netflux-kubernetes/deploy/prod/kustomization.yaml

168 lines
4.2 KiB
YAML
Raw Normal View History

2022-05-02 17:26:33 +02:00
namePrefix: prod-
resources:
- ../base
2022-05-05 17:44:44 +02:00
- svc-db.yaml
- svc-netflux.yaml
2022-05-16 22:23:53 +02:00
- cm-ingress-nginx-tcp-services.yaml
2022-11-12 19:34:17 +01:00
- clusterissuer.yaml
- clusterissuer-staging.yaml
configMapGenerator:
- name: prometheus-server
behavior: merge
files:
- prometheus.yml=resources/prometheus.yaml
- alerting_rules.yml=resources/prometheus-alerting-rules.yaml
2023-07-18 09:32:46 +02:00
options:
labels:
app: prometheus
- name: prometheus-alertmanager
behavior: merge
files:
- alertmanager.yml=secrets/prometheus-alertmanager.yaml
options:
labels:
app: prometheus
2022-05-09 05:34:36 +02:00
- name: grafana
behavior: merge
files:
2022-06-02 22:02:29 +02:00
- grafana.ini=secrets/grafana-config.ini
- datasources.yaml=secrets/grafana-datasources.yaml
- contactpoints.yaml=resources/grafana-contactpoints.yaml
- rules.yaml=resources/grafana-rules.yaml
2022-05-11 11:18:49 +02:00
- name: invidious-config
files:
- config.yml=resources/invidious-config.yaml
2022-06-05 17:44:52 +02:00
options:
labels:
app: invidious
2022-05-11 20:21:35 +02:00
- name: element-config
files:
- config.json=resources/element-config.json
2022-06-05 17:44:52 +02:00
options:
labels:
app: element
2022-05-18 18:11:15 +02:00
- name: drone-config
literals:
- gitea-server=https://git.netflux.io
- server-host=drone.netflux.io
- server-proto=https
- rpc-host=drone.netflux.io
- rpc-proto=https
- logs-debug=false
2022-06-05 17:44:52 +02:00
options:
labels:
app: drone
2022-06-19 04:46:48 +02:00
- name: radicale-config
files:
- config.toml=secrets/radicale-config.toml
- users=secrets/radicale-users
options:
labels:
app: radicale
2022-05-05 17:42:23 +02:00
secretGenerator:
- name: prometheus-credentials
files:
- secrets/exporter-password
2022-05-09 05:34:36 +02:00
- name: grafana-credentials
files:
- admin-user=secrets/grafana-admin-user
- admin-password=secrets/grafana-admin-password
2022-05-11 11:18:49 +02:00
- name: invidious-credentials
literals:
# Individual keys required by init-invidious-db:
- database-host=prod-db
- database-port=5432
- database-name=invidious
- database-user=kemal
files:
- database-url=secrets/invidious-database-url
- database-password=secrets/invidious-database-password
- hmac-key=secrets/invidious-hmac-key.txt
2022-06-05 17:44:52 +02:00
options:
labels:
app: invidious
2022-05-16 22:23:53 +02:00
- name: gitea-config
files:
- admin-username=secrets/gitea-admin-username
- admin-password=secrets/gitea-admin-password
- admin-email=secrets/gitea-admin-email
- config.ini=secrets/gitea-config.ini
2022-06-05 17:44:52 +02:00
options:
labels:
app: gitea
2022-05-18 18:11:15 +02:00
- name: drone-credentials
files:
- database-url=secrets/drone-database-url
- gitea-client-id=secrets/drone-gitea-client-id
- gitea-client-secret=secrets/drone-gitea-client-secret
- rpc-secret=secrets/drone-rpc-secret
2022-06-05 17:44:52 +02:00
options:
labels:
app: drone
2022-06-04 03:07:12 +02:00
- name: synapse-config
files:
- homeserver.yaml=secrets/synapse-homeserver.yaml
- signing.key=secrets/synapse-signing.key
- log.config=secrets/synapse-log.config
options:
labels:
app: synapse
- name: solar-toolkit-gateway
files:
- database-url=secrets/solar-toolkit-gateway-database-url
options:
labels:
app: solar-toolkit-gateway
2022-05-05 17:42:23 +02:00
2022-05-05 22:52:39 +02:00
patches:
2022-05-09 05:34:36 +02:00
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
# Patch the ingress-nginx-admission-create job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-create
path: job-ingress-nginx-admission-create.yaml
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch prometheus-server pod to mount the secrets volume.
- target:
kind: Deployment
name: prometheus-server
patch: |-
- op: add
path: /spec/template/spec/volumes/-
value:
secret:
secretName: prod-prometheus-credentials
name: secrets-volume
- op: add
path: /spec/template/spec/containers/1/volumeMounts/-
value:
mountPath: /etc/secrets
name: secrets-volume
readOnly: true
2022-05-09 05:34:36 +02:00
# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
kind: Deployment
2022-05-09 05:34:36 +02:00
name: grafana
path: deploy-grafana.yaml