DevFW-CICD/stacks-instances
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Christopher Hase 2025-05-21 15:34:42 +02:00
parent dc5fab84fa
commit 47edb11ea1
68 changed files with 4142 additions and 1631 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
otc/ABC/edfbuilder.yaml
View file

@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/registry" path: registry
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

4
otc/ABC/registry/core.yaml
View file

@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/stacks/core" path: stacks/core
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

4
otc/ABC/registry/local-backup.yaml
View file

@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/stacks/local-backup" path: stacks/local-backup
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

6
otc/ABC/registry/otc.yaml → otc/ABC/registry/monitoring.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: otc name: monitoring
namespace: argocd namespace: argocd
labels: labels:
env: dev env: dev
@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/stacks/otc" path: stacks/monitoring
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

4
otc/ABC/registry/ref-implementation.yaml
View file

@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/stacks/ref-implementation" path: stacks/ref-implementation
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

6
otc/ABC/registry/observability.yaml → otc/ABC/registry/second-cluster.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: observability name: second-cluster
namespace: argocd namespace: argocd
labels: labels:
env: dev env: dev
@ -12,8 +12,8 @@ spec:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
source: source:
path: "otc/ABC/stacks/observability" path: stacks/second-cluster
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" repoURL: 'https://gitea.ABC/giteaAdmin/edfbuilder'
targetRevision: HEAD targetRevision: HEAD
project: default project: default
syncPolicy: syncPolicy:

29
otc/ABC/stacks/core/argocd-sso.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd-sso
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/core/argocd-sso"
destination:
server: "https://kubernetes.default.svc"
namespace: argocd
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s

29
otc/ABC/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: forgejo-access-token
namespace: argocd
spec:
secretStoreRef:
name: gitea
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: forgejo-access-token
template:
engineVersion: v2
data:
forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}"
forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}"
metadata:
labels:
app.kubernetes.io/part-of: argocd
data:
- secretKey: FORGEJO_ACCESS_USERNAME
remoteRef:
key: forgejo-access-token
property: username
- secretKey: FORGEJO_ACCESS_TOKEN
remoteRef:
key: forgejo-access-token
property: token

24
otc/ABC/stacks/core/argocd-sso/argocd-secret.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: auth-generic-oauth-secret
namespace: argocd
spec:
secretStoreRef:
name: keycloak
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: auth-generic-oauth-secret
template:
engineVersion: v2
data:
client_secret: "{{.ARGOCD_CLIENT_SECRET}}"
metadata:
labels:
app.kubernetes.io/part-of: argocd
data:
- secretKey: ARGOCD_CLIENT_SECRET
remoteRef:
key: keycloak-clients
property: ARGOCD_CLIENT_SECRET

54
otc/ABC/stacks/core/argocd-sso/argocd-sso-config.yaml Normal file
View file

@ -0,0 +1,54 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: argocd-config
namespace: argocd
spec:
template:
metadata:
generateName: argocd-config-
spec:
restartPolicy: OnFailure
containers:
- name: push
image: docker.io/library/ubuntu:22.04
env:
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
command: ["/bin/bash", "-c"]
args:
- |
#! /bin/bash
apt -qq update
apt -qq install git wget -y
if [[ "$(uname -m)" == "x86_64" ]]; then
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
install yq_linux_amd64 /usr/local/bin/yq
rm yq_linux_amd64
else
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
install yq_linux_arm64 /usr/local/bin/yq
rm yq_linux_arm64
fi
git config --global user.email "bot@bots.de"
git config --global user.name "bot"
git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea.ABC/giteaAdmin/edfbuilder.git
cd edfbuilder
yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://ABC/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
git add stacks/core/argocd/values.yaml
git commit -m "adds Forgejo SSO config"
git push
backoffLimit: 99

6
otc/ABC/stacks/core/argocd.yaml
View file

@ -12,8 +12,6 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
retry:
limit: -1
destination: destination:
name: in-cluster name: in-cluster
namespace: argocd namespace: argocd
@ -26,7 +24,7 @@ spec:
targetRevision: argo-cd-7.8.14-depends targetRevision: argo-cd-7.8.14-depends
helm: helm:
valueFiles: valueFiles:
- $values/otc/ABC/stacks/core/argocd/values.yaml - $values/stacks/core/argocd/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values

