gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: Add VictoriaMetrics monitoring stack

Browse source 
Adds victoria-metrics-single, grafana, kube-state-metrics, and
node-exporter to the cluster. Enables metrics endpoints on traefik,
argocd, and cert-manager for scraping. Grafana available at
grafana.tr1ceracop.de with VictoriaMetrics as default datasource.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Felix Wolf 2026-03-30 23:48:12 +02:00
parent c7bfd4953c
commit b78561c2af
67 changed files with 1837 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
envs/production/_apps/grafana/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

5
envs/production/_apps/kube-state-metrics/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

5
envs/production/_apps/node-exporter/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

5
envs/production/_apps/victoria-metrics-single/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

4
envs/production/env-data.ytt.yaml
View file

@ -7,3 +7,7 @@ environment:
- proto: traefik
- proto: cert-manager
- proto: forgejo
- proto: victoria-metrics-single
- proto: grafana
- proto: kube-state-metrics
- proto: node-exporter

14
prototypes/argocd/helm/argo-cd.yaml
View file

@ -16,10 +16,24 @@ configs:
jsonPointers:
- /status
controller:
metrics:
enabled: true
server:
metrics:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
tls: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt
repoServer:
metrics:
enabled: true
applicationSet:
metrics:
enabled: true

3
prototypes/cert-manager/helm/cert-manager.yaml
View file

@ -6,3 +6,6 @@ crds:
global:
leaderElection:
namespace: cert-manager
prometheus:
enabled: true

5
prototypes/grafana/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

58
prototypes/grafana/helm/grafana.yaml Normal file
View file

@ -0,0 +1,58 @@
---
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
memory: 256Mi
persistence:
enabled: true
size: 2Gi
storageClassName: local-path
ingress:
enabled: true
ingressClassName: traefik
hosts:
- grafana.tr1ceracop.de
tls:
- secretName: grafana-tls
hosts:
- grafana.tr1ceracop.de
annotations:
cert-manager.io/cluster-issuer: letsencrypt
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: VictoriaMetrics
type: prometheus
url: http://victoria-metrics-single-server.monitoring.svc:8428
access: proxy
isDefault: true
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: default
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
node-exporter:
gnetId: 1860
revision: 37
datasource: VictoriaMetrics
kubernetes-cluster:
gnetId: 15757
revision: 37
datasource: VictoriaMetrics

16
prototypes/grafana/vendir/base.ytt.yaml Normal file
View file

@ -0,0 +1,16 @@
#@ load("@ytt:data", "data")
#@ app = data.values.application
---
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: #@ "charts/" + app.name
contents:
- path: .
helmChart:
name: #@ app.name
version: #@ app.version
repository:
url: #@ app.url
lazy: true

8
prototypes/grafana/vendir/vendir-data.ytt.yaml Normal file
View file

@ -0,0 +1,8 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
#! renovate: datasource=helm
name: grafana
url: https://grafana.github.io/helm-charts
version: 10.5.15

18
prototypes/grafana/ytt/ns.ytt.yaml Normal file
View file

@ -0,0 +1,18 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: #@ ns
labels:
pod-security.kubernetes.io/enforce: privileged
#@overlay/match by=overlay.all, expects="1+"
---
metadata:
#@overlay/match missing_ok=True
namespace: #@ ns

5
prototypes/kube-state-metrics/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

7
prototypes/kube-state-metrics/helm/kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,7 @@
---
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 128Mi

16
prototypes/kube-state-metrics/vendir/base.ytt.yaml Normal file
View file

@ -0,0 +1,16 @@
#@ load("@ytt:data", "data")
#@ app = data.values.application
---
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: #@ "charts/" + app.name
contents:
- path: .
helmChart:
name: #@ app.name
version: #@ app.version
repository:
url: #@ app.url
lazy: true

8
prototypes/kube-state-metrics/vendir/vendir-data.ytt.yaml Normal file
View file

@ -0,0 +1,8 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
#! renovate: datasource=helm
name: kube-state-metrics
url: https://prometheus-community.github.io/helm-charts
version: 7.2.2

