From 96f2d865d49c2c99e001a7481b911447523e551b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Tue, 14 May 2024 18:52:41 +0200 Subject: [PATCH] fix --- apps/gitea/index.yaml | 8 +- meta/domain-monitor/apps.tf | 23 +++ meta/domain-monitor/index.yaml | 12 ++ monitor/pvc-autoresizer/autoresizer_rbac.tf | 141 ++++++++++++++++++ .../pvc-autoresizer/autoresizer_workload.tf | 48 ++++++ monitor/pvc-autoresizer/check.rhai | 13 ++ monitor/pvc-autoresizer/index.yaml | 86 +++++++++++ 7 files changed, 327 insertions(+), 4 deletions(-) create mode 100644 monitor/pvc-autoresizer/autoresizer_rbac.tf create mode 100644 monitor/pvc-autoresizer/autoresizer_workload.tf create mode 100644 monitor/pvc-autoresizer/check.rhai create mode 100644 monitor/pvc-autoresizer/index.yaml diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 378ba23..301dd8c 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -370,14 +370,14 @@ options: memory: 512Mi requests: cpu: 100m - memory: 256Mi + memory: 128Mi examples: - limits: cpu: 1000m memory: 512Mi requests: cpu: 100m - memory: 256Mi + memory: 128Mi properties: limits: default: @@ -394,13 +394,13 @@ options: requests: default: cpu: 100m - memory: 256Mi + memory: 128Mi properties: cpu: default: 100m type: string memory: - default: 256Mi + default: 128Mi type: string type: object type: object diff --git a/meta/domain-monitor/apps.tf b/meta/domain-monitor/apps.tf index 775aca9..bdb7461 100644 --- a/meta/domain-monitor/apps.tf +++ b/meta/domain-monitor/apps.tf @@ -129,6 +129,12 @@ locals { volume = merge(local.global-volume, lookup(lookup(var.dashboards-workload, "storage", {}), "volume", {})) }) }) + pvc-autoresizer = merge(local.global,{ for k, v in var.pvc-autoresizer : k => v if !contains(["enable","storage","backups"],k) },{ + backups = merge(local.global-backups, lookup(var.pvc-autoresizer, "backups", {})) + storage = merge({ for k, v in lookup(var.pvc-autoresizer, "storage", {}) : k => v if !contains(["volume"],k) }, { + volume = merge(local.global-volume, lookup(lookup(var.pvc-autoresizer, "storage", {}), "volume", {})) + }) + }) } resource "kubernetes_namespace_v1" "monitor-ns" { @@ -328,6 +334,23 @@ resource "kubectl_manifest" "dashboards-workload" { EOF } +resource "kubectl_manifest" "pvc-autoresizer" { + count = var.pvc-autoresizer.enable ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "pvc-autoresizer" + namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}" + labels: ${jsonencode(local.common_labels)} + spec: + distrib: "${var.distributions.domain}" + category: "monitor" + component: "pvc-autoresizer" + options: ${jsonencode(local.pvc-autoresizer)} + EOF +} + resource "kubectl_manifest" "grafana" { count = var.grafana.enable ? 1 : 0 yaml_body = <<-EOF diff --git a/meta/domain-monitor/index.yaml b/meta/domain-monitor/index.yaml index cd2e3bb..1f8604c 100644 --- a/meta/domain-monitor/index.yaml +++ b/meta/domain-monitor/index.yaml @@ -259,6 +259,18 @@ options: type: object x-vynil-category: monitor x-vynil-package: promtail + pvc-autoresizer: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: pvc-autoresizer sso_vynil: default: true examples: diff --git a/monitor/pvc-autoresizer/autoresizer_rbac.tf b/monitor/pvc-autoresizer/autoresizer_rbac.tf new file mode 100644 index 0000000..9f17cea --- /dev/null +++ b/monitor/pvc-autoresizer/autoresizer_rbac.tf @@ -0,0 +1,141 @@ +resource "kubectl_manifest" "ServiceAccount" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + name: "${var.instance}-${var.component}" + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} +EOF +} + + +resource "kubectl_manifest" "ClusterRole" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: "${var.namespace}-${var.instance}-${var.component}" + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - '' + resources: + - events + verbs: + - create + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - get + - list + - watch + - update +EOF +} + +resource "kubectl_manifest" "ClusterRoleBinding" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: "${var.namespace}-${var.instance}-${var.component}" + labels: ${jsonencode(local.common-labels)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ${kubectl_manifest.ClusterRole.name} + subjects: + - kind: ServiceAccount + name: ${kubectl_manifest.ServiceAccount.name} + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "Role" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: "${var.instance}-${var.component}" + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - '' + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +EOF +} + +resource "kubectl_manifest" "RoleBinding" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: "${var.instance}-${var.component}" + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ${kubectl_manifest.Role.name} + subjects: + - kind: ServiceAccount + name: ${kubectl_manifest.ServiceAccount.name} + namespace: ${var.namespace} +EOF +} + + diff --git a/monitor/pvc-autoresizer/autoresizer_workload.tf b/monitor/pvc-autoresizer/autoresizer_workload.tf new file mode 100644 index 0000000..f3bf11d --- /dev/null +++ b/monitor/pvc-autoresizer/autoresizer_workload.tf @@ -0,0 +1,48 @@ +resource "kubectl_manifest" "Deployment" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: "${var.instance}-${var.component}" + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + spec: + selector: + matchLabels: + app.kubernetes.io/name: pvc-autoresizer + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: pvc-autoresizer + spec: + serviceAccountName: ${kubectl_manifest.ServiceAccount.name} + containers: + - name: pvc-autoresizer + command: + - /pvc-autoresizer + args: + - --prometheus-url=http://prometheus-prometheus.${var.domain}-monitor:9090 + - --interval=10s + - --no-annotation-check + image: ${var.images.autoresizer.registry}/${var.images.autoresizer.repository}:${var.images.autoresizer.tag} + imagePullPolicy: ${var.images.autoresizer.pull_policy} + resources: ${jsonencode(var.resources)} + ports: + - name: metrics + containerPort: 8080 + protocol: TCP + - name: health + containerPort: 8081 + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: health + livenessProbe: + httpGet: + path: /healthz + port: health +EOF +} + diff --git a/monitor/pvc-autoresizer/check.rhai b/monitor/pvc-autoresizer/check.rhai new file mode 100644 index 0000000..f579a2d --- /dev/null +++ b/monitor/pvc-autoresizer/check.rhai @@ -0,0 +1,13 @@ +const DOMAIN = config.domain; +fn check_domain() { + assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`); +} +fn check_prometheus() { + assert(have_namespace(`${global::DOMAIN}-monitor`), `There is no ${global::DOMAIN}-monitor namespace`); + assert(have_install(`${global::DOMAIN}-monitor`, "prometheus"), `No prometheus installation in ${global::DOMAIN}-monitor`); + assert(have_service(`${global::DOMAIN}-monitor`, "prometheus-prometheus"), `No prometheus-prometheus service in ${global::DOMAIN}-monitor`); +} +fn pre_check() { + check_domain(); + check_prometheus(); +} diff --git a/monitor/pvc-autoresizer/index.yaml b/monitor/pvc-autoresizer/index.yaml new file mode 100644 index 0000000..6cbeb5c --- /dev/null +++ b/monitor/pvc-autoresizer/index.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: monitor +metadata: + name: pvc-autoresizer + description: pvc-autoresizer resizes PersistentVolumeClaims (PVCs) when the free amount of storage is below the threshold. +options: + domain: + default: your-company + examples: + - your-company + type: string + images: + default: + autoresizer: + pull_policy: IfNotPresent + registry: docker.io + repository: kubesphere/pvc-autoresizer + tag: v0.3.1 + examples: + - autoresizer: + pull_policy: IfNotPresent + registry: docker.io + repository: kubesphere/pvc-autoresizer + tag: v0.3.1 + properties: + autoresizer: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: kubesphere/pvc-autoresizer + tag: v0.3.1 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: kubesphere/pvc-autoresizer + type: string + tag: + default: v0.3.1 + type: string + type: object + type: object + resources: + default: + requests: + cpu: 100m + memory: 20Mi + examples: + - requests: + cpu: 100m + memory: 20Mi + properties: + requests: + default: + cpu: 100m + memory: 20Mi + properties: + cpu: + default: 100m + type: string + memory: + default: 20Mi + type: string + type: object + type: object +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null