infrastructure/kubernetes
2
0
Fork 0
mirror of https://github.com/nofusscomputing/kubernetes.git synced 2025-08-02 04:22:42 +00:00
Code Issues Activity

Merge pull request #6 from nofusscomputing/development

Browse Source
This commit is contained in:
Jon
2025-06-13 20:05:46 +09:30
committed by GitHub
parent ce0d23e7bc e83286ae70
commit 54ff4fab1a
127 changed files with 158516 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/ci.yaml vendored Normal file
View File

@ -0,0 +1,24 @@
---
name: 'CI'
on:
push:
branches:
- '**'
tags:
- '*'
jobs:
mkdocs:
name: 'MKDocs'
permissions:
pull-requests: write
contents: write
statuses: write
checks: write
actions: write
uses: nofusscomputing/action_mkdocs/.github/workflows/reusable_mkdocs.yaml@development

26
.github/workflows/pull_request.yaml vendored Normal file
View File

@ -0,0 +1,26 @@
---
name: Pull Requests
on:
pull_request: {}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install yamllint
run: pip install yamllint
- name: Lint YAML files
run: yamllint ${PWD}/
pull-request:
name: pull-request
uses: nofusscomputing/action_pull_requests/.github/workflows/pull-requests.yaml@development

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
# Temp Files
*.tmp.*

8
.gitmodules vendored Normal file
View File

@ -0,0 +1,8 @@
[submodule "website-template"]
path = website-template
url = https://gitlab.com/nofusscomputing/infrastructure/website-template.git
branch = development
[submodule "gitlab-ci"]
path = gitlab-ci
url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git
branch = development

8
.meta/project_status.json Normal file
View File

@ -0,0 +1,8 @@
{
"schemaVersion": 1,
"label": "Project Status",
"message": "Active",
"namedLogo": "github",
"color": "green",
"style": "plastic"
}

7
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,7 @@
{
"recommendations": [
"fnando.linter",
"jebbs.markdown-extended",
"redhat.vscode-yaml"
]
}

35
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,35 @@
{
"linter.linters": {
"yamllint": {
"capabilities": [
"ignore-line"
],
"command": [
"yamllint",
"--format",
"parsable",
[
"$config",
"--config-file",
"$config"
],
"-"
],
"configFiles": [
".yamllint.yml",
".yamllint.yaml",
".yamllint"
],
"enabled": true,
"languages": [
"yaml"
],
"name": "yamllint",
"url": "https://github.com/adrienverge/yamllint"
}
},
"editor.detectIndentation": false,
"editor.indentSize": "tabSize",
"editor.tabSize": 2,
"files.eol": "\n"
}

77
.yamllint Normal file
View File

@ -0,0 +1,77 @@
---
# extends: default
ignore:
- '.github/'
- '**/crd/**'
- mkdocs.yml
- '*PrometheusRule*'
- '**/source/**'
rules:
braces:
level: error
max-spaces-inside: 1
min-spaces-inside: 1
min-spaces-inside-empty: 0
max-spaces-inside-empty: 0
brackets:
level: error
max-spaces-inside: 1
min-spaces-inside: 1
min-spaces-inside-empty: 0
max-spaces-inside-empty: 0
colons:
level: warning
max-spaces-after: 1
commas:
level: warning
comments:
level: error
require-starting-space: true
ignore-shebangs: true
min-spaces-from-content: 4
comments-indentation:
level: error
document-end:
level: error
present: false
document-start:
level: error
present: true
empty-lines:
level: error
max: 3
max-start: 0
max-end: 0
hyphens:
level: error
max-spaces-after: 1
indentation:
level: error
spaces: 2
indent-sequences: true
check-multi-line-strings: true
line-length:
level: warning
max: 100
allow-non-breakable-inline-mappings: true
new-lines:
level: error
type: unix
truthy: disable

8
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,8 @@
# Contributing
To Do:
- Add manifest requirements
- Add the expected standard for the manifests
- Detail no secrets to be included
- explain testing requirements

21
LICENCE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 No Fuss Computing
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

34
README.md
View File

@ -0,0 +1,34 @@
<span style="text-align: center;">
# No Fuss Computing - Kubernetes Kustomize Manifests
<br>
![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2Fkubernetes%2Frefs%2Fheads%2Fdevelopment%2F.meta%2Fproject_status.json)
----
<br>
![GitHub forks](https://img.shields.io/github/forks/NofussComputing/kubernetes?logo=github&style=plastic&color=000000&labell=Forks) ![GitHub stars](https://img.shields.io/github/stars/NofussComputing/kubernetes?color=000000&logo=github&style=plastic) ![Github Watchers](https://img.shields.io/github/watchers/NofussComputing/kubernetes?color=000000&label=Watchers&logo=github&style=plastic)
---
</span>
<br>
A repository for Kubernetes Kustomization Manifests for DevOps style management of Kubernetes cluster services. This repository is setup with the intent that it will be used by ArgoCD. However will also work anywhere you can use a kustomization manifest. This includes the built in Kubernetes kustomization command `kubectl kustomize`.
## Contributing
As this repository is intended to be a single location for deploying all of your kubernetes services. We encourage collaborataion and welcome All contributions.
For further details on contributing please refer to the [contribution guide](CONTRIBUTING.md).
## Other
This repo is release under this [licence](LICENCE)

0
docs/articles/index.md Normal file
View File

0
docs/contact.md Normal file
View File

0
docs/index.md Normal file
View File

0
docs/operations/index.md Normal file
View File

0
docs/projects/index.md Normal file
View File

32
docs/projects/kustomize/index.md Normal file
View File

@ -0,0 +1,32 @@
---
title: Kustomize Manifests
description: Documentation home for No Fuss Computing's Kubernetes Kustomize Manifests
date: 2025-06-12
template: project.html
about: https://github.com/nofusscomputing/kubernetes
---
<span style="text-align: center;">
![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2Fkubernetes%2Frefs%2Fheads%2Fdevelopment%2F.meta%2Fproject_status.json)
----
![GitHub forks](https://img.shields.io/github/forks/NofussComputing/kubernetes?logo=github&style=plastic&color=000000&labell=Forks) ![GitHub stars](https://img.shields.io/github/stars/NofussComputing/kubernetes?color=000000&logo=github&style=plastic) ![Github Watchers](https://img.shields.io/github/watchers/NofussComputing/kubernetes?color=000000&label=Watchers&logo=github&style=plastic)
</span>
This project exists to provide a single location for all you Kubernetes deployment puposes. Contained within the [Kustomize repository](https://github.com/nofusscomputing/kubernetes) are Kubernetes Kustomize manifests ready for deployment. You are free to use them and that includes to collaborate in the addition and maintenance of the manifests.
## Problems to Solve
As the intent of this repository is for config management, although limited to the deployment configuration minus any secrets and customizations. As much as possible **There is a requirement for CI for Quality Control.** To aid in this tooling to assist in the process will need to be created. The following list includes and is not limited to, problems to solve:
- Deploying the manifests to test they work
- Identifying if a base / component has a dependency. _i.e. other apps that must be deployed first._
- Updating manifest repo locations.
if a manifest that is fetched via git has had an update, then being able to update this when it occurs or close to.

0
docs/tags.md Normal file
View File

1
gitlab-ci Submodule

Submodule gitlab-ci added at 6694986367

0
manifests/.gitkeep Normal file
View File

28
manifests/alert-manager/base/AlertManager-cluster.yaml Normal file
View File

@ -0,0 +1,28 @@
---
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
labels:
app.kubernetes.io/component: alerting
name: cluster
spec:
externalUrl: alert-manager.local
nodeSelector:
kubernetes.io/os: linux
podMetadata:
labels:
app.kubernetes.io/component: alerting
replicas: 1
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 4m
memory: 100Mi
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: alertmanager
version: v0.27.0

18
manifests/alert-manager/base/Service-alertmanager.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: alerting
name: cluster
spec:
ports:
- name: web
port: 9093
targetPort: web
- name: reloader-web
port: 8080
targetPort: reloader-web
selector:
app.kubernetes.io/component: alerting
sessionAffinity: ClientIP

8
manifests/alert-manager/base/ServiceAccount-alertmanager.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: alerting
name: alertmanager

50
manifests/alert-manager/base/kustomization.yaml Normal file
View File

@ -0,0 +1,50 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: alert
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: alertmanager
resources:
# - Secret-alertmanager.yaml
- ServiceAccount-alertmanager.yaml
- AlertManager-cluster.yaml
- Service-alertmanager.yaml
# - PrometheusRule-alertmanager.yaml
# - serviceMonitor-alertmanager.yaml
patches:
# yamllint disable rule:indentation
- target:
kind: Alertmanager
name: cluster
patch: |-
- op: replace
path: /spec/version
value: v0.27.0
- op: replace
path: /spec/externalUrl
value: alert-manager.local
# yamllint enable rule:indentation
replacements:
- source:
kind: Alertmanager
name: cluster
fieldPath: metadata.labels
targets:
- select:
kind: Alertmanager
name: cluster
fieldPaths:
- spec.podMetadata.labels

