From 0d3ea86b6d031841e00a81246aa564f3ea5f29f5 Mon Sep 17 00:00:00 2001 From: Felix Wolf Date: Mon, 30 Mar 2026 23:48:12 +0200 Subject: [PATCH] feat: Add VictoriaMetrics monitoring stack Adds victoria-metrics-single, grafana, kube-state-metrics, and node-exporter to the cluster. Enables metrics endpoints on traefik, argocd, and cert-manager for scraping. Grafana available at grafana.tr1ceracop.de with VictoriaMetrics as default datasource. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../_apps/grafana/app-data.ytt.yaml | 5 + .../kube-state-metrics/app-data.ytt.yaml | 5 + .../_apps/node-exporter/app-data.ytt.yaml | 5 + .../victoria-metrics-single/app-data.ytt.yaml | 5 + envs/production/env-data.ytt.yaml | 4 + prototypes/argocd/helm/argo-cd.yaml | 17 ++ .../cert-manager/helm/cert-manager.yaml | 3 + prototypes/grafana/app-data.ytt.yaml | 5 + prototypes/grafana/helm/grafana.yaml | 58 +++++ prototypes/grafana/vendir/base.ytt.yaml | 16 ++ .../grafana/vendir/vendir-data.ytt.yaml | 8 + prototypes/grafana/ytt/ns.ytt.yaml | 10 + .../kube-state-metrics/app-data.ytt.yaml | 5 + .../helm/kube-state-metrics.yaml | 7 + .../kube-state-metrics/vendir/base.ytt.yaml | 16 ++ .../vendir/vendir-data.ytt.yaml | 8 + prototypes/kube-state-metrics/ytt/ns.ytt.yaml | 10 + prototypes/node-exporter/app-data.ytt.yaml | 5 + .../helm/prometheus-node-exporter.yaml | 12 + prototypes/node-exporter/vendir/base.ytt.yaml | 16 ++ .../node-exporter/vendir/vendir-data.ytt.yaml | 8 + prototypes/node-exporter/ytt/ns.ytt.yaml | 10 + prototypes/traefik/helm/traefik.yaml | 3 + .../victoria-metrics-single/app-data.ytt.yaml | 5 + .../helm/victoria-metrics-single.yaml | 57 +++++ .../vendir/base.ytt.yaml | 16 ++ .../vendir/vendir-data.ytt.yaml | 8 + .../victoria-metrics-single/ytt/ns.ytt.yaml | 18 ++ rendered/argocd/production/app-grafana.yaml | 25 +++ .../production/app-kube-state-metrics.yaml | 25 +++ .../argocd/production/app-node-exporter.yaml | 25 +++ .../app-victoria-metrics-single.yaml | 25 +++ .../argocd/configmap-argocd-cm.yaml | 3 + ...deployment-argo-cd-argocd-repo-server.yaml | 2 +- .../deployment-argo-cd-argocd-server.yaml | 2 +- ...argocd-application-controller-metrics.yaml | 25 +++ ...ocd-applicationset-controller-metrics.yaml | 25 +++ ...ce-argo-cd-argocd-repo-server-metrics.yaml | 25 +++ ...service-argo-cd-argocd-server-metrics.yaml | 25 +++ ...argo-cd-argocd-application-controller.yaml | 2 +- .../clusterrole-grafana-clusterrole.yaml | 13 ++ ...olebinding-grafana-clusterrolebinding.yaml | 20 ++ .../configmap-grafana-dashboards-default.yaml | 14 ++ .../production/grafana/configmap-grafana.yaml | 47 ++++ .../grafana/deployment-grafana.yaml | 187 +++++++++++++++ .../production/grafana/ingress-grafana.yaml | 30 +++ .../persistentvolumeclaim-grafana.yaml | 21 ++ .../envs/production/grafana/role-grafana.yaml | 13 ++ .../grafana/rolebinding-grafana.yaml | 20 ++ .../production/grafana/secret-grafana.yaml | 18 ++ .../production/grafana/service-grafana.yaml | 22 ++ .../grafana/serviceaccount-grafana.yaml | 13 ++ .../clusterrole-kube-state-metrics.yaml | 212 ++++++++++++++++++ ...clusterrolebinding-kube-state-metrics.yaml | 23 ++ .../deployment-kube-state-metrics.yaml | 92 ++++++++ .../service-kube-state-metrics.yaml | 26 +++ .../serviceaccount-kube-state-metrics.yaml | 16 ++ .../daemonset-prometheus-node-exporter.yaml | 135 +++++++++++ .../service-prometheus-node-exporter.yaml | 26 +++ ...rviceaccount-prometheus-node-exporter.yaml | 16 ++ .../production/traefik/service-traefik.yaml | 4 + ...errole-victoria-metrics-single-server.yaml | 43 ++++ ...inding-victoria-metrics-single-server.yaml | 18 ++ ...ia-metrics-single-server-scrapeconfig.yaml | 73 ++++++ .../namespace-monitoring.yaml | 9 + ...ervice-victoria-metrics-single-server.yaml | 26 +++ ...ccount-victoria-metrics-single-server.yaml | 10 + ...fulset-victoria-metrics-single-server.yaml | 97 ++++++++ 68 files changed, 1795 insertions(+), 3 deletions(-) create mode 100644 envs/production/_apps/grafana/app-data.ytt.yaml create mode 100644 envs/production/_apps/kube-state-metrics/app-data.ytt.yaml create mode 100644 envs/production/_apps/node-exporter/app-data.ytt.yaml create mode 100644 envs/production/_apps/victoria-metrics-single/app-data.ytt.yaml create mode 100644 prototypes/grafana/app-data.ytt.yaml create mode 100644 prototypes/grafana/helm/grafana.yaml create mode 100644 prototypes/grafana/vendir/base.ytt.yaml create mode 100644 prototypes/grafana/vendir/vendir-data.ytt.yaml create mode 100644 prototypes/grafana/ytt/ns.ytt.yaml create mode 100644 prototypes/kube-state-metrics/app-data.ytt.yaml create mode 100644 prototypes/kube-state-metrics/helm/kube-state-metrics.yaml create mode 100644 prototypes/kube-state-metrics/vendir/base.ytt.yaml create mode 100644 prototypes/kube-state-metrics/vendir/vendir-data.ytt.yaml create mode 100644 prototypes/kube-state-metrics/ytt/ns.ytt.yaml create mode 100644 prototypes/node-exporter/app-data.ytt.yaml create mode 100644 prototypes/node-exporter/helm/prometheus-node-exporter.yaml create mode 100644 prototypes/node-exporter/vendir/base.ytt.yaml create mode 100644 prototypes/node-exporter/vendir/vendir-data.ytt.yaml create mode 100644 prototypes/node-exporter/ytt/ns.ytt.yaml create mode 100644 prototypes/victoria-metrics-single/app-data.ytt.yaml create mode 100644 prototypes/victoria-metrics-single/helm/victoria-metrics-single.yaml create mode 100644 prototypes/victoria-metrics-single/vendir/base.ytt.yaml create mode 100644 prototypes/victoria-metrics-single/vendir/vendir-data.ytt.yaml create mode 100644 prototypes/victoria-metrics-single/ytt/ns.ytt.yaml create mode 100644 rendered/argocd/production/app-grafana.yaml create mode 100644 rendered/argocd/production/app-kube-state-metrics.yaml create mode 100644 rendered/argocd/production/app-node-exporter.yaml create mode 100644 rendered/argocd/production/app-victoria-metrics-single.yaml create mode 100644 rendered/envs/production/argocd/service-argo-cd-argocd-application-controller-metrics.yaml create mode 100644 rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller-metrics.yaml create mode 100644 rendered/envs/production/argocd/service-argo-cd-argocd-repo-server-metrics.yaml create mode 100644 rendered/envs/production/argocd/service-argo-cd-argocd-server-metrics.yaml create mode 100644 rendered/envs/production/grafana/clusterrole-grafana-clusterrole.yaml create mode 100644 rendered/envs/production/grafana/clusterrolebinding-grafana-clusterrolebinding.yaml create mode 100644 rendered/envs/production/grafana/configmap-grafana-dashboards-default.yaml create mode 100644 rendered/envs/production/grafana/configmap-grafana.yaml create mode 100644 rendered/envs/production/grafana/deployment-grafana.yaml create mode 100644 rendered/envs/production/grafana/ingress-grafana.yaml create mode 100644 rendered/envs/production/grafana/persistentvolumeclaim-grafana.yaml create mode 100644 rendered/envs/production/grafana/role-grafana.yaml create mode 100644 rendered/envs/production/grafana/rolebinding-grafana.yaml create mode 100644 rendered/envs/production/grafana/secret-grafana.yaml create mode 100644 rendered/envs/production/grafana/service-grafana.yaml create mode 100644 rendered/envs/production/grafana/serviceaccount-grafana.yaml create mode 100644 rendered/envs/production/kube-state-metrics/clusterrole-kube-state-metrics.yaml create mode 100644 rendered/envs/production/kube-state-metrics/clusterrolebinding-kube-state-metrics.yaml create mode 100644 rendered/envs/production/kube-state-metrics/deployment-kube-state-metrics.yaml create mode 100644 rendered/envs/production/kube-state-metrics/service-kube-state-metrics.yaml create mode 100644 rendered/envs/production/kube-state-metrics/serviceaccount-kube-state-metrics.yaml create mode 100644 rendered/envs/production/node-exporter/daemonset-prometheus-node-exporter.yaml create mode 100644 rendered/envs/production/node-exporter/service-prometheus-node-exporter.yaml create mode 100644 rendered/envs/production/node-exporter/serviceaccount-prometheus-node-exporter.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/clusterrole-victoria-metrics-single-server.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/clusterrolebinding-victoria-metrics-single-server.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/configmap-victoria-metrics-single-server-scrapeconfig.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/namespace-monitoring.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/service-victoria-metrics-single-server.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/serviceaccount-victoria-metrics-single-server.yaml create mode 100644 rendered/envs/production/victoria-metrics-single/statefulset-victoria-metrics-single-server.yaml diff --git a/envs/production/_apps/grafana/app-data.ytt.yaml b/envs/production/_apps/grafana/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/envs/production/_apps/grafana/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/envs/production/_apps/kube-state-metrics/app-data.ytt.yaml b/envs/production/_apps/kube-state-metrics/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/envs/production/_apps/kube-state-metrics/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/envs/production/_apps/node-exporter/app-data.ytt.yaml b/envs/production/_apps/node-exporter/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/envs/production/_apps/node-exporter/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/envs/production/_apps/victoria-metrics-single/app-data.ytt.yaml b/envs/production/_apps/victoria-metrics-single/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/envs/production/_apps/victoria-metrics-single/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/envs/production/env-data.ytt.yaml b/envs/production/env-data.ytt.yaml index 5dfe81f..7fca8fd 100644 --- a/envs/production/env-data.ytt.yaml +++ b/envs/production/env-data.ytt.yaml @@ -7,3 +7,7 @@ environment: - proto: traefik - proto: cert-manager - proto: forgejo + - proto: victoria-metrics-single + - proto: grafana + - proto: kube-state-metrics + - proto: node-exporter diff --git a/prototypes/argocd/helm/argo-cd.yaml b/prototypes/argocd/helm/argo-cd.yaml index 0960723..b1a0d2e 100644 --- a/prototypes/argocd/helm/argo-cd.yaml +++ b/prototypes/argocd/helm/argo-cd.yaml @@ -15,11 +15,28 @@ configs: - kube-controller-manager jsonPointers: - /status + resource.customizations.ignoreDifferences.apps_StatefulSet: | + jqPathExpressions: + - .spec.volumeClaimTemplates + +controller: + metrics: + enabled: true server: + metrics: + enabled: true ingress: enabled: true ingressClassName: traefik tls: true annotations: cert-manager.io/cluster-issuer: letsencrypt + +repoServer: + metrics: + enabled: true + +applicationSet: + metrics: + enabled: true diff --git a/prototypes/cert-manager/helm/cert-manager.yaml b/prototypes/cert-manager/helm/cert-manager.yaml index 5bfbd8a..7a5eadd 100644 --- a/prototypes/cert-manager/helm/cert-manager.yaml +++ b/prototypes/cert-manager/helm/cert-manager.yaml @@ -6,3 +6,6 @@ crds: global: leaderElection: namespace: cert-manager + +prometheus: + enabled: true diff --git a/prototypes/grafana/app-data.ytt.yaml b/prototypes/grafana/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/prototypes/grafana/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/prototypes/grafana/helm/grafana.yaml b/prototypes/grafana/helm/grafana.yaml new file mode 100644 index 0000000..1931d26 --- /dev/null +++ b/prototypes/grafana/helm/grafana.yaml @@ -0,0 +1,58 @@ +--- +resources: + requests: + cpu: 50m + memory: 128Mi + limits: + memory: 256Mi + +persistence: + enabled: true + size: 2Gi + storageClassName: local-path + +ingress: + enabled: true + ingressClassName: traefik + hosts: + - grafana.tr1ceracop.de + tls: + - secretName: grafana-tls + hosts: + - grafana.tr1ceracop.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt + +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: VictoriaMetrics + type: prometheus + url: http://victoria-metrics-single-server.monitoring.svc:8428 + access: proxy + isDefault: true + +dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: default + orgId: 1 + folder: "" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default + +dashboards: + default: + node-exporter: + gnetId: 1860 + revision: 37 + datasource: VictoriaMetrics + kubernetes-cluster: + gnetId: 15757 + revision: 37 + datasource: VictoriaMetrics diff --git a/prototypes/grafana/vendir/base.ytt.yaml b/prototypes/grafana/vendir/base.ytt.yaml new file mode 100644 index 0000000..530cdb0 --- /dev/null +++ b/prototypes/grafana/vendir/base.ytt.yaml @@ -0,0 +1,16 @@ +#@ load("@ytt:data", "data") + +#@ app = data.values.application +--- +apiVersion: vendir.k14s.io/v1alpha1 +kind: Config +directories: + - path: #@ "charts/" + app.name + contents: + - path: . + helmChart: + name: #@ app.name + version: #@ app.version + repository: + url: #@ app.url + lazy: true diff --git a/prototypes/grafana/vendir/vendir-data.ytt.yaml b/prototypes/grafana/vendir/vendir-data.ytt.yaml new file mode 100644 index 0000000..1707f5e --- /dev/null +++ b/prototypes/grafana/vendir/vendir-data.ytt.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + #! renovate: datasource=helm + name: grafana + url: https://grafana.github.io/helm-charts + version: 10.5.15 diff --git a/prototypes/grafana/ytt/ns.ytt.yaml b/prototypes/grafana/ytt/ns.ytt.yaml new file mode 100644 index 0000000..e6c1457 --- /dev/null +++ b/prototypes/grafana/ytt/ns.ytt.yaml @@ -0,0 +1,10 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@ ns = data.values.application.namespace + +#@overlay/match by=overlay.all, expects="1+" +--- +metadata: + #@overlay/match missing_ok=True + namespace: #@ ns diff --git a/prototypes/kube-state-metrics/app-data.ytt.yaml b/prototypes/kube-state-metrics/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/prototypes/kube-state-metrics/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/prototypes/kube-state-metrics/helm/kube-state-metrics.yaml b/prototypes/kube-state-metrics/helm/kube-state-metrics.yaml new file mode 100644 index 0000000..39f05c5 --- /dev/null +++ b/prototypes/kube-state-metrics/helm/kube-state-metrics.yaml @@ -0,0 +1,7 @@ +--- +resources: + requests: + cpu: 10m + memory: 64Mi + limits: + memory: 128Mi diff --git a/prototypes/kube-state-metrics/vendir/base.ytt.yaml b/prototypes/kube-state-metrics/vendir/base.ytt.yaml new file mode 100644 index 0000000..530cdb0 --- /dev/null +++ b/prototypes/kube-state-metrics/vendir/base.ytt.yaml @@ -0,0 +1,16 @@ +#@ load("@ytt:data", "data") + +#@ app = data.values.application +--- +apiVersion: vendir.k14s.io/v1alpha1 +kind: Config +directories: + - path: #@ "charts/" + app.name + contents: + - path: . + helmChart: + name: #@ app.name + version: #@ app.version + repository: + url: #@ app.url + lazy: true diff --git a/prototypes/kube-state-metrics/vendir/vendir-data.ytt.yaml b/prototypes/kube-state-metrics/vendir/vendir-data.ytt.yaml new file mode 100644 index 0000000..842de03 --- /dev/null +++ b/prototypes/kube-state-metrics/vendir/vendir-data.ytt.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + #! renovate: datasource=helm + name: kube-state-metrics + url: https://prometheus-community.github.io/helm-charts + version: 7.2.2 diff --git a/prototypes/kube-state-metrics/ytt/ns.ytt.yaml b/prototypes/kube-state-metrics/ytt/ns.ytt.yaml new file mode 100644 index 0000000..e6c1457 --- /dev/null +++ b/prototypes/kube-state-metrics/ytt/ns.ytt.yaml @@ -0,0 +1,10 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@ ns = data.values.application.namespace + +#@overlay/match by=overlay.all, expects="1+" +--- +metadata: + #@overlay/match missing_ok=True + namespace: #@ ns diff --git a/prototypes/node-exporter/app-data.ytt.yaml b/prototypes/node-exporter/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/prototypes/node-exporter/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/prototypes/node-exporter/helm/prometheus-node-exporter.yaml b/prototypes/node-exporter/helm/prometheus-node-exporter.yaml new file mode 100644 index 0000000..5f0bdd5 --- /dev/null +++ b/prototypes/node-exporter/helm/prometheus-node-exporter.yaml @@ -0,0 +1,12 @@ +--- +resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 64Mi + +tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule diff --git a/prototypes/node-exporter/vendir/base.ytt.yaml b/prototypes/node-exporter/vendir/base.ytt.yaml new file mode 100644 index 0000000..530cdb0 --- /dev/null +++ b/prototypes/node-exporter/vendir/base.ytt.yaml @@ -0,0 +1,16 @@ +#@ load("@ytt:data", "data") + +#@ app = data.values.application +--- +apiVersion: vendir.k14s.io/v1alpha1 +kind: Config +directories: + - path: #@ "charts/" + app.name + contents: + - path: . + helmChart: + name: #@ app.name + version: #@ app.version + repository: + url: #@ app.url + lazy: true diff --git a/prototypes/node-exporter/vendir/vendir-data.ytt.yaml b/prototypes/node-exporter/vendir/vendir-data.ytt.yaml new file mode 100644 index 0000000..5947104 --- /dev/null +++ b/prototypes/node-exporter/vendir/vendir-data.ytt.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + #! renovate: datasource=helm + name: prometheus-node-exporter + url: https://prometheus-community.github.io/helm-charts + version: 4.52.2 diff --git a/prototypes/node-exporter/ytt/ns.ytt.yaml b/prototypes/node-exporter/ytt/ns.ytt.yaml new file mode 100644 index 0000000..e6c1457 --- /dev/null +++ b/prototypes/node-exporter/ytt/ns.ytt.yaml @@ -0,0 +1,10 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@ ns = data.values.application.namespace + +#@overlay/match by=overlay.all, expects="1+" +--- +metadata: + #@overlay/match missing_ok=True + namespace: #@ ns diff --git a/prototypes/traefik/helm/traefik.yaml b/prototypes/traefik/helm/traefik.yaml index 5c7f34a..c61bedd 100644 --- a/prototypes/traefik/helm/traefik.yaml +++ b/prototypes/traefik/helm/traefik.yaml @@ -13,6 +13,9 @@ ports: hostPort: 80 websecure: hostPort: 443 + metrics: + expose: + default: true persistence: enabled: false diff --git a/prototypes/victoria-metrics-single/app-data.ytt.yaml b/prototypes/victoria-metrics-single/app-data.ytt.yaml new file mode 100644 index 0000000..70f7696 --- /dev/null +++ b/prototypes/victoria-metrics-single/app-data.ytt.yaml @@ -0,0 +1,5 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + namespace: monitoring diff --git a/prototypes/victoria-metrics-single/helm/victoria-metrics-single.yaml b/prototypes/victoria-metrics-single/helm/victoria-metrics-single.yaml new file mode 100644 index 0000000..a98b50a --- /dev/null +++ b/prototypes/victoria-metrics-single/helm/victoria-metrics-single.yaml @@ -0,0 +1,57 @@ +--- +server: + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + memory: 512Mi + persistentVolume: + enabled: true + size: 10Gi + storageClassName: local-path + scrape: + enabled: true + config: + global: + scrape_interval: 30s + scrape_timeout: 10s + scrape_configs: + - job_name: victoriametrics + static_configs: + - targets: ["localhost:8428"] + - job_name: node-exporter + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: monitoring;prometheus-node-exporter;metrics + - job_name: kube-state-metrics + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: monitoring;kube-state-metrics;http + - job_name: traefik + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: traefik;traefik;metrics + - job_name: argocd + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_endpoint_port_name] + action: keep + regex: argocd;http-metrics + - job_name: cert-manager + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: cert-manager;cert-manager;tcp-prometheus-servicemonitor diff --git a/prototypes/victoria-metrics-single/vendir/base.ytt.yaml b/prototypes/victoria-metrics-single/vendir/base.ytt.yaml new file mode 100644 index 0000000..530cdb0 --- /dev/null +++ b/prototypes/victoria-metrics-single/vendir/base.ytt.yaml @@ -0,0 +1,16 @@ +#@ load("@ytt:data", "data") + +#@ app = data.values.application +--- +apiVersion: vendir.k14s.io/v1alpha1 +kind: Config +directories: + - path: #@ "charts/" + app.name + contents: + - path: . + helmChart: + name: #@ app.name + version: #@ app.version + repository: + url: #@ app.url + lazy: true diff --git a/prototypes/victoria-metrics-single/vendir/vendir-data.ytt.yaml b/prototypes/victoria-metrics-single/vendir/vendir-data.ytt.yaml new file mode 100644 index 0000000..4cf164f --- /dev/null +++ b/prototypes/victoria-metrics-single/vendir/vendir-data.ytt.