6
otc/ABC/stacks/core/forgejo-runner.yaml
View file

@ -14,11 +14,9 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
retry:
limit: -1
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/core/forgejo-runner" path: "stacks/core/forgejo-runner"

29
otc/ABC/stacks/core/forgejo-sso.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-sso
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/core/forgejo-sso"
destination:
server: "https://kubernetes.default.svc"
namespace: gitea
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s

26
otc/ABC/stacks/core/forgejo-sso/forgejo-access-token.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: forgejo-access-token
namespace: gitea
spec:
secretStoreRef:
name: gitea
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: forgejo-access-token
template:
engineVersion: v2
data:
forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}"
forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}"
data:
- secretKey: FORGEJO_ACCESS_USERNAME
remoteRef:
key: forgejo-access-token
property: username
- secretKey: FORGEJO_ACCESS_TOKEN
remoteRef:
key: forgejo-access-token
property: token

26
otc/ABC/stacks/core/forgejo-sso/forgejo-secret.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: auth-generic-oauth-secret
namespace: gitea
spec:
secretStoreRef:
name: keycloak
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: auth-generic-oauth-secret
template:
engineVersion: v2
data:
key: "{{.FORGEJO_CLIENT_ID}}"
secret: "{{.FORGEJO_CLIENT_SECRET}}"
data:
- secretKey: FORGEJO_CLIENT_ID
remoteRef:
key: keycloak-clients
property: FORGEJO_CLIENT_ID
- secretKey: FORGEJO_CLIENT_SECRET
remoteRef:
key: keycloak-clients
property: FORGEJO_CLIENT_SECRET

76
otc/ABC/stacks/core/forgejo-sso/forgejo-sso-config.yaml Normal file
View file

@ -0,0 +1,76 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: forgejo-config
namespace: gitea
spec:
template:
metadata:
generateName: forgejo-config-
spec:
restartPolicy: OnFailure
containers:
- name: push
image: docker.io/library/ubuntu:22.04
env:
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
command: ["/bin/bash", "-c"]
args:
- |
#! /bin/bash
apt -qq update
apt -qq install git wget -y
if [[ "$(uname -m)" == "x86_64" ]]; then
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
install yq_linux_amd64 /usr/local/bin/yq
rm yq_linux_amd64
else
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
install yq_linux_arm64 /usr/local/bin/yq
rm yq_linux_arm64
fi
git config --global user.email "bot@bots.de"
git config --global user.name "giteaAdmin"
git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea.ABC/giteaAdmin/edfbuilder.git
cd edfbuilder
yq eval ".gitea.oauth = [
{
\"name\": \"Keycloak\",
\"provider\": \"openidConnect\",
\"existingSecret\": \"auth-generic-oauth-secret\",
\"autoDiscoverUrl\": \"https://ABC/keycloak/realms/cnoe/.well-known/openid-configuration\"
}
] |
(.gitea.oauth[] | .name) |= (. style=\"single\")
|
(.gitea.oauth[] | .provider) |= (. style=\"single\")
|
(.gitea.oauth[] | .existingSecret) |= (. style=\"single\")
|
(.gitea.oauth[] | .autoDiscoverUrl) |= (. style=\"single\")
" -i stacks/core/forgejo/values.yaml
yq eval '.gitea.config.oauth2_client =
{
"ENABLE_AUTO_REGISTRATION" : true,
"ACCOUNT_LINKING" : "auto"
}
' -i stacks/core/forgejo/values.yaml
git add stacks/core/forgejo/values.yaml
git commit -m "adds Forgejo SSO config"
git push
backoffLimit: 99

6
otc/ABC/stacks/core/forgejo.yaml
View file

@ -12,8 +12,6 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
retry:
limit: -1
destination: destination:
name: in-cluster name: in-cluster
namespace: gitea namespace: gitea
@ -23,7 +21,7 @@ spec:
targetRevision: v12.0.0-depends targetRevision: v12.0.0-depends
helm: helm:
valueFiles: valueFiles:
- $values/otc/ABC/stacks/core/forgejo/values.yaml - $values/stacks/core/forgejo/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values

6
otc/ABC/stacks/core/ingress-apps.yaml
View file

@ -11,14 +11,12 @@ spec:
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/core/ingress-apps" path: "stacks/core/ingress-apps"
project: default project: default
syncPolicy: syncPolicy:
automated: automated:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
retry:
limit: -1