17
manifests/alert-manager/components/dashboard/GrafanaDashboard-AlertManager.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
labels:
app.kubernetes.io/component: alerting
name: alertmanager
spec:
allowCrossNamespaceImport: true
folder: "General"
resyncPeriod: 24h
instanceSelector:
matchLabels:
dashboards: grafana
grafanaCom:
id: 9578
revision: 4 # as @ 19-09-23

7
manifests/alert-manager/components/dashboard/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- GrafanaDashboard-AlertManager.yaml

34
manifests/alert-manager/components/ingress/Ingress-alert-manager.yaml Normal file
View File

@ -0,0 +1,34 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/common-name: alert-manager.local
cert-manager.io/duration: 2160h
cert-manager.io/private-key-algorithm: ECDSA
cert-manager.io/private-key-rotation-policy: Always
cert-manager.io/private-key-size: "384"
cert-manager.io/subject-countries: N/A
cert-manager.io/subject-organizationalunits: N/A
cert-manager.io/subject-organizations: N/A
cert-manager.io/subject-provinces: N/A
labels:
app.kubernetes.io/component: alerting
name: alert-manager
spec:
ingressClassName: nginx
rules:
- host: alert-manager.local
http:
paths:
- backend:
service:
name: cluster
port:
name: web
path: /
pathType: Prefix
tls:
- hosts:
- alert-manager.local
secretName: certificate-tls-alert-manager

35
manifests/alert-manager/components/ingress/kustomization.yaml Normal file
View File

@ -0,0 +1,35 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- Ingress-alert-manager.yaml
#############################
# Items to Configure
#############################
# patches:
# - patch: |-
# - op: replace
# path: /metadata/annotations/cert-manager.io~1cluster-issuer
# value: cluster
# - op: replace
# path: /metadata/annotations/cert-manager.io~1common-name
# value: alert-manager.local
# - op: replace
# path: /spec/rules/0/host
# value: alert-manager.local
# - op: replace
# path: /spec/tls/0/hosts/0
# value: alert-manager.local
# target:
# kind: Ingress
# name: alert-manager
# version: v1

30
manifests/alert-manager/components/metrics/ServiceMonitor-alertmanager.yaml Normal file
View File

@ -0,0 +1,30 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/component: alerting
name: alertmanager
spec:
endpoints:
- interval: 30s
port: web
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_name
targetLabel: instance
- interval: 30s
port: reloader-web
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_name
targetLabel: instance
selector:
matchLabels:
app.kubernetes.io/component: alerting

7
manifests/alert-manager/components/metrics/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ServiceMonitor-alertmanager.yaml

133
manifests/alert-manager/components/prometheus-rules/PrometheusRule-alertmanager.yaml Normal file
View File

@ -0,0 +1,133 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
app.kubernetes.io/component: alerting
name: alertmanager-main-rules
spec:
groups:
- name: alertmanager.rules
rules:
- alert: AlertmanagerFailedReload
annotations:
description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerfailedreload
summary: Reloading an Alertmanager configuration has failed.
expr: |
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(alertmanager_config_last_reload_successful{job="alertmanager",namespace="monitoring"}[5m]) == 0
for: 10m
labels:
severity: critical
- alert: AlertmanagerMembersInconsistent
annotations:
description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{ $labels.job}} cluster.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagermembersinconsistent
summary: A member of an Alertmanager cluster has not found all other cluster members.
expr: |
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(alertmanager_cluster_members{job="alertmanager",namespace="monitoring"}[5m])
< on (namespace,service) group_left
count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager",namespace="monitoring"}[5m]))
for: 15m
labels:
severity: critical
- alert: AlertmanagerFailedToSendAlerts
annotations:
description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerfailedtosendalerts
summary: An Alertmanager instance failed to send notifications.
expr: |
(
rate(alertmanager_notifications_failed_total{job="alertmanager",namespace="monitoring"}[5m])
/
rate(alertmanager_notifications_total{job="alertmanager",namespace="monitoring"}[5m])
)
> 0.01
for: 5m
labels:
severity: warning
- alert: AlertmanagerClusterFailedToSendAlerts
annotations:
description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{ $labels.job}} cluster is {{ $value | humanizePercentage }}.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterfailedtosendalerts
summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration.
expr: |
min by (namespace,service, integration) (
rate(alertmanager_notifications_failed_total{job="alertmanager",namespace="monitoring", integration=~`.*`}[5m])
/
rate(alertmanager_notifications_total{job="alertmanager",namespace="monitoring", integration=~`.*`}[5m])
)
> 0.01
for: 5m
labels:
severity: critical
- alert: AlertmanagerClusterFailedToSendAlerts
annotations:
description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{ $labels.job}} cluster is {{ $value | humanizePercentage }}.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterfailedtosendalerts
summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration.
expr: |
min by (namespace,service, integration) (
rate(alertmanager_notifications_failed_total{job="alertmanager",namespace="monitoring", integration!~`.*`}[5m])
/
rate(alertmanager_notifications_total{job="alertmanager",namespace="monitoring", integration!~`.*`}[5m])
)
> 0.01
for: 5m
labels:
severity: warning
- alert: AlertmanagerConfigInconsistent
annotations:
description: Alertmanager instances within the {{ $labels.job}} cluster have different configurations.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerconfiginconsistent
summary: Alertmanager instances within the same cluster have different configurations.
expr: |
count by (namespace,service) (
count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager",namespace="monitoring"})
)
!= 1
for: 20m
labels:
severity: critical
- alert: AlertmanagerClusterDown
annotations:
description: "{{ $value | humanizePercentage }} of Alertmanager instances within the {{ $labels.job}} cluster have been up for less than half of the last 5m."
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterdown
summary: Half or more of the Alertmanager instances within the same cluster are down.
expr: |
(
count by (namespace,service) (
avg_over_time(up{job="alertmanager",namespace="monitoring"}[5m]) < 0.5
)
/
count by (namespace,service) (
up{job="alertmanager",namespace="monitoring"}
)
)
>= 0.5
for: 5m
labels:
severity: critical
- alert: AlertmanagerClusterCrashlooping
annotations:
description: "{{ $value | humanizePercentage }} of Alertmanager instances within the {{ $labels.job}} cluster have restarted at least 5 times in the last 10m."
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclustercrashlooping
summary: Half or more of the Alertmanager instances within the same cluster are crashlooping.
expr: |
(
count by (namespace,service) (
changes(process_start_time_seconds{job="alertmanager",namespace="monitoring"}[10m]) > 4
)
/
count by (namespace,service) (
up{job="alertmanager",namespace="monitoring"}
)
)
>= 0.5
for: 5m
labels:
severity: critical

7
manifests/alert-manager/components/prometheus-rules/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- PrometheusRule-alertmanager.yaml

66
manifests/alert-manager/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,66 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metrics
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: alertmanager
patches:
# yamllint disable rule:indentation
- target:
kind: Alertmanager
name: cluster
patch: |-
- op: replace
path: /spec/version
value: v0.27.0
- op: replace
path: /spec/externalUrl
value: alert-manager.local
# yamllint enable rule:indentation
#
# Ingress Setup
#
# - patch: |-
# - op: replace
# path: /metadata/annotations/cert-manager.io~1cluster-issuer
# value: cluster
# - op: replace
# path: /metadata/annotations/cert-manager.io~1common-name
# value: prometheus.local
# - op: replace
# path: /spec/rules/0/host
# value: prometheus.local
# - op: replace
# path: /spec/tls/0/hosts/0
# value: prometheus.local
# target:
# kind: Ingress
# name: prometheus
# version: v1
resources:
- ../../base
components:
- ../../components/dashboard
- ../../components/ingress
# - ../../components/metrics
# - ../../components/prometheus-rules

80
manifests/gitlab-operator/base/kustomization.yaml Normal file
View File

@ -0,0 +1,80 @@
---
#
# tag: 1.31.0
# commit: e8254fb99328edd9e78f6646e8abc2f7a42fdd96
#
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: gitlab-runner-
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/component: ci-cd-runner
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: gitlab
app.kubernetes.io/part-of: gitlab-runner-operator
images:
# image details fetched from
# https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/-/releases using file
# `operator.k8s.yaml`
# config/manager/kustomization.tpl.yaml
- name: controller
newName: |-
registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/gitlab-runner-operator
newTag: "v1.37.0"
# config/manager/kustomization.tpl.yaml
- name: kube-rbac-proxy
newName: |-
registry.gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/openshift4/ose-kube-rbac-proxy
newTag: "v4.15.0"
# v1.37.0 160ee6bf2ad4e05d0e673d0652cc47bd6100ddec
resources:
# Dont use default as it points to invalid kustomize dirs
# - /config/default?ref=e8254fb99328edd9e78f6646e8abc2f7a42fdd96
# config/default/kustomization.yaml
- https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator//config/crd?ref=160ee6bf2ad4e05d0e673d0652cc47bd6100ddec
# config/default/kustomization.yaml
- https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator//config/rbac?ref=160ee6bf2ad4e05d0e673d0652cc47bd6100ddec
# config/manager/kustomization.tpl.yaml
- https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/-/raw/160ee6bf2ad4e05d0e673d0652cc47bd6100ddec/config/manager/manager.yaml
components:
# config/manager/kustomization.tpl.yaml
- https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator//config/manager/components/kubernetes?ref=160ee6bf2ad4e05d0e673d0652cc47bd6100ddec
patches:
# config/manager/kustomization.tpl.yaml
- path: |-
https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/-/raw/160ee6bf2ad4e05d0e673d0652cc47bd6100ddec/config/manager/auth_proxy_patch.yaml
# # Operator only has arch AMD64
# yamllint disable rule:indentation
- patch: |-
- op: replace
path: /spec/template/spec/affinity
value:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
target:
kind: Deployment
name: controller-manager
version: v1
# yamllint enable rule:indentation

