DevFW-CICD/stacks-instances
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Stephan Lo 2025-06-22 15:20:29 +02:00
parent 075c31c6c4
commit 455e987a01
19 changed files with 1531 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
otc/ABC/registry/observability-client.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: observability-client
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/ABC/stacks/observability-client"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml
View file

@ -19,7 +19,7 @@ spec:
name: argocd-server
port:
number: 80
path: /argocd
path: /
pathType: Prefix
tls:
- hosts:

4
otc/ABC/stacks/core/argocd/values.yaml
View file

@ -4,8 +4,6 @@ global:
configs:
params:
server.insecure: true
server.basehref: /argocd
server.rootpath: /argocd
cm:
application.resourceTrackingMethod: annotation
timeout.reconciliation: 60s
@ -21,7 +19,7 @@ configs:
clusters:
- "*"
accounts.provider-argocd: apiKey
url: https://ABC/argocd
url: https://ABC
rbac:
policy.csv: 'g, provider-argocd, role:admin'

40
otc/ABC/stacks/forgejo/forgejo-server/values.yaml
View file

@ -1,3 +1,7 @@
# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
strategy:
type: Recreate
redis-cluster:
enabled: false
@ -12,26 +16,27 @@ postgresql-ha:
persistence:
enabled: true
size: 5Gi
size: 200Gi
annotations:
everest.io/crypt-key-id: KMS
test:
enabled: false
deployment:
env:
- name: SSL_CERT_FILE
value: /etc/elasticsearch/elasticsearch.cer
- name: SSL_CERT_DIR
value: /etc/ssl/forgejo
extraVolumeMounts:
- mountPath: /etc/elasticsearch
name: elasticsearch-cert-volume
- mountPath: /etc/ssl/forgejo
name: custom-database-certs-volume
readOnly: true
extraVolumes:
- name: elasticsearch-cert-volume
configMap:
defaultMode: 420
name: elasticsearch-cert
- name: custom-database-certs-volume
secret:
secretName: custom-database-certs
gitea:
additionalConfigFromEnvs:
@ -85,6 +90,11 @@ gitea:
secretKeyRef:
name: elasticsearch-cloud-credentials
key: connection-string
- name: FORGEJO__mailer__PASSWD
valueFrom:
secretKeyRef:
name: email-user-credentials
key: connection-string
admin:
existingSecret: gitea-credential
@ -101,7 +111,7 @@ gitea:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-mycluster
MINIO_BUCKET: edp-forgejo-kind
MINIO_USE_SSL: true
queue:
@ -123,6 +133,7 @@ gitea:
database:
DB_TYPE: postgres
SSL_MODE: verify-ca
server:
DOMAIN: 'ABC'
@ -130,10 +141,11 @@ gitea:
mailer:
ENABLED: true
FROM: forgejo@ABC
PROTOCOL: smtp
SMTP_ADDR: mailhog.mailhog.svc.cluster.local
SMTP_PORT: 1025
USER: ipcei-cis-devfw@mms-support.de
PROTOCOL: smtps
FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
SMTP_ADDR: mail.mms-support.de
SMTP_PORT: 465
service:
ssh:

29
otc/ABC/stacks/observability-client/metrics-server.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metrics-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: observability
sources:
- chart: metrics-server
repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.12.2
helm:
valueFiles:
- $values/otc/ABC/stacks/observability-client/metrics-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

4
otc/ABC/stacks/observability-client/metrics-server/values.yaml Normal file
View file

@ -0,0 +1,4 @@
metrics:
enabled: true
serviceMonitor:
enabled: true

2
otc/ABC/stacks/core/vector.yaml → otc/ABC/stacks/observability-client/vector.yaml
View file

@ -23,7 +23,7 @@ spec:
targetRevision: 0.43.0
helm:
valueFiles:
- $values/otc/ABC/stacks/core/vector/values.yaml
- $values/otc/ABC/stacks/observability-client/vector/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

15
otc/ABC/stacks/core/vector/values.yaml → otc/ABC/stacks/observability-client/vector/values.yaml
View file

@ -30,11 +30,9 @@ customConfig:
source: |
.log = parse_json(.message) ?? .message
del(.message)
# Add the cluster environment to the log event
.cluster_environment = "kind"
sinks:
exporter:
type: prometheus_exporter
address: 0.0.0.0:9090
inputs: [internal_metrics]
vlogs:
type: elasticsearch
inputs: [parser]
@ -51,8 +49,9 @@ customConfig:
enabled: false
request:
headers:
VL-Time-Field: timestamp
VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
AccountID: "0"
ProjectID: "0"
ProjectID: "0"
query:
_msg_field: _msg
_time_field: _time
_stream_fields: cluster_environment,kubernetes.container_name,kubernetes.namespace