18
otc/ABC/stacks/core/ingress-apps/alloy.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alloy
namespace: monitoring
spec:
ingressClassName: nginx
rules:
- host: ABC
http:
paths:
- backend:
service:
name: alloy
port:
number: 12345
path: /alloy
pathType: Prefix

1
otc/ABC/stacks/core/ingress-apps/argocd-server.yaml
View file

@ -4,7 +4,6 @@ metadata:
annotations: annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
name: argocd-server name: argocd-server
namespace: argocd namespace: argocd

18
otc/ABC/stacks/core/ingress-apps/fibonacci-service.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: fibonacci-service
namespace: fibonacci-app
spec:
ingressClassName: nginx
rules:
- host: ABC
http:
paths:
- backend:
service:
name: fibonacci-service
port:
number: 9090
path: /fibonacci
pathType: Prefix

1
otc/ABC/stacks/core/ingress-apps/forgejo.yaml
View file

@ -4,7 +4,6 @@ metadata:
annotations: annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 512m nginx.ingress.kubernetes.io/proxy-body-size: 512m
cert-manager.io/cluster-issuer: main
name: forgejo name: forgejo
namespace: gitea namespace: gitea

19
otc/ABC/stacks/core/ingress-apps/minio-console.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio-console
namespace: minio-backup
spec:
ingressClassName: nginx
rules:
- host: minio-backup.ABC
http:
paths:
- backend:
service:
name: minio-console
port:
number: 9001
path: /
pathType: Prefix

6
otc/ABC/stacks/otc/ingress-nginx.yaml → otc/ABC/stacks/core/ingress-nginx.yaml
View file

@ -12,8 +12,6 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
retry:
limit: -1
destination: destination:
name: in-cluster name: in-cluster
namespace: ingress-nginx namespace: ingress-nginx
@ -23,7 +21,7 @@ spec:
targetRevision: helm-chart-4.12.1-depends targetRevision: helm-chart-4.12.1-depends
helm: helm:
valueFiles: valueFiles:
- $values/otc/ABC/stacks/otc/ingress-nginx/values.yaml - $values/stacks/core/ingress-nginx/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values

49
otc/ABC/stacks/core/ingress-nginx/values.yaml Normal file
View file

@ -0,0 +1,49 @@
controller:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
ingressClassResource:
name: nginx
# added for idpbuilder
allowSnippetAnnotations: true
# added for idpbuilder
config:
proxy-buffer-size: 32k
use-forwarded-headers: "true"
# monitoring nginx
metrics:
enabled: true
serviceMonitor:
additionalLabels:
release: "ingress-nginx"
enabled: true
hostPort:
enabled: true
terminationGracePeriodSeconds: 0
service:
type: NodePort
nodeSelector:
ingress-ready: "true"
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
effect: "NoSchedule"
publishService:
enabled: false
extraArgs:
publish-status-address: localhost
# added for idpbuilder
enable-ssl-passthrough: ""

29
otc/ABC/stacks/core/vector.yaml
View file

@ -1,29 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: observability
sources:
- chart: vector
repoURL: https://helm.vector.dev
targetRevision: 0.43.0
helm:
valueFiles:
- $values/otc/ABC/stacks/core/vector/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

54
otc/ABC/stacks/core/vector/values.yaml
View file

@ -1,54 +0,0 @@
# -- Enable deployment of vector
role: Agent
dataDir: /vector-data-dir
resources: {}
args:
- -w
- --config-dir
- /etc/vector/
containerPorts:
- name: prom-exporter
containerPort: 9090
protocol: TCP
service:
enabled: false
customConfig:
data_dir: /vector-data-dir
api:
enabled: false
address: 0.0.0.0:8686
playground: true
sources:
k8s:
type: kubernetes_logs
internal_metrics:
type: internal_metrics
transforms:
parser:
type: remap
inputs: [k8s]
source: |
.log = parse_json(.message) ?? .message
del(.message)
sinks:
exporter:
type: prometheus_exporter
address: 0.0.0.0:9090
inputs: [internal_metrics]
vlogs:
type: elasticsearch
inputs: [parser]
endpoints:
- http://vlogs-victorialogs:9428/insert/elasticsearch/
mode: bulk
api_version: v8
compression: gzip
healthcheck:
enabled: false
request:
headers:
VL-Time-Field: timestamp
VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
AccountID: "0"
ProjectID: "0"