41
manifests/gitlab-operator/components/runner/ConfigMap.yaml Normal file
View File

@ -0,0 +1,41 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: ci-cd-runner
name: gitlab-runner
data:
# yamllint disable rule:indentation
config.toml: |
[[runners]]
shell = "bash"
[runners.kubernetes]
pull_policy = "if-not-present"
cpu_limit = "1000m"
cpu_request = "10m"
helper_cpu_limit = "100m"
helper_cpu_request = "10m"
service_cpu_limit = "100m"
service_cpu_request = "10m"
memory_limit = "1G"
memory_request = "64M"
helper_memory_limit = "256M"
helper_memory_request = "64M"
service_memory_limit = "128M"
service_memory_request = "64M"
[[runners.kubernetes.volumes.host_path]]
name = "html"
mount_path = "/html"
read_only = false
host_path = "/opt/webserver/nofusscomputing.com"
[runners.kubernetes.node_tolerations]
"CriticalAddonsOnly=true" = "NoExecute"
# yamllint enable rule:indentation

25
manifests/gitlab-operator/components/runner/Runner.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
labels:
app.kubernetes.io/component: ci-cd-runner
app.kubernetes.io/name: gitlab
app.kubernetes.io/part-of: nginx
name: my-gitlab
spec:
buildImage: debian:stable-slim
concurrent: 2
config: gitlab-runner
gitlabUrl: https://gitlab.com
# helperImage:
podSpec:
- name: gitlab-runner
patchType: merge
# yamllint disable rule:indentation
patch: |
securityContext:
runAsNonRoot: false
# yamllint enable rule:indentation
token: gitlab-runner-token

9
manifests/gitlab-operator/components/runner/Secret.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-runner-token
stringData:
runner-registration-token: -change-me-
type: Opaque

27
manifests/gitlab-operator/components/runner/kustomization.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- Secret.yaml
- ConfigMap.yaml
- Runner.yaml
patches:
- target:
kind: Runner
name: gitlab-runner
# yamllint disable rule:indentation
patch: |-
# Runner Tags
# - op: add
# path: /spec/tags
# value: production,website
- op: add
path: /spec/runnerImage
value: registry.gitlab.com/gitlab-org/gitlab-runner:v17.6.0
# yamllint enable rule:indentation

54
manifests/gitlab-operator/components/service-monitor/kustomization.yaml Normal file
View File

@ -0,0 +1,54 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator/-/raw/39c4259c73b38f8e37bf0343f30740631cc1f191/config/prometheus/monitor.yaml
replacements:
- source:
kind: Deployment
name: gitlab-runner-controller-manager
fieldPath: metadata.labels
targets:
- select:
kind: ServiceMonitor
name: controller-manager-metrics-monitor
fieldPaths:
- spec.selector.matchLabels
#
# Place this replacement in your overlays/*/kustomization
# if you don't the instance label will not be picked up.
#
# - source:
# kind: Deployment
# name: gitlab-runner-controller-manager
# fieldPath: metadata.labels.[app.kubernetes.io/instance]
# targets:
# - select:
# kind: ServiceMonitor
# name: controller-manager-metrics-monitor
# options:
# create: true
# fieldPaths:
# - spec.selector.matchLabels.[app.kubernetes.io/instance]
patches:
# yamllint disable rule:indentation
- patch: |-
- op: remove
path: /metadata/labels/app.kubernetes.io~1managed-by
- op: add
path: /metadata/labels
value:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: gitlab-runner-operator
# yamllint enable rule:indentation
target:
kind: ServiceMonitor
name: controller-manager-metrics-monitor

36
manifests/gitlab-operator/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,36 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: operators
# labels:
# - includeSelectors: true
# pairs:
# app.kubernetes.io/instance: my-gitlab-runner-instance
resources:
- ../../base
# components:
# - ../../components/service-monitor
# replacements:
# - source:
# kind: Deployment
# name: gitlab-runner-controller-manager
# fieldPath: metadata.labels.[app.kubernetes.io/instance]
# targets:
# - select:
# kind: ServiceMonitor
# name: controller-manager-metrics-monitor
# options:
# create: true
# fieldPaths:
# - spec.selector.matchLabels.[app.kubernetes.io/instance]

37
manifests/grafana-agent/base/ClusterRole-GrafanaAgent.yaml Normal file
View File

@ -0,0 +1,37 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: grafana-agent
labels:
app.kubernetes.io/component: exporter
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
- events
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

15
manifests/grafana-agent/base/ClusterRoleBinding-Grafana-Agent.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: exporter
name: grafana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: grafana-agent
subjects:
- kind: ServiceAccount
name: grafana-agent
namespace: default

35
manifests/grafana-agent/base/ConfigMap-GrafanaAgent.yaml Normal file
View File

@ -0,0 +1,35 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: exporter
name: grafana-agent
data:
# yamllint disable rule:indentation
agent.yaml: |
metrics:
wal_directory: /tmp/wal
integrations:
node_exporter:
enabled: true
rootfs_path: /host/root
sysfs_path: /host/sys
procfs_path: /host/proc
udev_data_path: /host/root/run/udev/data
filesystem_mount_points_exclude: "^/(dev|proc|sys|var/lib/docker/.+|/run/containerd/io.containerd.+)($|/)"
filesystem_fs_types_exclude: "^(autofs|binfmt_misc|bpf|cgroup2?|configfs|ugfs|devpts|devtmpfs|tmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|ocfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"
netclass_ignored_devices: "^(veth.*|cali.*|[a-f0-9]{15})$"
netdev_device_exclude: "^(veth.*|cali.*|[a-f0-9]{15})$"
include_exporter_metrics: true
enable_collectors:
- uname
# yamllint enable rule:indentation

119
manifests/grafana-agent/base/Daemonset-GrafanaAgent.yaml Normal file
View File

@ -0,0 +1,119 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: exporter
metricsJob: node-exporter
cadvisormetricsJob: cadvisor
nodeExportermetricsJob: node
name: grafana-agent
spec:
selector:
matchLabels:
app.kubernetes.io/component: exporter
metricsJob: node-exporter
cadvisormetricsJob: cadvisor
nodeExportermetricsJob: node
template:
metadata:
labels:
app.kubernetes.io/component: exporter
metricsJob: node-exporter
cadvisormetricsJob: cadvisor
nodeExportermetricsJob: node
spec:
automountServiceAccountToken: true
containers:
- args:
- --server.http.address=0.0.0.0:12345
- --config.file=/etc/agent/agent.yaml
- --config.expand-env=true
name: grafana-agent
image: "grafana/agent:v0.43.4"
ports:
- containerPort: 12345
name: grafana-metrics
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 180Mi
requests:
cpu: 40m
memory: 180Mi
securityContext:
capabilities:
add:
- SYS_TIME
readOnlyRootFilesystem: false
privileged: true
volumeMounts:
- mountPath: /host/sys
mountPropagation: HostToContainer
name: sys
readOnly: true
- mountPath: /host/proc
mountPropagation: HostToContainer
name: proc
readOnly: true
- mountPath: /host/root
mountPropagation: HostToContainer
name: rootfs
readOnly: true
- mountPath: /var/log
mountPropagation: HostToContainer
name: logs
readOnly: true
- name: config
mountPath: "/etc/agent"
readOnly: false
- name: temp
mountPath: "/tmp"
readOnly: false
- name: agent-data
mountPath: "/etc/agent/data"
readOnly: false
dnsPolicy: ClusterFirst
volumes:
- hostPath:
path: /sys
name: sys
- hostPath:
path: /proc
name: proc
- hostPath:
path: /
name: rootfs
- hostPath:
path: /var/log
name: logs
- name: config
configMap:
name: grafana-agent
items:
- key: "agent.yaml"
path: "agent.yaml"
- name: temp
emptyDir: {}
- name: agent-data
emptyDir: {}
- name: var-run
hostPath:
path: /var/run
- name: containerd
hostPath:
path: /var/lib/contairnerd
- name: disk
hostPath:
path: /dev/disk
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
hostPID: true
priorityClassName: system-cluster-critical
serviceAccountName: grafana-agent
tolerations:
- operator: Exists

18
manifests/grafana-agent/base/Service-GrafanaAgent.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: v1
kind: Service
metadata:
name: grafana-agent
labels:
app.kubernetes.io/component: exporter
spec:
selector:
app.kubernetes.io/component: exporter
ports:
- name: grafana-metrics
port: 12345
targetPort: grafana-metrics
- name: kube-ctrl-mgr
port: 11257
targetPort: kube-ctrl-mgr
sessionAffinity: ClientIP