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + #! renovate: datasource=helm + name: victoria-metrics-single + url: https://victoriametrics.github.io/helm-charts + version: 0.33.0 diff --git a/prototypes/victoria-metrics-single/ytt/ns.ytt.yaml b/prototypes/victoria-metrics-single/ytt/ns.ytt.yaml new file mode 100644 index 0000000..f66069b --- /dev/null +++ b/prototypes/victoria-metrics-single/ytt/ns.ytt.yaml @@ -0,0 +1,18 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@ ns = data.values.application.namespace + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: #@ ns + labels: + pod-security.kubernetes.io/enforce: privileged + +#@overlay/match by=overlay.all, expects="1+" +--- +metadata: + #@overlay/match missing_ok=True + namespace: #@ ns diff --git a/rendered/argocd/production/app-grafana.yaml b/rendered/argocd/production/app-grafana.yaml new file mode 100644 index 0000000..3cfae4e --- /dev/null +++ b/rendered/argocd/production/app-grafana.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + myks.dev/environment: production + finalizers: + - resources-finalizer.argocd.argoproj.io + name: app-production-grafana + namespace: argocd +spec: + destination: + namespace: grafana + server: https://kubernetes.default.svc + project: env-production + source: + path: rendered/envs/production/grafana + repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + targetRevision: main + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/rendered/argocd/production/app-kube-state-metrics.yaml b/rendered/argocd/production/app-kube-state-metrics.yaml new file mode 100644 index 0000000..e7ae0aa --- /dev/null +++ b/rendered/argocd/production/app-kube-state-metrics.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + myks.dev/environment: production + finalizers: + - resources-finalizer.argocd.argoproj.io + name: app-production-kube-state-metrics + namespace: argocd +spec: + destination: + namespace: kube-state-metrics + server: https://kubernetes.default.svc + project: env-production + source: + path: rendered/envs/production/kube-state-metrics + repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + targetRevision: main + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/rendered/argocd/production/app-node-exporter.yaml b/rendered/argocd/production/app-node-exporter.yaml new file mode 100644 index 0000000..cc297ba --- /dev/null +++ b/rendered/argocd/production/app-node-exporter.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + myks.dev/environment: production + finalizers: + - resources-finalizer.argocd.argoproj.io + name: app-production-node-exporter + namespace: argocd +spec: + destination: + namespace: node-exporter + server: https://kubernetes.default.svc + project: env-production + source: + path: rendered/envs/production/node-exporter + repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + targetRevision: main + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/rendered/argocd/production/app-victoria-metrics-single.yaml b/rendered/argocd/production/app-victoria-metrics-single.yaml new file mode 100644 index 0000000..81abecb --- /dev/null +++ b/rendered/argocd/production/app-victoria-metrics-single.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + myks.dev/environment: production + finalizers: + - resources-finalizer.argocd.argoproj.io + name: app-production-victoria-metrics-single + namespace: argocd +spec: + destination: + namespace: victoria-metrics-single + server: https://kubernetes.default.svc + project: env-production + source: + path: rendered/envs/production/victoria-metrics-single + repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + targetRevision: main + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/rendered/envs/production/argocd/configmap-argocd-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-cm.yaml index 8d38dff..3cb274c 100644 --- a/rendered/envs/production/argocd/configmap-argocd-cm.yaml +++ b/rendered/envs/production/argocd/configmap-argocd-cm.yaml @@ -9,6 +9,9 @@ data: - kube-controller-manager jsonPointers: - /status + resource.customizations.ignoreDifferences.apps_StatefulSet: | + jqPathExpressions: + - .spec.volumeClaimTemplates server.rbac.log.enforce.enable: "false" statusbadge.enabled: "false" timeout.hard.reconciliation: 0s diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml index cf52a3d..554fc96 100644 --- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml +++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml @@ -23,7 +23,7 @@ spec: template: metadata: annotations: - checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1 + checksum/cm: 1a6402f45d0f0bbb7e237471101104aa332424c905bd8050b98a04c60e87a399 checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595 labels: app.kubernetes.io/component: repo-server diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml index 491aa79..8851fa7 100644 --- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml +++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml @@ -23,7 +23,7 @@ spec: template: metadata: annotations: - checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1 + checksum/cm: 1a6402f45d0f0bbb7e237471101104aa332424c905bd8050b98a04c60e87a399 checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595 labels: app.kubernetes.io/component: server diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-application-controller-metrics.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-application-controller-metrics.yaml new file mode 100644 index 0000000..9dca092 --- /dev/null +++ b/rendered/envs/production/argocd/service-argo-cd-argocd-application-controller-metrics.