10
otc/ABC/stacks/local-backup/minio.yaml
View file

@ -10,19 +10,19 @@ metadata:
spec: spec:
project: default project: default
sources: sources:
- repoURL: "https://charts.min.io" - repoURL: 'https://charts.min.io'
targetRevision: 5.0.15 targetRevision: 5.0.15
helm: helm:
releaseName: minio releaseName: minio
valueFiles: valueFiles:
- $values/otc/ABC/stacks/local-backup/minio/helm/values.yaml - $values/stacks/local-backup/minio/helm/values.yaml
chart: minio chart: minio
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/local-backup/minio/manifests" path: "stacks/local-backup/minio/manifests"
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
namespace: minio-backup namespace: minio-backup

6
otc/ABC/stacks/local-backup/velero.yaml
View file

@ -10,14 +10,14 @@ metadata:
spec: spec:
project: default project: default
sources: sources:
- repoURL: "https://vmware-tanzu.github.io/helm-charts" - repoURL: 'https://vmware-tanzu.github.io/helm-charts'
targetRevision: 8.0.0 targetRevision: 8.0.0
helm: helm:
releaseName: velero releaseName: velero
valueFiles: valueFiles:
- $values/otc/ABC/stacks/local-backup/velero/helm/values.yaml - $values/stacks/local-backup/velero/helm/values.yaml
chart: velero chart: velero
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
destination: destination:

29
otc/ABC/stacks/monitoring/alloy.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: alloy
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: monitoring
sources:
- repoURL: https://github.com/grafana/alloy.git
path: operations/helm/charts/alloy
targetRevision: HEAD
helm:
valueFiles:
- $values/stacks/monitoring/alloy/values.yaml
- repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
ref: values

78
otc/ABC/stacks/monitoring/alloy/values.yaml Normal file
View file

@ -0,0 +1,78 @@
alloy:
create: false
name: alloy-config
key: config.alloy
uiPathPrefix: "/alloy"
configMap:
content: |-
logging {
level = "info"
format = "logfmt"
}
loki.write "local_loki" {
endpoint {
url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
}
}
discovery.kubernetes "pod" {
role = "pod"
}
discovery.kubernetes "nodes" {
role = "node"
}
discovery.kubernetes "services" {
role = "service"
}
discovery.kubernetes "endpoints" {
role = "endpoints"
}
discovery.kubernetes "endpointslices" {
role = "endpointslice"
}
discovery.kubernetes "ingresses" {
role = "ingress"
}
discovery.relabel "pod_logs" {
targets = discovery.kubernetes.pod.targets
rule {
source_labels = ["__meta_kubernetes_namespace"]
action = "replace"
target_label = "namespace"
}
rule {
source_labels = ["__meta_kubernetes_pod_name"]
action = "replace"
target_label = "pod"
}
rule {
source_labels = ["__meta_kubernetes_pod_node_name"]
action = "replace"
target_label = "node"
}
rule {
source_labels = ["__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "container"
}
}
loki.source.kubernetes "all_pod_logs" {
targets = discovery.relabel.pod_logs.output
forward_to = [loki.write.local_loki.receiver]
}

25
otc/ABC/stacks/monitoring/grafana-dashboards.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana-dashboards
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/monitoring/kube-prometheus/dashboards"
destination:
server: "https://kubernetes.default.svc"
namespace: monitoring
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1

29
otc/ABC/stacks/monitoring/kube-prometheus-sso.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-prometheus-sso
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/monitoring/kube-prometheus-sso"
destination:
server: "https://kubernetes.default.svc"
namespace: monitoring
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s

21
otc/ABC/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: auth-generic-oauth-secret
namespace: monitoring
spec:
secretStoreRef:
name: keycloak
kind: ClusterSecretStore
refreshInterval: "0"
target:
name: auth-generic-oauth-secret
template:
engineVersion: v2
data:
client_secret: "{{.GRAFANA_CLIENT_SECRET}}"
data:
- secretKey: GRAFANA_CLIENT_SECRET
remoteRef:
key: keycloak-clients
property: GRAFANA_CLIENT_SECRET

