolokube.de
|
||||
secretName: authentik-tls-key
|
||||
- hosts:
|
||||
- sso.services.yolokube.de
|
||||
secretName: authentik-tls-key
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
|
@ -76,21 +77,21 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: AUTHENTIK_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: authentik_host
|
||||
name: authentik-outpost-api
|
||||
- name: AUTHENTIK_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: token
|
||||
name: authentik-outpost-api
|
||||
- name: AUTHENTIK_INSECURE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: authentik_host_insecure
|
||||
name: authentik-outpost-api
|
||||
- name: AUTHENTIK_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: authentik_host
|
||||
name: authentik-outpost-api
|
||||
- name: AUTHENTIK_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: token
|
||||
name: authentik-outpost-api
|
||||
- name: AUTHENTIK_INSECURE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: authentik_host_insecure
|
||||
name: authentik-outpost-api
|
||||
image: ghcr.io/goauthentik/proxy:2024.8.3
|
||||
name: proxy
|
||||
ports:
|
||||
|
@ -104,22 +105,22 @@ spec:
|
|||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: authentik
|
||||
namespace: authentik
|
||||
name: authentik
|
||||
namespace: authentik
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-grafana-role
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
||||
forwardAuth:
|
||||
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-grafana-role
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -2,29 +2,29 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
acme:
|
||||
email: letsencrypt@ar21.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
acme:
|
||||
email: letsencrypt@ar21.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
email: letsencrypt@ar21.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
acme:
|
||||
email: letsencrypt@ar21.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
namespace: cert-manager
|
||||
replicaCount: 3
|
||||
podDisruptionBudget:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
encryption:
|
||||
enabled: false
|
||||
ipam:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
@ -21,17 +22,17 @@ spec:
|
|||
app: dashboard
|
||||
spec:
|
||||
containers:
|
||||
- name: dashboard
|
||||
image: git.ar21.de/yolokube/dashboard:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 4
|
||||
periodSeconds: 3
|
||||
- name: dashboard
|
||||
image: git.ar21.de/yolokube/dashboard:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 4
|
||||
periodSeconds: 3
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -55,17 +56,17 @@ metadata:
|
|||
namespace: dashboard
|
||||
spec:
|
||||
rules:
|
||||
- host: "dashboard.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: dashboard-service
|
||||
port:
|
||||
number: 80
|
||||
- host: "dashboard.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: dashboard-service
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- dashboard.services.yolokube.de
|
||||
secretName: dashboard-tls-key
|
||||
- hosts:
|
||||
- dashboard.services.yolokube.de
|
||||
secretName: dashboard-tls-key
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- dashboard.yaml
|
||||
- dashboard.yaml
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
- ../../base
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
images:
|
||||
- name: git.ar21.de/yolokube/dashboard
|
||||
newName: git.ar21.de/yolokube/dashboard
|
||||
newTag: "96"
|
||||
- name: git.ar21.de/yolokube/dashboard
|
||||
newName: git.ar21.de/yolokube/dashboard
|
||||
newTag: "96"
|
||||
namespace: dashboard
|
||||
|
|
|
@ -1,31 +1,32 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
- ../../base
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
images:
|
||||
- name: git.ar21.de/yolokube/dashboard
|
||||
newName: git.ar21.de/yolokube/dashboard
|
||||
newTag: staging-95
|
||||
- name: git.ar21.de/yolokube/dashboard
|
||||
newName: git.ar21.de/yolokube/dashboard
|
||||
newTag: staging-95
|
||||
namespace: dashboard-staging
|
||||
patches:
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/rules/0/host
|
||||
value: "dashboard-staging.services.yolokube.de"
|
||||
target:
|
||||
kind: Ingress
|
||||
name: dashboard-ingress
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
value: "dashboard-staging.services.yolokube.de"
|
||||
target:
|
||||
kind: Ingress
|
||||
name: dashboard-ingress
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/replicas
|
||||
value: 1
|
||||
target:
|
||||
kind: Deployment
|
||||
name: dashboard-deployment
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/rules/0/host
|
||||
value: "dashboard-staging.services.yolokube.de"
|
||||
target:
|
||||
kind: Ingress
|
||||
name: dashboard-ingress
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
value: "dashboard-staging.services.yolokube.de"
|
||||
target:
|
||||
kind: Ingress
|
||||
name: dashboard-ingress
|
||||
- patch: |-
|
||||
- op: replace
|
||||
path: /spec/replicas
|
||||
value: 1
|
||||
target:
|
||||
kind: Deployment
|
||||
name: dashboard-deployment
|
||||
|
|
|
@ -37,17 +37,17 @@ spec:
|
|||
app: example
|
||||
spec:
|
||||
containers:
|
||||
- name: example
|
||||