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.14.10 + helm.sh/chart: argo-cd-7.8.26 + name: argo-cd-argocd-application-controller-metrics + namespace: argocd +spec: + ports: + - name: http-metrics + port: 8082 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/name: argocd-application-controller + type: ClusterIP diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller-metrics.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller-metrics.yaml new file mode 100644 index 0000000..9bec8c6 --- /dev/null +++ b/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller-metrics.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.14.10 + helm.sh/chart: argo-cd-7.8.26 + name: argo-cd-argocd-applicationset-controller-metrics + namespace: argocd +spec: + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/name: argocd-applicationset-controller + type: ClusterIP diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server-metrics.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server-metrics.yaml new file mode 100644 index 0000000..af15ba5 --- /dev/null +++ b/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server-metrics.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server-metrics + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.14.10 + helm.sh/chart: argo-cd-7.8.26 + name: argo-cd-argocd-repo-server-metrics + namespace: argocd +spec: + ports: + - name: http-metrics + port: 8084 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/name: argocd-repo-server + type: ClusterIP diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-server-metrics.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-server-metrics.yaml new file mode 100644 index 0000000..2ff352a --- /dev/null +++ b/rendered/envs/production/argocd/service-argo-cd-argocd-server-metrics.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server-metrics + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.14.10 + helm.sh/chart: argo-cd-7.8.26 + name: argo-cd-argocd-server-metrics + namespace: argocd +spec: + ports: + - name: http-metrics + port: 8083 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/instance: argo-cd + app.kubernetes.io/name: argocd-server + type: ClusterIP diff --git a/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml index 3782acf..6e84ecc 100644 --- a/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml +++ b/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1 + checksum/cm: 1a6402f45d0f0bbb7e237471101104aa332424c905bd8050b98a04c60e87a399 checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595 labels: app.kubernetes.io/component: application-controller diff --git a/rendered/envs/production/grafana/clusterrole-grafana-clusterrole.yaml b/rendered/envs/production/grafana/clusterrole-grafana-clusterrole.yaml new file mode 100644 index 0000000..df5fa86 --- /dev/null +++ b/rendered/envs/production/grafana/clusterrole-grafana-clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana-clusterrole + namespace: monitoring +rules: [] diff --git a/rendered/envs/production/grafana/clusterrolebinding-grafana-clusterrolebinding.yaml b/rendered/envs/production/grafana/clusterrolebinding-grafana-clusterrolebinding.yaml new file mode 100644 index 0000000..8036355 --- /dev/null +++ b/rendered/envs/production/grafana/clusterrolebinding-grafana-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana-clusterrolebinding + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: grafana-clusterrole +subjects: + - kind: ServiceAccount + name: grafana + namespace: grafana diff --git a/rendered/envs/production/grafana/configmap-grafana-dashboards-default.yaml b/rendered/envs/production/grafana/configmap-grafana-dashboards-default.yaml new file mode 100644 index 0000000..e7e4d91 --- /dev/null +++ b/rendered/envs/production/grafana/configmap-grafana-dashboards-default.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + dashboard-provider: default + helm.sh/chart: grafana-10.5.15 + name: grafana-dashboards-default + namespace: monitoring diff --git a/rendered/envs/production/grafana/configmap-grafana.yaml b/rendered/envs/production/grafana/configmap-grafana.yaml new file mode 100644 index 0000000..516c488 --- /dev/null +++ b/rendered/envs/production/grafana/configmap-grafana.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +data: + dashboardproviders.yaml: | + apiVersion: 1 + providers: + - disableDeletion: false + editable: true + folder: "" + name: default + options: + path: /var/lib/grafana/dashboards/default + orgId: 1 + type: file + datasources.yaml: | + apiVersion: 1 + datasources: + - access: proxy + isDefault: true + name: VictoriaMetrics + type: prometheus + url: http://victoria-metrics-single-server.monitoring.svc:8428 + download_dashboards.sh: "#!/usr/bin/env sh\nset -euf\nmkdir -p /var/lib/grafana/dashboards/default\n\ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://grafana.com/api/dashboards/15757/revisions/37/download\" \\\n | sed '/-- .* --/! s/\"datasource\":.*,/\"datasource\": \"VictoriaMetrics\",/g' \\\n> \"/var/lib/grafana/dashboards/default/kubernetes-cluster.json\"\n \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://grafana.com/api/dashboards/1860/revisions/37/download\" \\\n | sed '/-- .* --/! s/\"datasource\":.*,/\"datasource\": \"VictoriaMetrics\",/g' \\\n> \"/var/lib/grafana/dashboards/default/node-exporter.json\"\n" + grafana.ini: | + [analytics] + check_for_updates = true + [log] + mode = console + [paths] + data = /var/lib/grafana/ + logs = /var/log/grafana + plugins = /var/lib/grafana/plugins + provisioning = /etc/grafana/provisioning + [server] + domain = grafana.tr1ceracop.de + [unified_storage] + index_path = /var/lib/grafana-search/bleve +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring diff --git a/rendered/envs/production/grafana/deployment-grafana.yaml b/rendered/envs/production/grafana/deployment-grafana.yaml new file mode 100644 index 0000000..086d3f8 --- /dev/null +++ b/rendered/envs/production/grafana/deployment-grafana.yaml @@ -0,0 +1,187 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: de8d6f16e9721409f5848bcc101e6aa9815e6455bd4fb9b59306159e705ac1cb + checksum/dashboards-json-config: 63ff5f7bd5ab0b6c241c689c0aa4d78be9bef984e63c1089dc988905fbb61f74 + checksum/sc-dashboard-provider-config: e70bf6a851099d385178a76de9757bb0bef8299da6d8443602590e44f05fdf24 + checksum/secret: 2d69544e089b6217799ec53d023d438ff572a49e7e20d15ec4b75a77fbcd6d30 + kubectl.kubernetes.io/default-container: grafana + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + spec: + automountServiceAccountToken: true + containers: + - env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + key: admin-user + name: grafana + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin-password + name: grafana + - name: GF_PATHS_DATA + value: /var/lib/grafana/ + - name: GF_PATHS_LOGS + value: /var/log/grafana + - name: GF_PATHS_PLUGINS + value: /var/lib/grafana/plugins + - name: GF_PATHS_PROVISIONING + value: /etc/grafana/provisioning + - name: GF_UNIFIED_STORAGE_INDEX_PATH + value: /var/lib/grafana-search/bleve + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + image: docker.io/grafana/grafana:12.3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: grafana + initialDelaySeconds: 60 + timeoutSeconds: 30 + name: grafana + ports: + - containerPort: 3000 + name: grafana + protocol: TCP + - containerPort: 9094 + name: gossip-tcp + protocol: TCP + - containerPort: 9094 + name: gossip-udp + protocol: UDP + - containerPort: 6060 + name: profiling + protocol: TCP + readinessProbe: + httpGet: + path: /api/health + port: grafana + resources: + limits: + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/grafana/grafana.ini + name: config + subPath: grafana.ini + - mountPath: /var/lib/grafana + name: storage + - mountPath: /var/lib/grafana-search + name: search + - mountPath: /etc/grafana/provisioning/datasources/datasources.yaml + name: config + subPath: datasources.yaml + - mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml + name: config + subPath: dashboardproviders.yaml + enableServiceLinks: true + initContainers: + - command: + - chown + - -R + - 472:472 + - /var/lib/grafana + image: docker.io/library/busybox:1.31.1 + imagePullPolicy: IfNotPresent + name: init-chown-data + securityContext: + capabilities: + add: + - CHOWN + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/lib/grafana + name: storage + - args: + - -c + - mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh + command: + - /bin/sh + env: null + image: docker.io/curlimages/curl:8.9.1 + imagePullPolicy: IfNotPresent + name: download-dashboards + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/grafana/download_dashboards.sh + name: config + subPath: download_dashboards.sh + - mountPath: /var/lib/grafana + name: storage + securityContext: + fsGroup: 472 + runAsGroup: 472 + runAsNonRoot: true + runAsUser: 472 + serviceAccountName: grafana + shareProcessNamespace: false + volumes: + - configMap: + name: grafana + name: config + - configMap: + name: grafana-dashboards-default + name: dashboards-default + - name: storage + persistentVolumeClaim: + claimName: grafana + - emptyDir: {} + name: search diff --git a/rendered/envs/production/grafana/ingress-grafana.yaml b/rendered/envs/production/grafana/ingress-grafana.yaml new file mode 100644 index 0000000..5fd3743 --- /dev/null +++ b/rendered/envs/production/grafana/ingress-grafana.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + cert-manager.io/cluster-issuer: letsencrypt + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +spec: + ingressClassName: traefik + rules: + - host: grafana.tr1ceracop.de + http: + paths: + - backend: + service: + name: grafana + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - grafana.tr1ceracop.de + secretName: grafana-tls diff --git a/rendered/envs/production/grafana/persistentvolumeclaim-grafana.yaml b/rendered/envs/production/grafana/persistentvolumeclaim-grafana.yaml new file mode 100644 index 0000000..30a688d --- /dev/null +++ b/rendered/envs/production/grafana/persistentvolumeclaim-grafana.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/rendered/envs/production/grafana/role-grafana.yaml b/rendered/envs/production/grafana/role-grafana.yaml new file mode 100644 index 0000000..bbe646d --- /dev/null +++ b/rendered/envs/production/grafana/role-grafana.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +rules: [] diff --git a/rendered/envs/production/grafana/rolebinding-grafana.yaml b/rendered/envs/production/grafana/rolebinding-grafana.yaml new file mode 100644 index 0000000..5779c3d --- /dev/null +++ b/rendered/envs/production/grafana/rolebinding-grafana.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: grafana +subjects: + - kind: ServiceAccount + name: grafana + namespace: grafana diff --git a/rendered/envs/production/grafana/secret-grafana.yaml b/rendered/envs/production/grafana/secret-grafana.yaml new file mode 100644 index 0000000..20201a7 --- /dev/null +++ b/rendered/envs/production/grafana/secret-grafana.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + admin-password: WEh6bjRwYTlGOVM2a3dRT0RncndrNDZocXlrc0Q4Mjlxdll6ZXFHUw== + admin-user: YWRtaW4= + ldap-toml: "" +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: admin-secret + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +type: Opaque diff --git a/rendered/envs/production/grafana/service-grafana.yaml b/rendered/envs/production/grafana/service-grafana.yaml new file mode 100644 index 0000000..39be213 --- /dev/null +++ b/rendered/envs/production/grafana/service-grafana.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring +spec: + ports: + - name: service + port: 80 + protocol: TCP + targetPort: grafana + selector: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + type: ClusterIP diff --git a/rendered/envs/production/grafana/serviceaccount-grafana.yaml b/rendered/envs/production/grafana/serviceaccount-grafana.yaml new file mode 100644 index 0000000..c2a0376 --- /dev/null +++ b/rendered/envs/production/grafana/serviceaccount-grafana.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 12.3.1 + helm.sh/chart: grafana-10.5.15 + name: grafana + namespace: monitoring diff --git a/rendered/envs/production/kube-state-metrics/clusterrole-kube-state-metrics.yaml b/rendered/envs/production/kube-state-metrics/clusterrole-kube-state-metrics.yaml new file mode 100644 index 0000000..f1bff72 --- /dev/null +++ b/rendered/envs/production/kube-state-metrics/clusterrole-kube-state-metrics.yaml @@ -0,0 +1,212 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + name: kube-state-metrics + namespace: monitoring +rules: + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - limitranges + verbs: + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - list + - watch diff --git a/rendered/envs/production/kube-state-metrics/clusterrolebinding-kube-state-metrics.yaml b/rendered/envs/production/kube-state-metrics/clusterrolebinding-kube-state-metrics.yaml new file mode 100644 index 0000000..aede608 --- /dev/null +++ b/rendered/envs/production/kube-state-metrics/clusterrolebinding-kube-state-metrics.