grant/fog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: grant:cdfb9c7505d9dda5d06deb3e0e0375d2c85aaeaf
Branches Tags
grant:main
..
compare: grant:60b99e2130d43810157af6c86a250e9e7be1a632
Branches Tags
grant:main

6 Commits
cdfb9c7505 ... 60b99e2130

Author SHA1 Message Date
Grant
60b99e2130 traefik updateStrategy and externalTrafficPolicy 2025-03-15 19:03:41 -06:00
Grant
73e4e3d773 Add rate limiting to traefik 2025-03-15 19:03:26 -06:00
Grant
1ecc287a67 reduce cpu request for cpeh 2025-03-15 15:10:34 -06:00
Grant
34b1e9e077 Add monitoring stack 2025-03-15 15:10:17 -06:00
Grant
f2c9ab770f Add just to simply helm commands 2025-03-15 15:08:12 -06:00
Grant
f7c8a0e8bc Add missing values 2025-03-14 22:55:07 -06:00
19 changed files with 331 additions and 8 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -13,3 +13,5 @@ talos/secrets.yaml
kgnot/config.production.json kgnot/config.production.json
53ll/config.production.json 53ll/config.production.json
*.key
*.pub

0
gitea/ssh_ingress.yaml Normal file
View File

59
gitea/values.yaml Normal file
View File

@ -0,0 +1,59 @@
gitea:
config:
server:
ROOT_URL: https://git.incngrnt.ca/
MINIMUM_KEY_SIZE_CHECK: false
service:
DISABLE_REGISTRATION: true
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
cron:
enabled: true
repository:
DISABLE_DOWNLOAD_SOURCE_ARCHIVES: true
additionalConfigFromEnvs:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: password
strategy:
type: Recreate
ingress:
enabled: true
hosts:
- host: git.incngrnt.ca
paths:
- path: "/"
pathType: Prefix
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
redis:
enabled: true
redis-cluster:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false

23
grafana/alloy_values.yaml Normal file
View File

@ -0,0 +1,23 @@
alloy:
configMap:
content: |-
logging {
level = "info"
format = "logfmt"
}
discovery.kubernetes "pods" {
role = "pod"
}
loki.source.kubernetes "pods" {
targets = discovery.kubernetes.pods.targets
forward_to = [loki.write.loki.receiver]
}
loki.write "loki" {
endpoint {
url = "http://loki.grafana.svc.cluster.local:3100/loki/api/v1/push"
}
}

9
grafana/grafana_values.yaml Normal file
View File

@ -0,0 +1,9 @@
ingress:
enabled: true
hosts:
- watcher.incngrnt.ca
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
persistence:
enabled: true

70
grafana/loki_values.yaml Normal file
View File

@ -0,0 +1,70 @@
loki:
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: "2024-04-01"
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
pattern_ingester:
enabled: true
limits_config:
allow_structured_metadata: true
volume_enabled: true
ruler:
enable_api: true
auth_enabled: false
resultsCache:
resources:
request:
cpu: 100ms
memory: 500Mi
limits:
memory: 500Mi
chunksCache:
resources:
request:
cpu: 100ms
memory: 500Mi
limits:
memory: 500Mi
minio:
enabled: true
deploymentMode: SingleBinary
singleBinary:
replicas: 1
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

3
grafana/prometheus_values.yaml Normal file
View File

@ -0,0 +1,3 @@
rometheus-node-exporter:
rbac:
pspEnabled: true

20
helmfile.lock
View File

@ -1,17 +1,26 @@
version: 0.170.1 version: 0.170.1
dependencies: dependencies:
- name: alloy
repository: https://grafana.github.io/helm-charts
version: 0.12.5
- name: ghost - name: ghost
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 22.1.19 version: 22.2.0
- name: ghost - name: ghost
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 22.1.19 version: 22.2.0
- name: gitea - name: gitea
repository: https://dl.gitea.io/charts repository: https://dl.gitea.io/charts
version: 11.0.0 version: 11.0.0
- name: grafana
repository: https://grafana.github.io/helm-charts
version: 8.10.3
- name: k8up - name: k8up
repository: https://k8up-io.github.io/k8up repository: https://k8up-io.github.io/k8up
version: 4.8.4 version: 4.8.4
- name: loki
repository: https://grafana.github.io/helm-charts
version: 6.28.0
- name: mariadb - name: mariadb
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 20.4.1 version: 20.4.1
@ -24,6 +33,9 @@ dependencies:
- name: postgrescluster - name: postgrescluster
repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
version: 5.7.2 version: 5.7.2
- name: prometheus
repository: https://prometheus-community.github.io/helm-charts
version: 27.5.1
- name: rook-ceph - name: rook-ceph
repository: https://charts.rook.io/release repository: https://charts.rook.io/release
version: v1.16.5 version: v1.16.5
@ -36,5 +48,5 @@ dependencies:
- name: traefik - name: traefik
repository: https://traefik.github.io/charts repository: https://traefik.github.io/charts
version: 34.4.1 version: 34.4.1
digest: sha256:14c9bc504c5060f8bbce5ec9a8df737a19a7216428a31c1cb34ef5c6648e45c5 digest: sha256:b28767f0ec4d8549e0b1de7446f3468555a2a67bf88d2b554e9a12c2de723d2d
generated: "2025-03-12T21:27:22.529913117-06:00" generated: "2025-03-15T14:34:49.001292746-06:00"

50
helmfile.yaml
View File

@ -19,6 +19,10 @@ repositories:
url: https://pkgs.tailscale.com/helmcharts url: https://pkgs.tailscale.com/helmcharts
- name: gitea - name: gitea
url: https://dl.gitea.io/charts url: https://dl.gitea.io/charts
- name: grafana
url: https://grafana.github.io/helm-charts
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases: releases:
# networking # networking
- name: metallb - name: metallb
@ -52,6 +56,8 @@ releases:
namespace: rook-ceph namespace: rook-ceph
createNamespace: true createNamespace: true
chart: rook-release/rook-ceph chart: rook-release/rook-ceph
values:
- ./rook-ceph/values.yaml
- name: rook-ceph-cluster - name: rook-ceph-cluster
namespace: rook-ceph namespace: rook-ceph
createNamespace: true createNamespace: true
@ -83,6 +89,36 @@ releases:
setString: setString:
- name: auth.rootPassword - name: auth.rootPassword
value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }} value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }}
# monitoring
- name: grafana
namespace: grafana
createNamespace: true
chart: grafana/grafana
values:
- grafana/grafana_values.yaml
setString:
- name: adminPassword
value: VYHEKk0Q9KfqQ3UpTx8oc4InrXlUQivUuEeGU8LJ
- name: prometheus
namespace: grafana
createNamespace: true
chart: prometheus-community/prometheus
values:
- grafana/prometheus_values.yaml
- name: loki
namespace: grafana
createNamespace: true
chart: grafana/loki
values:
- grafana/loki_values.yaml
- name: alloy
namespace: grafana
createNamespace: true
chart: grafana/alloy
values:
- grafana/alloy_values.yaml
# goatchat matrix # goatchat matrix
- name: goatchat - name: goatchat
namespace: goatchat namespace: goatchat
@ -172,3 +208,17 @@ releases:
- name: repoPassword - name: repoPassword
value: {{ requiredEnv "k8UP_REPO_PASSWORD" }} value: {{ requiredEnv "k8UP_REPO_PASSWORD" }}
- name: gitea-backup
namespace: gitea
chart: ./k8up-backup
createNamespace: true
values:
- ./k8up-backup/values_override.yaml
setString:
- name: credentials.id
value: {{ requiredEnv "HETZNER_S3_ACCESS_KEY" }}
- name: credentials.key
value: {{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }}
- name: repoPassword
value: {{ requiredEnv "k8UP_REPO_PASSWORD" }}

15
justfile Normal file
View File

@ -0,0 +1,15 @@
update:
bws run 'helmfile deps'
deploy:
bws run 'helmfile apply'
sdiff:
bws run 'helmfile diff --output simple'
ddiff:
bws run 'helmfile diff --output dyff'
cleanuppods:
kubectl get pods --no-headers | grep -v Running | awk '{print $1}' | xargs kubectl delete pod

6
k8up-backup/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: k8up-backup
description: A Helm chart for a k8up backup
type: application
version: 0.0.3

20
k8up-backup/templates/backup.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: k8up.io/v1
kind: Backup
metadata:
name: {{ .Release.Name }}
spec:
failedJobsHistoryLimit: 2
successfulJobsHistoryLimit: 2
backend:
repoPasswordSecretRef:
name: "{{ .Release.Name }}-repopassword"
key: password
s3:
endpoint: "{{ .Values.endpoint }}"
bucket: "{{ .Values.bucket }}"
accessKeyIDSecretRef:
name: "{{ .Release.Name }}-credentials"
key: id
secretAccessKeySecretRef:
name: "{{ .Release.Name }}-credentials"
key: key

14
k8up-backup/templates/secrets.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: "{{ .Release.Name }}-credentials"
data:
id: "{{ .Values.credentials.id | b64enc}}"
key: "{{ .Values.credentials.key | b64enc}}"
---
apiVersion: v1
kind: Secret
metadata:
name: "{{ .Release.Name }}-repopassword"
data:
password: "{{ .Values.repoPassword | b64enc}}"

7
k8up-backup/values.yaml Normal file
View File

@ -0,0 +1,7 @@
# endpoint:
# bucket
# repoPassword:
# credentials:
# id:
# key:

3
k8up-backup/values_override.yaml Normal file
View File

@ -0,0 +1,3 @@
endpoint: hel1.your-objectstorage.com
bucket: fog

0
k8up/values.yaml Normal file
View File

8
rook-ceph-cluster/values.yaml
View File

@ -9,19 +9,19 @@ cephClusterSpec:
resources: resources:
mgr: mgr:
requests: requests:
cpu: 150m cpu: 100m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"
mon: mon:
requests: requests:
cpu: 150m cpu: 100m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"
osd: osd:
requests: requests:
cpu: 150m cpu: 100m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: "1" cpu: "1"
@ -43,7 +43,7 @@ cephFileSystems:
activeStandby: true activeStandby: true
resources: resources:
requests: requests:
cpu: 250m cpu: 100m
memory: 256Mi memory: 256Mi
limit: limit:
cpu: "1" cpu: "1"

4
rook-ceph/values.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
requests:
cpu: 100m
memory: 128Mi

26
traefik/values.yaml
View File

@ -7,6 +7,9 @@ deployment:
- name: data - name: data
mountPath: /data mountPath: /data
updateStrategy:
type: Recreate
env: env:
- name: HETZNER_API_KEY - name: HETZNER_API_KEY
valueFrom: valueFrom:
@ -20,6 +23,16 @@ additionalArguments:
persistence: persistence:
enabled: true enabled: true
logs:
format: json
access:
enabled: true
format: json
service:
spec:
externalTrafficPolicy: Local
ingressRoute: ingressRoute:
dashboard: dashboard:
enabled: true enabled: true
@ -30,6 +43,11 @@ ingressRoute:
tls: tls:
certResolver: letsencrypt certResolver: letsencrypt
ports:
websecure:
middlewares:
- traefik-rate-limit@kubernetescrd
extraObjects: extraObjects:
- apiVersion: v1 - apiVersion: v1
kind: Secret kind: Secret
@ -47,6 +65,14 @@ extraObjects:
spec: spec:
basicAuth: basicAuth:
secret: traefik-dashboard-auth-secret secret: traefik-dashboard-auth-secret
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rate-limit
spec:
rateLimit:
average: 50
burst: 100
certificatesResolvers: certificatesResolvers:
letsencrypt: letsencrypt: