shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-27 04:21:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

flux notifications

Browse Source
This commit is contained in:
auricom
2022-09-13 00:06:52 +02:00
parent 8a342bdf28
commit 7dc2983903
21 changed files with 182 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/core/flux-system/kustomization.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- monitoring
- notifications - notifications
- webhook

20
cluster/core/flux-system/monitoring/gitopstoolkit.yaml
View File

@@ -1,20 +0,0 @@
---
kind: PrometheusRule
apiVersion: monitoring.coreos.com/v1
metadata:
labels:
prometheus: k8s
role: alert-rules
name: gitopstoolkit
namespace: flux-system
spec:
groups:
- name: GitOpsToolkit
rules:
- alert: ReconciliationFailure
expr: max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind) + on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"}) by (namespace, name, kind)) * 2 == 1
for: 30m
labels:
severity: page
annotations:
summary: "{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation has been failing for more than ten minutes."

18
cluster/core/flux-system/monitoring/helm-controller/podmonitor.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: helm-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: helm-controller
podMetricsEndpoints:
- port: http-prom

8
cluster/core/flux-system/monitoring/kustomization.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-controller
- kustomize-controller
- notification-controller
- source-controller
- gitopstoolkit.yaml

18
cluster/core/flux-system/monitoring/kustomize-controller/podmonitor.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: kustomize-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: kustomize-controller
podMetricsEndpoints:
- port: http-prom

18
cluster/core/flux-system/monitoring/notification-controller/podmonitor.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: notification-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: notification-controller
podMetricsEndpoints:
- port: http-prom

4
cluster/core/flux-system/monitoring/source-controller/kustomization.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- podmonitor.yaml

18
cluster/core/flux-system/monitoring/source-controller/podmonitor.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: source-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: source-controller
podMetricsEndpoints:
- port: http-prom

2
cluster/core/flux-system/monitoring/helm-controller/kustomization.yaml → cluster/core/flux-system/notifications/alert-manager/kustomization.yaml
View File

@@ -1,4 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- podmonitor.yaml - notification.yaml

33
cluster/core/flux-system/notifications/alert-manager/notification.yaml Normal file
View File

@@ -0,0 +1,33 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: alert-manager
namespace: flux-system
spec:
type: alertmanager
address: http://kube-prometheus-stack-alertmanager.monitoring:9093/api/v2/alerts/
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: alert-manager
namespace: flux-system
spec:
providerRef:
name: alert-manager
eventSeverity: error
eventSources:
- kind: GitRepository
name: "*"
- kind: HelmRelease
name: "*"
- kind: HelmRepository
name: "*"
- kind: Kustomization
name: "*"
exclusionList:
- "error.*lookup github\\.com"
- "waiting.*socket"
- "dial.*tcp.*timeout"
suspend: false

12
cluster/core/flux-system/notifications/discord/provider.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: discord
namespace: flux-system
spec:
type: discord
username: flux-bot
channel: flux
secretRef:
name: discord-url

28
cluster/core/flux-system/notifications/discord/secret.sops.yaml
View File

@@ -1,28 +0,0 @@
kind: Secret
apiVersion: v1
metadata:
name: discord-url
namespace: flux-system
stringData:
address: ENC[AES256_GCM,data:KO84UDRtsZI/m6ajEpbvYmkUiUoUP9nf/+nCcXe1KPmr/3ixW92vtp9aPZXTlddJIvWYLWlWX8pix6+g2S03q2aOKyRDpiDwc3aZ9MMOCBQAoUd2YmHx/iWkB7L4Tw+Cu3KKGmE4jAvTw5RpPBmKoWtXECEOmRL8,iv:cL0WYV18HrxSXO3rYE/SvWpm82cDoJXmbDsy5irGqxw=,tag:UqoUALRGssUnDqQKr0rNSA==,type:str]
type: Opaque
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNzJiVUJ5QnEycnYvekda
aWQ3QmE3REQrWDZtUThQcTJ3NlhtdjNhNVFRCmppcUxkaFlyWkphK2tPSTNiUHR5
ckphZE9rVVRlOGFlNDFEQ3U5eTJJb2sKLS0tIG92akVUcGZTTWFtek0vVUtsSDBW
L2pQNDZQZjMxakttY05QRldMUHo0VGsKyCezuvurM5JPDPmVg+DiEM6zFfUoLFqU
W98m5UwdKVJSTvb8C2hV46spPMwEx8Q5iz7+2AMxcxe12OPZHnMzQg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-03T14:42:32Z"
mac: ENC[AES256_GCM,data:tSt5MEgmSTCjlva7J15Dw7C2+6jDlrBhj4H4B1/sFzZcGdA/M7wa+pL5yzfrKk1EG9gE7G3kFtpnGDI6vtQ0jsLhRQzF3Xw1n8Yloj7vrqp6vNkq3dCs6Z+ymUr52Sp7jUYDW0a3vcdcRzmB0SmsBiOsBPpCkMwZ3bdy9tEhP34=,iv:PEZFHW4pLeP5/GYvvhJNiDOMKnJeGfc7Mj5Uxc204oM=,tag:uh/Oel8L4RuErfx2xLFY3A==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

4
cluster/core/flux-system/notifications/discord/kustomization.yaml → cluster/core/flux-system/notifications/github/kustomization.yaml
View File

@@ -1,6 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- alerts.yaml - notification.yaml
- provider.yaml
- secret.sops.yaml - secret.sops.yaml

36
cluster/core/flux-system/notifications/discord/alerts.yaml → cluster/core/flux-system/notifications/github/notification.yaml
View File