image: testcontainers/helloworld
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
volumeMounts:
|
||||
- mountPath: "/var/www/html"
|
||||
name: example-volume
|
||||
- name: example
|
||||
image: testcontainers/helloworld
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
volumeMounts:
|
||||
- mountPath: "/var/www/html"
|
||||
name: example-volume
|
||||
volumes:
|
||||
- name: example-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: example-pvc
|
||||
- name: example-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: example-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -75,17 +75,17 @@ metadata:
|
|||
namespace: example
|
||||
spec:
|
||||
rules:
|
||||
- host: "example.apps.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: example-service
|
||||
port:
|
||||
number: 80
|
||||
- host: "example.apps.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: example-service
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- example.apps.yolokube.de
|
||||
secretName: example-tls-key
|
||||
- hosts:
|
||||
- example.apps.yolokube.de
|
||||
secretName: example-tls-key
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
controller:
|
||||
enableSnippets: true
|
||||
hostNetwork: true
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
loki:
|
||||
auth_enabled: false
|
||||
persistence:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: longhorn.io/v1beta1
|
||||
kind: RecurringJob
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
@ -7,11 +8,11 @@ type: Opaque
|
|||
data:
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
|
||||
#ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
|
||||
# ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
|
||||
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
|
||||
#ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
|
||||
#ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
|
||||
# ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
|
||||
# ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
|
||||
# ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
# this is the storageclass manifest for the logs and metrics volumes
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
|
@ -12,4 +13,4 @@ parameters:
|
|||
staleReplicaTimeout: "30"
|
||||
fromBackup: ""
|
||||
fsType: "ext4"
|
||||
dataLocality: "disabled"
|
||||
dataLocality: "disabled"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
persistence:
|
||||
recurringJobSelector:
|
||||
enable: true
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
kind: VolumeSnapshotClass
|
||||
apiVersion: snapshot.storage.k8s.io/v1
|
||||
metadata:
|
||||
|
@ -16,4 +17,4 @@ metadata:
|
|||
driver: driver.longhorn.io
|
||||
deletionPolicy: Delete
|
||||
parameters:
|
||||
type: snap
|
||||
type: snap
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
@ -78,4 +79,4 @@ subjects:
|
|||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: worker-node-labeler-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
|
|
@ -37,17 +37,17 @@ spec:
|
|||
securityContext:
|
||||
fsGroup: 82
|
||||
containers:
|
||||
- name: paste
|
||||
image: privatebin/nginx-fpm-alpine
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
volumeMounts:
|
||||
- mountPath: "/srv/data"
|
||||
name: paste-volume
|
||||
- name: paste
|
||||
image: privatebin/nginx-fpm-alpine
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
volumeMounts:
|
||||
- mountPath: "/srv/data"
|
||||
name: paste-volume
|
||||
volumes:
|
||||
- name: paste-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: paste-pvc
|
||||
- name: paste-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: paste-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -71,17 +71,17 @@ metadata:
|
|||
namespace: paste
|
||||
spec:
|
||||
rules:
|
||||
- host: "paste.apps.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: paste-service
|
||||
port:
|
||||
number: 80
|
||||
- host: "paste.apps.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: paste-service
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- paste.apps.yolokube.de
|
||||
secretName: paste-tls-key
|
||||
- hosts:
|
||||
- paste.apps.yolokube.de
|
||||
secretName: paste-tls-key
|
||||
|
|
|
@ -10,114 +10,114 @@ spec:
|
|||
groups:
|
||||
- name: hardware
|
||||
rules:
|
||||
- alert: MemoryHigh
|
||||
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "Memory over 80%"
|
||||
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
|
||||
- alert: DiskspaceLow
|
||||
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "Free disk space at {{ $value }}%"
|
||||
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
|
||||
- alert: HostMemoryUnderMemoryPressure
|
||||
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host memory under memory pressure {{ $labels.node }}
|
||||
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostUnusualDiskReadRate
|
||||
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host unusual disk read rate {{ $labels.node }}
|
||||
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostUnusualDiskWriteRate
|
||||
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host unusual disk write rate {{ $labels.node }}
|
||||
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostCpuStealNoisyNeighbor
|
||||
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host CPU steal noisy neighbor {{ $labels.node }}
|
||||
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostPhysicalComponentTooHot
|
||||
expr: node_hwmon_temp_celsius > 90
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host physical component too hot {{ $labels.node }}
|
||||
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
|
||||
- alert: SMARTbad
|
||||
expr: smartmon_device_smart_healthy < 1
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
|
||||
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: "SMARTcheck too old"
|
||||
expr: (time() - smartmon_smartctl_run) > 10800
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "SMARTcheck not running"
|
||||
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||
- alert: "ECC Memory errors"
|
||||
expr: (node_edac_correctable_errors_total) > 100
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "ECC errors on {{ $labels.node }}"
|
||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
|
||||
- alert: "ECC Memory uncorrectable errors"
|
||||
expr: (node_edac_uncorrectable_errors_total) > 0
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "ECC errors on {{ $labels.node }}"
|
||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
|
||||
- alert: MemoryHigh
|
||||
expr: round((((node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes) * 100), 0.1) > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "Memory over 80%"
|
||||
description: "Memory on node {{ $labels.node }} is over 80% for more than 5 minutes. Plox fix. Memory usage: {{ $value }}%"
|
||||
- alert: DiskspaceLow
|
||||
expr: round(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100, 1) < 5
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "Free disk space at {{ $value }}%"
|
||||
description: "Disk space on node {{ $labels.node }} is only {{ $value }}%. Plox fix. Partition: {{ $labels.device }}"
|
||||
- alert: HostMemoryUnderMemoryPressure
|
||||
expr: rate(node_vmstat_pgmajfault[1m]) > 1000
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host memory under memory pressure {{ $labels.node }}
|
||||
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostUnusualDiskReadRate
|
||||
expr: sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 200
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host unusual disk read rate {{ $labels.node }}
|
||||
description: "Disk is probably reading too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostUnusualDiskWriteRate
|
||||
expr: sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 200
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host unusual disk write rate {{ $labels.node }}
|
||||
description: "Disk is probably writing too much data (> 200 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostCpuStealNoisyNeighbor
|
||||
expr: avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host CPU steal noisy neighbor {{ $labels.node }}
|
||||
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: HostPhysicalComponentTooHot
|
||||
expr: node_hwmon_temp_celsius > 90
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host physical component too hot {{ $labels.node }}
|
||||
description: "Physical hardware component too hot\n Sensor = {{ $labels.sensor }}\n Temp = {{ $value }}"
|
||||
- alert: SMARTbad
|
||||
expr: smartmon_device_smart_healthy < 1
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: SMART check bad of drive {{ $labels.exported_disk }} in node {{ $labels.node }}
|
||||
description: "SMART check returned bad health of {{ $labels.exported_disk }} in node {{ $labels.node }}. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
- alert: "SMARTcheck too old"
|
||||
expr: (time() - smartmon_smartctl_run) > 10800
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "SMARTcheck not running"
|
||||
description: 'The last SMARTcheck on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||
- alert: "ECC Memory errors"
|
||||
expr: (node_edac_correctable_errors_total) > 100
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "ECC errors on {{ $labels.node }}"
|
||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} correctable errors.'
|
||||
- alert: "ECC Memory uncorrectable errors"
|
||||
expr: (node_edac_uncorrectable_errors_total) > 0
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "ECC errors on {{ $labels.node }}"
|
||||
description: 'The node {{ $labels.node }} accumulated {{ $value }} uncorrectable errors.'
|
||||
- name: etcdbackup
|
||||
rules:
|
||||
- alert: "etcdbackup too old"
|
||||
expr: (time() - etcdbackup_time) > 10800
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "etcd backup not running"
|
||||
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||
- alert: "etcdbackup failed"
|
||||
expr: etcdbackup_result > 0
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "etcdbackup failed"
|
||||
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
|
||||
- alert: "etcdbackup too old"
|
||||
expr: (time() - etcdbackup_time) > 10800
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "etcd backup not running"
|
||||
description: 'The last etcd backup on node {{ $labels.node }} was more than 3h ago. Plox fix.'
