DevFW-CICD/stacks-instances
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Automated pipeline 2025-07-08 09:43:40 +00:00 committed by Actions pipeline
parent 4010d4b5db
commit d886195181
37 changed files with 3686 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
otc/foundry-dev.t09.de/edfbuilder.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: edfbuilder
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/registry"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

24
otc/foundry-dev.t09.de/registry/core.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: core
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/stacks/core"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

24
otc/foundry-dev.t09.de/registry/forgejo.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/stacks/forgejo"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

24
otc/foundry-dev.t09.de/registry/observability-client.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: observability-client
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/stacks/observability-client"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

24
otc/foundry-dev.t09.de/registry/observability.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: observability
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/stacks/observability"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

24
otc/foundry-dev.t09.de/registry/otc.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: otc
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "otc/foundry-dev.t09.de/stacks/otc"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

35
otc/foundry-dev.t09.de/stacks/core/argocd.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: argocd
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/argocd-helm.git
path: charts/argo-cd
# TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged
# As logout make problems, it is suggested to switch from path based routing to an own argocd domain,
# similar to the CNOE amazon reference implementation and in our case, Forgejo
targetRevision: argo-cd-7.8.14-depends
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/core/argocd/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/core/argocd/manifests"

27
otc/foundry-dev.t09.de/stacks/core/argocd/manifests/argocd-server-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
name: argocd-server
namespace: argocd
spec:
ingressClassName: nginx
rules:
- host: argocd.foundry-dev.t09.de
http:
paths:
- backend:
service:
name: argocd-server
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- argocd.foundry-dev.t09.de
secretName: argocd-net-tls

33
otc/foundry-dev.t09.de/stacks/core/argocd/values.yaml Normal file
View file

@ -0,0 +1,33 @@
global:
domain: argocd.foundry-dev.t09.de
configs:
params:
server.insecure: true
cm:
application.resourceTrackingMethod: annotation
timeout.reconciliation: 60s
resource.exclusions: |
- apiGroups:
- "*"
kinds:
- ProviderConfigUsage
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
clusters:
- "*"
accounts.provider-argocd: apiKey
url: https://argocd.foundry-dev.t09.de
rbac:
policy.csv: 'g, provider-argocd, role:admin'
tls:
certificates:
notifications:
enabled: false
dex:
enabled: false

24
otc/foundry-dev.t09.de/stacks/forgejo/forgejo-runner.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-runner
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
server: "https://kubernetes.default.svc"
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/forgejo/forgejo-runner"

104
otc/foundry-dev.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml Normal file
View file

@ -0,0 +1,104 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: forgejo-runner
name: forgejo-runner
namespace: gitea
spec:
# Two replicas means that if one is busy, the other can pick up jobs.
replicas: 1
selector:
matchLabels:
app: forgejo-runner
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: forgejo-runner
spec:
restartPolicy: Always
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
# Initialise our configuration file using offline registration
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers:
- name: runner-register
image: code.forgejo.org/forgejo/runner:6.3.1
command:
- "sh"
- "-c"
- |
forgejo-runner \
register \
--no-interactive \
--token ${RUNNER_SECRET} \
--name ${RUNNER_NAME} \
--instance ${FORGEJO_INSTANCE_URL} \
--labels docker:docker://node:20-bookworm,ubuntu-22.04:docker://edp.buildth.ing/devfw-cicd/catthehackerubuntu:act-22.04,ubuntu-latest:docker://edp.buildth.ing/devfw-cicd/catthehackerubuntu:act-22.04
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: forgejo-runner-token
key: token
- name: FORGEJO_INSTANCE_URL
value: https://foundry-dev.t09.de
volumeMounts:
- name: runner-data
mountPath: /data
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:6.3.1
command:
- "sh"
- "-c"
- |
while ! nc -z 127.0.0.1 2376 </dev/null; do
echo 'waiting for docker daemon...';
sleep 5;
done
forgejo-runner generate-config > config.yml ;
sed -i -e "s|privileged: .*|privileged: true|" config.yml
sed -i -e "s|network: .*|network: host|" config.yml ;
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://127.0.0.1:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ;
/bin/forgejo-runner --config config.yml daemon
securityContext:
allowPrivilegeEscalation: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: daemon
image: docker:28.0.4-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs

38
otc/foundry-dev.t09.de/stacks/forgejo/forgejo-server.yaml Normal file
View file

@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/forgejo-helm.git
path: .
# first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
# (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
# then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
# https://edp.buildth.ing/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
# finally update the desired version here and include "-depends", it is created by the devops pipeline.
# why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
targetRevision: v12.0.0-depends
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/forgejo/forgejo-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/forgejo/forgejo-server/manifests"

27
otc/foundry-dev.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 512m
cert-manager.io/cluster-issuer: main
name: forgejo-server
namespace: gitea
spec:
ingressClassName: nginx
rules:
- host: foundry-dev.t09.de
http:
paths:
- backend:
service:
name: forgejo-server-http
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- foundry-dev.t09.de
secretName: forgejo-net-tls

