diff --git a/README.md b/README.md index 197b3f5..3fd9e60 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # Kubernetes configuration [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) + +# CRD hooks +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 9544105..73f68da 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -52,6 +52,11 @@ releases: namespace: mailu-application createNamespace: true + - <<: *prometheus + installed: true + namespace: monitoring-system + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/.decrypted~secrets.prometheus.yaml b/badhouseplants/values/.decrypted~secrets.prometheus.yaml new file mode 100644 index 0000000..3d61ccf --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.prometheus.yaml @@ -0,0 +1,6 @@ +grafana: + adminPassword: h*Ct9g!k&SQQjs%i!7SrMrv^9 + adminUser: overlord + grafana.ini: + auth.generic_oauth: + client_secret: gto_mpc5pzjnjysab37kqjouwrexkayubxdlrgv75vjamwyrrtkv6zzq diff --git a/badhouseplants/values/secrets.prometheus.yaml b/badhouseplants/values/secrets.prometheus.yaml new file mode 100644 index 0000000..399c170 --- /dev/null +++ b/badhouseplants/values/secrets.prometheus.yaml @@ -0,0 +1,26 @@ +grafana: + adminPassword: ENC[AES256_GCM,data:gxI2S/KxstCmLKTeAqRESo4p9sMImVqUDA==,iv:/5aKhPxCeEN22juQPwLBaM8n3AAjV9axxuZ1NZbZ9IM=,tag:PmCtctTjZIXlgXyDA7G4yQ==,type:str] + adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str] + grafana.ini: + auth.generic_oauth: + client_secret: ENC[AES256_GCM,data:7/PqroaClfcd6kTHm+oljOA/r6FGq5EXnv5BRsrMRsaHhX0AzPLMk7Z/sc6SuP5iR+Xysa8/Y/o=,iv:vdZKOA4MsQjMnmKsAT0QA+E3WaAQXoIItVsznlbXZ68=,tag:sbuDV8RkAcZiGuxkytu3XQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4 + bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv + TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv + NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/ + QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-28T06:39:30Z" + mac: ENC[AES256_GCM,data:21m+X5uMwQSBEVsV+x+flobNlcPJRXF50IfbfzVoW4C/Tt+77gasD+Lq9A4q+U3lbRm59FO0R0u8puONM0MfM7QFTJyevZKGVGQFOMEnOHwv4s9w5WNMTZszPopcWRFuM+6rRvoWypr0hTVGKFpIQ/asfGdqxHGPf8Rdq5OPU9M=,iv:BtU0CckuX9F/MJe+31TA3oLAGOZlZis5AIKY40uYRgc=,tag:nDZI0kaXx7alFU3qEafQmA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml new file mode 100644 index 0000000..10b48bc --- /dev/null +++ b/badhouseplants/values/values.prometheus.yaml @@ -0,0 +1,57 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: grafana-https + gateway: badhouseplants-net + kind: http + hostname: "grafana.badhouseplants.net" + service: prometheus-grafana + port: 80 +prometheus: + prometheusSpec: + podMonitorNamespaceSelector: + any: true + podMonitorSelector: {} + podMonitorSelectorNilUsesHelmValues: false + ruleNamespaceSelector: + any: true + ruleSelector: {} + ruleSelectorNilUsesHelmValues: false + serviceMonitorNamespaceSelector: + any: true + serviceMonitorSelector: {} + serviceMonitorSelectorNilUsesHelmValues: false + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi +grafana: + persistence: + enabled: true + size: 2Gi + grafana.ini: + server: + root_url: https://grafana.badhouseplants.net + auth.generic_oauth: + name: Gitea + icon: signin + enabled: true + allow_sign_up: true + auto_login: false + client_id: 0ce70a7d-f267-44cc-9686-71048277e51d + scopes: openid profile email groups + empty_scopes: false + auth_url: https://git.badhouseplants.net/login/oauth/authorize + token_url: https://git.badhouseplants.net/login/oauth/access_token + api_url: https://git.badhouseplants.net/login/oauth/userinfo + tls_skip_verify_insecure: false + use_pkce: true + role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' diff --git a/helmfile.yaml b/helmfile.yaml index 1bbc24e..738d891 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -35,7 +35,7 @@ releases: installed: true namespace: minio-service createNamespace: false - + - <<: *openvpn installed: true namespace: openvpn-service diff --git a/releases.yaml b/releases.yaml index cd90e2d..b0dd0f7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -10,7 +10,10 @@ templates: command: "sh" args: - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }}| kubectl apply -f -" + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true - events: ["prepare"] showlogs: true command: "sh" @@ -22,13 +25,13 @@ templates: command: "sh" args: - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" # ---------------------------- # -- Configs # ---------------------------- default-common-values: values: - - '{{ requiredEnv "PWD" }}/commmon/values.{{ .Release.Name }}.yaml' + - '{{ requiredEnv "PWD" }}/common/values.{{ .Release.Name }}.yaml' default-env-values: values: - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml' @@ -65,8 +68,9 @@ templates: - chart: bedag/raw version: 2.0.0 alias: ns - values: - - '{{ requiredEnv "PWD" }}/common/values.ns.yaml' + inherit: + - template: default-common-values + - template: default-env-values # ---------------------------- # -- Releases # ---------------------------- @@ -106,6 +110,16 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + + prometheus: &prometheus + name: prometheus + chart: prometheus-community/kube-prometheus-stack + version: 46.4.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: crd-management-hook + - template: ext-istio-resource # ---------------------------- # -- Istio # ---------------------------- @@ -188,7 +202,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minio: &minio name: minio chart: minio/minio @@ -198,7 +211,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft @@ -207,7 +219,6 @@ templates: - template: default-env-values - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index b71fcdf..52838da 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -26,7 +26,9 @@ repositories: url: https://argoproj.github.io/argo-helm - name: bedag url: https://bedag.github.io/helm-charts/ - - name: mailu - url: https://mailu.github.io/helm-charts/ + # - name: mailu + # url: https://mailu.github.io/helm-charts/ - name: metallb url: https://metallb.github.io/metallb + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts