netflux-kubernetes/deploy/dev/kustomization.yaml

164 lines
4.0 KiB
YAML

---
namePrefix: dev-
resources:
- ../base
- svc-db.yaml
- cm-ingress-nginx-tcp-services.yaml
helmCharts:
- name: postgresql
version: "12.11.1"
repo: https://charts.bitnami.com/bitnami
releaseName: postgresql
valuesInline:
metrics:
enabled: true
auth:
postgresPassword: postgres
database: default
configMapGenerator:
- name: prometheus-server
behavior: merge
files:
- prometheus.yml=prometheus.yaml
- alerting_rules.yml=prometheus-alerting-rules.yaml
options:
labels:
app: prometheus
- name: prometheus-alertmanager
behavior: merge
files:
- alertmanager.yml=prometheus-alertmanager.yaml
options:
labels:
app: prometheus
- name: grafana
behavior: merge
files:
- grafana.ini
- datasources.yaml=grafana-datasources.yaml
- contactpoints.yaml=grafana-contactpoints.yaml
- name: invidious-config
files:
- config.yml=invidious-config.yaml
options:
labels:
app: invidious
- name: element-config
files:
- config.json=element-config.json
options:
labels:
app: element
- name: drone-config
literals:
# For Gitea/drone integration to work in dev, Gitea must be served from the
# external hostname `dev-gitea` so it matches with the internal DNS.
- gitea-server=http://dev-gitea
- server-host=dev-drone
- server-proto=http
- rpc-host=dev-drone
- rpc-proto=http
- logs-debug=false
options:
labels:
app: drone
- name: radicale-config
files:
- config.toml=radicale-config.toml
- users=radicale-users
options:
labels:
app: radicale
secretGenerator:
- name: grafana-credentials
literals:
- admin-user=rob
- admin-password=testme
- name: invidious-credentials
literals:
- database-url=postgresql://kemal:kemal@dev-db:5432/invidious
- hmac-key=fc93ecd912530fa278c8642cb16a2f86b76c228ce4b4b70a6e3107dfb57214ab
# Individual keys required by init-invidious-db:
- database-host=dev-db
- database-port=5432
- database-name=invidious
- database-user=kemal
- database-password=kemal
options:
labels:
app: invidious
- name: gitea-config
literals:
- admin-username=rob
- admin-password=testme
- admin-email=mail@localhost
files:
- config.ini=gitea-config.ini
options:
labels:
app: gitea
- name: drone-credentials
literals:
- database-url=postgres://postgres:postgres@dev-db:5432/drone?sslmode=disable
- gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115
- gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe
- rpc-secret=f5ec349109bb9bbdf00e4394afd28754
options:
labels:
app: drone
- name: synapse-config
files:
- homeserver.yaml=synapse-homeserver.yaml
- signing.key=synapse-signing.key
- log.config=synapse-log.config
options:
labels:
app: synapse
- name: solar-toolkit-gateway
literals:
- database-url=postgres://postgres:postgres@dev-db:5432/solar_toolkit_dev?sslmode=disable
options:
labels:
app: solar-toolkit-gateway
patches:
# Patch the metrics-server to not require TLS in dev cluster.
- target:
kind: Deployment
name: metrics-server
path: deploy-metrics-server.yaml
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
# Patch the ingress-nginx-admission-create job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-create
path: job-ingress-nginx-admission-create.yaml
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
kind: Deployment
name: grafana
path: deploy-grafana.yaml