180
otc/foundry-dev.t09.de/stacks/forgejo/forgejo-server/values.yaml Normal file
View file

@ -0,0 +1,180 @@
# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
strategy:
type: Recreate
redis-cluster:
enabled: false
redis:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: true
size: 200Gi
annotations:
everest.io/crypt-key-id: 59fef883-ff31-43d5-815c-e2902ec62bbe
test:
enabled: false
deployment:
env:
- name: SSL_CERT_DIR
value: /etc/ssl/forgejo
extraVolumeMounts:
- mountPath: /etc/ssl/forgejo
name: custom-database-certs-volume
readOnly: true
extraVolumes:
- name: custom-database-certs-volume
secret:
secretName: custom-database-certs
gitea:
additionalConfigFromEnvs:
- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: access-key
- name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: secret-key
- name: FORGEJO__queue__CONN_STR
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__session__PROVIDER_CONFIG
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__cache__HOST
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__database__HOST
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: host_port
- name: FORGEJO__database__NAME
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: database
- name: FORGEJO__database__USER
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: username
- name: FORGEJO__database__PASSWD
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: password
- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: elasticsearch-cloud-credentials
key: connection-string
- name: FORGEJO__mailer__PASSWD
valueFrom:
secretKeyRef:
name: email-user-credentials
key: connection-string
admin:
existingSecret: gitea-credential
config:
APP_NAME: 'EDP'
APP_SLOGAN: 'Build your thing in minutes'
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: elasticsearch
# TODO next
REPO_INDEXER_ENABLED: false
# REPO_INDEXER_TYPE: meilisearch # not yet working
storage:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-foundry-dev
MINIO_USE_SSL: true
queue:
TYPE: redis
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
service:
DISABLE_REGISTRATION: true
other:
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
database:
DB_TYPE: postgres
SSL_MODE: verify-ca
server:
DOMAIN: 'foundry-dev.t09.de'
ROOT_URL: 'https://foundry-dev.t09.de:443'
mailer:
ENABLED: true
USER: ipcei-cis-devfw@mms-support.de
PROTOCOL: smtps
FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
SMTP_ADDR: mail.mms-support.de
SMTP_PORT: 465
service:
ssh:
type: LoadBalancer
nodePort: 32222
externalTrafficPolicy: Cluster
annotations:
kubernetes.io/elb.id: e03d5bdd-5a2b-461a-933f-5fc076be5d6d
image:
pullPolicy: "IfNotPresent"
# Overrides the image tag whose default is the chart appVersion.
#tag: "8.0.3"
# Adds -rootless suffix to image name
# rootless: true
fullOverride: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/edp-forgejo:prerelease-v11-0-1-rootless
forgejo:
runner:
enabled: true
image:
tag: latest
# replicas: 3
config:
runner:
labels:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

29
otc/foundry-dev.t09.de/stacks/observability-client/metrics-server.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metrics-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: observability
sources:
- chart: metrics-server
repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.12.2
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/observability-client/metrics-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

4
otc/foundry-dev.t09.de/stacks/observability-client/metrics-server/values.yaml Normal file
View file

@ -0,0 +1,4 @@
metrics:
enabled: true
serviceMonitor:
enabled: true

29
otc/foundry-dev.t09.de/stacks/observability-client/vector.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vector
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: observability
sources:
- chart: vector
repoURL: https://helm.vector.dev
targetRevision: 0.43.0
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/observability-client/vector/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

68
otc/foundry-dev.t09.de/stacks/observability-client/vector/values.yaml Normal file
View file

@ -0,0 +1,68 @@
# -- Enable deployment of vector
role: Agent
dataDir: /vector-data-dir
resources: {}
args:
- -w
- --config-dir
- /etc/vector/
env:
- name: VECTOR_USER
valueFrom:
secretKeyRef:
name: simple-user-secret
key: username
- name: VECTOR_PASSWORD
valueFrom:
secretKeyRef:
name: simple-user-secret
key: password
containerPorts:
- name: prom-exporter
containerPort: 9090
protocol: TCP
service:
enabled: false
customConfig:
data_dir: /vector-data-dir
api:
enabled: false
address: 0.0.0.0:8686
playground: true
sources:
k8s:
type: kubernetes_logs
internal_metrics:
type: internal_metrics
transforms:
parser:
type: remap
inputs: [k8s]
source: |
._msg = parse_json(.message) ?? .message
del(.message)
# Add the cluster environment to the log event
.cluster_environment = "foundry-dev"
sinks:
vlogs:
type: elasticsearch
inputs: [parser]
endpoints:
- https://o12y.observability.t09.de/insert/elasticsearch/
auth:
strategy: basic
user: ${VECTOR_USER}
password: ${VECTOR_PASSWORD}
mode: bulk
api_version: v8
compression: gzip
healthcheck:
enabled: false
request:
headers:
AccountID: "0"
ProjectID: "0"
query:
_msg_field: _msg
_time_field: _time
_stream_fields: cluster_environment,kubernetes.container_name,kubernetes.namespace

