feat: prepare Prometheus monitoring and upgrade Postgres DB

This commit is contained in:
Peter 2022-12-28 18:38:21 +01:00
parent decc1358f1
commit 134872ad83
Signed by: prskr
GPG key ID: C1DB5D2E8DB512F9
18 changed files with 884 additions and 683 deletions

View file

@ -1,6 +1,8 @@
- name: Configure cluster - name: Configure cluster
hosts: localhost hosts: localhost
roles: roles:
# - role: gateway-api
- role: prometheus
- role: postgres - role: postgres
- role: csi - role: csi
- role: minio - role: minio

View file

@ -0,0 +1,4 @@
- name: Configure postgres
hosts: localhost
roles:
- role: postgres-config

View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
name: psql-client
namespace: postgres
spec:
containers:
- name: psql
image: docker.io/alpine
command:
- "/bin/ash"
- -c
- sleep 7200

View file

@ -1,20 +1,20 @@
all: all:
vars: vars:
ansible_user: root ansible_user: root
k3s_version: v1.24.3+k3s1
extra_server_args: "--node-taint=node-type=master:NoSchedule --tls-san='2a01:4f9:c012:7d4b::1' --tls-san='k8s.icb4dc0.de' --tls-san='127.0.0.1'" extra_server_args: "--node-taint=node-type=master:NoSchedule --tls-san='2a01:4f9:c012:7d4b::1' --tls-san='k8s.icb4dc0.de' --tls-san='127.0.0.1'"
extra_agent_args: "" extra_agent_args: ""
ansible_ssh_common_args: '-o StrictHostKeyChecking=no' ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
systemd_dir: /etc/systemd/system systemd_dir: /etc/systemd/system
master_ip: "172.23.2.10" master_ip: "172.23.2.10"
domain: icb4dc0.de domain: icb4dc0.de
agola_image: code.icb4dc0.de/prskr/agola:latest
children: children:
control_plane: control_plane:
hosts: hosts:
cp01: cp01:
ansible_host: "95.216.168.169" ansible_host: "95.216.168.169"
k8s_ip: "172.23.2.10" k8s_ip: "172.23.2.10"
vars:
k3s_version: v1.25.4+k3s1
worker_nodes: worker_nodes:
hosts: hosts:
worker01: worker01:
@ -24,3 +24,5 @@ all:
worker02: worker02:
ansible_host: "95.217.184.201" ansible_host: "95.217.184.201"
k8s_ip: "172.23.2.21" k8s_ip: "172.23.2.21"
vars:
k3s_version: v1.25.4+k3s1

File diff suppressed because it is too large Load diff

View file

@ -5,6 +5,10 @@
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
definition:
metadata:
labels:
prometheus: default
- name: Add Concourse chart repo - name: Add Concourse chart repo
kubernetes.core.helm_repository: kubernetes.core.helm_repository:

View file

@ -33,7 +33,7 @@ concourse:
disableGroups: true disableGroups: true
skipEmailVerifiedValidation: true skipEmailVerifiedValidation: true
postgres: postgres:
host: default-postgres-postgresql.postgres.svc.cluster.local host: postgres-15-postgresql.postgres.svc.cluster.local
port: "5432" port: "5432"
database: concourse database: concourse
kubernetes: kubernetes:

View file

@ -1,23 +1,8 @@
--- ---
- name: Create temporary file
ansible.builtin.tempfile:
state: file
suffix: temp
register: k3s_binary_tmp
delegate_to: localhost
run_once: true
- name: Download k3s binary - name: Download k3s binary
get_url: ansible.builtin.get_url:
url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
dest: "{{ k3s_binary_tmp.path }}"
delegate_to: localhost
run_once: true
- name: Copy k3s binary
ansible.builtin.copy:
src: "{{ k3s_binary_tmp.path }}"
dest: /usr/local/bin/k3s dest: /usr/local/bin/k3s
owner: root owner: root
group: root group: root

View file

@ -5,6 +5,10 @@
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
definition:
metadata:
labels:
prometheus: default
- name: Create Gitea admin credentials - name: Create Gitea admin credentials
kubernetes.core.k8s: kubernetes.core.k8s:

View file

@ -27,6 +27,12 @@ persistence:
gitea: gitea:
admin: admin:
existingSecret: gitea-admin-credentials existingSecret: gitea-admin-credentials
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
prometheus: default
config: config:
git.timeout: git.timeout:
migrate: 3600 migrate: 3600
@ -50,11 +56,13 @@ gitea:
MINIO_USE_SSL: 'false' MINIO_USE_SSL: 'false'
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: default-postgres-postgresql.postgres.svc.cluster.local:5432 HOST: postgres-15-postgresql.postgres.svc.cluster.local:5432
NAME: gitea NAME: gitea
USER: gitea USER: gitea
PASSWD: "{{ gitea.dbPassword }}" PASSWD: "{{ gitea.dbPassword }}"
log_sql: "false" log_sql: "false"
metrics:
ENABLED: true
postgresql: postgresql:

