Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| d4f70255c8 |
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: elastic-system
|
|
||||||
name: elastic-system
|
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: jfrog
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: observability
|
|
||||||
name: observability
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: vm-system
|
|
||||||
name: vm-system
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: vault-service-account-admin
|
|
||||||
app.kubernetes.io/part-of: vault-secrets-system
|
|
||||||
name: vso-system-vault-service-account-admin
|
|
||||||
rules:
|
|
||||||
- apiGroups: ["*"]
|
|
||||||
resources: ["*"]
|
|
||||||
verbs: ["*"]
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/component: rbac
|
|
||||||
app.kubernetes.io/part-of: vault-secrets-operator
|
|
||||||
name: vso-system-vault-secrets-operator-auth-delegator
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:auth-delegator
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: vault-secrets-operator-controller-manager
|
|
||||||
namespace: vso-system
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: vso-system-vault-admin-binding
|
|
||||||
app.kubernetes.io/part-of: vault-secrets-system
|
|
||||||
name: vso-system-vault-admin-binding
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: vso-system-vault-service-account-admin
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: vso-system-vault-admin
|
|
||||||
namespace: vso-system
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- serviceaccount_vault-admin.yaml
|
|
||||||
- clusterrole_vault-service-account-admin.yaml
|
|
||||||
- clusterrolebindings.yaml
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: vso-system
|
|
||||||
name: vso-system
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: vault-admin
|
|
||||||
app.kubernetes.io/part-of: vault-secrets-system
|
|
||||||
name: vso-system-vault-admin
|
|
||||||
namespace: vso-system
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: elastic-system
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ../../../base/elastic-system
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: eck-operator
|
|
||||||
repo: https://helm.elastic.co
|
|
||||||
version: "3.2.0"
|
|
||||||
releaseName: elastic-operator
|
|
||||||
namespace: elastic-system
|
|
||||||
valuesFile: values.yaml
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
replicaCount: 2
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 1
|
|
||||||
memory: 1Gi
|
|
||||||
requests:
|
|
||||||
cpu: 10m
|
|
||||||
memory: 150Mi
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
minAvailable: 1
|
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../base/jfrog
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: artifactory-jcr
|
||||||
|
repo: https://charts.jfrog.io
|
||||||
|
version: "107.133.10"
|
||||||
|
releaseName: artifactory-jcr
|
||||||
|
namespace: jfrog
|
||||||
|
valuesFile: values.yaml
|
||||||
@@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
artifactory:
|
||||||
|
## Artifactory
|
||||||
|
## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
|
||||||
|
artifactory:
|
||||||
|
## Default tag is from the artifactory sub-chart in the requirements.yaml
|
||||||
|
image:
|
||||||
|
registry: releases-docker.jfrog.io
|
||||||
|
repository: jfrog/artifactory-jcr
|
||||||
|
resources: {}
|
||||||
|
# requests:
|
||||||
|
# memory: "1Gi"
|
||||||
|
# cpu: "500m"
|
||||||
|
# limits:
|
||||||
|
# memory: "4Gi"
|
||||||
|
# cpu: "1"
|
||||||
|
## The following Java options are passed to the java process running Artifactory.
|
||||||
|
## You should set them according to the resources set above.
|
||||||
|
## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx.
|
||||||
|
javaOpts: {}
|
||||||
|
# xms: "1g"
|
||||||
|
# xmx: "3g"
|
||||||
|
# other: ""
|
||||||
|
installer:
|
||||||
|
platform: jcr-helm
|
||||||
|
## Nginx
|
||||||
|
## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
|
||||||
|
nginx:
|
||||||
|
enabled: true
|
||||||
|
tlsSecretName: ""
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
## Ingress
|
||||||
|
## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
tls:
|
||||||
|
## PostgreSQL
|
||||||
|
## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
|
||||||
|
## Configuration values for the PostgreSQL dependency sub-chart
|
||||||
|
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
## This key is required for upgrades to protect old PostgreSQL chart's breaking changes.
|
||||||
|
databaseUpgradeReady: "yes"
