monitoring and clusterissuer

2024-01-29 20:20:35 +11:00 · 2024-01-29 20:20:35 +11:00 · 6a7d804939
commit 6a7d804939
parent 5a8255cfdd
11 changed files with 31 additions and 30 deletions
--- a/README.md
+++ b/README.md
@ -5,4 +5,6 @@
 [x] private registry
 [x] secrets
 [x] ntr-cv static containers
-[ ] grafana etc
+[x] check mnmlgg mail
+[x] ufw
+[x] grafana etc
--- a/crates/crates.ingress.yaml
+++ b/crates/crates.ingress.yaml
@ -9,7 +9,7 @@ kind: Ingress
 metadata:
  name: crates-client
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
@ -34,7 +34,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  name: crates-api
--- a/mnml/mnml.ingress.yaml
+++ b/mnml/mnml.ingress.yaml
@ -8,7 +8,7 @@ kind: Ingress
 metadata:
  name: mnml-client
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
@ -35,7 +35,7 @@ metadata:
  name: mnml-api
  namespace: default
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.org/websocket-services: "mnml-ws"
 spec:
  ingressClassName: nginx
@ -62,7 +62,7 @@ kind: Ingress
 metadata:
  name: mnml-ws
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.org/proxy-read-timeout: "3600"
    nginx.org/proxy-send-timeout: "3600"
    nginx.org/websocket-services: mnml-ws
--- a/monitoring/grafana.yaml
+++ b/monitoring/grafana.yaml
@ -10,7 +10,7 @@ spec:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  claimRef:
-    namespace: default
+    namespace: monitor
    name: grafana-pvc
  hostPath:
    path: "/var/lib/rancher/k3s/storage/grafana-pv"
@ -20,6 +20,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: grafana-pvc
+  namespace: monitor
 spec:
  volumeName: grafana-pv
  accessModes:
@ -27,15 +28,3 @@ spec:
  resources:
    requests:
      storage: 1Gi
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana
-spec:
-  ports:
-    - port: 3000
-      protocol: TCP
-      targetPort: http-grafana
-  selector:
-    app: grafana
--- a/monitoring/grafana.ingress.yaml
+++ b/monitoring/grafana.ingress.yaml
@ -3,17 +3,18 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: grafana
+  name: monitor
+  namespace: monitor
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
  - hosts:
-    - grafana.strix.systems
-    secretName: grafana-strix-systems-tls
+    - monitor.strix.systems
+    secretName: monitor-strix-systems-tls
  rules:
-  - host: grafana.strix.systems
+  - host: monitor.strix.systems
    http:
      paths:
      - path: /
--- a/monitoring/values.yaml
+++ b/monitoring/values.yaml
@ -6,3 +6,12 @@ grafana:
    finalizers:
      - kubernetes.io/pvc-protection
    existingClaim: grafana-pvc
+
+loki:
+  auth_enabled: false
+  commonConfig:
+    replication_factor: 1
+  storage:
+    type: 'filesystem'
+singleBinary:
+  replicas: 1
--- a/nginx-ingress/cert-manager.yaml
+++ b/nginx-ingress/cert-manager.yaml
@ -3,7 +3,7 @@

 ---
 apiVersion: cert-manager.io/v1
-kind: Issuer
+kind: ClusterIssuer
 metadata:
  name: letsencrypt-staging
 spec:
@ -24,7 +24,7 @@ spec:
 ---

 apiVersion: cert-manager.io/v1
-kind: Issuer
+kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
--- a/ntr-cv/ntr-cv.ingress.yaml
+++ b/ntr-cv/ntr-cv.ingress.yaml
@ -5,7 +5,7 @@ kind: Ingress
 metadata:
  name: ntr-cv
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
--- a/ntr-cv/ntr-cv.yaml
+++ b/ntr-cv/ntr-cv.yaml
@ -21,7 +21,7 @@ spec:
      containers:
        - name: ntr-cv
          image: registry.strix.systems/ntr-cv
-          imagePullPolicy: IfNotPresent
+          imagePullPolicy: Always
          ports:
            - containerPort: 8080

--- a/registry/registry.ingress.yaml
+++ b/registry/registry.ingress.yaml
@ -6,7 +6,7 @@ metadata:
  name: registry
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 2g
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
--- a/spacerace/spacerace.ingress.yaml
+++ b/spacerace/spacerace.ingress.yaml
@ -4,7 +4,7 @@ kind: Ingress
 metadata:
  name: spacerace-api
  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    # don't do this again
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2