8
manifests/grafana-agent/base/ServiceAccount-GrafanaAgent.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
name: grafana-agent
labels:
app.kubernetes.io/component: exporter

26
manifests/grafana-agent/base/kustomization.yaml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ServiceAccount-GrafanaAgent.yaml
- ClusterRole-GrafanaAgent.yaml
- ClusterRoleBinding-Grafana-Agent.yaml
- ConfigMap-GrafanaAgent.yaml
- Daemonset-GrafanaAgent.yaml
- Service-GrafanaAgent.yaml
# replacements:
# - source:
# kind: DaemonSet
# name: grafana-agent
# fieldPath: metadata.namespace
# targets:
# - select:
# kind: ClusterRoleBinding
# name: grafana-agent
# fieldPaths:
# - subjects.[name=grafana-agent].namespace

18
manifests/grafana-agent/components/dashboard/GrafanaDashboard-node-exporter-full.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
name: node-exporter
spec:
allowCrossNamespaceImport: true
folder: 'General'
resyncPeriod: 24h
instanceSelector:
matchLabels:
dashboards: grafana
grafanaCom:
id: 1860
revision: 37 # as @ 11-01-25

7
manifests/grafana-agent/components/dashboard/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- GrafanaDashboard-node-exporter-full.yaml

75
manifests/grafana-agent/components/metrics/ServiceMonitor-Node.yaml Normal file
View File

@ -0,0 +1,75 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-agent
app.kubernetes.io/part-of: monitoring
name: node
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 5s
honorLabels: true
path: /metrics
port: grafana-metrics
scheme: http
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
- targetLabel: "job"
replacement: "node-exporter"
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
metricRelabelings:
- action: drop
sourceLabels: [ __name__ ]
regex: "(promtail_).*"
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 5s
honorLabels: true
path: /metrics
port: grafana-metrics
scheme: http
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
- targetLabel: "job"
replacement: "promtail"
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
- action: replace
separator: /
sourceLabels:
- namespace
- job
targetLabel: job
metricRelabelings:
- action: keep
sourceLabels: [ __name__ ]
regex: "(promtail_).*"
selector:
matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-agent
app.kubernetes.io/part-of: monitoring

42
manifests/grafana-agent/components/metrics/ServiceMonitor-node-exporter.yaml Normal file
View File

@ -0,0 +1,42 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-agent
app.kubernetes.io/part-of: monitoring
name: node-exporter
namespace: monitoring
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 5s
honorLabels: true
path: /integrations/node_exporter/metrics
port: grafana-metrics
scheme: http
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
- targetLabel: "job"
replacement: "node-exporter"
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
tlsConfig:
insecureSkipVerify: true
selector:
matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-agent
app.kubernetes.io/part-of: monitoring

8
manifests/grafana-agent/components/metrics/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ServiceMonitor-node-exporter.yaml
- ServiceMonitor-Node.yaml

115
manifests/grafana-agent/components/prometheus-rules/PrometheusRule-grafana-agent.yaml Normal file
View File

@ -0,0 +1,115 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
prometheus: prometheus
role: alert-rules
name: grafana-agent
spec:
groups:
- name: grafana_agent
rules:
# - annotations:
# description: "As Grafana Agent is being used, it's version is set as promtails"
- expr: |
agent_build_info
record: promtail_build_info
- name: promtail_rules
rules:
- expr:
histogram_quantile(0.99, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job))
record: job:promtail_request_duration_seconds:99quantile
- expr:
histogram_quantile(0.50, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job))
record: job:promtail_request_duration_seconds:50quantile
- expr:
sum(rate(promtail_request_duration_seconds_sum[1m])) by (job) / sum(rate(promtail_request_duration_seconds_count[1m]))
by (job)
record: job:promtail_request_duration_seconds:avg
- expr: sum(rate(promtail_request_duration_seconds_bucket[1m])) by (le, job)
record: job:promtail_request_duration_seconds_bucket:sum_rate
- expr: sum(rate(promtail_request_duration_seconds_sum[1m])) by (job)
record: job:promtail_request_duration_seconds_sum:sum_rate
- expr: sum(rate(promtail_request_duration_seconds_count[1m])) by (job)
record: job:promtail_request_duration_seconds_count:sum_rate
- expr:
histogram_quantile(0.99, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job, namespace))
record: job_namespace:promtail_request_duration_seconds:99quantile
- expr:
histogram_quantile(0.50, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job, namespace))
record: job_namespace:promtail_request_duration_seconds:50quantile
- expr:
sum(rate(promtail_request_duration_seconds_sum[1m])) by (job, namespace)
/ sum(rate(promtail_request_duration_seconds_count[1m])) by (job, namespace)
record: job_namespace:promtail_request_duration_seconds:avg
- expr: sum(rate(promtail_request_duration_seconds_bucket[1m])) by (le, job, namespace)
record: job_namespace:promtail_request_duration_seconds_bucket:sum_rate
- expr: sum(rate(promtail_request_duration_seconds_sum[1m])) by (job, namespace)
record: job_namespace:promtail_request_duration_seconds_sum:sum_rate
- expr: sum(rate(promtail_request_duration_seconds_count[1m])) by (job, namespace)
record: job_namespace:promtail_request_duration_seconds_count:sum_rate
- expr:
histogram_quantile(0.99, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job, status_code, namespace))
record: job_status_code_namespace:promtail_request_duration_seconds:99quantile
- expr:
histogram_quantile(0.50, sum(rate(promtail_request_duration_seconds_bucket[1m]))
by (le, job, status_code, namespace))
record: job_status_code_namespace:promtail_request_duration_seconds:50quantile
- expr:
sum(rate(promtail_request_duration_seconds_sum[1m])) by (job, status_code,
namespace) / sum(rate(promtail_request_duration_seconds_count[1m])) by (job,
status_code, namespace)
record: job_status_code_namespace:promtail_request_duration_seconds:avg
- expr:
sum(rate(promtail_request_duration_seconds_bucket[1m])) by (le, job, status_code,
namespace)
record: job_status_code_namespace:promtail_request_duration_seconds_bucket:sum_rate
- expr:
sum(rate(promtail_request_duration_seconds_sum[1m])) by (job, status_code,
namespace)
record: job_status_code_namespace:promtail_request_duration_seconds_sum:sum_rate
- expr:
sum(rate(promtail_request_duration_seconds_count[1m])) by (job, status_code,
namespace)
record: job_status_code_namespace:promtail_request_duration_seconds_count:sum_rate
- name: promtail_alerts
rules:
- alert: PromtailRequestsErrors
annotations:
message: |
{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.
expr: |
100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance)
/
sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance)
> 10
for: 15m
labels:
severity: critical
- alert: PromtailRequestLatency
annotations:
message: |
{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency.
expr: |
job_status_code_namespace:promtail_request_duration_seconds:99quantile > 1
for: 15m
labels:
severity: critical
- alert: PromtailFileMissing
annotations:
message: |
{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} matches the glob but is not being tailed.
expr: |
promtail_file_bytes_total unless promtail_read_bytes_total
for: 15m
labels:
severity: warning

324
manifests/grafana-agent/components/prometheus-rules/PrometheusRule-nodeExporter.yaml Normal file
View File

@ -0,0 +1,324 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/instance: cluster
prometheus: prometheus
role: alert-rules
name: node-exporter-rules
spec:
groups:
- name: node-exporter
rules:
# {{ range $index, $node := (lookup "v1" "Node" "" "").items }}
# - alert: NodeExporterJobMissing-{{ $node.metadata.name }}
# annotations:
# summary: Node Exporter job missing for node {{ $node.metadata.name }}. (instance {{ $labels.instance }})
# description: "Node Exporter job has disappeared\n Node = {{ $node.metadata.name }}\n Value = {{ $value }}\n LABELS = {{ $labels }}"
# expr: absent(up{job="node-exporter", node="{{ $node.metadata.name }}"})
# for: 0m
# labels:
# severity: critical
# {{ end }}
- alert: NodeFilesystemSpaceFillingUp
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 24 hours.
expr: |
(
node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 15
and
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""}[6h], 24*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: warning
- alert: NodeFilesystemSpaceFillingUp
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 4 hours.
expr: |
(
node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 10
and
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""}[6h], 4*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: critical
- alert: NodeFilesystemAlmostOutOfSpace
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutofspace
summary: Filesystem has less than 5% space left.
expr: |
(
node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 5
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 30m
labels:
severity: warning
- alert: NodeFilesystemAlmostOutOfSpace
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutofspace
summary: Filesystem has less than 3% space left.
expr: |
(
node_filesystem_avail_bytes{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 3
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 30m
labels:
severity: critical
- alert: NodeFilesystemFilesFillingUp
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 24 hours.
expr: |
(
node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_files{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 40
and
predict_linear(node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""}[6h], 24*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: warning
- alert: NodeFilesystemFilesFillingUp
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 4 hours.
expr: |
(
node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_files{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 20
and
predict_linear(node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""}[6h], 4*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: critical
- alert: NodeFilesystemAlmostOutOfFiles
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutoffiles
summary: Filesystem has less than 5% inodes left.
expr: |
(
node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_files{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 5
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: warning
- alert: NodeFilesystemAlmostOutOfFiles
annotations:
description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutoffiles
summary: Filesystem has less than 3% inodes left.
expr: |
(
node_filesystem_files_free{job="node-exporter",fstype!="",mountpoint!=""} / node_filesystem_files{job="node-exporter",fstype!="",mountpoint!=""} * 100 < 3
and
node_filesystem_readonly{job="node-exporter",fstype!="",mountpoint!=""} == 0
)
for: 1h
labels:
severity: critical
- alert: NodeNetworkReceiveErrs
annotations:
description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.'
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodenetworkreceiveerrs
summary: Network interface is reporting many receive errors.
expr: |
rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01
for: 1h
labels:
severity: warning
- alert: NodeNetworkTransmitErrs
annotations:
description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.'
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodenetworktransmiterrs
summary: Network interface is reporting many transmit errors.
expr: |
rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01
for: 1h
labels:
severity: warning
- alert: NodeHighNumberConntrackEntriesUsed
annotations:
description: "{{ $value | humanizePercentage }} of conntrack entries are used."
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodehighnumberconntrackentriesused
summary: Number of conntrack are getting close to the limit.
expr: |
(node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75
labels:
severity: warning
- alert: NodeTextFileCollectorScrapeError
annotations:
description: Node Exporter text file collector failed to scrape.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodetextfilecollectorscrapeerror
summary: Node Exporter text file collector failed to scrape.
expr: |
node_textfile_scrape_error{job="node-exporter"} == 1
labels:
severity: warning
- alert: NodeClockSkewDetected
annotations:
description: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected
summary: Clock skew detected.
expr: |
(
node_timex_offset_seconds{job="node-exporter"} > 0.05
and
deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) >= 0
)
or
(
node_timex_offset_seconds{job="node-exporter"} < -0.05
and
deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) <= 0
)
for: 10m
labels:
severity: warning
- alert: NodeClockNotSynchronising
annotations:
description: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclocknotsynchronising
summary: Clock not synchronising.
expr: |
min_over_time(node_timex_sync_status{job="node-exporter"}[5m]) == 0
and
node_timex_maxerror_seconds{job="node-exporter"} >= 16
for: 10m
labels:
severity: warning
- alert: NodeRAIDDegraded
annotations:
description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/noderaiddegraded
summary: RAID Array is degraded
expr: |
node_md_disks_required{job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)"} - ignoring (state) (node_md_disks{state="active",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)"}) > 0
for: 15m
labels:
severity: critical
- alert: NodeRAIDDiskFailure
annotations:
description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/noderaiddiskfailure
summary: Failed device in RAID array
expr: |
node_md_disks{state="failed",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)"} > 0
labels:
severity: warning
- alert: NodeFileDescriptorLimit
annotations:
description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefiledescriptorlimit
summary: Kernel is predicted to exhaust file descriptors limit soon.
expr: |
(
node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 70
)
for: 15m
labels:
severity: warning
- alert: NodeFileDescriptorLimit
annotations:
description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefiledescriptorlimit
summary: Kernel is predicted to exhaust file descriptors limit soon.
expr: |
(
node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 90
)
for: 15m
labels:
severity: critical
- name: node-exporter.rules
rules:
- expr: |
count without (cpu, mode) (
node_cpu_seconds_total{job="node-exporter",mode="idle"}
)
record: instance:node_num_cpu:sum
- expr: |
1 - avg without (cpu) (
sum without (mode) (rate(node_cpu_seconds_total{job="node-exporter", mode=~"idle|iowait|steal"}[5m]))
)
record: instance:node_cpu_utilisation:rate5m
- expr: |
(
node_load1{job="node-exporter"}
/
instance:node_num_cpu:sum{job="node-exporter"}
)
record: instance:node_load1_per_cpu:ratio
- expr: |
1 - (
(
node_memory_MemAvailable_bytes{job="node-exporter"}
or
(
node_memory_Buffers_bytes{job="node-exporter"}
+
node_memory_Cached_bytes{job="node-exporter"}
+
node_memory_MemFree_bytes{job="node-exporter"}
+
node_memory_Slab_bytes{job="node-exporter"}
)
)
/
node_memory_MemTotal_bytes{job="node-exporter"}
)
record: instance:node_memory_utilisation:ratio
- expr: |
rate(node_vmstat_pgmajfault{job="node-exporter"}[5m])
record: instance:node_vmstat_pgmajfault:rate5m
- expr: |
rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)"}[5m])
record: instance_device:node_disk_io_time_seconds:rate5m
- expr: |
rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)"}[5m])
record: instance_device:node_disk_io_time_weighted_seconds:rate5m
- expr: |
sum without (device) (
rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_receive_bytes_excluding_lo:rate5m
- expr: |
sum without (device) (
rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_transmit_bytes_excluding_lo:rate5m
- expr: |
sum without (device) (
rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_receive_drop_excluding_lo:rate5m
- expr: |
sum without (device) (
rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_transmit_drop_excluding_lo:rate5m

8
manifests/grafana-agent/components/prometheus-rules/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- PrometheusRule-grafana-agent.yaml
- PrometheusRule-nodeExporter.yaml

37
manifests/grafana-agent/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,37 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: node-exporter
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-agent
app.kubernetes.io/part-of: grafana-agent
resources:
- ../../base
# components:
# - ../../components/dashboard
# - ../../components/metrics
# - ../../components/prometheus-rules
replacements:
- source:
kind: DaemonSet
name: grafana-agent
fieldPath: metadata.namespace
targets:
- select:
kind: ClusterRoleBinding
name: grafana-agent
fieldPaths:
- subjects.[name=grafana-agent].namespace

126
manifests/grafana-operator/base/clusterrole.yaml Normal file
View File

@ -0,0 +1,126 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: controller
name: controller-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups
- grafanacontactpoints
- grafanadashboards
- grafanadatasources
- grafanafolders
- grafananotificationpolicies
- grafanas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups/finalizers
- grafanacontactpoints/finalizers
- grafanadashboards/finalizers
- grafanadatasources/finalizers
- grafanafolders/finalizers
- grafananotificationpolicies/finalizers
- grafanas/finalizers
verbs:
- update
- apiGroups:
- grafana.integreatly.org
resources:
- grafanaalertrulegroups/status
- grafanacontactpoints/status
- grafanadashboards/status
- grafanadatasources/status
- grafanafolders/status
- grafananotificationpolicies/status
- grafanas/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- update
- watch

15
manifests/grafana-operator/base/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
name: controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: controller-manager
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: changeme

309
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanaalertrulegroups.yaml Normal file
View File

@ -0,0 +1,309 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafanaalertrulegroups.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaAlertRuleGroup
listKind: GrafanaAlertRuleGroupList
plural: grafanaalertrulegroups
singular: grafanaalertrulegroup
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaAlertRuleGroup is the Schema for the grafanaalertrulegroups
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaAlertRuleGroupSpec defines the desired state of GrafanaAlertRuleGroup
properties:
allowCrossNamespaceImport:
type: boolean
editable:
description: Whether to enable or disable editing of the alert rule
group in Grafana UI
type: boolean
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
folderRef:
description: Match GrafanaFolders CRs to infer the uid
type: string
folderUID:
description: |-
UID of the folder containing this rule group
Overrides the FolderSelector
type: string
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
interval:
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
name:
description: Name of the alert rule group. If not specified, the resource
name will be used.
type: string
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
rules:
items:
description: AlertRule defines a specific rule to be evaluated.
It is based on the upstream model with some k8s specific type
mappings
properties:
annotations:
additionalProperties:
type: string
type: object
condition:
type: string
data:
items:
properties:
datasourceUid:
description: Grafana data source unique identifier; it
should be '__expr__' for a Server Side Expression operation.
type: string
model:
description: JSON is the raw JSON query and includes the
above properties as well as custom properties.
x-kubernetes-preserve-unknown-fields: true
queryType:
description: |-
QueryType is an optional identifier for the type of query.
It can be used to distinguish different types of queries.
type: string
refId:
description: RefID is the unique identifier of the query,
set by the frontend call.
type: string
relativeTimeRange:
description: relative time range
properties:
from:
description: from
format: int64
type: integer
to:
description: to
format: int64
type: integer
type: object
type: object
type: array
execErrState:
enum:
- OK
- Alerting
- Error
- KeepLast
type: string
for:
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
isPaused:
type: boolean
labels:
additionalProperties:
type: string
type: object
noDataState:
enum:
- Alerting
- NoData
- OK
- KeepLast
type: string
notificationSettings:
properties:
group_by:
items:
type: string
type: array
group_interval:
type: string
group_wait:
type: string
mute_time_intervals:
items:
type: string
type: array
receiver:
type: string
repeat_interval:
type: string
required:
- receiver
type: object
title:
example: Always firing
maxLength: 190
minLength: 1
type: string
uid:
pattern: ^[a-zA-Z0-9-_]+$
type: string
required:
- condition
- data
- execErrState
- for
- noDataState
- title
- uid
type: object
type: array
required:
- instanceSelector
- interval
- rules
type: object
x-kubernetes-validations:
- message: Only one of FolderUID or FolderRef can be set
rule: (has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef)
&& !(has(self.folderUID)))
status:
description: GrafanaAlertRuleGroupStatus defines the observed state of
GrafanaAlertRuleGroup
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