|
||||||
|
## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false),
|
||||||
|
## specify custom database details here or leave empty and Artifactory will use embedded derby.
|
||||||
|
## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
|
||||||
|
# database:
|
||||||
|
jfconnect:
|
||||||
|
enabled: false
|
||||||
|
rtfs:
|
||||||
|
enabled: false
|
||||||
|
onemodel:
|
||||||
|
enabled: false
|
||||||
|
evidence:
|
||||||
|
enabled: false
|
||||||
|
apptrust:
|
||||||
|
enabled: false
|
||||||
|
unifiedpolicy:
|
||||||
|
enabled: false
|
||||||
|
platformfederation:
|
||||||
|
enabled: false
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: observability
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ../../../base/observability
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: victoria-metrics-cluster
|
|
||||||
repo: https://victoriametrics.github.io/helm-charts/
|
|
||||||
version: "0.33.0"
|
|
||||||
releaseName: victoria-metrics-cluster
|
|
||||||
namespace: observability
|
|
||||||
valuesFile: values-vmcluster.yaml
|
|
||||||
- name: victoria-metrics-agent
|
|
||||||
repo: https://victoriametrics.github.io/helm-charts/
|
|
||||||
version: "0.30.0"
|
|
||||||
releaseName: victoria-metrics-agent
|
|
||||||
namespace: observability
|
|
||||||
valuesFile: values-vmagent.yaml
|
|
||||||
@@ -1,102 +0,0 @@
|
|||||||
image:
|
|
||||||
repository: victoriametrics/vmagent
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
global:
|
|
||||||
scrape_interval: 15s
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
maxUnavailable: 1
|
|
||||||
podAnnotations:
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
prometheus.io/port: "8481"
|
|
||||||
replicaCount: 3
|
|
||||||
extraArgs:
|
|
||||||
envflag.enable: true
|
|
||||||
envflag.prefix: VM_
|
|
||||||
loggerFormat: json
|
|
||||||
httpListenAddr: :8429
|
|
||||||
service:
|
|
||||||
enabled: true
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: vmagent.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: vmagent.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
hosts:
|
|
||||||
- name: vmagent.k8s.syd1.au.unkin.net
|
|
||||||
path:
|
|
||||||
- /
|
|
||||||
port: http
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- vmagent.k8s.syd1.au.unkin.net
|
|
||||||
secretName: vmagent-tls
|
|
||||||
ingressClassName: nginx
|
|
||||||
remoteWrite:
|
|
||||||
- url: http://victoria-metrics-cluster-vminsert.observability.svc.cluster.local:8480/insert/0/prometheus/
|
|
||||||
scrape_configs:
|
|
||||||
- job_name: vmagent
|
|
||||||
static_configs:
|
|
||||||
- targets: ["localhost:8429"]
|
|
||||||
- job_name: "kubernetes-apiservers"
|
|
||||||
kubernetes_sd_configs:
|
|
||||||
- role: endpoints
|
|
||||||
scheme: https
|
|
||||||
tls_config:
|
|
||||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
insecure_skip_verify: true
|
|
||||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
||||||
relabel_configs:
|
|
||||||
- source_labels:
|
|
||||||
- __meta_kubernetes_namespace
|
|
||||||
- __meta_kubernetes_service_name
|
|
||||||
- __meta_kubernetes_endpoint_port_name
|
|
||||||
action: keep
|
|
||||||
regex: default;kubernetes;https
|
|
||||||
- job_name: "kubernetes-nodes"
|
|
||||||
scheme: https
|
|
||||||
tls_config:
|
|
||||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
insecure_skip_verify: true
|
|
||||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
||||||
kubernetes_sd_configs:
|
|
||||||
- role: node
|
|
||||||
relabel_configs:
|
|
||||||
- action: labelmap
|
|
||||||
regex: __meta_kubernetes_node_label_(.+)
|
|
||||||
- job_name: "kubernetes-nodes-cadvisor"
|
|
||||||
scheme: https
|
|
||||||
tls_config:
|
|
||||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
insecure_skip_verify: true
|
|
||||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
||||||
kubernetes_sd_configs:
|
|
||||||
- role: node
|
|
||||||
metrics_path: /metrics/cadvisor
|
|
||||||
relabel_configs:
|
|
||||||
- action: labelmap
|
|
||||||
regex: __meta_kubernetes_node_label_(.+)
|
|
||||||
- source_labels: [__metrics_path__]
|
|
