diff --git a/README.md b/README.md index 036b796..771ee25 100644 --- a/README.md +++ b/README.md @@ -5,4 +5,6 @@ [x] private registry [x] secrets [x] ntr-cv static containers -[ ] grafana etc \ No newline at end of file +[x] check mnmlgg mail +[x] ufw +[x] grafana etc \ No newline at end of file diff --git a/crates/crates.ingress.yaml b/crates/crates.ingress.yaml index 4e052ec..da950fe 100644 --- a/crates/crates.ingress.yaml +++ b/crates/crates.ingress.yaml @@ -9,7 +9,7 @@ kind: Ingress metadata: name: crates-client annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: @@ -34,7 +34,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /$2 name: crates-api diff --git a/mnml/mnml.ingress.yaml b/mnml/mnml.ingress.yaml index a980cf2..5720d1c 100644 --- a/mnml/mnml.ingress.yaml +++ b/mnml/mnml.ingress.yaml @@ -8,7 +8,7 @@ kind: Ingress metadata: name: mnml-client annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: @@ -35,7 +35,7 @@ metadata: name: mnml-api namespace: default annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.org/websocket-services: "mnml-ws" spec: ingressClassName: nginx @@ -62,7 +62,7 @@ kind: Ingress metadata: name: mnml-ws annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.org/proxy-read-timeout: "3600" nginx.org/proxy-send-timeout: "3600" nginx.org/websocket-services: mnml-ws diff --git a/monitoring/grafana.yaml b/monitor/grafana.yaml similarity index 72% rename from monitoring/grafana.yaml rename to monitor/grafana.yaml index 72c526b..66db06e 100644 --- a/monitoring/grafana.yaml +++ b/monitor/grafana.yaml @@ -10,7 +10,7 @@ spec: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain claimRef: - namespace: default + namespace: monitor name: grafana-pvc hostPath: path: "/var/lib/rancher/k3s/storage/grafana-pv" @@ -20,6 +20,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: grafana-pvc + namespace: monitor spec: volumeName: grafana-pv accessModes: @@ -27,15 +28,3 @@ spec: resources: requests: storage: 1Gi ---- -apiVersion: v1 -kind: Service -metadata: - name: grafana -spec: - ports: - - port: 3000 - protocol: TCP - targetPort: http-grafana - selector: - app: grafana diff --git a/monitoring/grafana.ingress.yaml b/monitor/monitor.ingress.yaml similarity index 62% rename from monitoring/grafana.ingress.yaml rename to monitor/monitor.ingress.yaml index 0eeb8d9..2856c3e 100644 --- a/monitoring/grafana.ingress.yaml +++ b/monitor/monitor.ingress.yaml @@ -3,17 +3,18 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: grafana + name: monitor + namespace: monitor annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - - grafana.strix.systems - secretName: grafana-strix-systems-tls + - monitor.strix.systems + secretName: monitor-strix-systems-tls rules: - - host: grafana.strix.systems + - host: monitor.strix.systems http: paths: - path: / diff --git a/monitoring/values.yaml b/monitor/values.yaml similarity index 54% rename from monitoring/values.yaml rename to monitor/values.yaml index 39776b0..40d7033 100644 --- a/monitoring/values.yaml +++ b/monitor/values.yaml @@ -6,3 +6,12 @@ grafana: finalizers: - kubernetes.io/pvc-protection existingClaim: grafana-pvc + +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 + storage: + type: 'filesystem' +singleBinary: + replicas: 1 diff --git a/nginx-ingress/cert-manager.yaml b/nginx-ingress/cert-manager.yaml index 13c43ae..7b21143 100644 --- a/nginx-ingress/cert-manager.yaml +++ b/nginx-ingress/cert-manager.yaml @@ -3,7 +3,7 @@ --- apiVersion: cert-manager.io/v1 -kind: Issuer +kind: ClusterIssuer metadata: name: letsencrypt-staging spec: @@ -24,7 +24,7 @@ spec: --- apiVersion: cert-manager.io/v1 -kind: Issuer +kind: ClusterIssuer metadata: name: letsencrypt-prod spec: diff --git a/ntr-cv/ntr-cv.ingress.yaml b/ntr-cv/ntr-cv.ingress.yaml index dbd12e1..9c6e651 100644 --- a/ntr-cv/ntr-cv.ingress.yaml +++ b/ntr-cv/ntr-cv.ingress.yaml @@ -5,7 +5,7 @@ kind: Ingress metadata: name: ntr-cv annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: diff --git a/ntr-cv/ntr-cv.yaml b/ntr-cv/ntr-cv.yaml index 1e12658..8567aef 100644 --- a/ntr-cv/ntr-cv.yaml +++ b/ntr-cv/ntr-cv.yaml @@ -21,7 +21,7 @@ spec: containers: - name: ntr-cv image: registry.strix.systems/ntr-cv - imagePullPolicy: IfNotPresent + imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/registry/registry.ingress.yaml b/registry/registry.ingress.yaml index 37a5e3b..b3d9403 100644 --- a/registry/registry.ingress.yaml +++ b/registry/registry.ingress.yaml @@ -6,7 +6,7 @@ metadata: name: registry annotations: nginx.ingress.kubernetes.io/proxy-body-size: 2g - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: diff --git a/spacerace/spacerace.ingress.yaml b/spacerace/spacerace.ingress.yaml index c6ae1d2..1d005c0 100644 --- a/spacerace/spacerace.ingress.yaml +++ b/spacerace/spacerace.ingress.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: spacerace-api annotations: - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" # don't do this again nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /$2