From dc478f9f3fbc3e698a7b113ef32aa1411f81b455 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 18 May 2024 12:05:53 +0200 Subject: [PATCH 1/6] chore(vikunja): declare individual listener --- contour/resources/default_gateway.yaml | 44 +++++++++++++++++++++----- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/contour/resources/default_gateway.yaml b/contour/resources/default_gateway.yaml index 8ce84a6..54d865c 100644 --- a/contour/resources/default_gateway.yaml +++ b/contour/resources/default_gateway.yaml @@ -9,14 +9,7 @@ metadata: spec: gatewayClassName: contour listeners: - - name: ssh - protocol: TCP - port: 22 - allowedRoutes: - kinds: - - kind: TCPRoute - namespaces: - from: All + - name: snips-ssh protocol: TCP port: 2222 @@ -25,12 +18,14 @@ spec: - kind: TCPRoute namespaces: from: All + - name: http protocol: HTTP port: 80 allowedRoutes: namespaces: from: All + - name: https hostname: "*.icb4dc0.de" port: 443 @@ -42,6 +37,7 @@ spec: mode: Terminate certificateRefs: - name: wildcard-icb4dc0-de-tls + - name: forgejo hostname: "code.icb4dc0.de" port: 443 @@ -56,6 +52,33 @@ spec: mode: Terminate certificateRefs: - name: forgejo-tls + - name: ssh + protocol: TCP + port: 22 + allowedRoutes: + kinds: + - kind: TCPRoute + namespaces: + from: Selector + selector: + matchLabels: + kubernetes.io/metadata.name: forgejo + + - name: vikunja + hostname: "todo.icb4dc0.de" + port: 443 + protocol: HTTPS + allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + kubernetes.io/metadata.name: vikunja + tls: + mode: Terminate + certificateRefs: + - name: vikunja-tls + - name: ente-endpoints hostname: "*.ente.icb4dc0.de" port: 443 @@ -70,6 +93,7 @@ spec: mode: Terminate certificateRefs: - name: ente-tls + - name: coder-port-forwards hostname: "*.ide.icb4dc0.de" port: 443 @@ -84,6 +108,7 @@ spec: mode: Terminate certificateRefs: - name: coder-port-forwards-tls + - name: garage-s3-subdomains hostname: "*.s3.icb4dc0.de" port: 443 @@ -98,6 +123,7 @@ spec: mode: Terminate certificateRefs: - name: garage-s3-subdomains-tls + - name: buildr-fider-community hostname: community.buildr.icb4dc0.de port: 443 @@ -112,6 +138,7 @@ spec: mode: Terminate certificateRefs: - name: buildr-fider-community-tls + - name: inetmock-fider-community hostname: community.inetmock.icb4dc0.de port: 443 @@ -126,6 +153,7 @@ spec: mode: Terminate certificateRefs: - name: inetmock-fider-community-tls + - name: fider-login hostname: login.fider.icb4dc0.de port: 443 From 92097395fa5a3033e178d45f98d4aac416446ad5 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 18 May 2024 12:10:59 +0200 Subject: [PATCH 2/6] feat(garage): scrape metrics --- garage/kustomization.yaml | 1 + garage/resources/servicemonitor.yaml | 18 ++++++++++++++++++ garage/resources/services.yaml | 2 ++ 3 files changed, 21 insertions(+) create mode 100644 garage/resources/servicemonitor.yaml diff --git a/garage/kustomization.yaml b/garage/kustomization.yaml index 2a39b25..5081446 100644 --- a/garage/kustomization.yaml +++ b/garage/kustomization.yaml @@ -25,6 +25,7 @@ resources: - resources/api_routes.yaml - resources/web_routes.yaml - resources/pdb.yaml + - resources/servicemonitor.yaml - backup/ configMapGenerator: diff --git a/garage/resources/servicemonitor.yaml b/garage/resources/servicemonitor.yaml new file mode 100644 index 0000000..b54a76d --- /dev/null +++ b/garage/resources/servicemonitor.yaml @@ -0,0 +1,18 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: garage +spec: + endpoints: + - honorLabels: true + path: /metrics + port: metrics + scheme: http + scrapeTimeout: 30s + jobLabel: garage + namespaceSelector: + matchNames: + - garage + selector: + matchLabels: + app.kubernetes.io/component: metrics diff --git a/garage/resources/services.yaml b/garage/resources/services.yaml index dcca48b..7015fc2 100644 --- a/garage/resources/services.yaml +++ b/garage/resources/services.yaml @@ -17,6 +17,8 @@ apiVersion: v1 kind: Service metadata: name: garage-metrics + labels: + app.kubernetes.io/component: metrics spec: type: ClusterIP clusterIP: None From 1e43d2a537c9ee598d62cdaa0cb73152fd024337 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 18 May 2024 12:19:11 +0200 Subject: [PATCH 3/6] chore(vikunja): switch to individual listener --- vikunja/resources/http_routes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vikunja/resources/http_routes.yaml b/vikunja/resources/http_routes.yaml index 5c94238..9a18166 100644 --- a/vikunja/resources/http_routes.yaml +++ b/vikunja/resources/http_routes.yaml @@ -24,7 +24,7 @@ metadata: spec: parentRefs: - name: contour - sectionName: https + sectionName: vikunja namespace: projectcontour hostnames: - todo.icb4dc0.de From 04dde6cc88f3e2e9408a6c896a62efe28e973297 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 18 May 2024 12:23:15 +0200 Subject: [PATCH 4/6] chore(grafana): allow role assignment for OAuth users --- kube-prometheus/config/values.prometheus.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kube-prometheus/config/values.prometheus.yaml b/kube-prometheus/config/values.prometheus.yaml index a692f84..c4a8534 100644 --- a/kube-prometheus/config/values.prometheus.yaml +++ b/kube-prometheus/config/values.prometheus.yaml @@ -111,6 +111,7 @@ grafana: auth_url: https://code.icb4dc0.de/login/oauth/authorize token_url: https://code.icb4dc0.de/login/oauth/access_token api_url: https://code.icb4dc0.de/login/oauth/userinfo + skip_org_role_sync: true persistence: enabled: false storageClassName: hcloud-volumes From 319d7b83b0e0e440cc5899efbcf187fa75e4ac7d Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Sat, 18 May 2024 12:31:08 +0200 Subject: [PATCH 5/6] fix(garage): add necessary label for ServiceMonitor --- garage/resources/servicemonitor.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/garage/resources/servicemonitor.yaml b/garage/resources/servicemonitor.yaml index b54a76d..a1a2cfc 100644 --- a/garage/resources/servicemonitor.yaml +++ b/garage/resources/servicemonitor.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: garage + labels: + prometheus: default spec: endpoints: - honorLabels: true From bca60eb5df816b1256156322916f2a8e0f2777a6 Mon Sep 17 00:00:00 2001 From: Peter Date: Fri, 17 May 2024 03:34:01 +0000 Subject: [PATCH 6/6] chore(deps): update docker docker tag to v26.1.3 --- forgejo/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/forgejo/kustomization.yaml b/forgejo/kustomization.yaml index d48b7d0..e1c10c5 100644 --- a/forgejo/kustomization.yaml +++ b/forgejo/kustomization.yaml @@ -15,7 +15,7 @@ images: newTag: "3.4.1" - name: dind newName: docker - newTag: 26.1.2-dind + newTag: 26.1.3-dind resources: - resources/secrets/admin-credentials.yaml