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + name: kube-state-metrics + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: + - kind: ServiceAccount + name: kube-state-metrics + namespace: kube-state-metrics diff --git a/rendered/envs/production/kube-state-metrics/deployment-kube-state-metrics.yaml b/rendered/envs/production/kube-state-metrics/deployment-kube-state-metrics.yaml new file mode 100644 index 0000000..24529e1 --- /dev/null +++ b/rendered/envs/production/kube-state-metrics/deployment-kube-state-metrics.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + name: kube-state-metrics + namespace: monitoring +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + spec: + automountServiceAccountToken: true + containers: + - args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpointslices,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: null + path: /livez + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http + - containerPort: 8081 + name: metrics + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: null + path: /readyz + port: metrics + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + dnsPolicy: ClusterFirst + hostNetwork: false + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + serviceAccountName: kube-state-metrics diff --git a/rendered/envs/production/kube-state-metrics/service-kube-state-metrics.yaml b/rendered/envs/production/kube-state-metrics/service-kube-state-metrics.yaml new file mode 100644 index 0000000..d1ad246 --- /dev/null +++ b/rendered/envs/production/kube-state-metrics/service-kube-state-metrics.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + name: kube-state-metrics + namespace: monitoring +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + type: ClusterIP diff --git a/rendered/envs/production/kube-state-metrics/serviceaccount-kube-state-metrics.yaml b/rendered/envs/production/kube-state-metrics/serviceaccount-kube-state-metrics.yaml new file mode 100644 index 0000000..d16327f --- /dev/null +++ b/rendered/envs/production/kube-state-metrics/serviceaccount-kube-state-metrics.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.18.0 + helm.sh/chart: kube-state-metrics-7.2.2 + name: kube-state-metrics + namespace: monitoring diff --git a/rendered/envs/production/node-exporter/daemonset-prometheus-node-exporter.yaml b/rendered/envs/production/node-exporter/daemonset-prometheus-node-exporter.yaml new file mode 100644 index 0000000..2fefb61 --- /dev/null +++ b/rendered/envs/production/node-exporter/daemonset-prometheus-node-exporter.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: prometheus-node-exporter + app.kubernetes.io/part-of: prometheus-node-exporter + app.kubernetes.io/version: 1.10.2 + helm.sh/chart: prometheus-node-exporter-4.52.2 + name: prometheus-node-exporter + namespace: monitoring +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/name: prometheus-node-exporter + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: prometheus-node-exporter + app.kubernetes.io/part-of: prometheus-node-exporter + app.kubernetes.io/version: 1.10.2 + helm.sh/chart: prometheus-node-exporter-4.52.2 + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + - key: type + operator: NotIn + values: + - virtual-kubelet + automountServiceAccountToken: false + containers: + - args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --path.udev.data=/host/root/run/udev/data + - --web.listen-address=[$(HOST_IP)]:9100 + env: + - name: HOST_IP + value: 0.0.0.0 + image: quay.io/prometheus/node-exporter:v1.10.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: null + path: / + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: node-exporter + ports: + - containerPort: 9100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: null + path: / + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + memory: 64Mi + requests: + cpu: 10m + memory: 32Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /host/proc + name: proc + readOnly: true + - mountPath: /host/sys + name: sys + readOnly: true + - mountPath: /host/root + mountPropagation: HostToContainer + name: root + readOnly: true + hostIPC: false + hostNetwork: true + hostPID: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + serviceAccountName: prometheus-node-exporter + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys + name: sys + - hostPath: + path: / + name: root + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/rendered/envs/production/node-exporter/service-prometheus-node-exporter.yaml b/rendered/envs/production/node-exporter/service-prometheus-node-exporter.yaml new file mode 100644 index 0000000..92705a8 --- /dev/null +++ b/rendered/envs/production/node-exporter/service-prometheus-node-exporter.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: prometheus-node-exporter + app.kubernetes.io/part-of: prometheus-node-exporter + app.kubernetes.io/version: 1.10.2 + helm.sh/chart: prometheus-node-exporter-4.52.2 + name: prometheus-node-exporter + namespace: monitoring +spec: + ports: + - name: metrics + port: 9100 + protocol: TCP + targetPort: 9100 + selector: + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/name: prometheus-node-exporter + type: ClusterIP diff --git a/rendered/envs/production/node-exporter/serviceaccount-prometheus-node-exporter.yaml b/rendered/envs/production/node-exporter/serviceaccount-prometheus-node-exporter.yaml new file mode 100644 index 0000000..ff5fa2e --- /dev/null +++ b/rendered/envs/production/node-exporter/serviceaccount-prometheus-node-exporter.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: prometheus-node-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: prometheus-node-exporter + app.kubernetes.io/part-of: prometheus-node-exporter + app.kubernetes.io/version: 1.10.2 + helm.sh/chart: prometheus-node-exporter-4.52.2 + name: prometheus-node-exporter + namespace: monitoring diff --git a/rendered/envs/production/traefik/service-traefik.yaml b/rendered/envs/production/traefik/service-traefik.yaml index ba0e6db..172c094 100644 --- a/rendered/envs/production/traefik/service-traefik.yaml +++ b/rendered/envs/production/traefik/service-traefik.yaml @@ -12,6 +12,10 @@ metadata: namespace: traefik spec: ports: + - name: metrics + port: 9100 + protocol: TCP + targetPort: metrics - name: web port: 80 protocol: TCP diff --git a/rendered/envs/production/victoria-metrics-single/clusterrole-victoria-metrics-single-server.yaml b/rendered/envs/production/victoria-metrics-single/clusterrole-victoria-metrics-single-server.yaml new file mode 100644 index 0000000..8dea92e --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/clusterrole-victoria-metrics-single-server.