271
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanacontactpoints.yaml Normal file
View File

@ -0,0 +1,271 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafanacontactpoints.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaContactPoint
listKind: GrafanaContactPointList
plural: grafanacontactpoints
singular: grafanacontactpoint
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaContactPoint is the Schema for the grafanacontactpoints
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaContactPointSpec defines the desired state of GrafanaContactPoint
properties:
allowCrossNamespaceImport:
type: boolean
disableResolveMessage:
type: boolean
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
name:
type: string
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
settings:
x-kubernetes-preserve-unknown-fields: true
type:
enum:
- alertmanager
- prometheus-alertmanager
- dingding
- discord
- email
- googlechat
- kafka
- line
- opsgenie
- pagerduty
- pushover
- sensugo
- sensu
- slack
- teams
- telegram
- threema
- victorops
- webhook
- wecom
- hipchat
- oncall
type: string
valuesFrom:
items:
properties:
targetPath:
type: string
valueFrom:
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: Either configMapKeyRef or secretKeyRef must be set
rule: (has(self.configMapKeyRef) && !has(self.secretKeyRef))
|| (!has(self.configMapKeyRef) && has(self.secretKeyRef))
required:
- targetPath
- valueFrom
type: object
maxItems: 99
type: array
required:
- instanceSelector
- name
- settings
type: object
status:
description: GrafanaContactPointStatus defines the observed state of GrafanaContactPoint
properties:
conditions:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

495
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanadashboards.yaml Normal file
View File

@ -0,0 +1,495 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafanadashboards.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaDashboard
listKind: GrafanaDashboardList
plural: grafanadashboards
singular: grafanadashboard
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.NoMatchingInstances
name: No matching instances
type: boolean
- format: date-time
jsonPath: .status.lastResync
name: Last resync
type: date
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaDashboard is the Schema for the grafanadashboards API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaDashboardSpec defines the desired state of GrafanaDashboard
properties:
allowCrossNamespaceImport:
description: allow to import this resources from an operator in a
different namespace
type: boolean
configMapRef:
description: dashboard from configmap
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must be
defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
contentCacheDuration:
description: Cache duration for dashboards fetched from URLs
type: string
datasources:
description: maps required data sources to existing ones
items:
properties:
datasourceName:
type: string
inputName:
type: string
required:
- datasourceName
- inputName
type: object
type: array
envFrom:
description: environments variables from secrets or config maps
items:
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: array
envs:
description: environments variables as a map
items:
properties:
name:
type: string
value:
description: Inline env value
type: string
valueFrom:
description: Reference on value source, might be the reference
on a secret or config map
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
folder:
description: folder assignment for dashboard
type: string
folderRef:
description: Name of a `GrafanaFolder` resource in the same namespace
type: string
folderUID:
description: UID of the target folder for this dashboard
type: string
grafanaCom:
description: grafana.com/dashboards
properties:
id:
type: integer
revision:
type: integer
required:
- id
type: object
gzipJson:
description: GzipJson the dashboard's JSON compressed with Gzip. Base64-encoded
when in YAML.
format: byte
type: string
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
json:
description: dashboard json
type: string
jsonnet:
description: Jsonnet
type: string
jsonnetLib:
description: Jsonnet project build
properties:
fileName:
type: string
gzipJsonnetProject:
format: byte
type: string
jPath:
items:
type: string
type: array
required:
- fileName
- gzipJsonnetProject
type: object
plugins:
description: plugins
items:
properties:
name:
type: string
version:
type: string
required:
- name
- version
type: object
type: array
resyncPeriod:
default: 5m
description: how often the dashboard is refreshed, defaults to 5m
if not set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
uid:
description: Manually specify the uid for the dashboard, overwrites
uids already present in the json model
type: string
x-kubernetes-validations:
- message: spec.uid is immutable
rule: self == oldSelf
url:
description: dashboard url
type: string
urlAuthorization:
description: authorization options for dashboard from url
properties:
basicAuth:
properties:
password:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
username:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
required:
- instanceSelector
type: object
x-kubernetes-validations:
- message: Only one of folderUID or folderRef can be declared at the same
time
rule: (has(self.folderUID) && !(has(self.folderRef))) || (has(self.folderRef)
&& !(has(self.folderUID))) || !(has(self.folderRef) && (has(self.folderUID)))
- message: folder field cannot be set when folderUID or folderRef is already
declared
rule: (has(self.folder) && !(has(self.folderRef) || has(self.folderUID)))
|| !(has(self.folder))
- message: spec.uid is immutable
rule: ((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) &&
has(self.uid)))
status:
description: GrafanaDashboardStatus defines the observed state of GrafanaDashboard
properties:
NoMatchingInstances:
description: The dashboard instanceSelector can't find matching grafana
instances
type: boolean
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
contentCache:
format: byte
type: string
contentTimestamp:
format: date-time
type: string
contentUrl:
type: string
hash:
type: string
lastResync:
description: Last time the dashboard was resynced
format: date-time
type: string
uid:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

256
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanadatasources.yaml Normal file
View File

@ -0,0 +1,256 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafanadatasources.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaDatasource
listKind: GrafanaDatasourceList
plural: grafanadatasources
singular: grafanadatasource
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.NoMatchingInstances
name: No matching instances
type: boolean
- format: date-time
jsonPath: .status.lastResync
name: Last resync
type: date
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaDatasource is the Schema for the grafanadatasources API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaDatasourceSpec defines the desired state of GrafanaDatasource
properties:
allowCrossNamespaceImport:
description: allow to import this resources from an operator in a
different namespace
type: boolean
datasource:
properties:
access:
type: string
basicAuth:
type: boolean
basicAuthUser:
type: string
database:
type: string
editable:
description: Deprecated field, it has no effect
type: boolean
isDefault:
type: boolean
jsonData:
type: object
x-kubernetes-preserve-unknown-fields: true
name:
type: string
orgId:
description: Deprecated field, it has no effect
format: int64
type: integer
secureJsonData:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
uid:
type: string
url:
type: string
user:
type: string
type: object
instanceSelector:
description: selects Grafana instances for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
plugins:
description: plugins
items:
properties:
name:
type: string
version:
type: string
required:
- name
- version
type: object
type: array
resyncPeriod:
default: 5m
description: how often the datasource is refreshed, defaults to 5m
if not set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
valuesFrom:
description: environments variables from secrets or config maps
items:
properties:
targetPath:
type: string
valueFrom:
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: Either configMapKeyRef or secretKeyRef must be set
rule: (has(self.configMapKeyRef) && !has(self.secretKeyRef))
|| (!has(self.configMapKeyRef) && has(self.secretKeyRef))
required:
- targetPath
- valueFrom
type: object
maxItems: 99
type: array
required:
- datasource
- instanceSelector
type: object
status:
description: GrafanaDatasourceStatus defines the observed state of GrafanaDatasource
properties:
NoMatchingInstances:
description: The datasource instanceSelector can't find matching grafana
instances
type: boolean
hash:
type: string
lastMessage:
type: string
lastResync:
description: Last time the datasource was resynced
format: date-time
type: string
uid:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

220
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanafolders.yaml Normal file
View File

@ -0,0 +1,220 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafanafolders.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaFolder
listKind: GrafanaFolderList
plural: grafanafolders
singular: grafanafolder
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.NoMatchingInstances
name: No matching instances
type: boolean
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaFolder is the Schema for the grafanafolders API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaFolderSpec defines the desired state of GrafanaFolder
properties:
allowCrossNamespaceImport:
description: Enable matching Grafana instances outside the current
namespace
type: boolean
instanceSelector:
description: Selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
parentFolderRef:
description: Reference to an existing GrafanaFolder CR in the same
namespace
type: string
parentFolderUID:
description: UID of the folder in which the current folder should
be created
type: string
permissions:
description: Raw json with folder permissions, potentially exported
from Grafana
type: string
resyncPeriod:
default: 5m
description: How often the folder is synced, defaults to 5m if not
set
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
title:
description: Display name of the folder in Grafana
type: string
uid:
description: Manually specify the UID the Folder is created with
type: string
x-kubernetes-validations:
- message: spec.uid is immutable
rule: self == oldSelf
required:
- instanceSelector
type: object
x-kubernetes-validations:
- message: Only one of parentFolderUID or parentFolderRef can be set
rule: (has(self.parentFolderUID) && !(has(self.parentFolderRef))) ||
(has(self.parentFolderRef) && !(has(self.parentFolderUID))) || !(has(self.parentFolderRef)
&& (has(self.parentFolderUID)))
- message: spec.uid is immutable
rule: ((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) &&
has(self.uid)))
status:
description: GrafanaFolderStatus defines the observed state of GrafanaFolder
properties:
NoMatchingInstances:
description: The folder instanceSelector can't find matching grafana
instances
type: boolean
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
hash:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
type: string
lastResync:
description: Last time the folder was resynced
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

250
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafananotificationpolicies.yaml Normal file
View File

@ -0,0 +1,250 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: grafananotificationpolicies.grafana.integreatly.org
spec:
group: grafana.integreatly.org
names:
categories:
- grafana-operator
kind: GrafanaNotificationPolicy
listKind: GrafanaNotificationPolicyList
plural: grafananotificationpolicies
singular: grafananotificationpolicy
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: GrafanaNotificationPolicy is the Schema for the GrafanaNotificationPolicy
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaNotificationPolicySpec defines the desired state of
GrafanaNotificationPolicy
properties:
editable:
description: Whether to enable or disable editing of the notification
policy in Grafana UI
type: boolean
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
instanceSelector:
description: selects Grafanas for import
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
resyncPeriod:
default: 10m
format: duration
pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
type: string
route:
description: Routes for alerts to match against
properties:
continue:
description: continue
type: boolean
group_by:
description: group by
items:
type: string
type: array
group_interval:
description: group interval
type: string
group_wait:
description: group wait
type: string
match_re:
additionalProperties:
type: string
description: match re
type: object
matchers:
description: matchers
items:
properties:
isEqual:
description: is equal
type: boolean
isRegex:
description: is regex
type: boolean
name:
description: name
type: string
value:
description: value
type: string
required:
- isRegex
- value
type: object
type: array
mute_time_intervals:
description: mute time intervals
items:
type: string
type: array
object_matchers:
description: object matchers
items:
description: |-
ObjectMatcher ObjectMatcher is a matcher that can be used to filter alerts.
swagger:model ObjectMatcher
items:
type: string
type: array
type: array
provenance:
description: provenance
type: string
receiver:
description: receiver
type: string
repeat_interval:
description: repeat interval
type: string
routes:
description: routes
x-kubernetes-preserve-unknown-fields: true
type: object
required:
- instanceSelector
- route
type: object
status:
description: GrafanaNotificationPolicyStatus defines the observed state
of GrafanaNotificationPolicy
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}

9430
manifests/grafana-operator/base/crd/CustomResourceDefinition-grafanas.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

69
manifests/grafana-operator/base/deployment.yaml Normal file
View File

@ -0,0 +1,69 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
name: controller-manager
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: controller
strategy: {}
template:
metadata:
labels:
app.kubernetes.io/component: controller
spec:
containers:
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=0.0.0.0:9090
- --leader-elect
image: ghcr.io/grafana/grafana-operator:v5.15.1
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9090
name: metrics
protocol: TCP
- containerPort: 8888
name: pprof
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
volumeMounts:
- mountPath: /tmp/dashboards
name: dashboards-dir
securityContext:
runAsNonRoot: true
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: dashboards-dir

65
manifests/grafana-operator/base/kustomization.yaml Normal file
View File

@ -0,0 +1,65 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# crds:
# # - crd/CustomResourceDefinition-grafanaalertrulegroups.yaml
# - crd/CustomResourceDefinition-grafanacontactpoints.yaml
# - crd/CustomResourceDefinition-grafanadashboards.yaml
# - crd/CustomResourceDefinition-grafanadatasources.yaml
# - crd/CustomResourceDefinition-grafanafolders.yaml
# - crd/CustomResourceDefinition-grafananotificationpolicies.yaml
# - crd/CustomResourceDefinition-grafanas.yaml
namespace: grafana
namePrefix: grafana-operator-
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: grafana-operator
app.kubernetes.io/part-of: grafana-operator
resources:
- crd/CustomResourceDefinition-grafanaalertrulegroups.yaml
- crd/CustomResourceDefinition-grafanacontactpoints.yaml
- crd/CustomResourceDefinition-grafanadashboards.yaml
- crd/CustomResourceDefinition-grafanadatasources.yaml
- crd/CustomResourceDefinition-grafanafolders.yaml
- crd/CustomResourceDefinition-grafananotificationpolicies.yaml
- crd/CustomResourceDefinition-grafanas.yaml
- serviceaccount.yaml
- clusterrole.yaml
- clusterrolebinding.yaml
- deployment.yaml
replacements:
- source:
kind: Deployment
name: controller-manager
fieldPath: metadata.namespace
targets:
- select:
kind: ClusterRoleBinding
name: controller-manager
fieldPaths:
- subjects.[name=controller-manager].namespace
patches:
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
# yamllint disable rule:indentation
patch: |-
- op: add
path: /metadata/annotations/argocd.argoproj.io~1sync-options
value: ServerSideApply=true
# yamllint enable rule:indentation

8
manifests/grafana-operator/base/serviceaccount.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
name: controller-manager

17
manifests/grafana-operator/components/metrics/kustomization.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: namespace
app.kubernetes.io/name: grafana-operator
app.kubernetes.io/part-of: grafana-operator
resources:
- service.yaml
- servicemonitor.yaml

20
manifests/grafana-operator/components/metrics/service.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
name: grafana-operator-controller-manager-metrics
spec:
ports:
- name: metrics
port: 9090
protocol: TCP
targetPort: metrics
- name: pprof
port: 8888
protocol: TCP
targetPort: pprof
selector:
app.kubernetes.io/component: controller
type: ClusterIP

21
manifests/grafana-operator/components/metrics/servicemonitor.yaml Normal file
View File

@ -0,0 +1,21 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/component: controller
name: grafana-operator-controller-manager
spec:
endpoints:
- interval: 30s
port: metrics
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_name
targetLabel: instance
selector:
matchLabels:
app.kubernetes.io/component: controller

19
manifests/grafana-operator/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: grafana
images:
- name: ghcr.io/grafana/grafana-operator
newTag: v5.15.1
resources:
- ../../base
components:
- ../../components/metrics

23
manifests/grafana-operator/source/README.md Normal file
View File

@ -0,0 +1,23 @@
# Grafana Operator
## Updating Manifests
1. download new `cluster scoped` manifest https://github.com/grafana/grafana-operator/releases
1. remove **ALL** namespaces from manifests
!!! tip
VSCode:
1. `ctrl-h` to bring up search
1. use search string `\n\s\snamespace:.+` and set to regex search (click on `.*` button)
1. leave the replace field empty
1. click on replace all
1. Delete any manifest that is of kind `namespace`
1. Copy each manifest into their own file at path `base/`
!!! tip
If there are `ClusterRoleBinding` manifests, ensure that `kustomization.yaml` has its replacements section updated to update the service accounts namespace.

11470
manifests/grafana-operator/source/kustomize-cluster_scoped.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

3
manifests/nfc-monitoring/README.md Normal file
View File

@ -0,0 +1,3 @@
# No Fuss Computing - Cluster wide Monitoring
These manifests are for deploying to a cluster so that it can have it's metrics monitored.

113
manifests/nfc-monitoring/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,113 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/part-of: nfc-monitoring
patches:
- target:
kind: Alertmanager
name: cluster
# yamllint disable rule:indentation
patch: |-
- op: replace
path: /spec/version
value: v0.27.0
- op: replace
path: /spec/externalUrl
value: alert-manager.local
# yamllint enable rule:indentation
- target:
kind: Prometheus
name: cluster
# yamllint disable rule:indentation
patch: |-
- op: replace
path: /spec/version
value: 2.47.0
- op: replace
path: /spec/alerting/alertmanagers
value:
- apiVersion: v2
name: alertmanager-cluster
namespace: alert
port: web
# yamllint enable rule:indentation
#
# Alert Manaer Ingress Setup
#
# patches:
# - patch: |-
# - op: replace
# path: /metadata/annotations/cert-manager.io~1cluster-issuer
# value: cluster
# - op: replace
# path: /metadata/annotations/cert-manager.io~1common-name
# value: alert-manager.local
# - op: replace
# path: /spec/rules/0/host
# value: alert-manager.local
# - op: replace
# path: /spec/tls/0/hosts/0
# value: alert-manager.local
# target:
# kind: Ingress
# name: alert-manager
# version: v1
#
# Prometheus Ingress Setup
#
# - patch: |-
# - op: replace
# path: /metadata/annotations/cert-manager.io~1cluster-issuer
# value: cluster
# - op: replace
# path: /metadata/annotations/cert-manager.io~1common-name
# value: prometheus.local
# - op: replace
# path: /spec/rules/0/host
# value: prometheus.local
# - op: replace
# path: /spec/tls/0/hosts/0
# value: prometheus.local
# target:
# kind: Ingress
# name: prometheus
# version: v1
resources:
- ../../../alert-manager/overlays/production
- ../../../grafana-agent/overlays/production
- ../../../prometheus/overlays/production
components:
- ../../../alert-manager/components/metrics
- ../../../alert-manager/components/prometheus-rules
- ../../../prometheus/components/alertmanager
- ../../../prometheus/components/grafana-datasource
- ../../../grafana-agent/components/dashboard
- ../../../grafana-agent/components/metrics
- ../../../grafana-agent/components/prometheus-rules

0
manifests/nginx/.gitkeep Normal file
View File

27
manifests/nginx/base/configmap-nginx.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: webserver
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
name: nginx
data:
# yamllint disable rule:indentation
default.conf: |
server {
listen 80;
access_log /var/log/nginx/access-default.log main;
error_log /var/log/nginx/error-default.log;
error_page 500 502 503 504 /50x.html;
location / {
root /usr/share/nginx/html/;
}
}
# yamllint enable rule:indentation

47
manifests/nginx/base/deployment-nginx.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: webserver
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: webserver
template:
metadata:
labels:
app.kubernetes.io/component: webserver
spec:
containers:
- name: backend
image: docker.io/nginx:alpine
imagePullPolicy: Always
ports:
- containerPort: 80
name: http
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- name: http-root
mountPath: /usr/share/nginx/html
mountPropagation: HostToContainer
- name: nginx-config
mountPath: /etc/nginx/conf.d
tolerations: []
volumes:
- name: http-root
hostPath:
# Ensure the file directory is created.
path: /opt/webserver
type: DirectoryOrCreate
- name: nginx-config
configMap:
name: nginx-config

19
manifests/nginx/base/kustomization.yaml Normal file
View File

@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: website
commonLabels:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
resources:
- configmap-nginx.yaml
- service.yaml
- deployment-nginx.yaml

13
manifests/nginx/base/service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: webserver
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80

25
manifests/nginx/components/gitlab_runner/kustomization.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- runner-website.yaml
patches:
- target:
kind: Runner
name: gitlab-runner
# yamllint disable rule:indentation
patch: |-
# Runner Tags
# - op: add
# path: /spec/tags
# value: production,website
- op: add
path: /spec/runnerImage
value: registry.gitlab.com/gitlab-org/gitlab-runner:v17.6.0
# yamllint enable rule:indentation

21
manifests/nginx/components/gitlab_runner/runner-website.yaml Normal file
View File

@ -0,0 +1,21 @@
---
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
labels:
app.kubernetes.io/component: ci-cd-runner
app.kubernetes.io/name: gitlab
app.kubernetes.io/part-of: nginx
name: gitlab-runner
spec:
gitlabUrl: https://gitlab.com
podSpec:
- name: gitlab-runner
patchType: merge
# yamllint disable rule:indentation
patch: |
securityContext:
runAsNonRoot: false
# yamllint enable rule:indentation
token: token-secret-name

39
manifests/nginx/components/ingress/ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: "cluster"
cert-manager.io/common-name: "domain-name.tld"
cert-manager.io/duration: "2160h"
cert-manager.io/subject-organizations: "N/A"
cert-manager.io/subject-organizationalunits: "N/A"
cert-manager.io/subject-countries: "N/A"
cert-manager.io/subject-provinces: "N/A"
# cert-manager.io/subject-localities: "N/A"
cert-manager.io/private-key-algorithm: "ECDSA"
cert-manager.io/private-key-size: "384"
cert-manager.io/private-key-rotation-policy: "Always"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
app.kubernetes.io/component: ingress
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
name: nginx
spec:
rules:
- host: "domain-name.tld"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
name: http
tls:
- hosts:
- "domain-name.tld"
secretName: "certificate-tls-domain-name.tld"

36
manifests/nginx/components/ingress/kustomization.yaml Normal file
View File

@ -0,0 +1,36 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ingress.yaml
patches:
# yamllint disable rule:indentation
- patch: |-
- op: replace
path: /metadata/annotations/cert-manager.io~1cluster-issuer
value: cluster
- op: replace
path: /metadata/annotations/cert-manager.io~1common-name
value: my-domain-name.tld
- op: replace
path: /spec/rules/0/host
value: my-domain-name.tld
- op: replace
path: /spec/tls/0/hosts/0
value: my-domain-name.tld
- op: replace
path: /spec/tls/0/secretName
value: certificate-tls-domain-name.tld
target:
kind: Ingress
name: nginx
version: v1
# yamllint enable rule:indentation

1
manifests/nginx/overlays/static-site-gitlab-built/gitlab-runner-registration-token.env Normal file
View File

@ -0,0 +1 @@
runner-registration-token=MY-GITLAB-REGISTRATION-TOKEN

47
manifests/nginx/overlays/static-site-gitlab-built/kustomization.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# namePrefix: nofusscomputing-
namespace: website
commonLabels:
app.kubernetes.io/instance: my-website
resources:
- ../../base/
components:
- ../../components/gitlab_runner/
- ../../components/ingress/
secretGenerator:
- name: gitlab-runner-token
envs:
- gitlab-runner-registration-token.env
type: Opaque
generatorOptions:
disableNameSuffixHash: true
replacements:
- source:
kind: Secret
name: gitlab-runner-token
fieldPath: metadata.name
targets:
- select:
kind: Runner
name: gitlab-runner
fieldPaths:
- spec.token

106
manifests/prometheus-operator/base/clusterrole.yaml Normal file
View File

@ -0,0 +1,106 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: controller
name: prometheus-operator
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- alertmanagers/finalizers
- alertmanagers/status
- alertmanagerconfigs
- prometheuses
- prometheuses/finalizers
- prometheuses/status
- prometheusagents
- prometheusagents/finalizers
- prometheusagents/status
- thanosrulers
- thanosrulers/finalizers
- thanosrulers/status
- scrapeconfigs
- servicemonitors
- podmonitors
- probes
- prometheusrules
verbs:
- "*"
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- "*"
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- services/finalizers
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- patch
- create
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
- delete

15
manifests/prometheus-operator/base/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-operator
subjects:
- kind: ServiceAccount
name: prometheus-operator
namespace: default

10037
manifests/prometheus-operator/base/crd/CustomResourceDefinition-alertmanagerconfigs.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

8712
manifests/prometheus-operator/base/crd/CustomResourceDefinition-alertmanagers.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1206
manifests/prometheus-operator/base/crd/CustomResourceDefinition-podmonitors.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1173
manifests/prometheus-operator/base/crd/CustomResourceDefinition-probes.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

10752
manifests/prometheus-operator/base/crd/CustomResourceDefinition-prometheusagents.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

12981
manifests/prometheus-operator/base/crd/CustomResourceDefinition-prometheuses.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

159
manifests/prometheus-operator/base/crd/CustomResourceDefinition-prometheusrules.monitoring.coreos.com.yaml Normal file
View File

@ -0,0 +1,159 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
operator.prometheus.io/version: 0.79.2
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: PrometheusRule
listKind: PrometheusRuleList
plural: prometheusrules
shortNames:
- promrule
singular: prometheusrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.
`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of desired alerting rule definitions for Prometheus.
properties:
groups:
description: Content of Prometheus rule file
items:
description: RuleGroup is a list of sequentially evaluated recording
and alerting rules.
properties:
interval:
description: Interval determines how often rules in the group
are evaluated.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
labels:
additionalProperties:
type: string
description: |-
Labels to add or overwrite before storing the result for its rules.
The labels defined at the rule level take precedence.
It requires Prometheus >= 3.0.0.
The field is ignored for Thanos Ruler.
type: object
limit:
description: |-
Limit the number of alerts an alerting rule and series a recording
rule can produce.
Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
type: integer
name:
description: Name of the rule group.
minLength: 1
type: string
partial_response_strategy:
description: |-
PartialResponseStrategy is only used by ThanosRuler and will
be ignored by Prometheus instances.
More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response
pattern: ^(?i)(abort|warn)?$
type: string
query_offset:
description: |-
Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.
It requires Prometheus >= v2.53.0.
It is not supported for ThanosRuler.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
rules:
description: List of alerting and recording rules.
items:
description: |-
Rule describes an alerting or recording rule
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule
properties:
alert:
description: |-
Name of the alert. Must be a valid label value.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
Annotations to add to each alert.
Only valid for alerting rules.
type: object
expr:
anyOf:
- type: integer
- type: string
description: PromQL expression to evaluate.
x-kubernetes-int-or-string: true
for:
description: Alerts are considered firing once they have
been returned for this long.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
keep_firing_for:
description: KeepFiringFor defines how long an alert will
continue firing after the condition that triggered it
has cleared.
minLength: 1
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
labels:
additionalProperties:
type: string
description: Labels to add or overwrite.
type: object
record:
description: |-
Name of the time series to output to. Must be a valid metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true

11514
manifests/prometheus-operator/base/crd/CustomResourceDefinition-scrapeconfigs.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1228
manifests/prometheus-operator/base/crd/CustomResourceDefinition-servicemonitors.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

8115
manifests/prometheus-operator/base/crd/CustomResourceDefinition-thanosrulers.monitoring.coreos.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

55
manifests/prometheus-operator/base/deployment.yaml Normal file
View File

@ -0,0 +1,55 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
name: prometheus-operator
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: controller
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: prometheus-operator
labels:
app.kubernetes.io/component: controller
spec:
automountServiceAccountToken: true
containers:
- args:
- --kubelet-service=kube-system/kubelet
- --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.79.2
- --kubelet-endpoints=true
- --kubelet-endpointslice=false
env:
- name: GOGC
value: "30"
image: quay.io/prometheus-operator/prometheus-operator:v0.79.2
name: prometheus-operator
ports:
- containerPort: 8080
name: http
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
serviceAccountName: prometheus-operator

Some files were not shown because too many files have changed in this diff Show More