36
otc/ABC/stacks/monitoring/kube-prometheus.yaml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-prometheus-stack
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true # do not copy metdata, since (because of its large size) it can lead to sync failure
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s
destination:
name: in-cluster
namespace: monitoring
sources:
- repoURL: https://github.com/prometheus-community/helm-charts
path: charts/kube-prometheus-stack
targetRevision: HEAD
helm:
valueFiles:
- $values/stacks/monitoring/kube-prometheus/values.yaml
- repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
ref: values

268
otc/ABC/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml Normal file
View file

@ -0,0 +1,268 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboard-1
labels:
grafana_dashboard: "1"
data:
k8s-dashboard-01.json: |
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 1,
"links": [
],
"panels": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 5,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"expr": "{app=\"crossplane\"}",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: App crossplane",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 4,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"expr": "{app=\"argo-server\"}",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: App argo-server",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 3,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"expr": "{app=\"forgejo\"}",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: App forgejo",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 24
},
"id": 2,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"expr": "{app=\"backstage\"}",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: App backstage",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 32
},
"id": 1,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"expr": "{app=\"shoot-control-plane\"}",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: App shoot-control-plane",
"type": "logs"
}
],
"preload": false,
"schemaVersion": 40,
"tags": [
],
"templating": {
"list": [
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
},
"timezone": "browser",
"title": "Loki Logs: Apps",
"uid": "ee4iuluru756of",
"version": 2,
"weekStart": ""
}

845
otc/ABC/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml Normal file
View file

@ -0,0 +1,845 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboard-2
labels:
grafana_dashboard: "1"
data:
k8s-dashboard-02.json: |
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 30,
"links": [
],
"panels": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 19,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"server\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component server",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 17,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"repo-server\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component repo-server",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 16,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"redis\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component redis",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 24
},
"id": 15,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"query-frontend\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component query-frontend",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 32
},
"id": 14,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"querier\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component querier",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 40
},
"id": 13,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"prometheus-operator-webhook\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component prometheus-operator-webhook",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 48
},
"id": 12,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"prometheus-operator\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component prometheus-operator",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 56
},
"id": 11,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"metrics\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component metrics",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 64
},
"id": 10,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"kube-scheduler\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component kube-scheduler",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 72
},
"id": 9,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"kube-controller-manager\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component kube-controller-manager",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 80
},
"id": 8,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"kube-apiserver\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component kube-apiserver",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 88
},
"id": 7,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"ingester\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component ingester",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 96
},
"id": 6,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"gateway\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component gateway",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 104
},
"id": 5,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"etcd\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component etcd",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 112
},
"id": 4,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"distributor\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component distributor",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 120
},
"id": 3,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"controller\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component controller",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 128
},
"id": 2,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"cloud-infrastructure-controller\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component cloud-infrastructure-controller",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 136
},
"id": 1,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{component=\"applicationset-controller\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Component application-controller",
"type": "logs"
}
],
"preload": false,
"schemaVersion": 40,
"tags": [
],
"templating": {
"list": [
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
},
"timezone": "browser",
"title": "Loki Logs: Components",
"uid": "ae4zuyp1kui9sc",
"version": 2,
"weekStart": ""
}

537
otc/ABC/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml Normal file
View file

@ -0,0 +1,537 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboard-3
labels:
grafana_dashboard: "1"
data:
k8s-dashboard-03.json: |
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 31,
"links": [
],
"panels": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 11,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"repo-server\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container repo-server",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 10,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"alloy\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container alloy",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 9,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"prometheus\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container prometheus",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 24
},
"id": 8,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"postgres\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container postgres",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 32
},
"id": 7,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"kube-prometheus-stack\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container kube-prometheus-stack",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 40
},
"id": 6,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"keycloak\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container keycloak",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 48
},
"id": 5,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"grafana\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container grafana",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 56
},
"id": 4,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"forgejo\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container forgejo",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 64
},
"id": 3,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"crossplane\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container crossplane",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 72
},
"id": 2,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"backstage\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container backstage",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"fieldConfig": {
"defaults": {
},
"overrides": [
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 80
},
"id": 1,
"options": {
"dedupStrategy": "none",
"enableLogDetails": true,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"pluginVersion": "11.3.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "P8E80F9AEF21F6940"
},
"editorMode": "builder",
"expr": "{container=\"argo-server\"} |= ``",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs: Container argo-server",
"type": "logs"
}
],
"preload": false,
"schemaVersion": 40,
"tags": [
],
"templating": {
"list": [
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
},
"timezone": "browser",
"title": "Loki Logs: Container",
"uid": "ee50bcaehmv40e",
"version": 2,
"weekStart": ""
}