18
prototypes/kube-state-metrics/ytt/ns.ytt.yaml Normal file
View file

@ -0,0 +1,18 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: #@ ns
labels:
pod-security.kubernetes.io/enforce: privileged
#@overlay/match by=overlay.all, expects="1+"
---
metadata:
#@overlay/match missing_ok=True
namespace: #@ ns

5
prototypes/node-exporter/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

12
prototypes/node-exporter/helm/prometheus-node-exporter.yaml Normal file
View file

@ -0,0 +1,12 @@
---
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
memory: 64Mi
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule

16
prototypes/node-exporter/vendir/base.ytt.yaml Normal file
View file

@ -0,0 +1,16 @@
#@ load("@ytt:data", "data")
#@ app = data.values.application
---
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: #@ "charts/" + app.name
contents:
- path: .
helmChart:
name: #@ app.name
version: #@ app.version
repository:
url: #@ app.url
lazy: true

8
prototypes/node-exporter/vendir/vendir-data.ytt.yaml Normal file
View file

@ -0,0 +1,8 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
#! renovate: datasource=helm
name: prometheus-node-exporter
url: https://prometheus-community.github.io/helm-charts
version: 4.52.2

18
prototypes/node-exporter/ytt/ns.ytt.yaml Normal file
View file

@ -0,0 +1,18 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: #@ ns
labels:
pod-security.kubernetes.io/enforce: privileged
#@overlay/match by=overlay.all, expects="1+"
---
metadata:
#@overlay/match missing_ok=True
namespace: #@ ns

3
prototypes/traefik/helm/traefik.yaml
View file

@ -13,6 +13,9 @@ ports:
hostPort: 80
websecure:
hostPort: 443
metrics:
expose:
default: true
persistence:
enabled: false

5
prototypes/victoria-metrics-single/app-data.ytt.yaml Normal file
View file

@ -0,0 +1,5 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: monitoring

57
prototypes/victoria-metrics-single/helm/victoria-metrics-single.yaml Normal file
View file

@ -0,0 +1,57 @@
---
server:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 512Mi
persistentVolume:
enabled: true
size: 10Gi
storageClassName: local-path
scrape:
enabled: true
config:
global:
scrape_interval: 30s
scrape_timeout: 10s
scrape_configs:
- job_name: victoriametrics
static_configs:
- targets: ["localhost:8428"]
- job_name: node-exporter
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: monitoring;prometheus-node-exporter;metrics
- job_name: kube-state-metrics
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: monitoring;kube-state-metrics;http
- job_name: traefik
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: traefik;traefik;metrics
- job_name: argocd
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_endpoint_port_name]
action: keep
regex: argocd;http-metrics
- job_name: cert-manager
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: cert-manager;cert-manager;tcp-prometheus-servicemonitor

16
prototypes/victoria-metrics-single/vendir/base.ytt.yaml Normal file
View file

@ -0,0 +1,16 @@
#@ load("@ytt:data", "data")
#@ app = data.values.application
---
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: #@ "charts/" + app.name
contents:
- path: .
helmChart:
name: #@ app.name
version: #@ app.version
repository:
url: #@ app.url
lazy: true

8
prototypes/victoria-metrics-single/vendir/vendir-data.ytt.yaml Normal file
View file

@ -0,0 +1,8 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
#! renovate: datasource=helm
name: victoria-metrics-single
url: https://victoriametrics.github.io/helm-charts
version: 0.33.0

18
prototypes/victoria-metrics-single/ytt/ns.ytt.yaml Normal file
View file

@ -0,0 +1,18 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: #@ ns
labels:
pod-security.kubernetes.io/enforce: privileged
#@overlay/match by=overlay.all, expects="1+"
---
metadata:
#@overlay/match missing_ok=True
namespace: #@ ns

25
rendered/argocd/production/app-grafana.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
annotations:
myks.dev/environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
name: app-production-grafana
namespace: argocd
spec:
destination:
namespace: grafana
server: https://kubernetes.default.svc
project: env-production
source:
path: rendered/envs/production/grafana
repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

