vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-14 18:52:41 +02:00
parent b725a2abb0
commit 96f2d865d4
7 changed files with 327 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/gitea/index.yaml
View File

@@ -370,14 +370,14 @@ options:
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
memory: 128Mi
examples:
- limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
memory: 128Mi
properties:
limits:
default:
@@ -394,13 +394,13 @@ options:
requests:
default:
cpu: 100m
memory: 256Mi
memory: 128Mi
properties:
cpu:
default: 100m
type: string
memory:
default: 256Mi
default: 128Mi
type: string
type: object
type: object

23
meta/domain-monitor/apps.tf
View File

@@ -129,6 +129,12 @@ locals {
volume = merge(local.global-volume, lookup(lookup(var.dashboards-workload, "storage", {}), "volume", {}))
})
})
pvc-autoresizer = merge(local.global,{ for k, v in var.pvc-autoresizer : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.pvc-autoresizer, "backups", {}))
storage = merge({ for k, v in lookup(var.pvc-autoresizer, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.pvc-autoresizer, "storage", {}), "volume", {}))
})
})
}
resource "kubernetes_namespace_v1" "monitor-ns" {
@@ -328,6 +334,23 @@ resource "kubectl_manifest" "dashboards-workload" {
EOF
}
resource "kubectl_manifest" "pvc-autoresizer" {
count = var.pvc-autoresizer.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "pvc-autoresizer"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
component: "pvc-autoresizer"
options: ${jsonencode(local.pvc-autoresizer)}
EOF
}
resource "kubectl_manifest" "grafana" {
count = var.grafana.enable ? 1 : 0
yaml_body = <<-EOF

12
meta/domain-monitor/index.yaml
View File

@@ -259,6 +259,18 @@ options:
type: object
x-vynil-category: monitor
x-vynil-package: promtail
pvc-autoresizer:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: pvc-autoresizer
sso_vynil:
default: true
examples:

141
monitor/pvc-autoresizer/autoresizer_rbac.tf Normal file
View File

@@ -0,0 +1,141 @@
resource "kubectl_manifest" "ServiceAccount" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
EOF
}
resource "kubectl_manifest" "ClusterRole" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups:
- ''
resources:
- events
verbs:
- create
- get
- list
- watch
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- get
- list
- watch
- update
EOF
}
resource "kubectl_manifest" "ClusterRoleBinding" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
labels: ${jsonencode(local.common-labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ${kubectl_manifest.ClusterRole.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.ServiceAccount.name}
namespace: ${var.namespace}
EOF
}
resource "kubectl_manifest" "Role" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups:
- ''
- coordination.k8s.io
resources:
- configmaps
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
EOF
}
resource "kubectl_manifest" "RoleBinding" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ${kubectl_manifest.Role.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.ServiceAccount.name}
namespace: ${var.namespace}
EOF
}

48
monitor/pvc-autoresizer/autoresizer_workload.tf Normal file
View File

@@ -0,0 +1,48 @@
resource "kubectl_manifest" "Deployment" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
selector:
matchLabels:
app.kubernetes.io/name: pvc-autoresizer
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: pvc-autoresizer
spec:
serviceAccountName: ${kubectl_manifest.ServiceAccount.name}
containers:
- name: pvc-autoresizer
command:
- /pvc-autoresizer
args:
- --prometheus-url=http://prometheus-prometheus.${var.domain}-monitor:9090
- --interval=10s
- --no-annotation-check
image: ${var.images.autoresizer.registry}/${var.images.autoresizer.repository}:${var.images.autoresizer.tag}
imagePullPolicy: ${var.images.autoresizer.pull_policy}
resources: ${jsonencode(var.resources)}
ports:
- name: metrics
containerPort: 8080
protocol: TCP
- name: health
containerPort: 8081
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: health
livenessProbe:
httpGet:
path: /healthz
port: health
EOF
}

13
monitor/pvc-autoresizer/check.rhai Normal file
View File

@@ -0,0 +1,13 @@
const DOMAIN = config.domain;
fn check_domain() {
assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
}
fn check_prometheus() {
assert(have_namespace(`${global::DOMAIN}-monitor`), `There is no ${global::DOMAIN}-monitor namespace`);
assert(have_install(`${global::DOMAIN}-monitor`, "prometheus"), `No prometheus installation in ${global::DOMAIN}-monitor`);
assert(have_service(`${global::DOMAIN}-monitor`, "prometheus-prometheus"), `No prometheus-prometheus service in ${global::DOMAIN}-monitor`);
}
fn pre_check() {
check_domain();
check_prometheus();
}

86
monitor/pvc-autoresizer/index.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: pvc-autoresizer
description: pvc-autoresizer resizes PersistentVolumeClaims (PVCs) when the free amount of storage is below the threshold.
options:
domain:
default: your-company
examples:
- your-company
type: string
images:
default:
autoresizer:
pull_policy: IfNotPresent
registry: docker.io
repository: kubesphere/pvc-autoresizer
tag: v0.3.1
examples:
- autoresizer:
pull_policy: IfNotPresent
registry: docker.io
repository: kubesphere/pvc-autoresizer
tag: v0.3.1
properties:
autoresizer:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: kubesphere/pvc-autoresizer
tag: v0.3.1
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: kubesphere/pvc-autoresizer
type: string
tag:
default: v0.3.1
type: string
type: object
type: object
resources:
default:
requests:
cpu: 100m
memory: 20Mi
examples:
- requests:
cpu: 100m
memory: 20Mi
properties:
requests:
default:
cpu: 100m
memory: 20Mi
properties:
cpu:
default: 100m
type: string
memory:
default: 20Mi
type: string
type: object
type: object
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null