1577
otc/ABC/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml Normal file
View file

File diff suppressed because it is too large Load diff

71
otc/ABC/stacks/monitoring/kube-prometheus/values.yaml Normal file
View file

@ -0,0 +1,71 @@
grafana:
namespaceOverride: "monitoring"
admin:
existingSecret: "kube-prometheus-stack-grafana-admin-password"
userKey: admin-user
passwordKey: admin-password
defaultDashboardsTimezone: Europe/Berlin
additionalDataSources:
- name: Loki
type: loki
url: http://loki-loki-distributed-gateway.monitoring:80
# syncPolicy:
# syncOptions:
# - ServerSideApply=true
sidecar:
dashboards:
enabled: true
label: grafana_dashboard
folder: /tmp/dashboards
updateIntervalSeconds: 10
folderAnnotation: grafana_folder
provider:
allowUiUpdates: true
foldersFromFilesStructure: true
grafana.ini:
server:
domain: ABC
root_url: "%(protocol)s://%(domain)s/grafana"
serve_from_sub_path: true
auth:
disable_login: true
disable_login_form: true
auth.generic_oauth:
enabled: true
name: Keycloak-OAuth
allow_sign_up: true
use_refresh_token: true
client_id: grafana
client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
scopes: openid email profile offline_access roles
email_attribute_path: email
login_attribute_path: username
name_attribute_path: full_name
auth_url: https://ABC/keycloak/realms/cnoe/protocol/openid-connect/auth
token_url: https://ABC/keycloak/realms/cnoe/protocol/openid-connect/token
api_url: https://ABC/keycloak/realms/cnoe/protocol/openid-connect/userinfo
redirect_uri: http://ABC/grafana/login/generic_oauth
role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
extraSecretMounts:
- name: auth-generic-oauth-secret-mount
secretName: auth-generic-oauth-secret
defaultMode: 0440
mountPath: /etc/secrets/auth_generic_oauth
readOnly: true
serviceMonitor:
# If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator
enabled: true
#monitoring nginx
prometheus:
prometheusSpec:
podMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false

34
otc/ABC/stacks/monitoring/loki.yaml Normal file
View file

@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: monitoring
sources:
- repoURL: https://github.com/grafana/helm-charts
path: charts/loki-distributed
targetRevision: HEAD
helm:
valueFiles:
- $values/stacks/monitoring/loki/values.yaml
- repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
ref: values
## consider using the following version, if it works again
#- repoURL: https://github.com/grafana/loki
# path: production/helm/loki

7
otc/ABC/stacks/monitoring/loki/values.yaml Normal file
View file

@ -0,0 +1,7 @@
loki:
commonConfig:
replication_factor: 1
auth_enabled: false
# storageConfig:
# filesystem: null

31
otc/ABC/stacks/observability/victoria-k8s-stack.yaml
View file

@ -1,31 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: victoria-k8s-stack
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: victoria
helm:
valueFiles:
- $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/observability/victoria-k8s-stack/manifests"

21
otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
View file

@ -1,21 +0,0 @@
apiVersion: operator.victoriametrics.com/v1beta1
kind: VLogs
metadata:
name: victorialogs
namespace: observability
spec:
retentionPeriod: "12"
removePvcAfterDelete: true
storage:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
resources:
requests:
memory: 500Mi
cpu: 500m
limits:
memory: 10Gi
cpu: 2

1278
otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml
View file

File diff suppressed because it is too large Load diff

14
otc/ABC/stacks/otc/cert-manager/manifests/clusterissuer.yaml
View file

@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: main
spec:
acme:
email: admin@think-ahead.tech
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cluster-issuer-account-key
solvers:
- http01:
ingress:
ingressClassName: nginx

