freezer/kissj-gitops
Archived
1
0
Fork 0
Code Activity

Compare commits

base: freezer:f09c1ec86bc3c8cd752f2cd9f1a2e26d931266ee
Branches Tags
freezer:main
..
compare: freezer:ccac1f1b86f353d49ab27fa51deb0982d926ee3b
Branches Tags
freezer:main

No commits in common. "f09c1ec86bc3c8cd752f2cd9f1a2e26d931266ee" and "ccac1f1b86f353d49ab27fa51deb0982d926ee3b" have entirely different histories.
f09c1ec86b ... ccac1f1b86

16 changed files with 41 additions and 170 deletions
Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -6,28 +6,11 @@ Underlying Kubernetes cluster components for [KISSJ](https://github.com/skautdev
- namespaces - namespaces
- `kissj-db` - `kissj-db`
- `kissj-dev`
- `kissj-prod` - `kissj-prod`
- `kissj-staging` - `kissj-staging`
- `kissj-monitoring`
- PostgreSQL instance - PostgreSQL instance
- monitoring
- Prometheus
- AlertManager
- Grafana
- blackbox exporter
## Security ## Security
- Users - Users
- lung - ServiceAccounts
- majkl
## Monitoring
As mentione before in [components](#components), the monitoring consists of:
- [Prometheus](https://prometheus.monitoring.kissj.net)
- [AlertManager](https://alertmanager.monitoring.kissj.net)
- [Grafana](https://grafana.monitoring.kissj.net)
To monitor everything, we also deploy [prometheus/blackbox_exporter](https://github.com/prometheus/blackbox_exporter) to monitor the overall availability of the site.

18
_apps/kissj-production-quotas.yml
View file

@ -1,18 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kissj-production-quotas
namespace: argocd
spec:
destination:
namespace: kissj-production
server: https://kubernetes.default.svc
project: kissj
source:
path: quotas/production
repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git
targetRevision: HEAD
syncPolicy:
automated:
prune: true
selfHeal: true

18
_apps/kissj-staging-quotas.yml
View file

@ -1,18 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kissj-staging-quotas
namespace: argocd
spec:
destination:
namespace: kissj-staging
server: https://kubernetes.default.svc
project: kissj
source:
path: quotas/staging
repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git
targetRevision: HEAD
syncPolicy:
automated:
prune: true
selfHeal: true

7
monitoring/Chart.lock
View file

@ -2,8 +2,5 @@ dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 39.11.0 version: 39.11.0
- name: prometheus-blackbox-exporter digest: sha256:2000f95ea7c9e6ac6ec0cc0ed3f08ee6adebf5e3ad383a0e8d89d80ab61439eb
repository: https://prometheus-community.github.io/helm-charts generated: "2022-09-03T10:54:33.34106+02:00"
version: 7.0.0
digest: sha256:7a9382529ff259e31426aa23cf9eea9a0dc5fe7d6950339133bc78bcb310fa30
generated: "2022-09-03T16:06:15.239791+02:00"

3
monitoring/Chart.yaml
View file

@ -9,6 +9,3 @@ dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 39.11.0 version: 39.11.0
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-blackbox-exporter
version: 7.0.0
repository: https://prometheus-community.github.io/helm-charts

54
monitoring/values.yaml
View file

@ -13,27 +13,6 @@ kube-prometheus-stack:
kubeStateMetrics: kubeStateMetrics:
enabled: false enabled: false
kubeApiServer:
enabled: false
kubelet:
enabled: false
kubeControllerManager:
enabled: false
coreDns:
enabled: false
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
defaultRules:
create: false
prometheus: prometheus:
prometheusSpec: prometheusSpec:
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false
@ -117,5 +96,34 @@ kube-prometheus-stack:
serviceMonitor: serviceMonitor:
selfMonitor: true selfMonitor: true
prometheus-blackbox-exporter: # This AM is for KISSJ, cluster components are monitored by different instance
fullnameOverride: kissj-blackbox-exporter kubeApiServer:
enabled: false
kubelet:
enabled: false
kubeControllerManager:
enabled: false
coreDns:
enabled: false
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
prometheusOperator:
serviceMonitor:
selfMonitor: false
defaultRules:
create: false

2
namespaces/kissj-production.yml → namespaces/kissj-dev.yml
View file

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: kissj-production name: kissj-dev
labels: labels:
prometheus: kissj prometheus: kissj

6
namespaces/kissj-prod.yml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: kissj-prod
labels:
prometheus: kissj

10
quotas/production/compute-resources.yml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
spec:
hard:
requests.cpu: 6000m
requests.memory: 16384Mi
limits.cpu: 8000m
limits.memory: 20480Mi

13
quotas/production/kube-objects.yml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: kube-objects
spec:
hard:
count/deployments.apps: "5"
count/statefulsets.apps: "0"
count/cronjobs.batch: "0"
count/jobs.batch: "5"
count/pods: "50"
count/persistentvolumeclaims: "1"

9
quotas/production/network.yml
View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: network
spec:
hard:
services.loadbalancers: "0"
services.nodeports: "0"

10
quotas/production/storage.yml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: storage
spec:
hard:
requests.storage: 1Gi
persistentvolumeclaims: "3"
local-path.storageclass.storage.k8s.io/requests.storage: 0Mi
local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0"

10
quotas/staging/compute-resources.yml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
spec:
hard:
requests.cpu: 800m
requests.memory: 1536Mi
limits.cpu: 1200m
limits.memory: 2048Mi

13
quotas/staging/kube-objects.yml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: kube-objects
spec:
hard:
count/deployments.apps: "5"
count/statefulsets.apps: "0"
count/cronjobs.batch: "0"
count/jobs.batch: "5"
count/pods: "20"
count/persistentvolumeclaims: "1"

9
quotas/staging/network.yml
View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: network
spec:
hard:
services.loadbalancers: "0"
services.nodeports: "0"

10
quotas/staging/storage.yml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: storage
spec:
hard:
requests.storage: 1Gi
persistentvolumeclaims: "3"
local-path.storageclass.storage.k8s.io/requests.storage: 0Mi
local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0"