namePrefix: prod- resources: - ../base - svc-db.yaml - svc-netflux.yaml - cm-ingress-nginx-tcp-services.yaml - clusterissuer.yaml - clusterissuer-staging.yaml configMapGenerator: - name: prometheus-server behavior: merge files: - prometheus.yml=resources/prometheus.yaml - alerting_rules.yml=resources/prometheus-alerting-rules.yaml options: labels: app: prometheus - name: prometheus-alertmanager behavior: merge files: - alertmanager.yml=secrets/prometheus-alertmanager.yaml options: labels: app: prometheus - name: grafana behavior: merge files: - grafana.ini=secrets/grafana-config.ini - datasources.yaml=secrets/grafana-datasources.yaml - contactpoints.yaml=resources/grafana-contactpoints.yaml - rules.yaml=resources/grafana-rules.yaml - name: invidious-config files: - config.yml=resources/invidious-config.yaml options: labels: app: invidious - name: element-config files: - config.json=resources/element-config.json options: labels: app: element - name: drone-config literals: - gitea-server=https://git.netflux.io - server-host=drone.netflux.io - server-proto=https - rpc-host=drone.netflux.io - rpc-proto=https - logs-debug=false options: labels: app: drone - name: radicale-config files: - config.toml=secrets/radicale-config.toml - users=secrets/radicale-users options: labels: app: radicale secretGenerator: - name: prometheus-credentials files: - secrets/exporter-password - name: grafana-credentials files: - admin-user=secrets/grafana-admin-user - admin-password=secrets/grafana-admin-password - name: invidious-credentials literals: # Individual keys required by init-invidious-db: - database-host=prod-db - database-port=5432 - database-name=invidious - database-user=kemal files: - database-url=secrets/invidious-database-url - database-password=secrets/invidious-database-password - hmac-key=secrets/invidious-hmac-key.txt options: labels: app: invidious - name: gitea-config files: - admin-username=secrets/gitea-admin-username - admin-password=secrets/gitea-admin-password - admin-email=secrets/gitea-admin-email - config.ini=secrets/gitea-config.ini options: labels: app: gitea - name: drone-credentials files: - database-url=secrets/drone-database-url - gitea-client-id=secrets/drone-gitea-client-id - gitea-client-secret=secrets/drone-gitea-client-secret - rpc-secret=secrets/drone-rpc-secret options: labels: app: drone - name: synapse-config files: - homeserver.yaml=secrets/synapse-homeserver.yaml - signing.key=secrets/synapse-signing.key - log.config=secrets/synapse-log.config options: labels: app: synapse - name: solar-toolkit-gateway files: - database-url=secrets/solar-toolkit-gateway-database-url options: labels: app: solar-toolkit-gateway patches: # Patch the ingress-nginx deployment to allow it to use a service with a # namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. - target: kind: Deployment name: ingress-nginx-controller path: deploy-ingress-nginx.yaml # Patch the ingress-nginx-admission-create job to reference its webhook with a # namePrefix. - target: kind: Job name: ingress-nginx-admission-create path: job-ingress-nginx-admission-create.yaml # Patch the ingress-nginx-admission-patch job to reference its webhook with a # namePrefix. - target: kind: Job name: ingress-nginx-admission-patch path: job-ingress-nginx-admission-patch.yaml # Patch the ingress resource with stage-specific hostnames: - target: kind: Ingress name: ingress path: ingress.yaml # Patch prometheus-server pod to mount the secrets volume. - target: kind: Deployment name: prometheus-server patch: |- - op: add path: /spec/template/spec/volumes/- value: secret: secretName: prod-prometheus-credentials name: secrets-volume - op: add path: /spec/template/spec/containers/1/volumeMounts/- value: mountPath: /etc/secrets name: secrets-volume readOnly: true # Patch Grafana deployment to inject PostgreSQL credentials: - target: kind: Deployment name: grafana path: deploy-grafana.yaml