4
otc/ABC/stacks/otc/cert-manager/values.yaml
View file

@ -1,4 +0,0 @@
crds:
enabled: true
replicaCount: 1

33
otc/ABC/stacks/otc/cert-manger.yaml
View file

@ -1,33 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: cert-manager
sources:
- chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.17.2
releaseName: cert-manager
helm:
valueFiles:
- $values/otc/ABC/stacks/otc/cert-manager/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/otc/cert-manager/manifests"

31
otc/ABC/stacks/otc/ingress-nginx/values.yaml
View file

@ -1,31 +0,0 @@
controller:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
service:
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.port: '80'
kubernetes.io/elb.id: ABC
kubernetes.io/elb.ip: ABC
ingressClassResource:
name: nginx
# added for idpbuilder
allowSnippetAnnotations: true
# added for idpbuilder
config:
proxy-buffer-size: 32k
use-forwarded-headers: "true"
# monitoring nginx
metrics:
enabled: true
serviceMonitor:
additionalLabels:
release: "ingress-nginx"
enabled: true

18
otc/ABC/stacks/otc/storageclass/storageclass.yaml
View file

@ -1,18 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.beta.kubernetes.io/is-default-class: "true"
labels:
kubernetes.io/cluster-service: "true"
name: default
parameters:
kubernetes.io/description: ""
kubernetes.io/hw:passthrough: "true"
kubernetes.io/storagetype: BS
kubernetes.io/volumetype: SATA
kubernetes.io/zone: eu-de-02
provisioner: flexvolume-huawei.com/fuxivol
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true

4
otc/ABC/stacks/ref-implementation/argo-workflows.yaml
View file

@ -10,9 +10,9 @@ metadata:
spec: spec:
project: default project: default
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/argo-workflows/manifests/dev" path: "stacks/ref-implementation/argo-workflows/manifests/dev"
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
namespace: argo namespace: argo

6
otc/ABC/stacks/ref-implementation/backstage-templates.yaml
View file

@ -10,11 +10,11 @@ metadata:
spec: spec:
project: default project: default
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/backstage-templates/entities" path: "stacks/ref-implementation/backstage-templates/entities"
directory: directory:
exclude: "catalog-info.yaml" exclude: 'catalog-info.yaml'
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
namespace: backstage namespace: backstage

4
otc/ABC/stacks/ref-implementation/backstage.yaml
View file

@ -10,9 +10,9 @@ metadata:
spec: spec:
project: default project: default
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/backstage/manifests" path: "stacks/ref-implementation/backstage/manifests"
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
namespace: backstage namespace: backstage

2
otc/ABC/stacks/ref-implementation/backstage/manifests/install.yaml
View file

@ -167,7 +167,7 @@ data:
locations: locations:
# Examples from a public GitHub repository. # Examples from a public GitHub repository.
- type: url - type: url
target: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live:443/DevFW-CICD/stacks-instances/raw/branch/main/otc/ABC/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml target: https://gitea.ABC:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
rules: rules:
- allow: [Component, System, API, Resource, Location, Template, User, Group] - allow: [Component, System, API, Resource, Location, Template, User, Group]
kubernetes: kubernetes:

4
otc/ABC/stacks/ref-implementation/external-secrets.yaml
View file

@ -12,9 +12,9 @@ spec:
namespace: external-secrets namespace: external-secrets
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/external-secrets/manifests" path: "stacks/ref-implementation/external-secrets/manifests"
project: default project: default
syncPolicy: syncPolicy:
automated: automated:

22
otc/ABC/stacks/otc/storageclass.yaml → otc/ABC/stacks/ref-implementation/fibonacci-app.yaml
View file

@ -1,25 +1,25 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: storageclass name: fibonacci-app
namespace: argocd namespace: argocd
labels: labels:
example: otc env: dev
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
destination:
namespace: default
server: "https://kubernetes.default.svc"
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/otc/storageclass"
project: default project: default
source:
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/ref-implementation/fibonacci-app"
destination:
server: "https://kubernetes.default.svc"
namespace: fibonacci-app
syncPolicy: syncPolicy:
automated:
selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated:
selfHeal: true
retry: retry:
limit: -1 limit: -1

20
otc/ABC/stacks/ref-implementation/fibonacci-app/deployment.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: fibonacci-deployment
namespace: fibonacci-app
spec:
replicas: 1
selector:
matchLabels:
app: fibonacci-go
template:
metadata:
labels:
app: fibonacci-go
spec:
containers:
- name: fibonacci-go
image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/christopher.hase/fibonacci_http_go:1.0.0
ports:
- containerPort: 9090