25
rendered/argocd/production/app-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
annotations:
myks.dev/environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
name: app-production-kube-state-metrics
namespace: argocd
spec:
destination:
namespace: kube-state-metrics
server: https://kubernetes.default.svc
project: env-production
source:
path: rendered/envs/production/kube-state-metrics
repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

25
rendered/argocd/production/app-node-exporter.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
annotations:
myks.dev/environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
name: app-production-node-exporter
namespace: argocd
spec:
destination:
namespace: node-exporter
server: https://kubernetes.default.svc
project: env-production
source:
path: rendered/envs/production/node-exporter
repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

25
rendered/argocd/production/app-victoria-metrics-single.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
annotations:
myks.dev/environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
name: app-production-victoria-metrics-single
namespace: argocd
spec:
destination:
namespace: victoria-metrics-single
server: https://kubernetes.default.svc
project: env-production
source:
path: rendered/envs/production/victoria-metrics-single
repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

25
rendered/envs/production/argocd/service-argo-cd-argocd-application-controller-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-metrics
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.14.10
helm.sh/chart: argo-cd-7.8.26
name: argo-cd-argocd-application-controller-metrics
namespace: argocd
spec:
ports:
- name: http-metrics
port: 8082
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-application-controller
type: ClusterIP

25
rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-metrics
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.14.10
helm.sh/chart: argo-cd-7.8.26
name: argo-cd-argocd-applicationset-controller-metrics
namespace: argocd
spec:
ports:
- name: http-metrics
port: 8080
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-applicationset-controller
type: ClusterIP

25
rendered/envs/production/argocd/service-argo-cd-argocd-repo-server-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server-metrics
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.14.10
helm.sh/chart: argo-cd-7.8.26
name: argo-cd-argocd-repo-server-metrics
namespace: argocd
spec:
ports:
- name: http-metrics
port: 8084
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-repo-server
type: ClusterIP

25
rendered/envs/production/argocd/service-argo-cd-argocd-server-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-server-metrics
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.14.10
helm.sh/chart: argo-cd-7.8.26
name: argo-cd-argocd-server-metrics
namespace: argocd
spec:
ports:
- name: http-metrics
port: 8083
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-server
type: ClusterIP

13
rendered/envs/production/grafana/clusterrole-grafana-clusterrole.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana-clusterrole
namespace: monitoring
rules: []

20
rendered/envs/production/grafana/clusterrolebinding-grafana-clusterrolebinding.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana-clusterrolebinding
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: grafana-clusterrole
subjects:
- kind: ServiceAccount
name: grafana
namespace: grafana

14
rendered/envs/production/grafana/configmap-grafana-dashboards-default.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
data: {}
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
dashboard-provider: default
helm.sh/chart: grafana-10.5.15
name: grafana-dashboards-default
namespace: monitoring

47
rendered/envs/production/grafana/configmap-grafana.yaml Normal file
View file

@ -0,0 +1,47 @@
apiVersion: v1
data:
dashboardproviders.yaml: |
apiVersion: 1
providers:
- disableDeletion: false
editable: true
folder: ""
name: default
options:
path: /var/lib/grafana/dashboards/default
orgId: 1
type: file
datasources.yaml: |
apiVersion: 1
datasources:
- access: proxy
isDefault: true
name: VictoriaMetrics
type: prometheus
url: http://victoria-metrics-single-server.monitoring.svc:8428
download_dashboards.sh: "#!/usr/bin/env sh\nset -euf\nmkdir -p /var/lib/grafana/dashboards/default\n\ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://grafana.com/api/dashboards/15757/revisions/37/download\" \\\n | sed '/-- .* --/! s/\"datasource\":.*,/\"datasource\": \"VictoriaMetrics\",/g' \\\n> \"/var/lib/grafana/dashboards/default/kubernetes-cluster.json\"\n \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://grafana.com/api/dashboards/1860/revisions/37/download\" \\\n | sed '/-- .* --/! s/\"datasource\":.*,/\"datasource\": \"VictoriaMetrics\",/g' \\\n> \"/var/lib/grafana/dashboards/default/node-exporter.json\"\n"
grafana.ini: |
[analytics]
check_for_updates = true
[log]
mode = console
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[server]
domain = grafana.tr1ceracop.de
[unified_storage]
index_path = /var/lib/grafana-search/bleve
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring

187
rendered/envs/production/grafana/deployment-grafana.yaml Normal file
View file

@ -0,0 +1,187 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: de8d6f16e9721409f5848bcc101e6aa9815e6455bd4fb9b59306159e705ac1cb
checksum/dashboards-json-config: 63ff5f7bd5ab0b6c241c689c0aa4d78be9bef984e63c1089dc988905fbb61f74
checksum/sc-dashboard-provider-config: e70bf6a851099d385178a76de9757bb0bef8299da6d8443602590e44f05fdf24
checksum/secret: f18d9f68443cbc8a545760e143fb0ce7cda3d2f2ebf67049d48516a716e40a4e
kubectl.kubernetes.io/default-container: grafana
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
spec:
automountServiceAccountToken: true
containers:
- env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
key: admin-user
name: grafana
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: grafana
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
- name: GF_UNIFIED_STORAGE_INDEX_PATH
value: /var/lib/grafana-search/bleve
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.memory
image: docker.io/grafana/grafana:12.3.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: grafana
initialDelaySeconds: 60
timeoutSeconds: 30
name: grafana
ports:
- containerPort: 3000
name: grafana
protocol: TCP
- containerPort: 9094
name: gossip-tcp
protocol: TCP
- containerPort: 9094
name: gossip-udp
protocol: UDP
- containerPort: 6060
name: profiling
protocol: TCP
readinessProbe:
httpGet:
path: /api/health
port: grafana
resources:
limits:
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/grafana/grafana.ini
name: config
subPath: grafana.ini
- mountPath: /var/lib/grafana
name: storage
- mountPath: /var/lib/grafana-search
name: search
- mountPath: /etc/grafana/provisioning/datasources/datasources.yaml
name: config
subPath: datasources.yaml
- mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml
name: config
subPath: dashboardproviders.yaml
enableServiceLinks: true
initContainers:
- command:
- chown
- -R
- 472:472
- /var/lib/grafana
image: docker.io/library/busybox:1.31.1
imagePullPolicy: IfNotPresent
name: init-chown-data
securityContext:
capabilities:
add:
- CHOWN
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/lib/grafana
name: storage
- args:
- -c
- mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh
command:
- /bin/sh
env: null
image: docker.io/curlimages/curl:8.9.1
imagePullPolicy: IfNotPresent
name: download-dashboards
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/grafana/download_dashboards.sh
name: config
subPath: download_dashboards.sh
- mountPath: /var/lib/grafana
name: storage
securityContext:
fsGroup: 472
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
serviceAccountName: grafana
shareProcessNamespace: false
volumes:
- configMap:
name: grafana
name: config
- configMap:
name: grafana-dashboards-default
name: dashboards-default
- name: storage
persistentVolumeClaim:
claimName: grafana
- emptyDir: {}
name: search

30
rendered/envs/production/grafana/ingress-grafana.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
cert-manager.io/cluster-issuer: letsencrypt
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
spec:
ingressClassName: traefik
rules:
- host: grafana.tr1ceracop.de
http:
paths:
- backend:
service:
name: grafana
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- grafana.tr1ceracop.de
secretName: grafana-tls

9
rendered/envs/production/grafana/namespace-monitoring.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
pod-security.kubernetes.io/enforce: privileged
name: monitoring
namespace: monitoring

21
rendered/envs/production/grafana/persistentvolumeclaim-grafana.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: local-path

13
rendered/envs/production/grafana/role-grafana.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
rules: []

20
rendered/envs/production/grafana/rolebinding-grafana.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: grafana
subjects:
- kind: ServiceAccount
name: grafana
namespace: grafana

18
rendered/envs/production/grafana/secret-grafana.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v1
data:
admin-password: Q0dPMERSN2QxRmpobEt1RGxUMUFmQzV3dXVudGdwQ0FPaDB5dTdseQ==
admin-user: YWRtaW4=
ldap-toml: ""
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: admin-secret
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
type: Opaque

22
rendered/envs/production/grafana/service-grafana.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring
spec:
ports:
- name: service
port: 80
protocol: TCP
targetPort: grafana
selector:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
type: ClusterIP

13
rendered/envs/production/grafana/serviceaccount-grafana.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/version: 12.3.1
helm.sh/chart: grafana-10.5.15
name: grafana
namespace: monitoring

212
rendered/envs/production/kube-state-metrics/clusterrole-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,212 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
name: kube-state-metrics
namespace: monitoring
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- limitranges
verbs:
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- replicationcontrollers
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- resourcequotas
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- list
- watch

23
rendered/envs/production/kube-state-metrics/clusterrolebinding-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
name: kube-state-metrics
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: kube-state-metrics

92
rendered/envs/production/kube-state-metrics/deployment-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,92 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
name: kube-state-metrics
namespace: monitoring
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/name: kube-state-metrics
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
spec:
automountServiceAccountToken: true
containers:
- args:
- --port=8080
- --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpointslices,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments
image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders: null
path: /livez
port: http
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: kube-state-metrics
ports:
- containerPort: 8080
name: http
- containerPort: 8081
name: metrics
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders: null
path: /readyz
port: metrics
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
dnsPolicy: ClusterFirst
hostNetwork: false
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
serviceAccountName: kube-state-metrics

9
rendered/envs/production/kube-state-metrics/namespace-monitoring.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
pod-security.kubernetes.io/enforce: privileged
name: monitoring
namespace: monitoring

26
rendered/envs/production/kube-state-metrics/service-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
prometheus.io/scrape: "true"
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
name: kube-state-metrics
namespace: monitoring
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/name: kube-state-metrics
type: ClusterIP

16
rendered/envs/production/kube-state-metrics/serviceaccount-kube-state-metrics.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/version: 2.18.0
helm.sh/chart: kube-state-metrics-7.2.2
name: kube-state-metrics
namespace: monitoring

135
rendered/envs/production/node-exporter/daemonset-prometheus-node-exporter.yaml Normal file
View file

@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/part-of: prometheus-node-exporter
app.kubernetes.io/version: 1.10.2
helm.sh/chart: prometheus-node-exporter-4.52.2
name: prometheus-node-exporter
namespace: monitoring
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/name: prometheus-node-exporter
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/part-of: prometheus-node-exporter
app.kubernetes.io/version: 1.10.2
helm.sh/chart: prometheus-node-exporter-4.52.2
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
- key: type
operator: NotIn
values:
- virtual-kubelet
automountServiceAccountToken: false
containers:
- args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --path.udev.data=/host/root/run/udev/data
- --web.listen-address=[$(HOST_IP)]:9100
env:
- name: HOST_IP
value: 0.0.0.0
image: quay.io/prometheus/node-exporter:v1.10.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders: null
path: /
port: metrics
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: node-exporter
ports:
- containerPort: 9100
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders: null
path: /
port: metrics
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
securityContext:
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /host/proc
name: proc
readOnly: true
- mountPath: /host/sys
name: sys
readOnly: true
- mountPath: /host/root
mountPropagation: HostToContainer
name: root
readOnly: true
hostIPC: false
hostNetwork: true
hostPID: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: prometheus-node-exporter
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /proc
name: proc
- hostPath:
path: /sys
name: sys
- hostPath:
path: /
name: root
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate

9
rendered/envs/production/node-exporter/namespace-monitoring.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
pod-security.kubernetes.io/enforce: privileged
name: monitoring
namespace: monitoring

26
rendered/envs/production/node-exporter/service-prometheus-node-exporter.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
prometheus.io/scrape: "true"
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/part-of: prometheus-node-exporter
app.kubernetes.io/version: 1.10.2
helm.sh/chart: prometheus-node-exporter-4.52.2
name: prometheus-node-exporter
namespace: monitoring
spec:
ports:
- name: metrics
port: 9100
protocol: TCP
targetPort: 9100
selector:
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/name: prometheus-node-exporter
type: ClusterIP

16
rendered/envs/production/node-exporter/serviceaccount-prometheus-node-exporter.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: prometheus-node-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/part-of: prometheus-node-exporter
app.kubernetes.io/version: 1.10.2
helm.sh/chart: prometheus-node-exporter-4.52.2
name: prometheus-node-exporter
namespace: monitoring

