vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-23 16:20:01 +01:00
parent c21b15ac4b
commit 8c0262e9ba
37 changed files with 2066 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
monitor/grafana/apps_v1_Deployment_grafana.yaml Normal file
View File

@@ -0,0 +1,297 @@
# Source: grafana/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
annotations:
checksum/config: 0e9cbd0ea8e24e32f7dfca5bab17a2ba05652642f0a09a4882833ae88e4cc4a3
checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
kubectl.kubernetes.io/default-container: grafana
spec:
serviceAccountName: grafana
automountServiceAccountToken: true
securityContext:
fsGroup: 472
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
initContainers:
- name: init-chown-data
image: "docker.io/library/busybox:1.31.1"
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add:
- CHOWN
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
command:
- chown
- -R
- 472:472
- /var/lib/grafana
volumeMounts:
- name: storage
mountPath: "/var/lib/grafana"
enableServiceLinks: true
containers:
- name: grafana-sc-dashboard
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_dashboard"
- name: FOLDER
value: "/tmp/dashboards"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/dashboards/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-dashboard-volume
mountPath: "/tmp/dashboards"
- name: grafana-sc-datasources
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_datasource"
- name: FOLDER
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/datasources/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
- name: grafana-sc-notifiers
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_notifier"
- name: FOLDER
value: "/etc/grafana/provisioning/notifiers"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/notifications/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
- name: grafana-sc-plugins
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_plugin"
- name: FOLDER
value: "/etc/grafana/provisioning/plugins"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/plugins/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
- name: grafana
image: "docker.io/grafana/grafana:10.2.3"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: config
mountPath: "/etc/grafana/grafana.ini"
subPath: grafana.ini
- name: storage
mountPath: "/var/lib/grafana"
- name: sc-dashboard-volume
mountPath: "/tmp/dashboards"
- name: sc-dashboard-provider
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
subPath: provider.yaml
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
ports:
- name: grafana
containerPort: 3000
protocol: TCP
- name: gossip-tcp
containerPort: 9094
protocol: TCP
- name: gossip-udp
containerPort: 9094
protocol: UDP
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 30
readinessProbe:
httpGet:
path: /api/health
port: 3000
volumes:
- name: config
configMap:
name: grafana
- name: storage
persistentVolumeClaim:
claimName: grafana
- name: sc-dashboard-volume
emptyDir:
{}
- name: sc-dashboard-provider
configMap:
name: grafana-config-dashboards
- name: sc-datasources-volume
emptyDir:
{}
- name: sc-plugins-volume
emptyDir:
{}
- name: sc-notifiers-volume
emptyDir:
{}

23
monitor/grafana/autoscaling_v2beta1_HorizontalPodAutoscaler_grafana.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Source: grafana/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: grafana
namespace: vynil-monitor
labels:
app.kubernetes.io/name: grafana
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: grafana
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: grafana
minReplicas: 1
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 60

26
monitor/grafana/config.tf Normal file
View File

@@ -0,0 +1,26 @@
resource "kubectl_manifest" "config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
grafana.ini: |
[analytics]
check_for_updates = true
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[server]
domain = ''
EOF
}

68
monitor/grafana/datas.tf Normal file
View File

@@ -0,0 +1,68 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
name = "docker.io/grafana/grafana"
new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}"
new_tag = "${var.images.grafana.tag}"
}
images {
name = "docker.io/library/busybox"
new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}"
new_tag = "${var.images.busybox.tag}"
}
images {
name = "quay.io/kiwigrid/k8s-sidecar"
new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}"
new_tag = "${var.images.sidecar.tag}"
}
patches {
target {
kind = "PersistentVolumeClaim"
name = "grafana"
}
patch = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: grafana
annotations:
k8up.io/backup: "true"
spec:
accessModes:
- "${var.volume.accessMode}"
volumeMode: Filesystem
resources:
requests:
storage: "${var.volume.size}"
EOF
}
patches {
target {
kind = "ServiceMonitor"
name = "grafana"
}
patch = <<-EOF
- op: replace
path: /spec/endpoints/0/relabelings/0/replacement
value: "${var.namespace}/$1"
EOF
}
}

164
monitor/grafana/index.yaml Normal file
View File

@@ -0,0 +1,164 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: grafana
description: null
options:
images:
default:
busybox:
registry: docker.io
repository: library/busybox
tag: 1.31.1
grafana:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
sidecar:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
examples:
- busybox:
registry: docker.io
repository: library/busybox
tag: 1.31.1
grafana:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
sidecar:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
properties:
busybox:
default:
registry: docker.io
repository: library/busybox
tag: 1.31.1
properties:
registry:
default: docker.io
type: string
repository:
default: library/busybox
type: string
tag:
default: 1.31.1
type: string
type: object
grafana:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: grafana/grafana
type: string
tag:
default: 10.2.3
type: string
type: object
sidecar:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: kiwigrid/k8s-sidecar
type: string
tag:
default: 1.25.2
type: string
type: object
type: object
domain:
default: your-company
examples:
- your-company
type: string
sub-domain:
default: grafana
examples:
- grafana
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: monitor
examples:
- monitor
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
dependencies: []
providers:
kubernetes: true
authentik: true
kubectl: true
postgresql: null
restapi: null
http: null
gitea: null
tfaddtype: null

28
monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Source: grafana/templates/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
endpoints:
- port: service
interval: 30s
scrapeTimeout: 30s
honorLabels: true
path: /metrics
scheme: http
jobLabel: "grafana"
selector:
matchLabels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
namespaceSelector:
matchNames:
- vynil-monitor

20
monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: grafana/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: grafana
subjects:
- kind: ServiceAccount
name: grafana
namespace: vynil-monitor

16
monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Source: grafana/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]

19
monitor/grafana/secret.tf Normal file
View File

@@ -0,0 +1,19 @@
resource "kubectl_manifest" "grafana_secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "grafana-admin-user"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
forceRegenerate: false
data:
username: "${var.admin_name}"
fields:
- fieldName: "password"
length: "32"
EOF
}

26
monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Source: grafana/templates/configmap-dashboard-provider.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
name: grafana-config-dashboards
namespace: vynil-monitor
data:
provider.yaml: |-
apiVersion: 1
providers:
- name: 'sidecarProvider'
orgId: 1
folder: ''
type: file
disableDeletion: false
allowUiUpdates: false
updateIntervalSeconds: 30
options:
foldersFromFilesStructure: false
path: /tmp/dashboards

20
monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: grafana/templates/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
finalizers:
- kubernetes.io/pvc-protection
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"

13
monitor/grafana/v1_ServiceAccount_grafana.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
# Source: grafana/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
name: grafana
namespace: vynil-monitor

22
monitor/grafana/v1_Service_grafana.yaml Normal file
View File

@@ -0,0 +1,22 @@
# Source: grafana/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- name: service
port: 80
protocol: TCP
targetPort: 3000
selector:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana