Merge pull request #344 from 3dwardch3ng/infra/prometheus

use recreate strategy for prometheus

kubernetes/apps/adguard-home/adguard-home.yaml

@@ -7,7 +7,6 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
   path: ./kubernetes/apps/adguard-home/app
   prune: true
   sourceRef:

kubernetes/apps/capacitor/capacitor.yaml

@@ -7,7 +7,6 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
   path: ./kubernetes/apps/capacitor/app
   prune: true
   sourceRef:

kubernetes/apps/homer/homer.yaml

@@ -7,7 +7,6 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
   path: ./kubernetes/apps/homer/app
   prune: true
   sourceRef:

kubernetes/apps/kavita/app/development.yaml

@@ -20,7 +20,7 @@ spec:
         app.kubernetes.io/instance: kavita
     spec:
       containers:
-        - image: jvmilazz0/kavita:latest
+        - image: jvmilazz0/kavita:0.8.1
           imagePullPolicy: IfNotPresent
           name: kavita
           ports:

kubernetes/apps/kustomization.yaml

@@ -3,7 +3,6 @@ kind: Kustomization
 resources:
   - ./adguard-home/adguard-home.yaml
   - ./capacitor/capacitor.yaml
-  - ./cert-manager/cert-manager.yaml
   - ./code-server/code-server.yaml
   - ./dokuwiki/dokuwiki.yaml
   - ./gitea/gitea.yaml
@@ -12,7 +11,6 @@ resources:
   - ./kavita/kavita.yaml
   - ./nexus/nexus.yaml
   - ./podinfo/podinfo.yaml
-  - ./postgresql/postgresql.yaml
   - ./qbittorrent/qbittorrent.yaml
   - ./redis/redis.yaml
   - ./snippet-box/snippet-box.yaml

kubernetes/apps/nexus/app/deployment.yaml

@@ -22,7 +22,7 @@ spec:
           resources:
             limits:
               memory: "3Gi"
-              cpu: "500m"
+              cpu: "1"
             requests:
               memory: "2Gi"
               cpu: "500m"

kubernetes/apps/snippet-box/snippet-box.yaml

@@ -7,7 +7,6 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
   path: ./kubernetes/apps/snippet-box/app
   prune: true
   sourceRef:

kubernetes/apps/uptime-kuma/app/release.yaml

@@ -9,6 +9,7 @@ spec:
   chart:
     spec:
       chart: uptime-kuma
+      version: 2.18.1
       sourceRef:
         kind: HelmRepository
         name: irsigler

kubernetes/apps/weave-gitops/weave-gitops.yaml

@@ -7,7 +7,6 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
   path: ./kubernetes/apps/weave-gitops/app
   prune: true
   sourceRef:

kubernetes/infrastructure/cert-manager/cert-manager.yaml

@@ -8,12 +8,15 @@ spec:
   timeout: 1m30s
   retryInterval: 30s
   targetNamespace: cert-manager
-  path: ./kubernetes/apps/cert-manager/app
+  path: ./kubernetes/infrastructure/cert-manager/app
   prune: true
   sourceRef:
     kind: GitRepository
     namespace: flux-system
     name: flux-system
+  dependsOn:
+    - name: namespaces
+      namespace: flux-system
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -32,6 +35,8 @@ spec:
     namespace: flux-system
     name: home-cluster-ops-secrets
   dependsOn:
+    - name: namespaces
+      namespace: flux-system
     - name: repositories
       namespace: flux-system
   decryption:
@@ -49,7 +54,7 @@ spec:
   timeout: 1m30s
   retryInterval: 30s
   targetNamespace: cert-manager
-  path: ./kubernetes/apps/cert-manager/clusterissuer
+  path: ./kubernetes/infrastructure/cert-manager/clusterissuer
   prune: true
   sourceRef:
     kind: GitRepository
@@ -82,6 +87,8 @@ spec:
     namespace: flux-system
     name: home-cluster-ops-secrets
   dependsOn:
+    - name: namespaces
+      namespace: flux-system
     - name: repositories
       namespace: flux-system
   decryption:
@@ -99,7 +106,7 @@ spec:
   timeout: 1m30s
   retryInterval: 30s
   targetNamespace: cert-manager
-  path: ./kubernetes/apps/cert-manager/certificates
+  path: ./kubernetes/infrastructure/cert-manager/certificates
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/infrastructure/kustomization.yaml

@@ -1,9 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - ./cert-manager/cert-manager.yaml
   #  - ./cilium/cilium.yaml
   - ./minio/minio.yaml
   - ./ingress-nginx/ingress-nginx.yaml
   - ./ingress-nginx/ingress-nginx-config.yaml
   - ./namespaces/namespaces.yaml
+  - ./postgresql/postgresql.yaml
+  - ./prometheus/prometheus.yaml
   - ./repositories/repositories.yaml

kubernetes/infrastructure/namespaces/namespaces/prometheus.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prometheus

kubernetes/infrastructure/postgresql/postgresql.yaml

@@ -15,6 +15,8 @@ spec:
     namespace: flux-system
     name: home-cluster-ops-secrets
   dependsOn:
+    - name: namespaces
+      namespace: flux-system
     - name: repositories
       namespace: flux-system
   decryption:
@@ -31,7 +33,7 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  path: ./kubernetes/apps/postgresql/app
+  path: ./kubernetes/infrastructure/postgresql/app
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/infrastructure/prometheus/app/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prometheus
+  namespace: prometheus
+  labels:
+    app: prometheus
+spec:
+  strategy:
+    rollingUpdate: null
+    type: Recreate
+  selector:
+    matchLabels:
+      app: prometheus
+  template:
+    metadata:
+      labels:
+        app: prometheus
+    spec:
+      securityContext:
+        runAsUser: 0
+        runAsGroup: 0
+      containers:
+        - name: prometheus
+          image: prom/prometheus:v2.53.0
+          args:
+            - "--storage.tsdb.retention.time=12h"
+            - "--config.file=/etc/prometheus/prometheus.yaml"
+            - "--storage.tsdb.path=/prometheus/"
+          ports:
+            - containerPort: 9090
+          resources:
+            requests:
+              cpu: 500m
+              memory: 500M
+            limits:
+              cpu: "1"
+              memory: 2Gi
+          volumeMounts:
+            - name: prometheus-config-volume
+              mountPath: /etc/prometheus/
+            - name: prometheus-storage-volume
+              mountPath: /prometheus/
+      volumes:
+        - name: prometheus-config-volume
+          hostPath:
+            path: /mnt/nfs/AppData/prometheus/conf
+            type: Directory
+        - name: prometheus-storage-volume
+          hostPath:
+            path: /mnt/nfs/AppData/prometheus/storage
+            type: Directory

kubernetes/infrastructure/prometheus/app/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus-ingress
+  namespace: prometheus
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "prometheus.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: prometheus
+                port:
+                  number: 9999
+    - host: "prometheus.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: prometheus
+                port:
+                  number: 9999

kubernetes/infrastructure/prometheus/app/role.yaml

@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+  - apiGroups: [""]
+    resources:
+      - nodes
+      - nodes/proxy
+      - services
+      - endpoints
+      - pods
+    verbs: ["get", "list", "watch"]
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs: ["get", "list", "watch"]
+  - nonResourceURLs: ["/metrics"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+  - kind: ServiceAccount
+    name: prometheus
+    namespace: prometheus

kubernetes/infrastructure/prometheus/app/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus
+  namespace: prometheus
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port:   '9999'
+spec:
+  selector:
+    app: prometheus
+  type: ClusterIP
+  ports:
+    - port: 9999
+      targetPort: 9090
+      protocol: TCP
+      name: http

kubernetes/infrastructure/prometheus/prometheus.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: prometheus
+  namespace: prometheus
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/infrastructure/prometheus/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: namespaces
+      namespace: flux-system

kubernetes/infrastructure/repositories/repos/bjw-s.yaml

@@ -1,9 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: bjw-s
-  namespace: flux-system
-spec:
-  interval: 6h
-  type: oci
-  url: oci://ghcr.io/bjw-s/helm

kubernetes/infrastructure/repositories/repos/external-dns.yaml

@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: external-dns
-  namespace: flux-system
-spec:
-  interval: 6h
-  url: https://kubernetes-sigs.github.io/external-dns/

kubernetes/infrastructure/repositories/repos/gabe565.yaml

@@ -1,9 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: gabe565
-  namespace: flux-system
-spec:
-  interval: 6h
-  type: oci
-  url: oci://ghcr.io/gabe565/charts