🚀 scrutiny

2025-09-17 18:24:14 +02:00 · 2024-01-29 18:14:59 +01:00
parent 2f9f896f7a
commit fdb52fbc4c
10 changed files with 387 additions and 0 deletions
--- a/kubernetes/apps/monitoring/kustomization.yaml
+++ b/kubernetes/apps/monitoring/kustomization.yaml
@@ -10,5 +10,6 @@ resources:
  - ./grafana/ks.yaml
  - ./kube-prometheus-stack/ks.yaml
  - ./loki/ks.yaml
+  - ./scrutiny/ks.yaml
  - ./thanos/ks.yaml
  - ./vector/ks.yaml
--- a/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml
@@ -0,0 +1,132 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app scrutiny
+  namespace: monitoring
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    defaultPodOptions:
+      automountServiceAccountToken: false
+      securityContext:
+        privileged: true
+        # capabilities:
+        #   add: ["SYS_RAWIO"] # allow access to smartctl
+    controllers:
+      main:
+        containers:
+          main:
+            image:
+              repository: ghcr.io/analogj/scrutiny
+              tag: master-web
+            env:
+              TZ: ${TIMEZONE}
+              SCRUTINY_WEB_INFLUXDB_HOST: influx.database.svc.cluster.local
+            resources:
+              requests:
+                cpu: 100m
+                memory: 128Mi
+              limits:
+                memory: 128Mi
+    service:
+      main:
+        ports:
+          http:
+            port: &port 8080
+    ingress:
+      main:
+        enabled: true
+        className: nginx
+        annotations:
+          hajimari.io/icon: mdi:harddiskstatus
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    probes:
+      liveness:
+        enabled: true
+        custom: true
+        spec:
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 1
+          failureThreshold: 3
+          httpGet:
+            path: /api/health
+            port: *port
+        readiness:
+          enabled: true
+          custom: true
+          spec:
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 1
+            failureThreshold: 3
+            httpGet:
+              path: /api/health
+              port: *port
+        startup:
+          enabled: true
+          custom: true
+          spec:
+            initialDelaySeconds: 0
+            timeoutSeconds: 1
+            periodSeconds: 5
+            failureThreshold: 30
+            httpGet:
+              path: /api/health
+              port: *port
+    persistence:
+      config:
+        enabled: true
+        existingClaim: *app
+        globalMounts:
+          - path: /opt/scrutiny/config
+      udev:
+        enabled: true
+        type: hostPath
+        hostPath: /run/udev
+        readOnly: true
+        globalMounts:
+          - path: /run/udev
+      nvme0n1:
+        enabled: true
+        type: hostPath
+        hostPath: /dev/nvme0n1
+        readOnly: true
+        globalMounts:
+          - path: /dev/nvme0n1
+      sda:
+        enabled: true
+        type: hostPath
+        hostPath: /dev/sda
+        readOnly: true
+        globalMounts:
+          - path: /dev/sda
--- a/kubernetes/apps/monitoring/scrutiny/app/kustomization.yaml
+++ b/kubernetes/apps/monitoring/scrutiny/app/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml
+  - ../../../../templates/volsync
--- a/kubernetes/apps/monitoring/scrutiny/collector/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/scrutiny/collector/helmrelease.yaml
@@ -0,0 +1,73 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app scrutiny-collector
+  namespace: monitoring
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  dependsOn:
+    - name: scrutiny
+  values:
+    defaultPodOptions:
+      automountServiceAccountToken: false
+      securityContext:
+        privileged: true
+        # capabilities:
+        #   add: ["SYS_RAWIO"] # allow access to smartctl
+    controllers:
+      main:
+        type: daemonset
+        containers:
+          main:
+            image:
+              repository: ghcr.io/analogj/scrutiny
+              tag: master-collector
+            env:
+              COLLECTOR_API_ENDPOINT: http://scrutiny.monitoring.svc.cluster.local:8080
+              COLLECTOR_HOST_ID:
+                valueFrom:
+                  fieldRef:
+                    fieldPath: spec.nodeName
+              TZ: ${TIMEZONE}
+            resources:
+              requests:
+                cpu: 100m
+                memory: 128Mi
+              limits:
+                memory: 128Mi
+    service:
+      main:
+        enabled: false
+    persistence:
+      config:
+        enabled: true
+        type: emptyDir
+        globalMounts:
+          - path: /opt/scrutiny/config
+      udev:
+        enabled: true
+        type: hostPath
+        hostPath: /run/udev
+        readOnly: true
+        globalMounts:
+          - path: /run/udev
--- a/kubernetes/apps/monitoring/scrutiny/collector/kustomization.yaml
+++ b/kubernetes/apps/monitoring/scrutiny/collector/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml
--- a/kubernetes/apps/monitoring/scrutiny/ks.yaml
+++ b/kubernetes/apps/monitoring/scrutiny/ks.yaml
@@ -0,0 +1,52 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app scrutiny
+  namespace: flux-system
+spec:
+  targetNamespace: monitoring
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: rook-ceph-cluster
+    - name: volsync
+  path: ./kubernetes/apps/monitoring/scrutiny/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 2Gi
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app scrutiny-collector
+  namespace: flux-system
+spec:
+  targetNamespace: monitoring
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/monitoring/scrutiny/collector
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app