diff --git a/kubernetes/apps/qbittorrent/app/ingress.yaml b/kubernetes/apps/qbittorrent/app/ingress.yaml index 5f791f7..ac5de48 100644 --- a/kubernetes/apps/qbittorrent/app/ingress.yaml +++ b/kubernetes/apps/qbittorrent/app/ingress.yaml @@ -16,6 +16,6 @@ spec: path: "/" backend: service: - name: qbittorrent + name: qbittorrent-qbittorrent-web port: number: 8888 \ No newline at end of file diff --git a/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml b/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml deleted file mode 100644 index b8ae8ce..0000000 --- a/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml +++ /dev/null @@ -1,113 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: flask-consul - namespace: consul - labels: - app: flask-consul -spec: - replicas: 1 - selector: - matchLabels: - app: flask-consul - template: - metadata: - labels: - app: flask-consul - spec: - initContainers: - - name: wait-for-consul - image: busybox - command: - - sh - - '-c' - - >- - for i in \$(seq 1 60); do nc -z -w3 consul 8500 && exit 0 || - sleep 5; done; exit 1 - imagePullPolicy: IfNotPresent - containers: - - name: flask-consul - image: 'edeedeeed/flask_consul:v0.1.0' - ports: - - name: http-2026 - containerPort: 2026 - protocol: TCP - env: - - name: admin_passwd - value: ${dashboard_8919_admin_passwd} - - name: consul_token - value: ${dashboard_8919_consul_token} - - name: consul_url - value: 'http://consul:8500/v1' - - name: log_level - value: INFO - - name: TZ - value: Australia/Sydney - imagePullPolicy: Always - restartPolicy: Always ---- -kind: Service -apiVersion: v1 -metadata: - name: flask-consul - namespace: consul - labels: - app: flask-consul -spec: - ports: - - name: http-2026 - protocol: TCP - port: 2026 - targetPort: 2026 - selector: - app: flask-consul - type: ClusterIP ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nginx-consul - namespace: consul - labels: - app: nginx-consul -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-consul - template: - metadata: - labels: - app: nginx-consul - spec: - containers: - - name: nginx-consul - image: 'nicholasjackson/nginx-consul:v0.1.0' - ports: - - name: http-1026 - containerPort: 1026 - protocol: TCP - env: - - name: TZ - value: Australia/Sydney - imagePullPolicy: Always - restartPolicy: Always ---- -kind: Service -apiVersion: v1 -metadata: - name: nginx-consul - namespace: consul - labels: - app: consul -spec: - ports: - - name: nginx-consul - protocol: TCP - port: 1026 - targetPort: 1026 - nodePort: 31026 - selector: - app: nginx-consul - type: NodePort - externalTrafficPolicy: Cluster \ No newline at end of file diff --git a/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml b/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml index 741603a..d3719a8 100644 --- a/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml +++ b/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml @@ -4,6 +4,7 @@ metadata: name: grafana-dashboards-secrets namespace: flux-system spec: + suspend: true interval: 10m timeout: 1m30s retryInterval: 30s @@ -28,6 +29,7 @@ metadata: name: grafana-dashboards namespace: prometheus spec: + suspend: true interval: 10m timeout: 1m30s retryInterval: 30s diff --git a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml index 2036b88..62fd396 100644 --- a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml +++ b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml @@ -4,13 +4,13 @@ metadata: name: tcp-services namespace: ingress-nginx data: - "53": "flux-system/adguard-home:53" - "853": "flux-system/adguard-home:853" + "53": "adguard-home/adguard-home:53" + "853": "adguard-home/adguard-home:853" "5432": "postgresql/postgresql-primary:5432" "5433": "postgresql/postgresql-replica:5432" - "5443": "flux-system/adguard-home:5443" - "6060": "flux-system/adguard-home:6060" - "8388": "qbittorrent/qbittorrent-torrent:8388" + "5443": "adguard-home/adguard-home:5443" + "6060": "adguard-home/adguard-home:6060" + "8388": "qbittorrent/qbittorrent-qbittorrent-torrent:8388" --- apiVersion: v1 kind: ConfigMap @@ -18,9 +18,9 @@ metadata: name: udp-services namespace: ingress-nginx data: - "53": "flux-system/adguard-home:53" - "67": "flux-system/adguard-home:67" - "68": "flux-system/adguard-home:68" - "853": "flux-system/adguard-home:853" - "5443": "flux-system/adguard-home:5443" - "8388": "qbittorrent/qbittorrent-torrent:8388" + "53": "adguard-home/adguard-home:53" + "67": "adguard-home/adguard-home:67" + "68": "adguard-home/adguard-home:68" + "853": "adguard-home/adguard-home:853" + "5443": "adguard-home/adguard-home:5443" + "8388": "qbittorrent/qbittorrent-qbittorrent-torrent:8388" diff --git a/kubernetes/infrastructure/kustomization.yaml