View file

@ -4,6 +4,9 @@ metadata:
name: traefik name: traefik
namespace: kube-system namespace: kube-system
spec: spec:
chart: traefik
repo: https://traefik.github.io/charts
version: 20.8.0
valuesContent: |- valuesContent: |-
ports: ports:
web: web:
@ -12,3 +15,15 @@ spec:
expose: false expose: false
service: service:
type: NodePort type: NodePort
experimental:
kubernetesGateway:
enabled: true
metrics:
prometheus:
serviceMonitor:
interval: 30s
scrapeTimeout: 5s
additionalLabels:
prometheus: default
service:
enabled: true

View file

@ -5,6 +5,10 @@
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
definition:
metadata:
labels:
prometheus: default
- name: Create MinIO secret - name: Create MinIO secret
kubernetes.core.k8s: kubernetes.core.k8s:

View file

@ -0,0 +1,29 @@
---
- name: Create users
community.postgresql.postgresql_user:
name: "{{ item.name }}"
password: "{{ item.password }}"
login_host: "127.0.0.1"
login_password: "{{ PostgresPassword }}"
loop:
- name: gitea
password: "{{ gitea.dbPassword }}"
- name: "{{ grafana.db.user }}"
password: "{{ grafana.db.password }}"
- name: "{{ concourse.db.user }}"
password: "{{ concourse.db.password }}"
- name: Create databases
community.postgresql.postgresql_db:
name: "{{ item.name }}"
owner: "{{ item.owner }}"
encoding: UTF-8
login_host: "127.0.0.1"
login_password: "{{ PostgresPassword }}"
loop:
- name: gitea
owner: gitea
- name: concourse
owner: "{{ concourse.db.user }}"
- name: grafana
owner: "{{ grafana.db.user }}"

View file

@ -0,0 +1,7 @@
auth:
existingSecret: postgres-credentials
primary:
persistence:
storageClass: hcloud-volumes
size: 8Gi

View file

@ -5,6 +5,10 @@
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
definition:
metadata:
labels:
prometheus: default
- name: Create Postgres secret - name: Create Postgres secret
kubernetes.core.k8s: kubernetes.core.k8s:
@ -30,3 +34,11 @@
release_namespace: postgres release_namespace: postgres
chart_version: 11.9.13 chart_version: 11.9.13
release_values: "{{ lookup('ansible.builtin.file', 'values.postgres.yaml') | from_yaml }}" release_values: "{{ lookup('ansible.builtin.file', 'values.postgres.yaml') | from_yaml }}"
- name: Deploy Postgres 15
kubernetes.core.helm:
name: postgres-15
chart_ref: bitnami/postgresql
release_namespace: postgres
chart_version: 12.1.6
release_values: "{{ lookup('ansible.builtin.file', 'values.postgres15.yaml') | from_yaml }}"

View file

@ -0,0 +1,37 @@
---
- name: Add Prometheus chart repo
kubernetes.core.helm_repository:
name: prometheus-community
repo_url: https://prometheus-community.github.io/helm-charts
- name: Create observability namespace
kubernetes.core.k8s:
name: observability-system
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
- name: Create Grafana admin credentials secret
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: grafana-admin-credentials
namespace: observability-system
data:
user: "{{ grafana.admin.user | b64encode }}"
password: "{{ grafana.admin.password | b64encode }}"
- name: Deploy Prometheus chart
kubernetes.core.helm:
name: prometheus
chart_ref: prometheus-community/kube-prometheus-stack
release_namespace: observability-system
chart_version: 43.2.0
release_values: "{{ lookup('ansible.builtin.template', 'values.yaml.j2') | from_yaml }}"

View file

@ -0,0 +1,66 @@
commonLabels:
prometheus: default
admin:
existingSecret: grafana-admin-credentials
userKey: user
passwordKey: password
defaultRules:
rules:
etcd: false
prometheus:
prometheusSpec:
retention: 7d
serviceMonitorNamespaceSelector:
matchLabels:
prometheus: default
serviceMonitorSelector:
matchLabels:
prometheus: default
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: hcloud-volumes
resources:
requests:
storage: 15Gi
alertmanager:
enabled: false
kubeEtcd:
enabled: false
grafana:
ingress:
enabled: true
hosts:
- grafana.icb4dc0.de
grafana.ini:
server:
domain: grafana.icb4dc0.de
root_url: "https://%(domain)s"
database:
type: postgres
host: postgres-15-postgresql.postgres.svc.cluster.local:5432
name: grafana
user: "{{ grafana.db.user }}"
password: "{{ grafana.db.password }}"
ssl_mode: disable
auth:
disable_login_form: true
auth.generic_oauth:
name: Gitea
icon: signin
enabled: "true"
client_id: {{ grafana.auth.clientId }}
client_secret: {{ grafana.auth.clientSecret }}
empty_scopes: true
auth_url: https://code.icb4dc0.de/login/oauth/authorize
token_url: https://code.icb4dc0.de/login/oauth/access_token
api_url: https://code.icb4dc0.de/login/oauth/userinfo
persistence:
enabled: false
storageClassName: hcloud-volumes

View file

@ -2,3 +2,4 @@
collections: collections:
- kubernetes.core - kubernetes.core
- hetzner.hcloud - hetzner.hcloud
- community.postgresql