monitoring and clusterissuer
This commit is contained in:
Nathan Rashleigh
parent
5a8255cfdd
commit
6a7d804939
@ -5,4 +5,6 @@
|
|||||||
[x] private registry
|
[x] private registry
|
||||||
[x] secrets
|
[x] secrets
|
||||||
[x] ntr-cv static containers
|
[x] ntr-cv static containers
|
||||||
[ ] grafana etc
|
[x] check mnmlgg mail
|
||||||
|
[x] ufw
|
||||||
|
[x] grafana etc
|
||||||
@ -9,7 +9,7 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: crates-client
|
name: crates-client
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
tls:
|
tls:
|
||||||
@ -34,7 +34,7 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
||||||
name: crates-api
|
name: crates-api
|
||||||
|
|||||||
@ -8,7 +8,7 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: mnml-client
|
name: mnml-client
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
tls:
|
tls:
|
||||||
@ -35,7 +35,7 @@ metadata:
|
|||||||
name: mnml-api
|
name: mnml-api
|
||||||
namespace: default
|
namespace: default
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
nginx.org/websocket-services: "mnml-ws"
|
nginx.org/websocket-services: "mnml-ws"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
@ -62,7 +62,7 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: mnml-ws
|
name: mnml-ws
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
nginx.org/proxy-read-timeout: "3600"
|
nginx.org/proxy-read-timeout: "3600"
|
||||||
nginx.org/proxy-send-timeout: "3600"
|
nginx.org/proxy-send-timeout: "3600"
|
||||||
nginx.org/websocket-services: mnml-ws
|
nginx.org/websocket-services: mnml-ws
|
||||||
|
|||||||
@ -10,7 +10,7 @@ spec:
|
|||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
persistentVolumeReclaimPolicy: Retain
|
persistentVolumeReclaimPolicy: Retain
|
||||||
claimRef:
|
claimRef:
|
||||||
namespace: default
|
namespace: monitor
|
||||||
name: grafana-pvc
|
name: grafana-pvc
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/var/lib/rancher/k3s/storage/grafana-pv"
|
path: "/var/lib/rancher/k3s/storage/grafana-pv"
|
||||||
@ -20,6 +20,7 @@ apiVersion: v1
|
|||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
name: grafana-pvc
|
name: grafana-pvc
|
||||||
|
namespace: monitor
|
||||||
spec:
|
spec:
|
||||||
volumeName: grafana-pv
|
volumeName: grafana-pv
|
||||||
accessModes:
|
accessModes:
|
||||||
@ -27,15 +28,3 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 1Gi
|
storage: 1Gi
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: grafana
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 3000
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: http-grafana
|
|
||||||
selector:
|
|
||||||
app: grafana
|
|
||||||
@ -3,17 +3,18 @@
|
|||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: grafana
|
name: monitor
|
||||||
|
namespace: monitor
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- grafana.strix.systems
|
- monitor.strix.systems
|
||||||
secretName: grafana-strix-systems-tls
|
secretName: monitor-strix-systems-tls
|
||||||
rules:
|
rules:
|
||||||
- host: grafana.strix.systems
|
- host: monitor.strix.systems
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
@ -6,3 +6,12 @@ grafana:
|
|||||||
finalizers:
|
finalizers:
|
||||||
- kubernetes.io/pvc-protection
|
- kubernetes.io/pvc-protection
|
||||||
existingClaim: grafana-pvc
|
existingClaim: grafana-pvc
|
||||||
|
|
||||||
|
loki:
|
||||||
|
auth_enabled: false
|
||||||
|
commonConfig:
|
||||||
|
replication_factor: 1
|
||||||
|
storage:
|
||||||
|
type: 'filesystem'
|
||||||
|
singleBinary:
|
||||||
|
replicas: 1
|
||||||
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Issuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: letsencrypt-staging
|
name: letsencrypt-staging
|
||||||
spec:
|
spec:
|
||||||
@ -24,7 +24,7 @@ spec:
|
|||||||
---
|
---
|
||||||
|
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Issuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: letsencrypt-prod
|
name: letsencrypt-prod
|
||||||
spec:
|
spec:
|
||||||
|
|||||||
@ -5,7 +5,7 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: ntr-cv
|
name: ntr-cv
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
tls:
|
tls:
|
||||||
|
|||||||
@ -21,7 +21,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: ntr-cv
|
- name: ntr-cv
|
||||||
image: registry.strix.systems/ntr-cv
|
image: registry.strix.systems/ntr-cv
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: Always
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
|
|
||||||
|
|||||||
@ -6,7 +6,7 @@ metadata:
|
|||||||
name: registry
|
name: registry
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 2g
|
nginx.ingress.kubernetes.io/proxy-body-size: 2g
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
tls:
|
tls:
|
||||||
|
|||||||
@ -4,7 +4,7 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: spacerace-api
|
name: spacerace-api
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
# don't do this again
|
# don't do this again
|
||||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user