b/kubernetes/infrastructure/kustomization.yaml index ba4f3c5..2ef0095 100644 --- a/kubernetes/infrastructure/kustomization.yaml +++ b/kubernetes/infrastructure/kustomization.yaml @@ -8,7 +8,9 @@ resources: - ./ingress-nginx/ingress-nginx.yaml - ./ingress-nginx/ingress-nginx-config.yaml - ./local-path-provisioner/local-path-provisioner.yaml + - ./logstash/logstash.yaml - ./minio/minio.yaml + - ./mongodb/mongodb.yaml - ./namespaces/namespaces.yaml - ./postgresql/postgresql.yaml - ./prometheus/prometheus.yaml diff --git a/kubernetes/infrastructure/logstash/app/ingress.yaml b/kubernetes/infrastructure/logstash/app/ingress.yaml new file mode 100644 index 0000000..6b68287 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: logstash-ingress + namespace: logstash + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "omada.logstash.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: logstash + port: + number: 8008 + - host: "monitor.omada.logstash.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: logstash + port: + number: 9600 \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/app/pipelines.yaml b/kubernetes/infrastructure/logstash/app/pipelines.yaml new file mode 100644 index 0000000..efcdac9 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/pipelines.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-pipelines + namespace: logstash +data: + pipelines.yaml: | + - pipeline.id: omada + path.config: "/opt/bitnami/logstash/config/omada.conf" + - pipeline.id: misc + path.config: "/opt/bitnami/logstash/config/misc.conf" + omada.conf: | + input { + tcp { + port => 1514 + type => syslog + } + udp { + port => 1514 + type => syslog + } + http { + port => 8008 + } + } + output { + s3 { + access_key_id => ${omada_s3_access_key_id} + bucket => "logstash" + canned_acl => "bucket-owner-read" + endpoint => "http://minio.minio.svc.cluster.local:19000" + prefix => "omada/%{+YYYY}/%{+MM}/%{+dd}" + region: "ap-southeast-2" + secret_access_key => ${omada_s3_secret_access_key} + time_file => 60 + } + } + misc.conf: | + input { + file { + path => "/tmp/misc" + } + } + output { + stdout { } + } \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/app/release.yaml b/kubernetes/infrastructure/logstash/app/release.yaml new file mode 100644 index 0000000..99ed6e1 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/release.yaml @@ -0,0 +1,67 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: logstash + namespace: logstash +spec: + releaseName: logstash + chart: + spec: + chart: logstash + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + interval: 1h + install: + remediation: + retries: 3 + values: + existingConfiguration: logstash-pipelines + serviceAccount: + name: logstash + containerPorts: + - name: omada-http + containerPort: 8008 + protocol: TCP + - name: monitoring + containerPort: 9600 + protocol: TCP + - name: omada-syslog-udp + containerPort: 1514 + protocol: UDP + - name: omada-syslog-tcp + containerPort: 1514 + protocol: TCP + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + service: + type: LoadBalancer + ports: + - name: omada-http + port: 8080 + targetPort: http + protocol: TCP + - name: monitoring + port: 9600 + targetPort: monitoring + protocol: TCP + - name: omada-syslog-udp + port: 1514 + targetPort: syslog-udp + protocol: UDP + - name: omada-syslog-tcp + port: 1514 + targetPort: syslog-tcp + protocol: TCP + persistence: + enabled: true + existingClaim: logstash-pvc + size: 16Gi + volumePermissions: + enabled: true + securityContext: + runAsUser: 1000 \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/app/volume.yaml b/kubernetes/infrastructure/logstash/app/volume.yaml new file mode 100644 index 0000000..7500a61 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/volume.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: logstash-pv + namespace: logstash + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 16Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/logstash/data" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: logstash-pvc + namespace: logstash + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: logstash-pvc + namespace: logstash + labels: + name: logstash-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 16Gi \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/logstash.yaml b/kubernetes/infrastructure/logstash/logstash.yaml new file mode 100644 index 0000000..b916d5f --- /dev/null +++ b/kubernetes/infrastructure/logstash/logstash.