31
otc/ABC/stacks/observability-client/vm-client-stack.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vm-client
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: vm-client
helm:
valueFiles:
- $values/otc/ABC/stacks/observability-client/vm-client-stack/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/observability-client/vm-client-stack/manifests"

9
otc/ABC/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: simple-user-secret
namespace: observability
type: Opaque
stringData:
username: simple-user
password: simple-password

1288
otc/ABC/stacks/observability-client/vm-client-stack/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

26
otc/ABC/stacks/observability/grafana-operator.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana-operator
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: grafana-operator
repoURL: ghcr.io/grafana/helm-charts
targetRevision: v5.18.0
releaseName: grafana-operator
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/observability/grafana-operator/manifests"

9
otc/ABC/stacks/observability/grafana-operator/manifests/argocd.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: argocd
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"

14
otc/ABC/stacks/observability/grafana-operator/manifests/grafana.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
name: grafana
labels:
dashboards: "grafana"
spec:
persistentVolumeClaim:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

9
otc/ABC/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: ingress-nginx
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"

9
otc/ABC/stacks/observability/grafana-operator/manifests/victoria-logs.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: victoria-logs
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"

5
otc/ABC/stacks/observability/victoria-k8s-stack.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: victoria-k8s-stack
name: o12y
namespace: argocd
labels:
env: dev
@ -12,6 +12,7 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
@ -19,7 +20,7 @@ spec:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: vm
releaseName: o12y
helm:
valueFiles:
- $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml

4
otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
View file

@ -8,8 +8,8 @@ spec:
password: simple-password
targetRefs:
- static:
url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429
paths: ["/api/v1/write/.*"]
url: http://vmsingle-o12y:8429
paths: ["/api/v1/write"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]

53
otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -14,13 +14,13 @@ global:
# -- Override chart name
nameOverride: ""
# -- Resource full name override
fullnameOverride: ""
fullnameOverride: "o12y"
# -- Tenant to use for Grafana datasources and remote write
tenant: "0"
# -- If this chart is used in "Argocd" with "releaseName" field then
# VMServiceScrapes couldn't select the proper services.
# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME'
argocdReleaseOverride: ""
argocdReleaseOverride: "o12y"
# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour
victoria-metrics-operator:
@ -50,7 +50,7 @@ defaultDashboards:
annotations: {}
grafanaOperator:
# -- Create dashboards as CRDs (requires grafana-operator to be installed)
enabled: false
enabled: true
spec:
instanceSelector:
matchLabels:
@ -763,16 +763,16 @@ vmauth:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
host: o12y.ABC
host: o12y.observability.think-ahead.cloud
tlsHosts:
- o12y.ABC
- o12y.observability.think-ahead.cloud
tlsSecretName: vmauth-tls-secret
unauthorizedUserAccessSpec: {}
selectAllByDefault: true
vmagent:
# -- Create VMAgent CR
enabled: true
enabled: false
# -- VMAgent annotations
annotations: {}
# -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec)
@ -826,9 +826,14 @@ vmagent:
defaultDatasources:
grafanaOperator:
# -- Create datasources as CRDs (requires grafana-operator to be installed)
enabled: false
enabled: true
annotations: {}
spec:
plugins:
- name: victoriametrics-metrics-datasource
version: 0.16.0
- name: victoriametrics-logs-datasource
version: 0.17.0
instanceSelector:
matchLabels:
dashboards: grafana
@ -861,20 +866,26 @@ defaultDatasources:
# -- Configure additional grafana datasources (passed through tpl).
# Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details
extra:
- name: victoria-logs
- name: VictoriaLogs
access: proxy
type: VictoriaLogs
type: victoriametrics-logs-datasource
url: http://vlogs-victorialogs:9428
version: 1
version: 0.18.0
# -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration)
grafana:
enabled: true
enabled: false
# all values for grafana helm chart can be specified here
persistence:
enabled: true
type: pvc
storageClassName: "default"
grafana.ini:
# auth:
# login_maximum_inactive_lifetime_duration: 0
# login_maximum_lifetime_duration: 0
security:
disable_brute_force_login_protection: true
sidecar:
datasources:
enabled: true
@ -889,14 +900,26 @@ grafana:
enabled: true
multicluster: false
# dashboards:
# default:
# victoria-logs:
# url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"
# victoria-logs-explorer:
# url: "https://grafana.com/api/dashboards/22759/revisions/6/download"
# ingress-nginx:
# url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"
# argocd:
# url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"
# -- Create datasource configmap even if grafana deployment has been disabled
forceDeployDatasource: false
forceDeployDatasource: true
# Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana:
# Note that Grafana will need internet access to install the datasource plugin.
#
# plugins:
# - victoriametrics-metrics-datasource
plugins:
- victoriametrics-metrics-datasource
- victoriametrics-logs-datasource
ingress:
enabled: false