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/managed-by: Helm + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server + namespace: monitoring +rules: + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/rendered/envs/production/victoria-metrics-single/clusterrolebinding-victoria-metrics-single-server.yaml b/rendered/envs/production/victoria-metrics-single/clusterrolebinding-victoria-metrics-single-server.yaml new file mode 100644 index 0000000..8c2d702 --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/clusterrolebinding-victoria-metrics-single-server.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/managed-by: Helm + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: victoria-metrics-single-server +subjects: + - kind: ServiceAccount + name: victoria-metrics-single-server + namespace: victoria-metrics-single diff --git a/rendered/envs/production/victoria-metrics-single/configmap-victoria-metrics-single-server-scrapeconfig.yaml b/rendered/envs/production/victoria-metrics-single/configmap-victoria-metrics-single-server-scrapeconfig.yaml new file mode 100644 index 0000000..f572963 --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/configmap-victoria-metrics-single-server-scrapeconfig.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +data: + scrape.yml: | + global: + scrape_interval: 30s + scrape_timeout: 10s + scrape_configs: + - job_name: victoriametrics + static_configs: + - targets: + - localhost:8428 + - job_name: node-exporter + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: monitoring;prometheus-node-exporter;metrics + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + - job_name: kube-state-metrics + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: monitoring;kube-state-metrics;http + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + - job_name: traefik + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: traefik;traefik;metrics + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + - job_name: argocd + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: argocd;http-metrics + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_endpoint_port_name + - job_name: cert-manager + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: cert-manager;cert-manager;tcp-prometheus-servicemonitor + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: victoria-metrics-single + app.kubernetes.io/version: v1.138.0 + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server-scrapeconfig + namespace: monitoring diff --git a/rendered/envs/production/victoria-metrics-single/namespace-monitoring.yaml b/rendered/envs/production/victoria-metrics-single/namespace-monitoring.yaml new file mode 100644 index 0000000..3e574c6 --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/namespace-monitoring.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + pod-security.kubernetes.io/enforce: privileged + name: monitoring + namespace: monitoring diff --git a/rendered/envs/production/victoria-metrics-single/service-victoria-metrics-single-server.yaml b/rendered/envs/production/victoria-metrics-single/service-victoria-metrics-single-server.yaml new file mode 100644 index 0000000..41bf6c4 --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/service-victoria-metrics-single-server.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: victoria-metrics-single + app.kubernetes.io/version: v1.138.0 + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server + namespace: monitoring +spec: + clusterIP: None + ports: + - name: http + port: 8428 + protocol: TCP + targetPort: http + selector: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/name: victoria-metrics-single + type: ClusterIP diff --git a/rendered/envs/production/victoria-metrics-single/serviceaccount-victoria-metrics-single-server.yaml b/rendered/envs/production/victoria-metrics-single/serviceaccount-victoria-metrics-single-server.yaml new file mode 100644 index 0000000..62e9a8e --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/serviceaccount-victoria-metrics-single-server.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/managed-by: Helm + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server + namespace: monitoring diff --git a/rendered/envs/production/victoria-metrics-single/statefulset-victoria-metrics-single-server.yaml b/rendered/envs/production/victoria-metrics-single/statefulset-victoria-metrics-single-server.yaml new file mode 100644 index 0000000..9e1a4fe --- /dev/null +++ b/rendered/envs/production/victoria-metrics-single/statefulset-victoria-metrics-single-server.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: victoria-metrics-single + app.kubernetes.io/version: v1.138.0 + helm.sh/chart: victoria-metrics-single-0.33.0 + name: victoria-metrics-single-server + namespace: monitoring +spec: + podManagementPolicy: OrderedReady + replicas: 1 + selector: + matchLabels: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/name: victoria-metrics-single + serviceName: victoria-metrics-single-server + template: + metadata: + labels: + app: server + app.kubernetes.io/instance: victoria-metrics-single + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: victoria-metrics-single + app.kubernetes.io/version: v1.138.0 + helm.sh/chart: victoria-metrics-single-0.33.0 + spec: + automountServiceAccountToken: true + containers: + - args: + - --envflag.enable + - --envflag.prefix=VM_ + - --httpListenAddr=:8428 + - --loggerFormat=json + - --promscrape.config=/scrapeconfig/scrape.yml + - --retentionPeriod=1 + - --storageDataPath=/storage + image: victoriametrics/victoria-metrics:v1.138.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 30 + tcpSocket: + port: http + timeoutSeconds: 5 + name: vmsingle + ports: + - containerPort: 8428 + name: http + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 15 + timeoutSeconds: 5 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: {} + volumeMounts: + - mountPath: /storage + name: server-volume + - mountPath: /scrapeconfig + name: scrapeconfig + securityContext: {} + serviceAccountName: victoria-metrics-single-server + terminationGracePeriodSeconds: 60 + volumes: + - configMap: + name: victoria-metrics-single-server-scrapeconfig + name: scrapeconfig + updateStrategy: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: server-volume + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: local-path