vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-12 12:03:32 +02:00
parent 599d175f82
commit 2890064fd4
191 changed files with 893 additions and 1068 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
monitor/alertmanager/datas.tf
View File

@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -24,7 +24,7 @@ data "kubernetes_secret_v1" "authentik" {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
patches {

4
monitor/alertmanager/presentation.tf
View File

@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [local.service]
@@ -61,7 +61,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
service = local.service
icon = local.icon

2
monitor/alertmanager/svc.tf
View File

@@ -1,5 +1,5 @@
locals {
svc-label = merge(local.common-labels, {
svc-label = merge(local.common_labels, {
"app" = "kube-prometheus-stack-prometheus"
"release" = "prometheus"
"self-monitor" = "true"

4
monitor/alerts-containers/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

4
monitor/alerts-core/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

4
monitor/dashboards-cluster/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

4
monitor/dashboards-minimal/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

4
monitor/dashboards-namespace/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

4
monitor/dashboards-workload/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

2
monitor/grafana/config.tf
View File

@@ -2,7 +2,7 @@ resource "kubernetes_config_map_v1" "config" {
metadata {
name = "grafana"
namespace = var.namespace
labels = local.common-labels
labels = local.common_labels
}
data = {
"grafana.ini" = <<-EOF

4
monitor/grafana/datas.tf
View File

@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -38,7 +38,7 @@ data "kubernetes_ingress_v1" "authentik" {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {

4
monitor/grafana/presentation.tf
View File

@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
middlewares = []
services = [local.service]
@@ -51,7 +51,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
labels = local.common-labels
labels = local.common_labels
dns_name = local.dns_name
redirect_path = "login/generic_oauth"
providers = {

2
monitor/grafana/secret.tf
View File

@@ -7,7 +7,7 @@ resource "kubectl_manifest" "grafana_secret" {
metadata:
name: "grafana-admin-user"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:

6
monitor/kube-state-metrics/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -15,7 +15,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
@@ -37,7 +37,7 @@ data "kustomization_overlay" "data" {
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0]
patches {
target {

12
monitor/loki-dashboard/common.tf Normal file
View File

@@ -0,0 +1,12 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}

30
monitor/loki-dashboard/index.yaml
View File

@@ -6,6 +6,16 @@ metadata:
name: loki-dashboard
description: Install Loki related dashboard into Grafana
options:
domain:
default: your-company
examples:
- your-company
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
images:
default:
operator:
@@ -45,31 +55,21 @@ options:
type: string
type: object
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress_class:
default: traefik
examples:
- traefik
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub_domain:
default: to-be-set
examples:
- to-be-set
type: string
domain:
default: your-company
examples:
- your-company
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
dependencies: []
providers:
kubernetes: true

4
monitor/loki/config.tf
View File

@@ -5,7 +5,7 @@ resource "kubectl_manifest" "datasource" {
metadata:
name: loki-datasource
namespace: "${var.namespace}"
labels: ${jsonencode(merge(local.common-labels, {"grafana_datasource" = "1"}))}
labels: ${jsonencode(merge(local.common_labels, {"grafana_datasource" = "1"}))}
data:
loki-datasource.yaml: |-
apiVersion: 1
@@ -27,7 +27,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: loki
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
data:
config.yaml: |
auth_enabled: false

4
monitor/loki/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -26,7 +26,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {

4
monitor/monitor-control-plan/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("v1_Service_prometheus",file))<1]
}

4
monitor/node-exporter/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {

4
monitor/prometheus/datas.tf
View File

@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -24,7 +24,7 @@ data "kubernetes_secret_v1" "authentik" {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("Service_prometheus",file))<1]
patches {

4
monitor/prometheus/presentation.tf
View File

@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [local.service]
@@ -61,7 +61,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
service = local.service
icon = local.icon

2
monitor/prometheus/prometheus.tf
View File

@@ -5,7 +5,7 @@ resource "kubectl_manifest" "prometheus" {
metadata:
name: prometheus
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
image: "${var.images.prometheus.registry}/${var.images.prometheus.repository}:${var.images.prometheus.tag}"
version: ${var.images.prometheus.tag}

2
monitor/prometheus/svc.tf
View File

@@ -1,5 +1,5 @@
locals {
svc-label = merge(local.common-labels, {
svc-label = merge(local.common_labels, {
"app" = "kube-prometheus-stack-prometheus"
"release" = "prometheus"
"self-monitor" = "true"

2
monitor/promtail/config.tf
View File

@@ -5,7 +5,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: promtail
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
data:
promtail.yaml: |
server:

6
monitor/promtail/datas.tf
View File

@@ -1,5 +1,5 @@
locals {
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -15,7 +15,7 @@ locals {
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
@@ -25,7 +25,7 @@ data "kustomization_overlay" "data" {
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0]
patches {