13
otc/ABC/stacks/ref-implementation/fibonacci-app/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: fibonacci-service
namespace: fibonacci-app
spec:
selector:
app: fibonacci-go
ports:
- protocol: TCP
port: 9090
targetPort: 9090
type: ClusterIP

4
otc/ABC/stacks/ref-implementation/keycloak.yaml
View file

@ -12,9 +12,9 @@ spec:
namespace: keycloak namespace: keycloak
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/keycloak/manifests" path: "stacks/ref-implementation/keycloak/manifests"
project: default project: default
syncPolicy: syncPolicy:
automated: automated:

4
otc/ABC/stacks/ref-implementation/mailhog.yaml
View file

@ -10,9 +10,9 @@ metadata:
spec: spec:
project: default project: default
source: source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/mailhog" path: "stacks/ref-implementation/mailhog"
destination: destination:
server: "https://kubernetes.default.svc" server: "https://kubernetes.default.svc"
namespace: mailhog namespace: mailhog

7
otc/ABC/stacks/ref-implementation/openbao.yaml
View file

@ -23,13 +23,10 @@ spec:
targetRevision: HEAD targetRevision: HEAD
helm: helm:
valueFiles: valueFiles:
- $values/otc/ABC/stacks/ref-implementation/openbao/values.yaml - $values/stacks/ref-implementation/openbao/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/ref-implementation/openbao/manifests"
ignoreDifferences: ignoreDifferences:
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration

9
otc/ABC/stacks/ref-implementation/openbao/manifests/role.yaml
View file

@ -1,9 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: vault-token-role
namespace: openbao
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["create"]

13
otc/ABC/stacks/ref-implementation/openbao/manifests/rolebinding.yaml
View file

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: vault-token-rolebinding
namespace: openbao
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: vault-token-role
subjects:
- kind: ServiceAccount
name: openbao
namespace: openbao

17
otc/ABC/stacks/ref-implementation/openbao/values.yaml
View file

@ -3,8 +3,6 @@ server:
- sh - sh
- -c - -c
- | - |
echo --- unseal workaround
sleep 10 sleep 10
bao operator init >> /tmp/init.txt bao operator init >> /tmp/init.txt
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
@ -15,20 +13,5 @@ server:
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
rm /tmp/init.txt rm /tmp/init.txt
echo --- provide OpenBAO secret to ESO
if [[ "$(uname -m)" == "x86_64" ]]; then
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
else
wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
fi
chmod +x /tmp/kubectl_eso
/tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao
rm /tmp/kubectl_eso
ui: ui:
enabled: true enabled: true

23
otc/ABC/stacks/second-cluster/create-new-cluster-guestbook.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: create-new-cluster-guestbook
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: crossplane-system
source:
path: stacks/second-cluster/create-new-cluster-guestbook
repoURL: https://gitea.ABC/giteaAdmin/edfbuilder
targetRevision: HEAD

16
otc/ABC/stacks/second-cluster/create-new-cluster-guestbook/argocluster.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
name: argo-app-test
labels:
purpose: dev
spec:
forProvider:
config:
kubeconfigSecretRef:
key: kubeconfig
namespace: crossplane-system
name: argo-app-test-kubeconf
name: argo-app-test-cluster
providerConfigRef:
name: argocd-provider

26
otc/ABC/stacks/second-cluster/create-new-cluster-guestbook/guestbook.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argo-second-cluster-demo
namespace: argocd
spec:
destination:
namespace: guestbook
name: argo-app-test-cluster
project: default
source:
path: guestbook
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
backoff:
duration: 5s
factor: 2
maxDuration: 1m

26
otc/ABC/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: container.kind.crossplane.io/v1alpha1
kind: KindCluster
metadata:
name: argo-app-test
spec:
forProvider:
kindConfig: |
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
# TODO: RIRE used maybe for velero backup
# extraMounts:
# - hostPath: /tmp/backup # replace with your own path
# containerPath: /backup
providerConfigRef:
name: kind-provider
writeConnectionSecretToRef:
namespace: crossplane-system
name: argo-app-test-kubeconf