namePrefix: prod- resources: - ../base - svc-db.yaml - svc-netflux.yaml - cm-ingress-nginx-tcp-services.yaml configMapGenerator: - name: prometheus-server behavior: merge files: - prometheus.yml=prometheus.yaml - name: grafana behavior: merge files: - grafana.ini - datasources.yaml=grafana-datasources.yaml - name: invidious-config files: - config.yml=invidious-config.yaml - name: element-config files: - config.json=element-config.json - name: drone-config literals: - gitea-server=https://git.netflux.io - server-host=drone.netflux.io - server-proto=https - rpc-host=drone.netflux.io - rpc-proto=https - logs-debug=false secretGenerator: - name: prometheus-credentials files: - secrets/exporter-password - name: grafana-credentials files: - admin-user=secrets/grafana-admin-user - admin-password=secrets/grafana-admin-password - name: invidious-credentials literals: # Individual keys required by init-invidious-db: - database-host=prod-db - database-port=5432 - database-name=invidious - database-user=kemal files: - database-url=secrets/invidious-database-url - database-password=secrets/invidious-database-password - name: gitea-config files: - admin-username=secrets/gitea-admin-username - admin-password=secrets/gitea-admin-password - admin-email=secrets/gitea-admin-email - config.ini=secrets/gitea-config.ini - name: drone-credentials files: - database-url=secrets/drone-database-url - gitea-client-id=secrets/drone-gitea-client-id - gitea-client-secret=secrets/drone-gitea-client-secret - rpc-secret=secrets/drone-rpc-secret - name: elon-staging-credentials files: - session-key=secrets/elon-staging-session-key - twitter-client-id=secrets/elon-staging-twitter-client-id - twitter-client-secret=secrets/elon-staging-twitter-client-secret - twitter-callback-url=secrets/elon-staging-twitter-callback-url - twitter-bearer-token=secrets/elon-staging-twitter-bearer-token - database-url=secrets/elon-staging-database-url patches: # Patch the ingress-nginx deployment to allow it to use a service with a # namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. - target: kind: Deployment name: ingress-nginx-controller path: deploy-ingress-nginx.yaml # Patch the ingress-nginx-admission-create job to reference its webhook with a # namePrefix. - target: kind: Job name: ingress-nginx-admission-create path: job-ingress-nginx-admission-create.yaml # Patch the ingress-nginx-admission-patch job to reference its webhook with a # namePrefix. - target: kind: Job name: ingress-nginx-admission-patch path: job-ingress-nginx-admission-patch.yaml # Patch the ingress resource with stage-specific hostnames: - target: kind: Ingress name: ingress path: ingress.yaml # Patch prometheus-server pod to mount the secrets volume. - target: kind: Deployment name: prometheus-server patch: |- - op: add path: /spec/template/spec/volumes/- value: secret: secretName: prod-prometheus-credentials name: secrets-volume - op: add path: /spec/template/spec/containers/1/volumeMounts/- value: mountPath: /etc/secrets name: secrets-volume readOnly: true # Patch Grafana deployment to inject PostgreSQL credentials: - target: kind: Deployment name: grafana path: deploy-grafana.yaml