||||||
target_label: metrics_path
|
|
||||||
metric_relabel_configs:
|
|
||||||
- action: replace
|
|
||||||
source_labels: [pod]
|
|
||||||
regex: '(.+)'
|
|
||||||
target_label: pod_name
|
|
||||||
replacement: '${1}'
|
|
||||||
- action: replace
|
|
||||||
source_labels: [container]
|
|
||||||
regex: '(.+)'
|
|
||||||
target_label: container_name
|
|
||||||
replacement: '${1}'
|
|
||||||
- action: replace
|
|
||||||
target_label: name
|
|
||||||
replacement: k8s_stub
|
|
||||||
- action: replace
|
|
||||||
source_labels: [id]
|
|
||||||
regex: '^/system\.slice/(.+)\.service$'
|
|
||||||
target_label: systemd_service_name
|
|
||||||
replacement: '${1}'
|
|
||||||
@@ -1,185 +0,0 @@
|
|||||||
vmselect:
|
|
||||||
enabled: true
|
|
||||||
image:
|
|
||||||
repository: victoriametrics/vmselect
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
variant: cluster
|
|
||||||
extraArgs:
|
|
||||||
envflag.enable: true
|
|
||||||
envflag.prefix: VM_
|
|
||||||
loggerFormat: json
|
|
||||||
httpListenAddr: :8481
|
|
||||||
dedup.minScrapeInterval: 15s
|
|
||||||
replicationFactor: 2
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 1024Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 128Mi
|
|
||||||
horizontalPodAutoscaler:
|
|
||||||
enabled: true
|
|
||||||
maxReplicas: 10
|
|
||||||
minReplicas: 2
|
|
||||||
metrics:
|
|
||||||
- type: Resource
|
|
||||||
resource:
|
|
||||||
name: cpu
|
|
||||||
target:
|
|
||||||
type: Utilization
|
|
||||||
averageUtilization: 60
|
|
||||||
behavior:
|
|
||||||
scaleUp:
|
|
||||||
stabilizationWindowSeconds: 0
|
|
||||||
selectPolicy: Max
|
|
||||||
policies:
|
|
||||||
- type: Percent
|
|
||||||
value: 100
|
|
||||||
periodSeconds: 30
|
|
||||||
- type: Pods
|
|
||||||
value: 4
|
|
||||||
periodSeconds: 30
|
|
||||||
scaleDown:
|
|
||||||
stabilizationWindowSeconds: 300
|
|
||||||
selectPolicy: Min
|
|
||||||
policies:
|
|
||||||
- type: Percent
|
|
||||||
value: 10
|
|
||||||
periodSeconds: 60
|
|
||||||
- type: Pods
|
|
||||||
value: 2
|
|
||||||
periodSeconds: 60
|
|
||||||
podAnnotations:
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
prometheus.io/port: "8481"
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
maxUnavailable: 1
|
|
||||||
replicaCount: 2
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: vmselect.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: vmselect.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
hosts:
|
|
||||||
- name: vmselect.k8s.syd1.au.unkin.net
|
|
||||||
path:
|
|
||||||
- /
|
|
||||||
port: http
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- vmselect.k8s.syd1.au.unkin.net
|
|
||||||
secretName: vmselect-tls
|
|
||||||
ingressClassName: nginx
|
|
||||||
|
|
||||||
vminsert:
|
|
||||||
enabled: true
|
|
||||||
image:
|
|
||||||
repository: victoriametrics/vminsert
|
|
||||||
variant: cluster
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
extraArgs:
|
|
||||||
envflag.enable: true
|
|
||||||
envflag.prefix: VM_
|
|
||||||
loggerFormat: json
|
|
||||||
httpListenAddr: :8480
|
|
||||||
replicationFactor: 2
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 1024Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 128Mi
|
|
||||||
horizontalPodAutoscaler:
|
|
||||||
enabled: true
|
|
||||||
maxReplicas: 10
|
|
||||||
minReplicas: 2
|
|
||||||
metrics:
|
|
||||||
- type: Resource
|
|
||||||
resource:
|
|
||||||
name: cpu
|
|
||||||
target:
|
|
||||||
type: Utilization
|
|
||||||
averageUtilization: 60
|
|
||||||
behavior:
|
|
||||||
scaleUp:
|
|
||||||
stabilizationWindowSeconds: 0
|
|
||||||
selectPolicy: Max
|
|
||||||
policies:
|
|
||||||
- type: Percent
|
|
||||||
value: 100
|
|
||||||
periodSeconds: 30
|
|
||||||
- type: Pods
|
|
||||||
value: 4
|
|
||||||
periodSeconds: 30
|
|
||||||
scaleDown:
|
|
||||||
stabilizationWindowSeconds: 300
|
|
||||||
selectPolicy: Min
|
|
||||||
policies:
|
|
||||||
- type: Percent
|
|
||||||
value: 10
|
|
||||||
periodSeconds: 60
|
|
||||||
- type: Pods
|
|
||||||
value: 2
|
|
||||||
periodSeconds: 60
|
|
||||||
podAnnotations:
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
prometheus.io/port: "8480"
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
maxUnavailable: 1
|
|
||||||
replicaCount: 2
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: vminsert.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: vminsert.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
|
|
||||||
hosts:
|
|
||||||
- name: vminsert.k8s.syd1.au.unkin.net
|
|
||||||
path:
|
|
||||||
- /
|
|
||||||
port: http
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- vminsert.k8s.syd1.au.unkin.net
|
|
||||||
secretName: vminsert-tls
|
|
||||||
ingressClassName: nginx
|
|
||||||
|
|
||||||
vmstorage:
|
|
||||||
enabled: true
|
|
||||||
image:
|
|
||||||
repository: victoriametrics/vmstorage
|
|
||||||
variant: cluster
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
retentionPeriod: 180d
|
|
||||||
extraArgs:
|
|
||||||
envflag.enable: true
|
|
||||||
envflag.prefix: VM_
|
|
||||||
loggerFormat: json
|
|
||||||
httpListenAddr: :8482
|
|
||||||
dedup.minScrapeInterval: 15s
|
|
||||||
podAnnotations:
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
prometheus.io/port: "8482"
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
maxUnavailable: 1
|
|
||||||
persistentVolume:
|
|
||||||
enabled: true
|
|
||||||
name: vmstorage-volume
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
storageClassName: cephrbd-fast-delete
|
|
||||||
mountPath: /storage
|
|
||||||
size: 200Gi
|
|
||||||
replicaCount: 3
|
|
||||||
podManagementPolicy: OrderedReady
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: vm-system
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ../../../base/vm-system
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: victoria-metrics-operator
|
|
||||||
repo: https://victoriametrics.github.io/helm-charts/
|
|
||||||
version: "0.57.1"
|
|
||||||
releaseName: victoria-metrics-operator
|
|
||||||
namespace: vm-system
|
|
||||||
valuesFile: values.yaml
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
logLevel: "info"
|
|
||||||
replicaCount: 2
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 512Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 128Mi
|
|
||||||
@@ -1,24 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: vso-system
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ../../../base/vso-system
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: vault-secrets-operator
|
|
||||||
repo: https://helm.releases.hashicorp.com
|
|
||||||
version: "1.2.0"
|
|
||||||
releaseName: vault-secrets-operator
|
|
||||||
namespace: vso-system
|
|
||||||
valuesFile: values.yaml
|
|
||||||
|
|
||||||
patches:
|
|
||||||
- path: patch_vaultauth-remove-namespace.yaml
|
|
||||||
target:
|
|
||||||
group: secrets.hashicorp.com
|
|
||||||
version: v1beta1
|
|
||||||
kind: VaultAuth
|
|
||||||
name: default
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
- op: remove
|
|
||||||
path: /spec/namespace
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
defaultVaultConnection:
|
|
||||||
enabled: true
|
|
||||||
address: "https://vault.service.consul:8200"
|
|
||||||
skipTLSVerify: false
|
|
||||||
caCertSecret: "vault-ca-cert"
|
|
||||||
|
|
||||||
defaultAuthMethod:
|
|
||||||
enabled: true
|
|
||||||
method: "kubernetes"
|
|
||||||
mount: "k8s/au/syd1"
|
|
||||||
namespace: ""
|
|
||||||
kubernetes:
|
|
||||||
role: "default"
|
|
||||||
serviceAccount: "vault-secrets-operator-controller-manager"
|
|
||||||
tokenAudiences: ["vault"]
|
|
||||||
|
|
||||||
controller:
|
|
||||||
replicas: 3
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 256Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 128Mi
|
|
||||||
|
|
||||||
globalVaultAuth:
|
|
||||||
enabled: true
|
|
||||||
@@ -3,6 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- observability.yaml
|
|
||||||
- platform.yaml
|
- platform.yaml
|
||||||
- storage.yaml
|
- storage.yaml
|
||||||
|
|||||||
@@ -1,31 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: ApplicationSet
|
|
||||||
metadata:
|
|
||||||
name: observability-apps
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
generators:
|
|
||||||
