vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial release

Browse Source
This commit is contained in:
Sébastien Huss
2024-03-19 13:13:53 +01:00
commit 451fdb09fc
391 changed files with 184309 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
monitor/jaeger/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_jaeger-operator-mutating-webhook-configuration.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: vinyl-monitor/jaeger-operator-serving-cert
labels:
name: jaeger-operator
name: jaeger-operator-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: jaeger-operator-webhook-service
namespace: vinyl-monitor
path: /mutate-v1-deployment
failurePolicy: Ignore
name: deployment.sidecar-injector.jaegertracing.io
objectSelector:
matchExpressions:
- key: name
operator: NotIn
values:
- jaeger-operator
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: jaeger-operator-webhook-service
namespace: vinyl-monitor
path: /mutate-jaegertracing-io-v1-jaeger
failurePolicy: Fail
name: mjaeger.kb.io
rules:
- apiGroups:
- jaegertracing.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- jaegers
sideEffects: None

29
monitor/jaeger/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_jaeger-operator-validating-webhook-configuration.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: vinyl-monitor/jaeger-operator-serving-cert
labels:
name: jaeger-operator
name: jaeger-operator-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: jaeger-operator-webhook-service
namespace: vinyl-monitor
path: /validate-jaegertracing-io-v1-jaeger
failurePolicy: Fail
name: vjaeger.kb.io
rules:
- apiGroups:
- jaegertracing.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- jaegers
sideEffects: None

95
monitor/jaeger/apps_v1_Deployment_jaeger-operator.yaml Normal file
View File

@@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: jaeger-operator
name: jaeger-operator
namespace: vinyl-monitor
spec:
replicas: 1
selector:
matchLabels:
name: jaeger-operator
strategy: {}
template:
metadata:
labels:
name: jaeger-operator
spec:
containers:
- args:
- start
- --health-probe-bind-address=:8081
- --leader-elect
command:
- /jaeger-operator
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_NAME
value: jaeger-operator
- name: LOG-LEVEL
value: DEBUG
- name: KAFKA-PROVISIONING-MINIMAL
value: "true"
image: quay.io/jaegertracing/jaeger-operator:1.53.0
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: jaeger-operator
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8383/
- --logtostderr=true
- --v=0
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
runAsNonRoot: true
serviceAccountName: jaeger-operator
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: jaeger-operator-service-cert

18
monitor/jaeger/cert-manager.io_v1_Certificate_jaeger-operator-serving-cert.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-serving-cert
namespace: vinyl-monitor
spec:
dnsNames:
- jaeger-operator-webhook-service.vinyl-monitor.svc
- jaeger-operator-webhook-service.vinyl-monitor.svc.cluster.local
issuerRef:
kind: Issuer
name: jaeger-operator-selfsigned-issuer
secretName: jaeger-operator-service-cert
subject:
organizationalUnits:
- jaeger-operator

9
monitor/jaeger/cert-manager.io_v1_Issuer_jaeger-operator-selfsigned-issuer.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-selfsigned-issuer
namespace: vinyl-monitor
spec:
selfSigned: {}

120
monitor/jaeger/datas.tf Normal file
View File

@@ -0,0 +1,120 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("WebhookConfiguration",file))<1]
images {
name = "quay.io/jaegertracing/jaeger-operator"
new_name = "${var.images.operator.registry}/${var.images.operator.repository}"
new_tag = "${var.images.operator.tag}"
}
images {
name = "gcr.io/kubebuilder/kube-rbac-proxy"
new_name = "${var.images.rbac_proxy.registry}/${var.images.rbac_proxy.repository}"
new_tag = "${var.images.rbac_proxy.tag}"
}
patches {
target {
kind = "Certificate"
name = "jaeger-operator-serving-cert"
}
patch = <<-EOF
- op: replace
path: /spec/dnsNames/0
value: "jaeger-operator-webhook-service.${var.namespace}.svc"
- op: replace
path: /spec/dnsNames/1
value: "jaeger-operator-webhook-service.${var.namespace}.svc.cluster.local"
EOF
}
patches {
target {
kind = "Deployment"
name = "jaeger-operator"
}
patch = <<-EOF
- op: remove
path: /spec/template/spec/containers/0/env/0
EOF
}
patches {
target {
kind = "Deployment"
name = "jaeger-operator"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: jaeger-operator
spec:
replicas: ${var.replicas}
EOF
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("WebhookConfiguration",file))>0)]
patches {
target {
kind = "ClusterRoleBinding"
name = "manager-rolebinding"
}
patch = local.rb-patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "jaeger-operator-proxy-rolebinding"
}
patch = local.rb-patch
}
patches {
target {
kind = "MutatingWebhookConfiguration"
name = "jaeger-operator-mutating-webhook-configuration"
}
patch = <<-EOF
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/1/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /metadata/annotations/certmanager.k8s.io~1inject-ca-from
value: "${var.namespace}/jaeger-operator-serving-cert"
EOF
}
patches {
target {
kind = "ValidatingWebhookConfiguration"
name = "jaeger-operator-validating-webhook-configuration"
}
patch = <<-EOF
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /metadata/annotations/certmanager.k8s.io~1inject-ca-from
value: "${var.namespace}/jaeger-operator-serving-cert"
EOF
}
}

