shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: envoy-gateway

Browse Source
This commit is contained in:
auricom
2025-08-19 00:13:40 +02:00
parent 5b82fd7742
commit c0dde8be0a
119 changed files with 998 additions and 1563 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kubernetes/apps/observability/apprise/app/helmrelease.yaml
View File

@@ -41,24 +41,15 @@ spec:
controller: *app
ports:
http:
port: 8000
ingress:
port: &port 8000
route:
app:
enabled: true
className: internal
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
rules:
- backendRefs:
- name: *app
port: *port

8
kubernetes/apps/observability/blackbox-exporter/app/helmrelease.yaml
View File

@@ -23,14 +23,6 @@ spec:
retries: 3
values:
fullnameOverride: *app
ingress:
enabled: true
className: internal
hosts:
- host: blackbox-exporter.${SECRET_EXTERNAL_DOMAIN}
paths:
- path: /
pathType: Prefix
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false

12
kubernetes/apps/observability/gatus/app/config/config.yaml
View File

@@ -1,15 +1,17 @@
---
web:
port: 8080
storage:
type: sqlite
path: /config/sqlite.db
caching: true
metrics: true
debug: false
ui:
title: Status | Gatus
header: Status
logo: https://avatars.githubusercontent.com/u/27022259
link: https://github.com/auricom
buttons:
- name: Github
link: https://github.com/auricom
- name: Homelab
link: https://github.com/onedr0p/home-ops
alerting:
pushover:
application-token: ${CUSTOM_PUSHOVER_APP_TOKEN}

86
kubernetes/apps/observability/gatus/app/helmrelease.yaml
View File

@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
@@ -11,15 +11,11 @@ spec:
name: app-template
install:
remediation:
retries: 3
retries: -1
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
values:
controllers:
gatus:
@@ -29,7 +25,7 @@ spec:
init-config:
image:
repository: ghcr.io/home-operations/k8s-sidecar
tag: 1.30.7@sha256:3b6444d91c6e69a9e07c5e55419452d967d18c833d88b36277dc2021b708f621
tag: 1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
env:
FOLDER: /config
LABEL: gatus.io/enabled
@@ -47,16 +43,12 @@ spec:
app:
image:
repository: ghcr.io/twin/gatus
tag: v5.21.0@sha256:b45c89b1f8bfd5be456306b2bf1a581cc13ca0d897faf357ef77c35ac9eca1fa
tag: v5.23.1@sha256:43a12405c1bda5768026b0f75786a744678a472eb7f272039d95017e59ef50b6
env:
CUSTOM_SECRET_EXTERNAL_DOMAIN: ${SECRET_EXTERNAL_DOMAIN}
TZ: ${TIMEZONE}
GATUS_CONFIG_PATH: /config
GATUS_DELAY_START_SECONDS: 5
TZ: ${TIMEZONE}
WEB_PORT: &port 8080
envFrom:
- secretRef:
name: gatus-secret
GATUS_WEB_PORT: &port 80
probes:
liveness: &probes
enabled: true
@@ -68,12 +60,12 @@ spec:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 6
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: [ALL] }
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 100m
@@ -84,47 +76,49 @@ spec:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: gatus
ports:
http:
port: *port
ingress:
serviceMonitor:
app:
className: external
annotations:
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Gatus
gethomepage.dev/description: Automated developer-oriented status page.
gethomepage.dev/group: Applications
gethomepage.dev/icon: gatus.png
gethomepage.dev/pod-selector: >-
app in (
gatus
)
hosts:
- host: &host "status.${SECRET_EXTERNAL_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
endpoints:
- port: http
route:
app:
hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
rules:
- backendRefs:
- name: *app
port: *port
rbac:
roles:
gatus:
type: ClusterRole
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
bindings:
gatus:
type: ClusterRoleBinding
roleRef:
identifier: gatus
subjects:
- identifier: gatus
serviceAccount:
create: true
name: *app
gatus: {}
persistence:
config:
existingClaim: gatus
type: emptyDir
config-file:
type: configMap
name: gatus-configmap
name: "{{ .Release.Name }}-configmap"
globalMounts:
- path: /config/config.yaml
subPath: config.yaml

33
kubernetes/apps/observability/grafana/app/helmrelease.yaml
View File

@@ -272,13 +272,6 @@ spec:
gnetId: 11454
revision: 14
datasource: Prometheus
nginx:
nginx:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
datasource: Prometheus
nginx-request-handling-performance:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
datasource: Prometheus
prometheus:
prometheus:
# renovate: depName="Prometheus"
@@ -329,24 +322,14 @@ spec:
- vonage-status-panel
serviceMonitor:
enabled: true
ingress:
enabled: true
ingressClassName: internal
annotations:
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Grafana
gethomepage.dev/description: Observability and data visualization platform.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: grafana.png
gethomepage.dev/pod-selector: >-
app in (
grafana
)
hosts:
- &host "grafana.${SECRET_EXTERNAL_DOMAIN}"
tls:
- hosts:
- *host
route:
main:
enabled: true
hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
persistence:
enabled: false
testFramework:

62
kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
View File

@@ -105,29 +105,14 @@ spec:
### Prometheus instance values
###
prometheus:
ingress:
enabled: true
pathType: Prefix
ingressClassName: internal
annotations:
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Prometheus
gethomepage.dev/description: Systems and service monitoring system.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: prometheus.png
gethomepage.dev/pod-selector: >-
app in (
prometheus-kube-prometheus-stack-prometheus
)
hosts: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"]
tls:
- hosts:
- "prometheus.${SECRET_EXTERNAL_DOMAIN}"
route:
main:
enabled: true
hostnames: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
prometheusSpec:
replicas: 2
replicaExternalLabelName: replica
@@ -217,29 +202,14 @@ spec:
resources:
requests:
storage: 1Gi
ingress:
enabled: true
pathType: Prefix
ingressClassName: internal
annotations:
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Alert-Manager
gethomepage.dev/description: Handles alerts sent by Prometheus.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: alertmanager.png
gethomepage.dev/pod-selector: >-
app in (
alertmanager-kube-prometheus-stack-alertmanager
)
hosts: ["alert-manager.${SECRET_EXTERNAL_DOMAIN}"]
tls:
- hosts:
- "alert-manager.${SECRET_EXTERNAL_DOMAIN}"
route:
main:
enabled: true
hostnames: ["alertmanager.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
prometheus:
monitor:
enabled: true

8
kubernetes/apps/observability/pushgateway/app/helmrelease.yaml
View File

@@ -34,10 +34,4 @@ spec:
enabled: true
namespace: observability
ingress:
enabled: true
className: internal
hosts:
- &host "pushgateway.${SECRET_EXTERNAL_DOMAIN}"
tls:
- hosts:
- *host
enabled: false

27
kubernetes/apps/observability/pushgateway/app/httproute.yaml Normal file
View File

@@ -0,0 +1,27 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https-redirect
spec:
hostnames:
- pushgateway.${SECRET_EXTERNAL_DOMAIN}
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: internal
namespace: network
sectionName: https
rules:
- backendRefs:
- group: ''
kind: Service
name: pushgateway
namespace: default
port: 9091
weight: 1
matches:
- path:
type: PathPrefix
value: /

1
kubernetes/apps/observability/pushgateway/app/kustomization.yaml
View File

@@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./httproute.yaml

33
kubernetes/apps/observability/scrutiny/app/helmrelease.yaml
View File

@@ -47,30 +47,17 @@ spec:
ports:
http:
port: &port 8080
ingress:
route:
app:
enabled: true
className: internal
annotations:
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Scrutiny
gethomepage.dev/description: Hard Drive S.M.A.R.T Monitoring.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: scrutiny.png
gethomepage.dev/pod-selector: >-
app in (
scrutiny
)
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"]
parentRefs:
- name: internal
namespace: network
sectionName: https
rules:
- backendRefs:
- name: *app
port: *port
probes:
liveness:
enabled: true