|
||||
- alert: "etcdbackup failed"
|
||||
expr: etcdbackup_result > 0
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "etcdbackup failed"
|
||||
description: "The backup script for etcd failed on node {{ $labels.node }}. Plox fix."
|
||||
- name: kubernetes
|
||||
rules:
|
||||
- alert: KubernetesUnhealthyPod
|
||||
expr: kube_pod_container_status_waiting_reason == 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
|
||||
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."
|
||||
- alert: KubernetesUnhealthyPod
|
||||
expr: kube_pod_container_status_waiting_reason == 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "The Pod {{ $labels.pod }} is {{ $labels.reason }}"
|
||||
description: "The Pod {{ $labels.pod }} is in the state {{ $labels.reason }} for more than 5m. The Pod is in namespace {{ $labels.namespace }} and on node {{ $labels.node }}."
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
@ -11,6 +12,6 @@ spec:
|
|||
app: longhorn-manager
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- longhorn-system
|
||||
- longhorn-system
|
||||
endpoints:
|
||||
- port: manager
|
||||
- port: manager
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
|
@ -12,4 +13,4 @@ data:
|
|||
|
||||
{{ .Annotations.description }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
alertmanager:
|
||||
alertmanagerSpec:
|
||||
podAntiAffinity: "hard"
|
||||
|
@ -8,11 +9,11 @@ alertmanager:
|
|||
- "templates"
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
useExistingSecret: false
|
||||
config:
|
||||
global:
|
||||
|
@ -27,20 +28,20 @@ alertmanager:
|
|||
receiver: 'tg1'
|
||||
routes:
|
||||
- matchers:
|
||||
- severity=warning
|
||||
- severity=warning
|
||||
receiver: 'tg1'
|
||||
- matchers:
|
||||
- severity=critical
|
||||
- severity=critical
|
||||
receiver: 'tg1'
|
||||
receivers:
|
||||
- name: tg1
|
||||
telegram_configs:
|
||||
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
||||
chat_id: -995270884
|
||||
api_url: "https://api.telegram.org"
|
||||
send_resolved: true
|
||||
parse_mode: "HTML"
|
||||
message: '{{ template "telegram.aaron" .}}'
|
||||
- name: tg1
|
||||
telegram_configs:
|
||||
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
||||
chat_id: -995270884
|
||||
api_url: "https://api.telegram.org"
|
||||
send_resolved: true
|
||||
parse_mode: "HTML"
|
||||
message: '{{ template "telegram.aaron" .}}'
|
||||
inhibit_rules:
|
||||
- source_matchers:
|
||||
- severity = critical
|
||||
|
@ -97,7 +98,7 @@ grafana:
|
|||
persistence:
|
||||
enabled: true
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
- ReadWriteMany
|
||||
grafana.ini:
|
||||
auth:
|
||||
disable_login_form: true
|
||||
|
@ -168,12 +169,12 @@ prometheus:
|
|||
replicas: 2
|
||||
storageSpec:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
storageClassName: longhorn
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
spec:
|
||||
storageClassName: longhorn
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
serviceMonitorNamespaceSelector:
|
||||
matchLabels:
|
||||
prometheus: yolokube
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
|
@ -109,4 +110,4 @@ subjects:
|
|||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: quotad-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
|
|
@ -1,51 +1,51 @@
|
|||
#---
|
||||
#apiVersion: v1
|
||||
#kind: Namespace
|
||||
#metadata:
|
||||
# name: egress
|
||||
#---
|
||||
#apiVersion: apps/v1
|
||||
#kind: Deployment
|
||||
#metadata:
|
||||
# name: egress-deployment
|
||||
# namespace: egress
|
||||
# labels:
|
||||
# app: egress
|
||||
#spec:
|
||||
# replicas: 3
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: egress
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: egress
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: egress
|
||||
# image: curlimages/curl
|
||||
# command: ['/usr/bin/curl']
|
||||
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
|
||||
#---
|
||||
#apiVersion: apps/v1
|
||||
#kind: Deployment
|
||||
#metadata:
|
||||
# name: egress6-deployment
|
||||
# namespace: egress
|
||||
# labels:
|
||||
# app: egress6
|
||||
#spec:
|
||||
# replicas: 3
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: egress6
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: egress6