100
monitor/jaeger/index.yaml Normal file
View File

@@ -0,0 +1,100 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: jaeger
description: Operator to deploy Jaeger, a distributed tracing plateform. Monitor and troubleshoot workflows in complex distributed systems
options:
images:
default:
operator:
pullPolicy: IfNotPresent
registry: quay.io
repository: jaegertracing/jaeger-operator
tag: 1.53.0
rbac_proxy:
pullPolicy: IfNotPresent
registry: gcr.io
repository: kubebuilder/kube-rbac-proxy
tag: v0.13.1
examples:
- operator:
pullPolicy: IfNotPresent
registry: quay.io
repository: jaegertracing/jaeger-operator
tag: 1.53.0
rbac_proxy:
pullPolicy: IfNotPresent
registry: gcr.io
repository: kubebuilder/kube-rbac-proxy
tag: v0.13.1
properties:
operator:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: jaegertracing/jaeger-operator
tag: 1.53.0
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: jaegertracing/jaeger-operator
type: string
tag:
default: 1.53.0
type: string
type: object
rbac_proxy:
default:
pullPolicy: IfNotPresent
registry: gcr.io
repository: kubebuilder/kube-rbac-proxy
tag: v0.13.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: gcr.io
type: string
repository:
default: kubebuilder/kube-rbac-proxy
type: string
tag:
default: v0.13.1
type: string
type: object
type: object
replicas:
default: 1
examples:
- 1
type: integer
dependencies:
- dist: null
category: crd
component: jaeger
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

21
monitor/jaeger/monitoring.coreos.com_v1_ServiceMonitor_jaeger-operator-metrics-monitor.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-metrics-monitor
namespace: vinyl-monitor
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
path: /metrics
scheme: https
scrapeTimeout: 10s
targetPort: 8443
tlsConfig:
insecureSkipVerify: true
selector:
matchLabels:
app.kubernetes.io/component: metrics
name: jaeger-operator

14
monitor/jaeger/rbac.authorization.k8s.io_v1_ClusterRoleBinding_jaeger-operator-proxy-rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: jaeger-operator
namespace: vinyl-monitor

14
monitor/jaeger/rbac.authorization.k8s.io_v1_ClusterRoleBinding_manager-rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
name: jaeger-operator
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: jaeger-operator
namespace: vinyl-monitor

11
monitor/jaeger/rbac.authorization.k8s.io_v1_ClusterRole_jaeger-operator-metrics-reader.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

257
monitor/jaeger/rbac.authorization.k8s.io_v1_ClusterRole_manager-role.yaml Normal file
View File

@@ -0,0 +1,257 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
name: jaeger-operator
name: manager-role
rules:
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments/status
verbs:
- get
- patch
- update
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces/status
verbs:
- get
- patch
- update
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- jaegertracing.io
resources:
- jaegers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- jaegertracing.io
resources:
- jaegers/finalizers
verbs:
- update
- apiGroups:
- jaegertracing.io
resources:
- jaegers/status
verbs:
- get
- patch
- update
- apiGroups:
- kafka.strimzi.io
resources:
- kafkas
- kafkausers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- logging.openshift.io
resources:
- elasticsearch
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- logging.openshift.io
resources:
- elasticsearches
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

19
monitor/jaeger/rbac.authorization.k8s.io_v1_ClusterRole_proxy-role.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
name: jaeger-operator
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

15
monitor/jaeger/rbac.authorization.k8s.io_v1_RoleBinding_leader-election-rolebinding.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
name: jaeger-operator
name: leader-election-rolebinding
namespace: vinyl-monitor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: jaeger-operator
namespace: vinyl-monitor

18
monitor/jaeger/rbac.authorization.k8s.io_v1_RoleBinding_prometheus.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
labels:
name: jaeger-operator
name: prometheus
namespace: vinyl-monitor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: openshift-monitoring

39
monitor/jaeger/rbac.authorization.k8s.io_v1_Role_leader-election-role.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
name: jaeger-operator
name: leader-election-role
namespace: vinyl-monitor
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

21
monitor/jaeger/rbac.authorization.k8s.io_v1_Role_prometheus.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
labels:
name: jaeger-operator
name: prometheus
namespace: vinyl-monitor
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch

45
monitor/jaeger/ressources_no_ns.tf Normal file
View File

@@ -0,0 +1,45 @@
# first loop through resources in ids_prio[0]
resource "kustomization_resource" "pre_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[0]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
}
# then loop through resources in ids_prio[1]
# and set an explicit depends_on on kustomization_resource.pre
# wait 2 minutes for any deployment or daemonset to become ready
resource "kustomization_resource" "main_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[1]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
wait = true
timeouts {
create = "5m"
update = "5m"
}
depends_on = [kustomization_resource.pre_no_ns]
}
# finally, loop through resources in ids_prio[2]
# and set an explicit depends_on on kustomization_resource.main
resource "kustomization_resource" "post_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[2]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
depends_on = [kustomization_resource.main_no_ns]
}

7
monitor/jaeger/v1_ServiceAccount_jaeger-operator.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
name: jaeger-operator
name: jaeger-operator
namespace: vinyl-monitor

16
monitor/jaeger/v1_Service_jaeger-operator-metrics.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: metrics
name: jaeger-operator
name: jaeger-operator-metrics
namespace: vinyl-monitor
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
name: jaeger-operator

14
monitor/jaeger/v1_Service_jaeger-operator-webhook-service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
name: jaeger-operator
name: jaeger-operator-webhook-service
namespace: vinyl-monitor
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
name: jaeger-operator