feat: kasten k10

2025-10-02 08:47:17 +02:00 · 2022-01-23 00:11:25 +01:00
parent 91dcb23d6f
commit daba51fbc0
12 changed files with 150 additions and 1 deletions
--- a/cluster/apps/kasten-io/k10/backup-pvc.yaml
+++ b/cluster/apps/kasten-io/k10/backup-pvc.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: k10-backup-v1
+spec:
+  storageClassName: k10-backup-nfs
+  capacity:
+    storage: 1Mi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: "truenas.${SECRET_CLUSTER_DOMAIN_ROOT}"
+    path: /mnt/storage/backups/kubernetes
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: k10-backup-v1
+  namespace: kasten-io
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: k10-backup-nfs
+  resources:
+    requests:
+      storage: 1Mi
--- a/cluster/apps/kasten-io/k10/helm-release.yaml
+++ b/cluster/apps/kasten-io/k10/helm-release.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: k10
+  namespace: kasten-io
+spec:
+  releaseName: k10
+  interval: 5m
+  chart:
+    spec:
+      chart: k10
+      version: 4.5.7
+      sourceRef:
+        kind: HelmRepository
+        name: kasten-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    eula:
+      accept: true
+      company: auricom
+      email: auricom@users.noreply.github.com
+    global:
+      persistence:
+        storageClass: rook-ceph-block
+    auth:
+      tokenAuth:
+        enabled: true
+    clusterName: k8s
+    ingress:
+      create: true
+      class: nginx
+      host: &host "k10.${SECRET_CLUSTER_DOMAIN}"
+      urlPath: k10
+      hosts:
+        - *host
+      tls:
+        enabled: true
+        secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
+    grafana:
+      enabled: false
--- a/cluster/apps/kasten-io/k10/kustomization.yaml
+++ b/cluster/apps/kasten-io/k10/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - backup-pvc.yaml
+  - monitoring
--- a/cluster/apps/kasten-io/k10/monitoring/kustomization.yaml
+++ b/cluster/apps/kasten-io/k10/monitoring/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - prometheus-rule.yaml
+  - service-monitor.yaml
--- a/cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml
+++ b/cluster/apps/kasten-io/k10/monitoring/prometheus-rule.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    prometheus: k8s
+    role: alert-rules
+  name: kasten-io
+  namespace: kasten-io
+spec:
+  groups:
+    - name: kasten.rules
+      rules:
+        - alert: JobsFailing
+          annotations:
+            summary: More than 1 failed K10 jobs occurred for the {{ $labels.policy }} policy in the last 10 minutes
+          expr: increase(catalog_actions_count{status="failed"}[10m]) > 0
+          for: 1m
+          labels:
+            severity: critical
--- a/cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml
+++ b/cluster/apps/kasten-io/k10/monitoring/service-monitor.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: k10
+  namespace: kasten-io
+spec:
+  namespaceSelector:
+    matchNames:
+      - kasten-io
+  selector:
+    matchLabels:
+      app: prometheus
+  endpoints:
+    - port: http
+      scheme: http
+      path: /k10/prometheus/federate
+      honorLabels: true
+      interval: 15s
+      params:
+        "match[]":
+          - '{__name__=~"jobs.*"}'
+          - '{__name__=~"catalog.*"}'
--- a/cluster/apps/kasten-io/kustomization.yaml
+++ b/cluster/apps/kasten-io/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - k10
--- a/cluster/apps/kasten-io/namespace.yaml
+++ b/cluster/apps/kasten-io/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kasten-io
--- a/cluster/apps/kustomization.yaml
+++ b/cluster/apps/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
  - data
  - development
  - home-automation
+  - kasten-io
  - media
  - monitoring
  - networking
--- a/cluster/apps/secret-reflector/secret-reflector.yaml
+++ b/cluster/apps/secret-reflector/secret-reflector.yaml
@@ -27,7 +27,7 @@ spec:
                  # source namespace to reflect secret from
                  namespace_source="networking"
                  # space delimited namespace where to reflect the secrets to
-                  namespace_destination="data development home-automation media monitoring rook-ceph"
+                  namespace_destination="data development home-automation media monitoring rook-ceph kasten-io"
                  for secret in $secrets; do
                      secret_source_content=$(kubectl get secret $secret -n $namespace_source -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)')
                      secret_source_checksum=$(printf '%s' "$secret_source_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')
--- a/cluster/base-custom/charts/kasten-charts.yaml
+++ b/cluster/base-custom/charts/kasten-charts.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: kasten-charts
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.kasten.io/
+  timeout: 3m
--- a/cluster/base-custom/charts/kustomization.yaml
+++ b/cluster/base-custom/charts/kustomization.yaml
@@ -18,6 +18,7 @@ resources:
  - jetstack-charts.yaml
  - k8s-at-home.yaml
  - k8s-gateway-charts.yaml
+  - kasten-charts.yaml
  - kubernetes-sigs-descheduler-charts.yaml
  - node-feature-discovery.yaml
  - prometheus-community-charts.yaml