@@ -1,34 +1,26 @@
--- ---
apiVersion: notification.toolkit.fluxcd.io/v1beta1 apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: github
namespace: flux-system
spec:
type: github
address: https://github.com/auricom/home-ops
secretRef:
name: github-token
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert kind: Alert
metadata: metadata:
name: k3s-gitops name: github
namespace: flux-system namespace: flux-system
spec: spec:
providerRef: providerRef:
name: discord name: github
eventSeverity: info eventSeverity: info
eventSources: eventSources:
- kind: GitRepository
name: "*"
- kind: Kustomization - kind: Kustomization
name: "*" name: "*"
suspend: false
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: helmreleases
namespace: flux-system
spec:
providerRef:
name: discord
eventSeverity: error
eventSources:
- kind: GitRepository
name: '*'
- kind: Kustomization
name: '*'
- kind: HelmRelease - kind: HelmRelease
name: '*' name: "*"
suspend: false

28
cluster/core/flux-system/notifications/github/secret.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: github-token
namespace: flux-system
stringData:
token: ENC[AES256_GCM,data:MijeX3Zk62v/9zLNbXCRKv/qCcW60y6doQeMwVbGEEgd1x2GK0M5Sg==,iv:5dRwHdb40jD/hyNow9iZco4WglmzcbSEOTN0iI3kHyc=,tag:+mBUypMeV1rvh9HsxyTkMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQ0wxZy9rTERQZzRhVkJQ
azZDZ3dxMzZMTGovQWhSNHFiblB0OGRFRnhrCjZFRTVXaWNoSHF3VnRJNE1vRVhi
Sm92RWtVOFZWQldiaER2TnBXcldTclkKLS0tIDk5bkNwem5SOE14T3VKWTdISzMr
c0xvS1hoZ2ZUbyswUDJmWTQ5cUJIL00KOzoh9t/QtMJ3DXzagZNz5MbuqK8mtx2N
apAGT2tSzS9e2Pl8OruH57SGs972wHJQ9pnIHdbzhHkviIChUVApmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-12T22:06:51Z"
mac: ENC[AES256_GCM,data:HNY3DtP5mX1ivOOnuv8hBnKhQIXiH7NLLiRh7rloHNMhq5NY1a1BnaS7FMhUq3vxcE9XMgvG7A/gLKI3diezS779vaiSrpnHS3cbb45J0hGB1bqOrkhAV+BQgOiPL6hrv2ouA2VK1VOin9z7kBzXCIOh9UnZmNi0H/Qy6e/45X4=,iv:5fbAnwGoKAYFcFhf5Di6epWvNZgwyX71QJQSN/Krt/k=,tag:Mu+KOOea1XkYJtO1HawxPA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

3
cluster/core/flux-system/notifications/kustomization.yaml
View File

@@ -1,4 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- discord - alert-manager
- github

25
cluster/core/flux-system/webhook/github/ingress.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webhook-receiver
namespace: flux-system
annotations:
external-dns.alpha.kubernetes.io/target: "services.${SECRET_DOMAIN}."
external-dns/is-public: "true"
spec:
ingressClassName: "nginx"
rules:
- host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
http:
paths:
- path: /hook/
pathType: Prefix
backend:
service:
name: webhook-receiver
port:
number: 80
tls:
- hosts:
- "flux-webhook.${SECRET_CLUSTER_DOMAIN}"

5
cluster/core/flux-system/monitoring/notification-controller/kustomization.yaml → cluster/core/flux-system/webhook/github/kustomization.yaml
View File

@@ -1,4 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- podmonitor.yaml - secret.sops.yaml
- ingress.yaml
- receiver.yaml

42
cluster/core/flux-system/webhook/github/receiver.yaml Normal file
View File

@@ -0,0 +1,42 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Receiver
metadata:
name: home-ops
namespace: flux-system
spec:
type: github
events:
- ping
- push
secretRef:
name: github-webhook-token
resources:
- apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
name: flux-cluster
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: apps
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: charts
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: configuration
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: core
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: flux-cluster
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: crds
namespace: flux-system

28
cluster/core/flux-system/webhook/github/secret.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: github-webhook-token
namespace: flux-system
stringData:
token: ENC[AES256_GCM,data:sOQJblO3+4fugmRCsIhO2I0PslY=,iv:3UwQESwwtES5puzfqulXOhr2T2OpLRdYehCclNqpjOU=,tag:alJVHdqTdqIvLCdOGEOeDA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cXVUWXpjdXUveGE5M3Bl
SzVhQ0phSlVMN0tMMDZRUnM1UXFpbktxd3pzCkZwQ2dmSys4L0UrREtMekJwUkNC
amovOWJBdEs5aTZSZVkxeHliTTk2VEEKLS0tIG8xb0dKRGZyc0VSU0RMZ01HdkFk
dVJzZGNrWFhoVmd0MnVUbHpKdU1XcDQKLD4TlyCxE57RFvUFqLDuhsEyoBC+12Yu
IZzMQYI6bDVnsfv3BzlYAm4qHHPUnhtUX3Wdx/u5ZwOlpxcyBUqNFg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-12T21:49:31Z"
mac: ENC[AES256_GCM,data:QFYMnuqU3PkGMdT0ndKQLEshO6APk6spSuR0Zjx1f9k+eYyvUwLQOszECl0kACFoxQeeHlB7kNqRWAT158uO8gUajdvHNBkDr7H10S3AeeVtXIB2m/9NWYaBpksoP+rjd0CnUq27FQvBZJVl0l6QtKywcfJDZLctGOzUa86okyk=,iv:kXJc9RCQ9RuV2CSkziwQBMmNAx8q03++B4WVTrU4v/Y=,tag:BDmIcDbx5yE2OACbn/nRbw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

3
cluster/core/flux-system/monitoring/kustomize-controller/kustomization.yaml → cluster/core/flux-system/webhook/kustomization.yaml
View File

@@ -1,4 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- podmonitor.yaml - github