4
rendered/envs/production/traefik/service-traefik.yaml
View file

@ -12,6 +12,10 @@ metadata:
namespace: traefik
spec:
ports:
- name: metrics
port: 9100
protocol: TCP
targetPort: metrics
- name: web
port: 80
protocol: TCP

43
rendered/envs/production/victoria-metrics-single/clusterrole-victoria-metrics-single-server.yaml Normal file
View file

@ -0,0 +1,43 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/managed-by: Helm
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server
namespace: monitoring
rules:
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- nodes/metrics
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get

18
rendered/envs/production/victoria-metrics-single/clusterrolebinding-victoria-metrics-single-server.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/managed-by: Helm
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: victoria-metrics-single-server
subjects:
- kind: ServiceAccount
name: victoria-metrics-single-server
namespace: victoria-metrics-single

73
rendered/envs/production/victoria-metrics-single/configmap-victoria-metrics-single-server-scrapeconfig.yaml Normal file
View file

@ -0,0 +1,73 @@
apiVersion: v1
data:
scrape.yml: |
global:
scrape_interval: 30s
scrape_timeout: 10s
scrape_configs:
- job_name: victoriametrics
static_configs:
- targets:
- localhost:8428
- job_name: node-exporter
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: monitoring;prometheus-node-exporter;metrics
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
- job_name: kube-state-metrics
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: monitoring;kube-state-metrics;http
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
- job_name: traefik
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: traefik;traefik;metrics
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
- job_name: argocd
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: argocd;http-metrics
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_endpoint_port_name
- job_name: cert-manager
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: cert-manager;cert-manager;tcp-prometheus-servicemonitor
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/version: v1.138.0
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server-scrapeconfig
namespace: monitoring

9
rendered/envs/production/victoria-metrics-single/namespace-monitoring.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
pod-security.kubernetes.io/enforce: privileged
name: monitoring
namespace: monitoring

26
rendered/envs/production/victoria-metrics-single/service-victoria-metrics-single-server.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/version: v1.138.0
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server
namespace: monitoring
spec:
clusterIP: None
ports:
- name: http
port: 8428
protocol: TCP
targetPort: http
selector:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/name: victoria-metrics-single
type: ClusterIP

10
rendered/envs/production/victoria-metrics-single/serviceaccount-victoria-metrics-single-server.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/managed-by: Helm
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server
namespace: monitoring

97
rendered/envs/production/victoria-metrics-single/statefulset-victoria-metrics-single-server.yaml Normal file
View file

@ -0,0 +1,97 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/version: v1.138.0
helm.sh/chart: victoria-metrics-single-0.33.0
name: victoria-metrics-single-server
namespace: monitoring
spec:
podManagementPolicy: OrderedReady
replicas: 1
selector:
matchLabels:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/name: victoria-metrics-single
serviceName: victoria-metrics-single-server
template:
metadata:
labels:
app: server
app.kubernetes.io/instance: victoria-metrics-single
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/version: v1.138.0
helm.sh/chart: victoria-metrics-single-0.33.0
spec:
automountServiceAccountToken: true
containers:
- args:
- --envflag.enable
- --envflag.prefix=VM_
- --httpListenAddr=:8428
- --loggerFormat=json
- --promscrape.config=/scrapeconfig/scrape.yml
- --retentionPeriod=1
- --storageDataPath=/storage
image: victoriametrics/victoria-metrics:v1.138.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
tcpSocket:
port: http
timeoutSeconds: 5
name: vmsingle
ports:
- containerPort: 8428
name: http
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: http
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 5
resources:
limits:
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext: {}
volumeMounts:
- mountPath: /storage
name: server-volume
- mountPath: /scrapeconfig
name: scrapeconfig
securityContext: {}
serviceAccountName: victoria-metrics-single-server
terminationGracePeriodSeconds: 60
volumes:
- configMap:
name: victoria-metrics-single-server-scrapeconfig
name: scrapeconfig
updateStrategy: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: server-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: local-path