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: egress6
|
||||
# image: curlimages/curl
|
||||
# command: ['/usr/bin/curl']
|
||||
# args: ['-s', '-L', '-6', 'ip.hetzner.com']
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Namespace
|
||||
# metadata:
|
||||
# name: egress
|
||||
# ---
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: egress-deployment
|
||||
# namespace: egress
|
||||
# labels:
|
||||
# app: egress
|
||||
# spec:
|
||||
# replicas: 3
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: egress
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: egress
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: egress
|
||||
# image: curlimages/curl
|
||||
# command: ['/usr/bin/curl']
|
||||
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
|
||||
# ---
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: egress6-deployment
|
||||
# namespace: egress
|
||||
# labels:
|
||||
# app: egress6
|
||||
# spec:
|
||||
# replicas: 3
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: egress6
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: egress6
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: egress6
|
||||
# image: curlimages/curl
|
||||
# command: ['/usr/bin/curl']
|
||||
# args: ['-s', '-L', '-6', 'ip.hetzner.com']
|
||||
|
|
|
@ -23,10 +23,10 @@ spec:
|
|||
app: test1
|
||||
spec:
|
||||
containers:
|
||||
- name: test1
|
||||
image: containous/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- name: test1
|
||||
image: containous/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -51,17 +51,17 @@ metadata:
|
|||
namespace: aaron-test
|
||||
spec:
|
||||
rules:
|
||||
- host: "test.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: test1-service
|
||||
port:
|
||||
number: 80
|
||||
- host: "test.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: test1-service
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- test.services.yolokube.de
|
||||
secretName: test2-tls-key
|
||||
- hosts:
|
||||
- test.services.yolokube.de
|
||||
secretName: test2-tls-key
|
||||
|
|
|
@ -1,88 +1,88 @@
|
|||
### example app "privatebin" to test storage
|
||||
#---
|
||||
#apiVersion: v1
|
||||
#kind: Namespace
|
||||
#metadata:
|
||||
# name: paste
|
||||
#---
|
||||
#apiVersion: v1
|
||||
#kind: PersistentVolumeClaim
|
||||
#metadata:
|
||||
# name: paste-pvc
|
||||
# namespace: paste
|
||||
#spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# volumeMode: Filesystem
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 8Gi
|
||||
#---
|
||||
#apiVersion: apps/v1
|
||||
#kind: Deployment
|
||||
#metadata:
|
||||
# name: paste-deployment
|
||||
# namespace: paste
|
||||
# labels:
|
||||
# app: paste
|
||||
#spec:
|
||||
# replicas: 1
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: paste
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: paste
|
||||
# spec:
|
||||
# securityContext:
|
||||
# fsGroup: 82
|
||||
# containers:
|
||||
# - name: paste
|
||||
# image: privatebin/nginx-fpm-alpine
|
||||
# ports:
|
||||
# - containerPort: 8080
|
||||
# volumeMounts:
|
||||
# - mountPath: "/srv/data"
|
||||
# name: paste-volume
|
||||
# volumes:
|
||||
# - name: paste-volume
|
||||
# persistentVolumeClaim:
|
||||
# claimName: paste-pvc
|
||||
#---
|
||||
#apiVersion: v1
|
||||
#kind: Service
|
||||
#metadata:
|
||||
# name: paste-service
|
||||
# namespace: paste
|
||||
#spec:
|
||||
# selector:
|
||||
# app: paste
|
||||
# ports:
|
||||
# - protocol: TCP
|
||||
# port: 80
|
||||
# targetPort: 8080
|
||||
#---
|
||||
#apiVersion: networking.k8s.io/v1
|
||||
#kind: Ingress
|
||||
#metadata:
|
||||
# annotations:
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
# name: paste-ingress
|
||||
# namespace: paste
|
||||
#spec:
|
||||
# rules:
|
||||
# - host: "paste.apps.yolokube.de"
|
||||
# http:
|
||||
# paths:
|
||||
# - pathType: Prefix
|
||||
# path: "/"
|
||||
# backend:
|
||||
# service:
|
||||
# name: paste-service
|
||||
# port:
|
||||
# number: 80
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - paste.apps.yolokube.de
|
||||
# secretName: paste-tls-key
|
||||
# ## example app "privatebin" to test storage
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Namespace
|
||||
# metadata:
|
||||
# name: paste
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: PersistentVolumeClaim
|
||||
# metadata:
|
||||
# name: paste-pvc
|
||||
# namespace: paste
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# volumeMode: Filesystem
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 8Gi
|
||||
# ---
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: paste-deployment
|
||||
# namespace: paste
|
||||
# labels:
|
||||
# app: paste
|
||||
# spec:
|
||||
# replicas: 1
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: paste
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: paste
|
||||
# spec:
|
||||
# securityContext:
|
||||
# fsGroup: 82
|
||||
# containers:
|
||||
# - name: paste
|
||||
# image: privatebin/nginx-fpm-alpine
|
||||
# ports:
|
||||
# - containerPort: 8080
|
||||
# volumeMounts:
|
||||
# - mountPath: "/srv/data"
|
||||
# name: paste-volume
|
||||
# volumes:
|
||||
# - name: paste-volume
|
||||
# persistentVolumeClaim:
|
||||
# claimName: paste-pvc
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: paste-service
|
||||
# namespace: paste
|
||||
# spec:
|
||||
# selector:
|
||||
# app: paste
|
||||
# ports:
|
||||
# - protocol: TCP
|
||||
# port: 80
|
||||
# targetPort: 8080
|
||||
# ---
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
# kind: Ingress
|
||||
# metadata:
|
||||
# annotations:
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
# name: paste-ingress
|
||||
# namespace: paste
|
||||
# spec:
|
||||
# rules:
|
||||
# - host: "paste.apps.yolokube.de"
|
||||
# http:
|
||||
# paths:
|
||||
# - pathType: Prefix
|
||||
# path: "/"
|
||||
# backend:
|
||||
# service:
|
||||
# name: paste-service
|
||||
# port:
|
||||
# number: 80
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - paste.apps.yolokube.de
|
||||
# secretName: paste-tls-key
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -95,17 +95,17 @@ metadata:
|
|||
namespace: thanos
|
||||
spec:
|
||||
rules:
|
||||
- host: "thanos.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: querier
|
||||
port:
|
||||
name: http
|
||||
- host: "thanos.services.yolokube.de"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: querier
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- thanos.services.yolokube.de
|
||||
secretName: thanos-tls-key
|
||||
- hosts:
|
||||
- thanos.services.yolokube.de
|
||||
secretName: thanos-tls-key
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
|
@ -17,4 +18,4 @@ data:
|
|||
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
|
||||
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
|
||||
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
|
||||
NUxqM3dhMQo=
|
||||
NUxqM3dhMQo=
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
controller: traefik.io/ingress-controller
|
||||
controller: traefik.io/ingress-controller
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
deployment:
|
||||
kind: DaemonSet
|
||||
minReadySeconds: 120
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
controlPlane:
|
||||
distro:
|
||||
k8s:
|
||||
|
@ -18,7 +19,7 @@ controlPlane:
|
|||
replicas: 3
|
||||
proxy:
|
||||
extraSANs:
|
||||
- vcluster.k8s.ar21.de
|
||||
- vcluster.k8s.ar21.de
|
||||
exportKubeConfig:
|
||||
server: https://vcluster.k8s.ar21.de:443
|
||||
sync:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
|
@ -7,9 +8,9 @@ spec:
|
|||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: HostSNI(`vcluster.k8s.ar21.de`)
|
||||
services:
|
||||
- name: ar
|
||||
port: 443
|
||||
- match: HostSNI(`vcluster.k8s.ar21.de`)
|
||||
services:
|
||||
- name: ar
|
||||
port: 443
|
||||
tls:
|
||||
passthrough: true
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
controlPlane:
|
||||
distro:
|
||||
k8s:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
server:
|
||||
ingress:
|
||||
# -- Enable the ingress for the server component
|
||||
enabled: true
|
||||
# -- Add annotations to the ingress
|
||||
annotations:
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: woodpecker.ar21.de
|
||||
|
@ -15,7 +16,7 @@ server:
|
|||
servicePort: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- woodpecker.ar21.de
|
||||
- woodpecker.ar21.de
|
||||
secretName: woodpecker-tls-key
|
||||
statefulSet:
|
||||
replicaCount: 1
|
||||
|
|
Loading…
Reference in a new issue