12
monitor/thanos-ruler/common.tf Normal file
View File

@@ -0,0 +1,12 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}

7
monitor/thanos-ruler/index.rhai Normal file
View File

@@ -0,0 +1,7 @@
const NS=config.namespace;
const SRC=src;
const DEST=dest;
fn pre_pack() {
shell("helm repo add prometheus-community https://prometheus-community.github.io/helm-charts");
shell(`helm template prometheus-community prometheus-community/kube-prometheus-stack --namespace=vynil-monitor --values values.yml >${global::SRC}/chart.yaml`);
}

83
monitor/thanos-ruler/index.yaml Normal file
View File

@@ -0,0 +1,83 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: thanos-ruler
description: null
options:
domain:
default: your-company
examples:
- your-company
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
images:
default:
operator:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
examples:
- operator:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
properties:
operator:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: to-be/defined
type: string
tag:
default: v1.0.0
type: string
type: object
type: object
ingress_class:
default: traefik
examples:
- traefik
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub_domain:
default: to-be-set
examples:
- to-be-set
type: string
dependencies: []
providers:
kubernetes: true
authentik: true
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

29
monitor/thanos-ruler/monitoring.coreos.com_v1_ServiceMonitor_kube-prometheus-stack-thanos-ruler.yaml Normal file
View File

@@ -0,0 +1,29 @@
# Source: kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: kube-prometheus-stack-thanos-ruler
namespace: vynil-monitor
labels:
app: kube-prometheus-stack-thanos-ruler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "58.5.0"
app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-58.5.0
release: "prometheus-community"
heritage: "Helm"
spec:
selector:
matchLabels:
app: kube-prometheus-stack-thanos-ruler
release: "prometheus-community"
self-monitor: "true"
namespaceSelector:
matchNames:
- "vynil-monitor"
endpoints:
- port: web
path: "/metrics"

39
monitor/thanos-ruler/monitoring.coreos.com_v1_ThanosRuler_prometheus-community-kube-thanos-ruler.yaml Normal file
View File

@@ -0,0 +1,39 @@
# Source: kube-prometheus-stack/templates/thanos-ruler/ruler.yaml
apiVersion: monitoring.coreos.com/v1
kind: ThanosRuler
metadata:
name: prometheus-community-kube-thanos-ruler
namespace: vynil-monitor
labels:
app: kube-prometheus-stack-thanos-ruler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "58.5.0"
app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-58.5.0
release: "prometheus-community"
heritage: "Helm"
spec:
image: "quay.io/thanos/thanos:v0.35.0"
replicas: 1
listenLocal: false
serviceAccountName: kube-prometheus-stack-thanos-ruler
externalPrefix: "http://kube-prometheus-stack-thanos-ruler.vynil-monitor:10902"
paused: false
logFormat: "logfmt"
logLevel: "info"
retention: "24h"
ruleNamespaceSelector: {}
ruleSelector:
matchLabels:
release: "prometheus-community"
routePrefix: "/"
securityContext:
fsGroup: 2000
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
portName: web

17
monitor/thanos-ruler/v1_Secret_kube-prometheus-stack-thanos-ruler.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Source: kube-prometheus-stack/templates/thanos-ruler/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: kube-prometheus-stack-thanos-ruler
namespace: vynil-monitor
labels:
app: kube-prometheus-stack-thanos-ruler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "58.5.0"
app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-58.5.0
release: "prometheus-community"
heritage: "Helm"
data:

18
monitor/thanos-ruler/v1_ServiceAccount_kube-prometheus-stack-thanos-ruler.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
# Source: kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-prometheus-stack-thanos-ruler
namespace: vynil-monitor
labels:
app: kube-prometheus-stack-thanos-ruler
app.kubernetes.io/name: kube-prometheus-stack-thanos-ruler
app.kubernetes.io/component: thanos-ruler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "58.5.0"
app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-58.5.0
release: "prometheus-community"
heritage: "Helm"

26
monitor/thanos-ruler/v1_Service_kube-prometheus-stack-thanos-ruler.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Source: kube-prometheus-stack/templates/thanos-ruler/service.yaml
apiVersion: v1
kind: Service
metadata:
name: kube-prometheus-stack-thanos-ruler
namespace: vynil-monitor
labels:
app: kube-prometheus-stack-thanos-ruler
self-monitor: "true"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "58.5.0"
app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-58.5.0
release: "prometheus-community"
heritage: "Helm"
spec:
ports:
- name: web
port: 10902
targetPort: 10902
protocol: TCP
selector:
app.kubernetes.io/name: thanos-ruler
thanos-ruler: prometheus-community-kube-thanos-ruler
type: "ClusterIP"