From 0fe65b2135110e2b42b1a1acd0a04828fd677054 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 7 Jul 2024 23:37:49 +1000 Subject: [PATCH 01/18] fix permission issue of minio --- kubernetes/infrastructure/minio/app/release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/infrastructure/minio/app/release.yaml b/kubernetes/infrastructure/minio/app/release.yaml index b15d082..77644d3 100644 --- a/kubernetes/infrastructure/minio/app/release.yaml +++ b/kubernetes/infrastructure/minio/app/release.yaml @@ -29,3 +29,6 @@ spec: console: 19001 persistence: existingClaim: "minio-pvc" + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 From dac55916abaa5455a21e353e726fcaefed01fc81 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 02:31:11 +1000 Subject: [PATCH 02/18] add app mongodb --- kubernetes/infrastructure/kustomization.yaml | 1 + .../infrastructure/mongodb/app/release.yaml | 66 +++++++++++++ .../infrastructure/mongodb/app/volume.yaml | 93 +++++++++++++++++++ .../infrastructure/mongodb/mongodb.yaml | 52 +++++++++++ .../namespaces/namespaces/mongodb.yaml | 4 + 5 files changed, 216 insertions(+) create mode 100644 kubernetes/infrastructure/mongodb/app/release.yaml create mode 100644 kubernetes/infrastructure/mongodb/app/volume.yaml create mode 100644 kubernetes/infrastructure/mongodb/mongodb.yaml create mode 100644 kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml diff --git a/kubernetes/infrastructure/kustomization.yaml b/kubernetes/infrastructure/kustomization.yaml index ba4f3c5..81041a5 100644 --- a/kubernetes/infrastructure/kustomization.yaml +++ b/kubernetes/infrastructure/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ./ingress-nginx/ingress-nginx-config.yaml - ./local-path-provisioner/local-path-provisioner.yaml - ./minio/minio.yaml + - ./mongodb/mongodb.yaml - ./namespaces/namespaces.yaml - ./postgresql/postgresql.yaml - ./prometheus/prometheus.yaml diff --git a/kubernetes/infrastructure/mongodb/app/release.yaml b/kubernetes/infrastructure/mongodb/app/release.yaml new file mode 100644 index 0000000..f471dc3 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/app/release.yaml @@ -0,0 +1,66 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mongodb + namespace: mongodb +spec: + releaseName: mongodb + chart: + spec: + chart: mongodb + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + interval: 1h + install: + remediation: + retries: 3 + values: + architecture: replicaset + auth: + rootPassword: ${root_password} + usernames: + - edward + - anysync + passwords: + - ${edward_password} + - ${anysync_password} + databases: + - edward + - anysync + replicaCount: 2 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + startupProbe: + enabled: true + externalAccess: + enabled: true + service: + type: LoadBalancer + autoDiscovery: + enabled: true + persistence: + existingClaim: "mongodb-pvc" + backup: + enabled: true + cronjob: + schedule: "@daily" + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + storage: + existingClaim: "mongodb-backup-pvc" + serviceAccount: + create: true + name: mongodb + automountServiceAccountToken: true + rbac: + create: true + + + + + + diff --git a/kubernetes/infrastructure/mongodb/app/volume.yaml b/kubernetes/infrastructure/mongodb/app/volume.yaml new file mode 100644 index 0000000..cebd8a8 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/app/volume.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-pv + namespace: mongodb + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 32Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/mongodb" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: mongodb-pvc + namespace: postgresql + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-pvc + namespace: mongodb + labels: + name: mongodb-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 32Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-backup-pv + namespace: mongodb + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/mongodb/backup" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: mongodb-backup-pvc + namespace: postgresql + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-backup-pvc + namespace: mongodb + labels: + name: mongodb-backup-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/kubernetes/infrastructure/mongodb/mongodb.yaml b/kubernetes/infrastructure/mongodb/mongodb.yaml new file mode 100644 index 0000000..748bd89 --- /dev/null +++ b/kubernetes/infrastructure/mongodb/mongodb.yaml @@ -0,0 +1,52 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mongodb-secrets + namespace: flux-system +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: mongodb + path: ./mongodb + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: namespaces + namespace: flux-system + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mongodb + namespace: mongodb +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/infrastructure/mongodb/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: mongodb-secrets + namespace: flux-system + - name: namespaces + namespace: flux-system + - name: local-path-provisioner + namespace: local-path-storage + postBuild: + substituteFrom: + - kind: Secret + name: mongodb-secrets diff --git a/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml b/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml new file mode 100644 index 0000000..4f58005 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/mongodb.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mongodb From dd9dc374ad7575951543c70ba1b48a8947dcfaa4 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 02:47:57 +1000 Subject: [PATCH 03/18] fix ingress-nginx configMap --- .../config/ingress-configmap.yaml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml index 2036b88..1f682de 100644 --- a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml +++ b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml @@ -4,13 +4,13 @@ metadata: name: tcp-services namespace: ingress-nginx data: - "53": "flux-system/adguard-home:53" - "853": "flux-system/adguard-home:853" + "53": "adguard-home/adguard-home:53" + "853": "adguard-home/adguard-home:853" "5432": "postgresql/postgresql-primary:5432" "5433": "postgresql/postgresql-replica:5432" - "5443": "flux-system/adguard-home:5443" - "6060": "flux-system/adguard-home:6060" - "8388": "qbittorrent/qbittorrent-torrent:8388" + "5443": "adguard-home/adguard-home:5443" + "6060": "adguard-home/adguard-home:6060" + "8388": "qbittorrent/qbittorrent:8388" --- apiVersion: v1 kind: ConfigMap @@ -18,9 +18,9 @@ metadata: name: udp-services namespace: ingress-nginx data: - "53": "flux-system/adguard-home:53" - "67": "flux-system/adguard-home:67" - "68": "flux-system/adguard-home:68" - "853": "flux-system/adguard-home:853" - "5443": "flux-system/adguard-home:5443" - "8388": "qbittorrent/qbittorrent-torrent:8388" + "53": "adguard-home/adguard-home:53" + "67": "adguard-home/adguard-home:67" + "68": "adguard-home/adguard-home:68" + "853": "adguard-home/adguard-home:853" + "5443": "adguard-home/adguard-home:5443" + "8388": "qbittorrent/qbittorrent:8388" From a300af301f709ed51ce76c34f6927ec497e10622 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 02:53:13 +1000 Subject: [PATCH 04/18] fix service names for qbittorrent --- kubernetes/apps/qbittorrent/app/ingress.yaml | 2 +- .../ingress-nginx/config/ingress-configmap.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/apps/qbittorrent/app/ingress.yaml b/kubernetes/apps/qbittorrent/app/ingress.yaml index 5f791f7..ac5de48 100644 --- a/kubernetes/apps/qbittorrent/app/ingress.yaml +++ b/kubernetes/apps/qbittorrent/app/ingress.yaml @@ -16,6 +16,6 @@ spec: path: "/" backend: service: - name: qbittorrent + name: qbittorrent-qbittorrent-web port: number: 8888 \ No newline at end of file diff --git a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml index 1f682de..62fd396 100644 --- a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml +++ b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml @@ -10,7 +10,7 @@ data: "5433": "postgresql/postgresql-replica:5432" "5443": "adguard-home/adguard-home:5443" "6060": "adguard-home/adguard-home:6060" - "8388": "qbittorrent/qbittorrent:8388" + "8388": "qbittorrent/qbittorrent-qbittorrent-torrent:8388" --- apiVersion: v1 kind: ConfigMap @@ -23,4 +23,4 @@ data: "68": "adguard-home/adguard-home:68" "853": "adguard-home/adguard-home:853" "5443": "adguard-home/adguard-home:5443" - "8388": "qbittorrent/qbittorrent:8388" + "8388": "qbittorrent/qbittorrent-qbittorrent-torrent:8388" From a5074800bf6d1ecb410be3e795bcd74df98e294e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 03:07:54 +1000 Subject: [PATCH 05/18] fix mongodb PVs --- kubernetes/infrastructure/mongodb/app/volume.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/infrastructure/mongodb/app/volume.yaml b/kubernetes/infrastructure/mongodb/app/volume.yaml index cebd8a8..4923a9c 100644 --- a/kubernetes/infrastructure/mongodb/app/volume.yaml +++ b/kubernetes/infrastructure/mongodb/app/volume.yaml @@ -19,7 +19,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim name: mongodb-pvc - namespace: postgresql + namespace: mongodb nodeAffinity: required: nodeSelectorTerms: @@ -66,7 +66,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim name: mongodb-backup-pvc - namespace: postgresql + namespace: mongodb nodeAffinity: required: nodeSelectorTerms: From e8f1ef53ce14805fbedb45809344da6253884d5f Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 03:23:06 +1000 Subject: [PATCH 06/18] fix mongodb values --- kubernetes/infrastructure/mongodb/app/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/infrastructure/mongodb/app/release.yaml b/kubernetes/infrastructure/mongodb/app/release.yaml index f471dc3..390df64 100644 --- a/kubernetes/infrastructure/mongodb/app/release.yaml +++ b/kubernetes/infrastructure/mongodb/app/release.yaml @@ -29,6 +29,7 @@ spec: databases: - edward - anysync + automountServiceAccountToken: true replicaCount: 2 containerSecurityContext: runAsUser: 1000 @@ -55,7 +56,6 @@ spec: serviceAccount: create: true name: mongodb - automountServiceAccountToken: true rbac: create: true From 76586e04b6073d4d4653b1b0bca01de93b45f560 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 07:13:59 +1000 Subject: [PATCH 07/18] fix pvcs for mongodb --- .../infrastructure/mongodb/app/release.yaml | 20 ++++++++++-- .../infrastructure/mongodb/app/volume.yaml | 32 ------------------- 2 files changed, 18 insertions(+), 34 deletions(-) diff --git a/kubernetes/infrastructure/mongodb/app/release.yaml b/kubernetes/infrastructure/mongodb/app/release.yaml index 390df64..21173ff 100644 --- a/kubernetes/infrastructure/mongodb/app/release.yaml +++ b/kubernetes/infrastructure/mongodb/app/release.yaml @@ -43,7 +43,18 @@ spec: autoDiscovery: enabled: true persistence: - existingClaim: "mongodb-pvc" + name: "mongodb-pvc" + resourcePolicy: "keep" + storageClass: "local-path" + size: "32Gi" + labels: + name: mongodb-pvc + volumeClaimTemplates: + selector: + matchLabels: + name: mongodb-pv + persistentVolumeClaimRetentionPolicy: + enabled: true backup: enabled: true cronjob: @@ -52,7 +63,12 @@ spec: runAsUser: 1000 runAsGroup: 1000 storage: - existingClaim: "mongodb-backup-pvc" + resourcePolicy: "keep" + storageClass: "local-path" + volumeClaimTemplates: + selector: + matchLabels: + name: mongodb-backup-pv serviceAccount: create: true name: mongodb diff --git a/kubernetes/infrastructure/mongodb/app/volume.yaml b/kubernetes/infrastructure/mongodb/app/volume.yaml index 4923a9c..5080685 100644 --- a/kubernetes/infrastructure/mongodb/app/volume.yaml +++ b/kubernetes/infrastructure/mongodb/app/volume.yaml @@ -30,22 +30,6 @@ spec: - rpi5-cluster-node-1 --- apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mongodb-pvc - namespace: mongodb - labels: - name: mongodb-pvc -spec: - storageClassName: local-path - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 32Gi ---- -apiVersion: v1 kind: PersistentVolume metadata: name: mongodb-backup-pv @@ -75,19 +59,3 @@ spec: operator: In values: - rpi5-cluster-node-1 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mongodb-backup-pvc - namespace: mongodb - labels: - name: mongodb-backup-pvc -spec: - storageClassName: local-path - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi From 852341eea4f461af18ffa3d9c4b71a2d9d90df1a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 14:29:59 +1000 Subject: [PATCH 08/18] fix pvcs for mongodb --- kubernetes/infrastructure/mongodb/app/volume.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/infrastructure/mongodb/app/volume.yaml b/kubernetes/infrastructure/mongodb/app/volume.yaml index 5080685..2acd050 100644 --- a/kubernetes/infrastructure/mongodb/app/volume.yaml +++ b/kubernetes/infrastructure/mongodb/app/volume.yaml @@ -18,7 +18,7 @@ spec: claimRef: apiVersion: v1 kind: PersistentVolumeClaim - name: mongodb-pvc + name: datadir-mongodb-0 namespace: mongodb nodeAffinity: required: @@ -49,7 +49,7 @@ spec: claimRef: apiVersion: v1 kind: PersistentVolumeClaim - name: mongodb-backup-pvc + name: mongodb-mongodump namespace: mongodb nodeAffinity: required: From 6653264d44cac16cd7917537fad8a392474cf94a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 8 Jul 2024 15:30:15 +1000 Subject: [PATCH 09/18] fix pvcs for mongodb --- kubernetes/infrastructure/mongodb/app/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/infrastructure/mongodb/app/release.yaml b/kubernetes/infrastructure/mongodb/app/release.yaml index 21173ff..c3f2227 100644 --- a/kubernetes/infrastructure/mongodb/app/release.yaml +++ b/kubernetes/infrastructure/mongodb/app/release.yaml @@ -43,12 +43,12 @@ spec: autoDiscovery: enabled: true persistence: - name: "mongodb-pvc" + name: "datadir-mongodb-0" resourcePolicy: "keep" storageClass: "local-path" size: "32Gi" labels: - name: mongodb-pvc + name: datadir-mongodb-0 volumeClaimTemplates: selector: matchLabels: From 41964fdd0f70ff956249fb45416cb614be95d24d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 01:06:01 +1000 Subject: [PATCH 10/18] suspend mongodb --- kubernetes/infrastructure/mongodb/mongodb.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/infrastructure/mongodb/mongodb.yaml b/kubernetes/infrastructure/mongodb/mongodb.yaml index 748bd89..b8fdaf6 100644 --- a/kubernetes/infrastructure/mongodb/mongodb.yaml +++ b/kubernetes/infrastructure/mongodb/mongodb.yaml @@ -30,6 +30,7 @@ metadata: name: mongodb namespace: mongodb spec: + suspend: true interval: 10m timeout: 1m30s retryInterval: 30s From 5a244987a33907088d2f6b212a9759d838863d82 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 01:08:52 +1000 Subject: [PATCH 11/18] remove flask-consul --- .../8919-node-exporter-20240520.yaml | 113 ------------------ 1 file changed, 113 deletions(-) delete mode 100644 kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml diff --git a/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml b/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml deleted file mode 100644 index b8ae8ce..0000000 --- a/kubernetes/infrastructure/grafana-dashboards/dashboards/8919-node-exporter-20240520.yaml +++ /dev/null @@ -1,113 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: flask-consul - namespace: consul - labels: - app: flask-consul -spec: - replicas: 1 - selector: - matchLabels: - app: flask-consul - template: - metadata: - labels: - app: flask-consul - spec: - initContainers: - - name: wait-for-consul - image: busybox - command: - - sh - - '-c' - - >- - for i in \$(seq 1 60); do nc -z -w3 consul 8500 && exit 0 || - sleep 5; done; exit 1 - imagePullPolicy: IfNotPresent - containers: - - name: flask-consul - image: 'edeedeeed/flask_consul:v0.1.0' - ports: - - name: http-2026 - containerPort: 2026 - protocol: TCP - env: - - name: admin_passwd - value: ${dashboard_8919_admin_passwd} - - name: consul_token - value: ${dashboard_8919_consul_token} - - name: consul_url - value: 'http://consul:8500/v1' - - name: log_level - value: INFO - - name: TZ - value: Australia/Sydney - imagePullPolicy: Always - restartPolicy: Always ---- -kind: Service -apiVersion: v1 -metadata: - name: flask-consul - namespace: consul - labels: - app: flask-consul -spec: - ports: - - name: http-2026 - protocol: TCP - port: 2026 - targetPort: 2026 - selector: - app: flask-consul - type: ClusterIP ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nginx-consul - namespace: consul - labels: - app: nginx-consul -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-consul - template: - metadata: - labels: - app: nginx-consul - spec: - containers: - - name: nginx-consul - image: 'nicholasjackson/nginx-consul:v0.1.0' - ports: - - name: http-1026 - containerPort: 1026 - protocol: TCP - env: - - name: TZ - value: Australia/Sydney - imagePullPolicy: Always - restartPolicy: Always ---- -kind: Service -apiVersion: v1 -metadata: - name: nginx-consul - namespace: consul - labels: - app: consul -spec: - ports: - - name: nginx-consul - protocol: TCP - port: 1026 - targetPort: 1026 - nodePort: 31026 - selector: - app: nginx-consul - type: NodePort - externalTrafficPolicy: Cluster \ No newline at end of file From 412da893a075c31ce8473d57989b33dea9a7dbb2 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 17:17:20 +1000 Subject: [PATCH 12/18] add multi-pipelines configmap for logstash --- kubernetes/infrastructure/logstash/pipelines/misc.conf | 8 ++++++++ kubernetes/infrastructure/logstash/pipelines/omada.conf | 8 ++++++++ .../infrastructure/logstash/pipelines/pipelines.yaml | 4 ++++ 3 files changed, 20 insertions(+) create mode 100644 kubernetes/infrastructure/logstash/pipelines/misc.conf create mode 100644 kubernetes/infrastructure/logstash/pipelines/omada.conf create mode 100644 kubernetes/infrastructure/logstash/pipelines/pipelines.yaml diff --git a/kubernetes/infrastructure/logstash/pipelines/misc.conf b/kubernetes/infrastructure/logstash/pipelines/misc.conf new file mode 100644 index 0000000..f853a58 --- /dev/null +++ b/kubernetes/infrastructure/logstash/pipelines/misc.conf @@ -0,0 +1,8 @@ +input { + file { + path => "/tmp/misc" + } +} +output { + stdout { } +} \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/pipelines/omada.conf b/kubernetes/infrastructure/logstash/pipelines/omada.conf new file mode 100644 index 0000000..a3e87b7 --- /dev/null +++ b/kubernetes/infrastructure/logstash/pipelines/omada.conf @@ -0,0 +1,8 @@ +input { + file { + path => "/tmp/omada" + } +} +output { + stdout { } +} \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml b/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml new file mode 100644 index 0000000..558f4c1 --- /dev/null +++ b/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml @@ -0,0 +1,4 @@ +- pipeline.id: omada + path.config: "/opt/bitnami/logstash/config/omada.conf" +- pipeline.id: misc + path.config: "/opt/bitnami/logstash/config/misc.conf" \ No newline at end of file From 6d1e660e0e0e225ef30036fe4f5cfcc3733fb85d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 17:27:19 +1000 Subject: [PATCH 13/18] update multi-pipelines configmap for logstash --- .../logstash/app/pipelines.yaml | 29 +++++++++++++++++++ .../logstash/pipelines/misc.conf | 8 ----- .../logstash/pipelines/omada.conf | 8 ----- .../logstash/pipelines/pipelines.yaml | 4 --- 4 files changed, 29 insertions(+), 20 deletions(-) create mode 100644 kubernetes/infrastructure/logstash/app/pipelines.yaml delete mode 100644 kubernetes/infrastructure/logstash/pipelines/misc.conf delete mode 100644 kubernetes/infrastructure/logstash/pipelines/omada.conf delete mode 100644 kubernetes/infrastructure/logstash/pipelines/pipelines.yaml diff --git a/kubernetes/infrastructure/logstash/app/pipelines.yaml b/kubernetes/infrastructure/logstash/app/pipelines.yaml new file mode 100644 index 0000000..4a951ea --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/pipelines.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-pipelines + namespace: logstash +data: + pipelines.yaml: | + - pipeline.id: omada + path.config: "/opt/bitnami/logstash/config/omada.conf" + - pipeline.id: misc + path.config: "/opt/bitnami/logstash/config/misc.conf" + omada.conf: | + input { + file { + path => "/tmp/omada" + } + } + output { + stdout { } + } + misc.conf: | + input { + file { + path => "/tmp/misc" + } + } + output { + stdout { } + } \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/pipelines/misc.conf b/kubernetes/infrastructure/logstash/pipelines/misc.conf deleted file mode 100644 index f853a58..0000000 --- a/kubernetes/infrastructure/logstash/pipelines/misc.conf +++ /dev/null @@ -1,8 +0,0 @@ -input { - file { - path => "/tmp/misc" - } -} -output { - stdout { } -} \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/pipelines/omada.conf b/kubernetes/infrastructure/logstash/pipelines/omada.conf deleted file mode 100644 index a3e87b7..0000000 --- a/kubernetes/infrastructure/logstash/pipelines/omada.conf +++ /dev/null @@ -1,8 +0,0 @@ -input { - file { - path => "/tmp/omada" - } -} -output { - stdout { } -} \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml b/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml deleted file mode 100644 index 558f4c1..0000000 --- a/kubernetes/infrastructure/logstash/pipelines/pipelines.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- pipeline.id: omada - path.config: "/opt/bitnami/logstash/config/omada.conf" -- pipeline.id: misc - path.config: "/opt/bitnami/logstash/config/misc.conf" \ No newline at end of file From d0d06a0e62434b958fec2198052933a6796e9baa Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 17:28:44 +1000 Subject: [PATCH 14/18] add namespace for logstash --- kubernetes/infrastructure/namespaces/namespaces/logstash.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 kubernetes/infrastructure/namespaces/namespaces/logstash.yaml diff --git a/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml b/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml new file mode 100644 index 0000000..7bfe0b8 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/logstash.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: logstash From 5c715d1d5342147134ded831ef89f929b29b6a44 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 18:00:26 +1000 Subject: [PATCH 15/18] fix fsGroup for pod for minio --- kubernetes/infrastructure/minio/app/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/infrastructure/minio/app/release.yaml b/kubernetes/infrastructure/minio/app/release.yaml index 77644d3..c176465 100644 --- a/kubernetes/infrastructure/minio/app/release.yaml +++ b/kubernetes/infrastructure/minio/app/release.yaml @@ -32,3 +32,5 @@ spec: containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 + podSecurityContext: + fsGroup: 1000 From 674bb2e8d3099b8ea874b18fcca8fdd2e4ce4123 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 19:00:34 +1000 Subject: [PATCH 16/18] add infra app logstash for omada syslog --- .../infrastructure/logstash/app/ingress.yaml | 31 +++++++++ .../logstash/app/pipelines.yaml | 23 ++++++- .../infrastructure/logstash/app/release.yaml | 67 +++++++++++++++++++ .../infrastructure/logstash/app/volume.yaml | 46 +++++++++++++ .../infrastructure/logstash/logstash.yaml | 50 ++++++++++++++ 5 files changed, 214 insertions(+), 3 deletions(-) create mode 100644 kubernetes/infrastructure/logstash/app/ingress.yaml create mode 100644 kubernetes/infrastructure/logstash/app/release.yaml create mode 100644 kubernetes/infrastructure/logstash/app/volume.yaml create mode 100644 kubernetes/infrastructure/logstash/logstash.yaml diff --git a/kubernetes/infrastructure/logstash/app/ingress.yaml b/kubernetes/infrastructure/logstash/app/ingress.yaml new file mode 100644 index 0000000..6b68287 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: logstash-ingress + namespace: logstash + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "omada.logstash.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: logstash + port: + number: 8008 + - host: "monitor.omada.logstash.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: logstash + port: + number: 9600 \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/app/pipelines.yaml b/kubernetes/infrastructure/logstash/app/pipelines.yaml index 4a951ea..efcdac9 100644 --- a/kubernetes/infrastructure/logstash/app/pipelines.yaml +++ b/kubernetes/infrastructure/logstash/app/pipelines.yaml @@ -11,12 +11,29 @@ data: path.config: "/opt/bitnami/logstash/config/misc.conf" omada.conf: | input { - file { - path => "/tmp/omada" + tcp { + port => 1514 + type => syslog + } + udp { + port => 1514 + type => syslog + } + http { + port => 8008 } } output { - stdout { } + s3 { + access_key_id => ${omada_s3_access_key_id} + bucket => "logstash" + canned_acl => "bucket-owner-read" + endpoint => "http://minio.minio.svc.cluster.local:19000" + prefix => "omada/%{+YYYY}/%{+MM}/%{+dd}" + region: "ap-southeast-2" + secret_access_key => ${omada_s3_secret_access_key} + time_file => 60 + } } misc.conf: | input { diff --git a/kubernetes/infrastructure/logstash/app/release.yaml b/kubernetes/infrastructure/logstash/app/release.yaml new file mode 100644 index 0000000..99ed6e1 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/release.yaml @@ -0,0 +1,67 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: logstash + namespace: logstash +spec: + releaseName: logstash + chart: + spec: + chart: logstash + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + interval: 1h + install: + remediation: + retries: 3 + values: + existingConfiguration: logstash-pipelines + serviceAccount: + name: logstash + containerPorts: + - name: omada-http + containerPort: 8008 + protocol: TCP + - name: monitoring + containerPort: 9600 + protocol: TCP + - name: omada-syslog-udp + containerPort: 1514 + protocol: UDP + - name: omada-syslog-tcp + containerPort: 1514 + protocol: TCP + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + service: + type: LoadBalancer + ports: + - name: omada-http + port: 8080 + targetPort: http + protocol: TCP + - name: monitoring + port: 9600 + targetPort: monitoring + protocol: TCP + - name: omada-syslog-udp + port: 1514 + targetPort: syslog-udp + protocol: UDP + - name: omada-syslog-tcp + port: 1514 + targetPort: syslog-tcp + protocol: TCP + persistence: + enabled: true + existingClaim: logstash-pvc + size: 16Gi + volumePermissions: + enabled: true + securityContext: + runAsUser: 1000 \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/app/volume.yaml b/kubernetes/infrastructure/logstash/app/volume.yaml new file mode 100644 index 0000000..7500a61 --- /dev/null +++ b/kubernetes/infrastructure/logstash/app/volume.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: logstash-pv + namespace: logstash + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 16Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/logstash/data" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: logstash-pvc + namespace: logstash + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-1 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: logstash-pvc + namespace: logstash + labels: + name: logstash-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 16Gi \ No newline at end of file diff --git a/kubernetes/infrastructure/logstash/logstash.yaml b/kubernetes/infrastructure/logstash/logstash.yaml new file mode 100644 index 0000000..b916d5f --- /dev/null +++ b/kubernetes/infrastructure/logstash/logstash.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: logstash-secrets + namespace: flux-system +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: logstash + path: ./logstash + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: logstash + namespace: logstash +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/infrastructure/logstash/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: namespaces + namespace: flux-system + - name: logstash-secrets + namespace: flux-system + - name: local-path-provisioner + namespace: local-path-storage + postBuild: + substituteFrom: + - kind: Secret + name: logstash-secrets \ No newline at end of file From 125681d7bb1c43fd2747b7a4127bc9b210817c05 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 19:03:35 +1000 Subject: [PATCH 17/18] add logstash to ks for reconciliation --- kubernetes/infrastructure/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/infrastructure/kustomization.yaml b/kubernetes/infrastructure/kustomization.yaml index 81041a5..2ef0095 100644 --- a/kubernetes/infrastructure/kustomization.yaml +++ b/kubernetes/infrastructure/kustomization.yaml @@ -8,6 +8,7 @@ resources: - ./ingress-nginx/ingress-nginx.yaml - ./ingress-nginx/ingress-nginx-config.yaml - ./local-path-provisioner/local-path-provisioner.yaml + - ./logstash/logstash.yaml - ./minio/minio.yaml - ./mongodb/mongodb.yaml - ./namespaces/namespaces.yaml From 4c6acd5f7e720f8a8e43f0ef8dc6352e3e04ef14 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 10 Jul 2024 19:07:56 +1000 Subject: [PATCH 18/18] suspend grafana-dashboards ks --- .../infrastructure/grafana-dashboards/grafana-dashboards.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml b/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml index 741603a..d3719a8 100644 --- a/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml +++ b/kubernetes/infrastructure/grafana-dashboards/grafana-dashboards.yaml @@ -4,6 +4,7 @@ metadata: name: grafana-dashboards-secrets namespace: flux-system spec: + suspend: true interval: 10m timeout: 1m30s retryInterval: 30s @@ -28,6 +29,7 @@ metadata: name: grafana-dashboards namespace: prometheus spec: + suspend: true interval: 10m timeout: 1m30s retryInterval: 30s