netflux-kubernetes/deploy/prod/kustomization.yaml

91 lines
2.3 KiB
YAML

namePrefix: prod-
resources:
- ../base
- svc-db.yaml
- svc-netflux.yaml
configMapGenerator:
- name: prometheus-server
behavior: merge
files:
- prometheus.yml=prometheus.yaml
- name: grafana
behavior: merge
files:
- grafana.ini
- datasources.yaml=grafana-datasources.yaml
- name: invidious-config
files:
- config.yml=invidious-config.yaml
secretGenerator:
- name: prometheus-credentials
files:
- secrets/exporter-password
- name: grafana-credentials
files:
- admin-user=secrets/grafana-admin-user
- admin-password=secrets/grafana-admin-password
- name: invidious-credentials
literals:
# Individual keys required by init-invidious-db:
- database-host=prod-db
- database-port=5432
- database-name=invidious
- database-user=kemal
files:
- database-url=secrets/invidious-database-url
- database-password=secrets/invidious-database-password
patches:
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
# Patch the ingress-nginx-admission-create job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-create
path: job-ingress-nginx-admission-create.yaml
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch prometheus-server pod to mount the secrets volume.
- target:
kind: Deployment
name: prometheus-server
patch: |-
- op: add
path: /spec/template/spec/volumes/-
value:
secret:
secretName: prod-prometheus-credentials
name: secrets-volume
- op: add
path: /spec/template/spec/containers/1/volumeMounts/-
value:
mountPath: /etc/secrets
name: secrets-volume
readOnly: true
# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
kind: Deployment
name: grafana
path: deploy-grafana.yaml