91 lines
2.3 KiB
YAML
91 lines
2.3 KiB
YAML
namePrefix: prod-
|
|
resources:
|
|
- ../base
|
|
- svc-db.yaml
|
|
- svc-netflux.yaml
|
|
|
|
configMapGenerator:
|
|
- name: prometheus-server
|
|
behavior: merge
|
|
files:
|
|
- prometheus.yml=prometheus.yaml
|
|
- name: grafana
|
|
behavior: merge
|
|
files:
|
|
- grafana.ini
|
|
- datasources.yaml=grafana-datasources.yaml
|
|
- name: invidious-config
|
|
files:
|
|
- config.yml=invidious-config.yaml
|
|
|
|
secretGenerator:
|
|
- name: prometheus-credentials
|
|
files:
|
|
- secrets/exporter-password
|
|
- name: grafana-credentials
|
|
files:
|
|
- admin-user=secrets/grafana-admin-user
|
|
- admin-password=secrets/grafana-admin-password
|
|
- name: invidious-credentials
|
|
literals:
|
|
# Individual keys required by init-invidious-db:
|
|
- database-host=prod-db
|
|
- database-port=5432
|
|
- database-name=invidious
|
|
- database-user=kemal
|
|
files:
|
|
- database-url=secrets/invidious-database-url
|
|
- database-password=secrets/invidious-database-password
|
|
|
|
patches:
|
|
# Patch the ingress-nginx deployment to allow it to use a service with a
|
|
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
|
|
- target:
|
|
kind: Deployment
|
|
name: ingress-nginx-controller
|
|
path: deploy-ingress-nginx.yaml
|
|
|
|
# Patch the ingress-nginx-admission-create job to reference its webhook with a
|
|
# namePrefix.
|
|
- target:
|
|
kind: Job
|
|
name: ingress-nginx-admission-create
|
|
path: job-ingress-nginx-admission-create.yaml
|
|
|
|
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
|
|
# namePrefix.
|
|
- target:
|
|
kind: Job
|
|
name: ingress-nginx-admission-patch
|
|
path: job-ingress-nginx-admission-patch.yaml
|
|
|
|
# Patch the ingress resource with stage-specific hostnames:
|
|
- target:
|
|
kind: Ingress
|
|
name: ingress
|
|
path: ingress.yaml
|
|
|
|
# Patch prometheus-server pod to mount the secrets volume.
|
|
- target:
|
|
kind: Deployment
|
|
name: prometheus-server
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/volumes/-
|
|
value:
|
|
secret:
|
|
secretName: prod-prometheus-credentials
|
|
name: secrets-volume
|
|
- op: add
|
|
path: /spec/template/spec/containers/1/volumeMounts/-
|
|
value:
|
|
mountPath: /etc/secrets
|
|
name: secrets-volume
|
|
readOnly: true
|
|
|
|
# Patch Grafana deployment to inject PostgreSQL credentials:
|
|
- target:
|
|
kind: Deployment
|
|
name: grafana
|
|
path: deploy-grafana.yaml
|