- git:
|
|
||||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
|
||||||
revision: HEAD
|
|
||||||
directories:
|
|
||||||
- path: apps/overlays/*/observability
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: 'observability-{{path[3]}}'
|
|
||||||
spec:
|
|
||||||
project: observability
|
|
||||||
source:
|
|
||||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
|
||||||
targetRevision: HEAD
|
|
||||||
path: '{{path}}'
|
|
||||||
destination:
|
|
||||||
server: https://kubernetes.default.svc
|
|
||||||
namespace: '{{path[3]}}'
|
|
||||||
syncPolicy:
|
|
||||||
automated:
|
|
||||||
prune: true
|
|
||||||
selfHeal: true
|
|
||||||
syncOptions:
|
|
||||||
- ServerSideApply=true
|
|
||||||
@@ -15,7 +15,6 @@ spec:
|
|||||||
- path: apps/overlays/*/cert-manager
|
- path: apps/overlays/*/cert-manager
|
||||||
- path: apps/overlays/*/certificates
|
- path: apps/overlays/*/certificates
|
||||||
- path: apps/overlays/*/cnpg-system
|
- path: apps/overlays/*/cnpg-system
|
||||||
- path: apps/overlays/*/elastic-system
|
|
||||||
- path: apps/overlays/*/externaldns
|
- path: apps/overlays/*/externaldns
|
||||||
- path: apps/overlays/*/inteldeviceplugins-system
|
- path: apps/overlays/*/inteldeviceplugins-system
|
||||||
- path: apps/overlays/*/jfrog
|
- path: apps/overlays/*/jfrog
|
||||||
@@ -25,8 +24,6 @@ spec:
|
|||||||
- path: apps/overlays/*/reflector-system
|
- path: apps/overlays/*/reflector-system
|
||||||
- path: apps/overlays/*/reloader-system
|
- path: apps/overlays/*/reloader-system
|
||||||
- path: apps/overlays/*/reposync
|
- path: apps/overlays/*/reposync
|
||||||
- path: apps/overlays/*/vm-system
|
|
||||||
- path: apps/overlays/*/vso-system
|
|
||||||
- path: apps/overlays/*/woodpecker
|
- path: apps/overlays/*/woodpecker
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
|
|||||||
@@ -3,6 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- observability.yaml
|
|
||||||
- platform.yaml
|
- platform.yaml
|
||||||
- storage.yaml
|
- storage.yaml
|
||||||
|
|||||||
@@ -1,24 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: AppProject
|
|
||||||
metadata:
|
|
||||||
name: observability
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
description: Observability stack (metrics, monitoring)
|
|
||||||
sourceRepos:
|
|
||||||
- https://git.unkin.net/unkin/argocd-apps
|
|
||||||
- https://victoriametrics.github.io/helm-charts/
|
|
||||||
destinations:
|
|
||||||
- namespace: 'observability'
|
|
||||||
server: https://kubernetes.default.svc
|
|
||||||
clusterResourceWhitelist:
|
|
||||||
- group: ''
|
|
||||||
kind: Namespace
|
|
||||||
- group: 'rbac.authorization.k8s.io'
|
|
||||||
kind: ClusterRole
|
|
||||||
- group: 'rbac.authorization.k8s.io'
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
namespaceResourceWhitelist:
|
|
||||||
- group: '*'
|
|
||||||
kind: '*'
|
|
||||||
@@ -10,13 +10,10 @@ spec:
|
|||||||
- https://git.unkin.net/unkin/argocd-apps
|
- https://git.unkin.net/unkin/argocd-apps
|
||||||
- https://charts.jetstack.io
|
- https://charts.jetstack.io
|
||||||
- https://cloudnative-pg.github.io/charts
|
- https://cloudnative-pg.github.io/charts
|
||||||
- https://helm.elastic.co
|
|
||||||
- https://helm.releases.hashicorp.com
|
|
||||||
- https://gitlab.com/api/v4/projects/20400619/packages/helm/stable
|
- https://gitlab.com/api/v4/projects/20400619/packages/helm/stable
|
||||||
- https://intel.github.io/helm-charts/
|
- https://intel.github.io/helm-charts/
|
||||||
- https://kubernetes-sigs.github.io/external-dns/
|
- https://kubernetes-sigs.github.io/external-dns/
|
||||||
- https://releases.rancher.com/server-charts/stable
|
- https://releases.rancher.com/server-charts/stable
|
||||||
- https://victoriametrics.github.io/helm-charts/
|
|
||||||
- oci://gcr.io/k8s-staging-nfd/charts
|
- oci://gcr.io/k8s-staging-nfd/charts
|
||||||
- oci://ghcr.io/emberstack/helm-charts
|
- oci://ghcr.io/emberstack/helm-charts
|
||||||
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
|
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
|
||||||
|
|||||||
Reference in New Issue
Block a user