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: logstash-secrets + namespace: flux-system +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: logstash + path: ./logstash + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: logstash + namespace: logstash +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/infrastructure/logstash/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: namespaces + namespace: flux-system + - name: logstash-secrets + namespace: flux-system + - name: local-path-provisioner + namespace: local-path-storage + postBuild: + substituteFrom: + - kind: Secret + name: logstash-secrets \ No newline at end of file diff --git a/kubernetes/infrastructure/minio/app/release.yaml b/kubernetes/infrastructure/minio/app/release.yaml index b15d082..c176465 100644 --- a/kubernetes/infrastructure/minio/app/release.yaml +++ b/kubernetes/infrastructure/minio/app/release.yaml @@ -29,3 +29,8 @@ spec: console: 19001 persistence: existingClaim: "minio-pvc" + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + podSecurityContext: + fsGroup: 1000 diff --git a/kubernetes/infrastructure/mongodb/app/release.yaml b/kubernetes/infrastructure/mongodb/app/release.yaml new file mode 100644 index 0000000..c3f2227 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/app/release.yaml @@ -0,0 +1,82 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mongodb + namespace: mongodb +spec: + releaseName: mongodb + chart: + spec: + chart: mongodb + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + interval: 1h + install: + remediation: + retries: 3 + values: + architecture: replicaset + auth: + rootPassword: ${root_password} + usernames: + - edward + - anysync + passwords: + - ${edward_password} + - ${anysync_password} + databases: + - edward + - anysync + automountServiceAccountToken: true + replicaCount: 2 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + startupProbe: + enabled: true + externalAccess: + enabled: true + service: + type: LoadBalancer + autoDiscovery: + enabled: true + persistence: + name: "datadir-mongodb-0" + resourcePolicy: "keep" + storageClass: "local-path" + size: "32Gi" + labels: + name: datadir-mongodb-0 + volumeClaimTemplates: + selector: + matchLabels: + name: mongodb-pv + persistentVolumeClaimRetentionPolicy: + enabled: true + backup: + enabled: true + cronjob: + schedule: "@daily" + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + storage: + resourcePolicy: "keep" + storageClass: "local-path" + volumeClaimTemplates: + selector: + matchLabels: + name: mongodb-backup-pv + serviceAccount: + create: true + name: mongodb + rbac: + create: true + + + + + + diff --git a/kubernetes/infrastructure/mongodb/app/volume.yaml b/kubernetes/infrastructure/mongodb/app/volume.yaml new file mode 100644 index 0000000..2acd050 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/app/volume.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-pv + namespace: mongodb + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 32Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/mongodb" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: datadir-mongodb-0 + namespace: mongodb + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-backup-pv + namespace: mongodb + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/mongodb/backup" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: mongodb-mongodump + namespace: mongodb + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 diff --git a/kubernetes/infrastructure/mongodb/mongodb.yaml b/kubernetes/infrastructure/mongodb/mongodb.yaml new file mode 100644 index 0000000..b8fdaf6 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/mongodb.yaml @@ -0,0 +1,53 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mongodb-secrets + namespace: flux-system +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: mongodb + path: ./mongodb + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: namespaces + namespace: flux-system + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mongodb + namespace: mongodb +spec: + suspend: true + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/infrastructure/mongodb/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: mongodb-secrets + namespace: flux-system + - name: namespaces + namespace: flux-system + - name: local-path-provisioner + namespace: local-path-storage + postBuild: + substituteFrom: + - kind: Secret + name: mongodb-secrets diff --git a/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml b/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml new file mode 100644 index 0000000..7bfe0b8 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: logstash diff --git a/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml b/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml new file mode 100644 index 0000000..4f58005 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mongodb