From daba51fbc0b4dec4235cbcc8adfa5aa68cf45212 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 23 Jan 2022 00:11:25 +0100 Subject: [PATCH] feat: kasten k10 --- cluster/apps/kasten-io/k10/backup-pvc.yaml | 28 +++++++++++++ cluster/apps/kasten-io/k10/helm-release.yaml | 42 +++++++++++++++++++ cluster/apps/kasten-io/k10/kustomization.yaml | 7 ++++ .../k10/monitoring/kustomization.yaml | 6 +++ .../k10/monitoring/prometheus-rule.yaml | 20 +++++++++ .../k10/monitoring/service-monitor.yaml | 23 ++++++++++ cluster/apps/kasten-io/kustomization.yaml | 6 +++ cluster/apps/kasten-io/namespace.yaml | 5 +++ cluster/apps/kustomization.yaml | 1 + .../secret-reflector/secret-reflector.yaml | 2 +- cluster/base-custom/charts/kasten-charts.yaml | 10 +++++ cluster/base-custom/charts/kustomization.yaml | 1 + 12 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 cluster/apps/kasten-io/k10/backup-pvc.yaml create mode 100644 cluster/apps/kasten-io/k10/helm-release.yaml create mode 100644 cluster/apps/kasten-io/k10/kustomization.yaml create mode 100644 cluster/apps/kasten-io/k10/monitoring/kustomization.yaml create mode 100644 cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml create mode 100644 cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml create mode 100644 cluster/apps/kasten-io/kustomization.yaml create mode 100644 cluster/apps/kasten-io/namespace.yaml create mode 100644 cluster/base-custom/charts/kasten-charts.yaml diff --git a/cluster/apps/kasten-io/k10/backup-pvc.yaml b/cluster/apps/kasten-io/k10/backup-pvc.yaml new file mode 100644 index 000000000..74a925d85 --- /dev/null +++ b/cluster/apps/kasten-io/k10/backup-pvc.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: k10-backup-v1 +spec: + storageClassName: k10-backup-nfs + capacity: + storage: 1Mi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + server: "truenas.${SECRET_CLUSTER_DOMAIN_ROOT}" + path: /mnt/storage/backups/kubernetes +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: k10-backup-v1 + namespace: kasten-io +spec: + accessModes: + - ReadWriteMany + storageClassName: k10-backup-nfs + resources: + requests: + storage: 1Mi diff --git a/cluster/apps/kasten-io/k10/helm-release.yaml b/cluster/apps/kasten-io/k10/helm-release.yaml new file mode 100644 index 000000000..6ebc9e7fc --- /dev/null +++ b/cluster/apps/kasten-io/k10/helm-release.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: k10 + namespace: kasten-io +spec: + releaseName: k10 + interval: 5m + chart: + spec: + chart: k10 + version: 4.5.7 + sourceRef: + kind: HelmRepository + name: kasten-charts + namespace: flux-system + interval: 5m + values: + eula: + accept: true + company: auricom + email: auricom@users.noreply.github.com + global: + persistence: + storageClass: rook-ceph-block + auth: + tokenAuth: + enabled: true + clusterName: k8s + ingress: + create: true + class: nginx + host: &host "k10.${SECRET_CLUSTER_DOMAIN}" + urlPath: k10 + hosts: + - *host + tls: + enabled: true + secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}" + grafana: + enabled: false diff --git a/cluster/apps/kasten-io/k10/kustomization.yaml b/cluster/apps/kasten-io/k10/kustomization.yaml new file mode 100644 index 000000000..bb662b674 --- /dev/null +++ b/cluster/apps/kasten-io/k10/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml + - backup-pvc.yaml + - monitoring diff --git a/cluster/apps/kasten-io/k10/monitoring/kustomization.yaml b/cluster/apps/kasten-io/k10/monitoring/kustomization.yaml new file mode 100644 index 000000000..e257600ff --- /dev/null +++ b/cluster/apps/kasten-io/k10/monitoring/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - prometheus-rule.yaml + - service-monitor.yaml diff --git a/cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml b/cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml new file mode 100644 index 000000000..4d9c66955 --- /dev/null +++ b/cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + prometheus: k8s + role: alert-rules + name: kasten-io + namespace: kasten-io +spec: + groups: + - name: kasten.rules + rules: + - alert: JobsFailing + annotations: + summary: More than 1 failed K10 jobs occurred for the {{ $labels.policy }} policy in the last 10 minutes + expr: increase(catalog_actions_count{status="failed"}[10m]) > 0 + for: 1m + labels: + severity: critical diff --git a/cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml b/cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml new file mode 100644 index 000000000..bff6cf864 --- /dev/null +++ b/cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: k10 + namespace: kasten-io +spec: + namespaceSelector: + matchNames: + - kasten-io + selector: + matchLabels: + app: prometheus + endpoints: + - port: http + scheme: http + path: /k10/prometheus/federate + honorLabels: true + interval: 15s + params: + "match[]": + - '{__name__=~"jobs.*"}' + - '{__name__=~"catalog.*"}' diff --git a/cluster/apps/kasten-io/kustomization.yaml b/cluster/apps/kasten-io/kustomization.yaml new file mode 100644 index 000000000..1bd1feea9 --- /dev/null +++ b/cluster/apps/kasten-io/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - k10 diff --git a/cluster/apps/kasten-io/namespace.yaml b/cluster/apps/kasten-io/namespace.yaml new file mode 100644 index 000000000..c017e3bbb --- /dev/null +++ b/cluster/apps/kasten-io/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kasten-io diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml index 5b0a2d46b..0a5fbacc9 100644 --- a/cluster/apps/kustomization.yaml +++ b/cluster/apps/kustomization.yaml @@ -4,6 +4,7 @@ resources: - data - development - home-automation + - kasten-io - media - monitoring - networking diff --git a/cluster/apps/secret-reflector/secret-reflector.yaml b/cluster/apps/secret-reflector/secret-reflector.yaml index bc46208db..400d580a1 100644 --- a/cluster/apps/secret-reflector/secret-reflector.yaml +++ b/cluster/apps/secret-reflector/secret-reflector.yaml @@ -27,7 +27,7 @@ spec: # source namespace to reflect secret from namespace_source="networking" # space delimited namespace where to reflect the secrets to - namespace_destination="data development home-automation media monitoring rook-ceph" + namespace_destination="data development home-automation media monitoring rook-ceph kasten-io" for secret in $secrets; do secret_source_content=$(kubectl get secret $secret -n $namespace_source -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)') secret_source_checksum=$(printf '%s' "$secret_source_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }') diff --git a/cluster/base-custom/charts/kasten-charts.yaml b/cluster/base-custom/charts/kasten-charts.yaml new file mode 100644 index 000000000..9f936586a --- /dev/null +++ b/cluster/base-custom/charts/kasten-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: kasten-charts + namespace: flux-system +spec: + interval: 1h + url: https://charts.kasten.io/ + timeout: 3m diff --git a/cluster/base-custom/charts/kustomization.yaml b/cluster/base-custom/charts/kustomization.yaml index 847eb1b6b..ec7a0ddbd 100644 --- a/cluster/base-custom/charts/kustomization.yaml +++ b/cluster/base-custom/charts/kustomization.yaml @@ -18,6 +18,7 @@ resources: - jetstack-charts.yaml - k8s-at-home.yaml - k8s-gateway-charts.yaml + - kasten-charts.yaml - kubernetes-sigs-descheduler-charts.yaml - node-feature-discovery.yaml - prometheus-community-charts.yaml