shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🚑 scrutiny mounts

Browse Source
This commit is contained in:
auricom
2024-01-30 13:25:49 +01:00
parent 0eea400b34
commit 8ebf45dbe8
5 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
kubernetes/apps/monitoring/scrutiny/app/externalsecret.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: scrutiny
namespace: monitoring
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: scrutiny-secret
template:
engineVersion: v2
data:
SCRUTINY_NOTIFY_URLS: pushover://shoutrrr:{{ .PUSHOVER_API_TOKEN }}@{{ .PUSHOVER_USER_KEY }}
dataFrom:
- extract:
key: pushover
- extract:
key: scrutiny

23
kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml
View File

@@ -28,12 +28,10 @@ spec:
values: values:
defaultPodOptions: defaultPodOptions:
automountServiceAccountToken: false automountServiceAccountToken: false
securityContext:
privileged: true
# capabilities:
# add: ["SYS_RAWIO"] # allow access to smartctl
controllers: controllers:
main: main:
annotations:
reloader.stakater.com/auto: "true"
containers: containers:
main: main:
image: image:
@@ -42,6 +40,9 @@ spec:
env: env:
TZ: ${TIMEZONE} TZ: ${TIMEZONE}
SCRUTINY_WEB_INFLUXDB_HOST: influx.database.svc.cluster.local SCRUTINY_WEB_INFLUXDB_HOST: influx.database.svc.cluster.local
envFrom:
- secretRef:
name: scrutiny-secret
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@@ -116,17 +117,3 @@ spec:
readOnly: true readOnly: true
globalMounts: globalMounts:
- path: /run/udev - path: /run/udev
nvme0n1:
enabled: true
type: hostPath
hostPath: /dev/nvme0n1
readOnly: true
globalMounts:
- path: /dev/nvme0n1
sda:
enabled: true
type: hostPath
hostPath: /dev/sda
readOnly: true
globalMounts:
- path: /dev/sda

1
kubernetes/apps/monitoring/scrutiny/app/kustomization.yaml
View File

@@ -1,5 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./externalsecret.yaml
- helmrelease.yaml - helmrelease.yaml
- ../../../../templates/volsync - ../../../../templates/volsync

18
kubernetes/apps/monitoring/scrutiny/collector/helmrelease.yaml
View File

@@ -30,8 +30,6 @@ spec:
values: values:
defaultPodOptions: defaultPodOptions:
automountServiceAccountToken: false automountServiceAccountToken: false
securityContext:
privileged: true
# capabilities: # capabilities:
# add: ["SYS_RAWIO"] # allow access to smartctl # add: ["SYS_RAWIO"] # allow access to smartctl
controllers: controllers:
@@ -49,6 +47,8 @@ spec:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
TZ: ${TIMEZONE} TZ: ${TIMEZONE}
securityContext:
privileged: true
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@@ -71,3 +71,17 @@ spec:
readOnly: true readOnly: true
globalMounts: globalMounts:
- path: /run/udev - path: /run/udev
nvme0n1:
enabled: true
type: hostPath
hostPath: /dev/nvme0n1
readOnly: true
globalMounts:
- path: /dev/nvme0n1
sda:
enabled: true
type: hostPath
hostPath: /dev/sda
readOnly: true
globalMounts:
- path: /dev/sda

1
kubernetes/apps/monitoring/scrutiny/ks.yaml
View File

@@ -11,6 +11,7 @@ spec:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
dependsOn: dependsOn:
- name: external-secrets-stores
- name: rook-ceph-cluster - name: rook-ceph-cluster
- name: volsync - name: volsync
path: ./kubernetes/apps/monitoring/scrutiny/app path: ./kubernetes/apps/monitoring/scrutiny/app