30
otc/foundry-dev.t09.de/stacks/observability-client/vm-client-stack.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vm-client
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/observability-client/vm-client-stack/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/observability-client/vm-client-stack/manifests"

9
otc/foundry-dev.t09.de/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: simple-user-secret
namespace: observability
type: Opaque
stringData:
username: simple-user
password: simple-password

1288
otc/foundry-dev.t09.de/stacks/observability-client/vm-client-stack/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

25
otc/foundry-dev.t09.de/stacks/observability/grafana-operator.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana-operator
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: grafana-operator
repoURL: ghcr.io/grafana/helm-charts
targetRevision: v5.18.0
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/observability/grafana-operator/manifests"

9
otc/foundry-dev.t09.de/stacks/observability/grafana-operator/manifests/argocd.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: argocd
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"

36
otc/foundry-dev.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
name: grafana
labels:
dashboards: "grafana"
spec:
persistentVolumeClaim:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
ingress:
metadata:
annotations:
cert-manager.io/cluster-issuer: main
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- host: grafana.foundry-dev.t09.de
http:
paths:
- backend:
service:
name: grafana-service
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- grafana.foundry-dev.t09.de
secretName: grafana-net-tls

9
otc/foundry-dev.t09.de/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: ingress-nginx
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"

9
otc/foundry-dev.t09.de/stacks/observability/grafana-operator/manifests/victoria-logs.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: victoria-logs
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"

31
otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: o12y
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack/manifests"

24
otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: operator.victoriametrics.com/v1beta1
kind: VLogs
metadata:
name: victorialogs
namespace: observability
spec:
retentionPeriod: "12"
removePvcAfterDelete: true
storageMetadata:
annotations:
everest.io/crypt-key-id: 59fef883-ff31-43d5-815c-e2902ec62bbe
storage:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
resources:
requests:
memory: 500Mi
cpu: 500m
limits:
memory: 10Gi
cpu: 2

15
otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMUser
metadata:
name: simple-user
namespace: observability
spec:
username: simple-user
password: simple-password
targetRefs:
- static:
url: http://vmsingle-o12y:8429
paths: ["/api/v1/write"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]

1306
otc/foundry-dev.t09.de/stacks/observability/victoria-k8s-stack/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

14
otc/foundry-dev.t09.de/stacks/otc/cert-manager/manifests/clusterissuer.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: main
spec:
acme:
email: admin@think-ahead.tech
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cluster-issuer-account-key
solvers:
- http01:
ingress:
ingressClassName: nginx

4
otc/foundry-dev.t09.de/stacks/otc/cert-manager/values.yaml Normal file
View file

@ -0,0 +1,4 @@
crds:
enabled: true
replicaCount: 1

32
otc/foundry-dev.t09.de/stacks/otc/cert-manger.yaml Normal file
View file

@ -0,0 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: cert-manager
sources:
- chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.17.2
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/otc/cert-manager/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/otc/cert-manager/manifests"

29
otc/foundry-dev.t09.de/stacks/otc/ingress-nginx.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: ingress-nginx
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/ingress-nginx-helm.git
path: charts/ingress-nginx
targetRevision: helm-chart-4.12.1-depends
helm:
valueFiles:
- $values/otc/foundry-dev.t09.de/stacks/otc/ingress-nginx/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

31
otc/foundry-dev.t09.de/stacks/otc/ingress-nginx/values.yaml Normal file
View file

@ -0,0 +1,31 @@
controller:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
service:
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.port: '80'
kubernetes.io/elb.id: e03d5bdd-5a2b-461a-933f-5fc076be5d6d
kubernetes.io/elb.ip: 80.158.60.243
ingressClassResource:
name: nginx
# added for idpbuilder
allowSnippetAnnotations: true
# added for idpbuilder
config:
proxy-buffer-size: 32k
use-forwarded-headers: "true"
# monitoring nginx
metrics:
enabled: true
serviceMonitor:
additionalLabels:
release: "ingress-nginx"
enabled: true

25
otc/foundry-dev.t09.de/stacks/otc/storageclass.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: storageclass
namespace: argocd
labels:
example: otc
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: default
server: "https://kubernetes.default.svc"
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/foundry-dev.t09.de/stacks/otc/storageclass"
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1

18
otc/foundry-dev.t09.de/stacks/otc/storageclass/storageclass.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.beta.kubernetes.io/is-default-class: "true"
labels:
kubernetes.io/cluster-service: "true"
name: default
parameters:
kubernetes.io/description: ""
kubernetes.io/hw:passthrough: "true"
kubernetes.io/storagetype: BS
kubernetes.io/volumetype: SATA
kubernetes.io/zone: eu-de-02
provisioner: flexvolume-huawei.com/fuxivol
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true