From 50084d1ee6e1ff5d41ec57bd4c9293d8017ce844 Mon Sep 17 00:00:00 2001 From: Jordan Olshevski Date: Tue, 19 Mar 2024 21:44:27 -0500 Subject: [PATCH] Autoindent --- configs/prometheus.yml | 31 +++---- manifests/cert-manager.yaml | 27 +++--- manifests/frigate.yaml | 96 ++++++++++----------- manifests/gliderbot.yaml | 92 ++++++++++---------- manifests/grafana.yaml | 48 +++++------ manifests/homeassistant.yaml | 34 ++++---- manifests/keycloak.yaml | 158 +++++++++++++++++----------------- manifests/nvidia.ext.yaml | 37 ++++---- manifests/prom.yaml | 108 +++++++++++------------ manifests/psql-keycloak.yaml | 25 +++--- manifests/psql-reporting.yaml | 25 +++--- manifests/psql-wikijs.yaml | 25 +++--- manifests/redirects.yaml | 14 ++- manifests/wikijs.yaml | 58 ++++++------- patches/contour-ds.yaml | 8 +- patches/contour-svc.yaml | 16 ++-- patches/oauth-sidecar.yaml | 74 ++++++++-------- 17 files changed, 422 insertions(+), 454 deletions(-) diff --git a/configs/prometheus.yml b/configs/prometheus.yml index 335c179..632bf01 100644 --- a/configs/prometheus.yml +++ b/configs/prometheus.yml @@ -4,7 +4,7 @@ global: scrape_configs: - job_name: ingress-caddy static_configs: - - targets: ['10.13.13.2:9101'] + - targets: ["10.13.13.2:9101"] - job_name: k8s-nodes scheme: https @@ -25,17 +25,18 @@ scrape_configs: kubernetes_sd_configs: - role: pod relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: .*(prometheus|metrics|true).* - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - source_labels: [__meta_kubernetes_pod_node_name] - target_label: node \ No newline at end of file + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: .*(prometheus|metrics|true).* + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: + [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_node_name] + target_label: node diff --git a/manifests/cert-manager.yaml b/manifests/cert-manager.yaml index 848053d..ee9ac17 100644 --- a/manifests/cert-manager.yaml +++ b/manifests/cert-manager.yaml @@ -9,20 +9,19 @@ spec: privateKeySecretRef: name: letsencrypt-prod solvers: - - dns01: - azureDNS: - hostedZoneName: thelab.ms - resourceGroupName: thelab-ms - subscriptionID: 4eec622b-7eef-44e4-96e4-2b9fa2f21f07 - environment: AzurePublicCloud - tenantID: f4ba79ec-fe30-424f-a96e-2de98f58f9b8 - clientID: 846d6a2c-6fa0-48f5-b810-f997cf8d8e50 - clientSecretSecretRef: - name: azure-sp - key: secret + - dns01: + azureDNS: + hostedZoneName: thelab.ms + resourceGroupName: thelab-ms + subscriptionID: 4eec622b-7eef-44e4-96e4-2b9fa2f21f07 + environment: AzurePublicCloud + tenantID: f4ba79ec-fe30-424f-a96e-2de98f58f9b8 + clientID: 846d6a2c-6fa0-48f5-b810-f997cf8d8e50 + clientSecretSecretRef: + name: azure-sp + key: secret --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -39,7 +38,6 @@ spec: - "*.thelab.ms" --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -56,7 +54,6 @@ spec: - "*.apps.thelab.ms" --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -65,7 +62,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -84,7 +80,6 @@ spec: group: cert-manager.io --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: diff --git a/manifests/frigate.yaml b/manifests/frigate.yaml index e146e2b..156a173 100644 --- a/manifests/frigate.yaml +++ b/manifests/frigate.yaml @@ -22,36 +22,36 @@ spec: runtimeClassName: nvidia containers: - - name: oauth2proxy - env: - - name: OAUTH2_PROXY_UPSTREAMS - value: "http://127.0.0.1:5000" - - name: OAUTH2_PROXY_REDIRECT_URL - value: "https://frigate.apps.thelab.ms/oauth2/callback" - - name: OAUTH2_PROXY_ALLOWED_GROUPS - value: "thelab-leadership" + - name: oauth2proxy + env: + - name: OAUTH2_PROXY_UPSTREAMS + value: "http://127.0.0.1:5000" + - name: OAUTH2_PROXY_REDIRECT_URL + value: "https://frigate.apps.thelab.ms/oauth2/callback" + - name: OAUTH2_PROXY_ALLOWED_GROUPS + value: "thelab-leadership" - - name: frigate - image: frigate - volumeMounts: - - name: cache - mountPath: /tmp/cache - - name: devshm - mountPath: /dev/shm - - name: media - mountPath: /media/frigate - - name: config - mountPath: /config/config.yml - subPath: frigate.yml - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /api/ - port: 5000 - resources: - limits: - nvidia.com/gpu: "1" + - name: frigate + image: frigate + volumeMounts: + - name: cache + mountPath: /tmp/cache + - name: devshm + mountPath: /dev/shm + - name: media + mountPath: /media/frigate + - name: config + mountPath: /config/config.yml + subPath: frigate.yml + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /api/ + port: 5000 + resources: + limits: + nvidia.com/gpu: "1" volumes: - name: cache @@ -70,7 +70,6 @@ spec: name: frigate-config --- - apiVersion: v1 kind: Service metadata: @@ -78,7 +77,7 @@ metadata: spec: type: ClusterIP selector: - app: frigate + app: frigate ports: - name: http protocol: TCP @@ -86,7 +85,6 @@ spec: targetPort: 8880 --- - apiVersion: v1 kind: Service metadata: @@ -94,7 +92,7 @@ metadata: spec: type: ClusterIP selector: - app: frigate + app: frigate ports: - name: http protocol: TCP @@ -102,7 +100,6 @@ spec: targetPort: 5000 --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -122,23 +119,22 @@ spec: app: frigate-exporter spec: containers: - - name: frigate-exporter - image: ghcr.io/thelab-ms/frigate-exporter:main-8bf970e - env: - - name: POSTGRES_HOST - value: "psql-reporting.default.svc.cluster.local" - - name: FRIGATE_URL - value: http://frigate-unauthenticated.default.svc.cluster.local - - name: CAMERAS - value: Vent1,Vent2,Atrium1,Atrium2,Woodshop1,Woodshop2,Classroom1,Classroom2,Cleanroom - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: reporting-psql - key: password + - name: frigate-exporter + image: ghcr.io/thelab-ms/frigate-exporter:main-8bf970e + env: + - name: POSTGRES_HOST + value: "psql-reporting.default.svc.cluster.local" + - name: FRIGATE_URL + value: http://frigate-unauthenticated.default.svc.cluster.local + - name: CAMERAS + value: Vent1,Vent2,Atrium1,Atrium2,Woodshop1,Woodshop2,Classroom1,Classroom2,Cleanroom + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: reporting-psql + key: password --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -155,7 +151,7 @@ spec: secretName: apps-wildcard-cert routes: - conditions: - - prefix: / + - prefix: / services: - name: frigate port: 80 diff --git a/manifests/gliderbot.yaml b/manifests/gliderbot.yaml index 1ccfa06..5f18b90 100644 --- a/manifests/gliderbot.yaml +++ b/manifests/gliderbot.yaml @@ -17,49 +17,49 @@ spec: app: gliderbot spec: containers: - - name: gliderbot - # Image is set in the deploy github action - env: - - name: "DISCORD_MEMBERSHIP_ROLE" - value: "814348587424022528" - - name: "DISCORD_LEADERSHIP_ROLE" - value: "814154862777335876" - - name: "CLIENT_ID" - value: "810302178455322645" - - name: "GUILD_ID" - value: "690314626289631294" - - name: "CHANNEL_ID" - value: "1017100056886784061" - - name: "KEYCLOAK_URL" - value: "https://keycloak.apps.thelab.ms" - - name: "KEYCLOAK_REALM" - value: "master" - - name: "KEYCLOAK_USER" - value: "discordbot" - - name: "KEYCLOAK_MEMBERSHIP_GROUP" - value: "4eea9c17-f9b1-41eb-8f25-721ae04b66f6" - - name: "KEYCLOAK_LEADERSHIP_GROUP" - value: "29146cfe-15d2-46dc-9b3b-3a176b74afbb" - - name: "HOMEASSISTANT_URL" - value: "https://homeassistant.apps.thelab.ms" - - name: CONFIG - valueFrom: - secretKeyRef: - name: gliderbot - key: config - - name: DISCORD_TOKEN - valueFrom: - secretKeyRef: - name: gliderbot - key: discord-token - # TODO: Update the gliderbot to support the k8s injected keycloak creds - - name: KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: gliderbot - key: keycloak-pass - - name: "HOMEASSISTANT_API_TOKEN" - valueFrom: - secretKeyRef: - name: gliderbot - key: homeassistant-api-token + - name: gliderbot + # Image is set in the deploy github action + env: + - name: "DISCORD_MEMBERSHIP_ROLE" + value: "814348587424022528" + - name: "DISCORD_LEADERSHIP_ROLE" + value: "814154862777335876" + - name: "CLIENT_ID" + value: "810302178455322645" + - name: "GUILD_ID" + value: "690314626289631294" + - name: "CHANNEL_ID" + value: "1017100056886784061" + - name: "KEYCLOAK_URL" + value: "https://keycloak.apps.thelab.ms" + - name: "KEYCLOAK_REALM" + value: "master" + - name: "KEYCLOAK_USER" + value: "discordbot" + - name: "KEYCLOAK_MEMBERSHIP_GROUP" + value: "4eea9c17-f9b1-41eb-8f25-721ae04b66f6" + - name: "KEYCLOAK_LEADERSHIP_GROUP" + value: "29146cfe-15d2-46dc-9b3b-3a176b74afbb" + - name: "HOMEASSISTANT_URL" + value: "https://homeassistant.apps.thelab.ms" + - name: CONFIG + valueFrom: + secretKeyRef: + name: gliderbot + key: config + - name: DISCORD_TOKEN + valueFrom: + secretKeyRef: + name: gliderbot + key: discord-token + # TODO: Update the gliderbot to support the k8s injected keycloak creds + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: gliderbot + key: keycloak-pass + - name: "HOMEASSISTANT_API_TOKEN" + valueFrom: + secretKeyRef: + name: gliderbot + key: homeassistant-api-token diff --git a/manifests/grafana.yaml b/manifests/grafana.yaml index a25d473..60539e1 100644 --- a/manifests/grafana.yaml +++ b/manifests/grafana.yaml @@ -19,28 +19,28 @@ spec: app: grafana spec: containers: - - name: oauth2proxy - env: - - name: OAUTH2_PROXY_UPSTREAMS - value: "http://127.0.0.1:3000" - - name: OAUTH2_PROXY_REDIRECT_URL - value: "https://grafana.apps.thelab.ms/oauth2/callback" - - name: OAUTH2_PROXY_ALLOWED_GROUPS - value: "thelab-leadership" + - name: oauth2proxy + env: + - name: OAUTH2_PROXY_UPSTREAMS + value: "http://127.0.0.1:3000" + - name: OAUTH2_PROXY_REDIRECT_URL + value: "https://grafana.apps.thelab.ms/oauth2/callback" + - name: OAUTH2_PROXY_ALLOWED_GROUPS + value: "thelab-leadership" - - name: grafana - image: grafana - volumeMounts: - - name: data - mountPath: /var/lib/grafana - - name: config - mountPath: /etc/grafana - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /healthz - port: 3000 + - name: grafana + image: grafana + volumeMounts: + - name: data + mountPath: /var/lib/grafana + - name: config + mountPath: /etc/grafana + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /healthz + port: 3000 volumes: - name: data @@ -51,7 +51,6 @@ spec: name: grafana-config --- - apiVersion: v1 kind: Service metadata: @@ -59,7 +58,7 @@ metadata: spec: type: ClusterIP selector: - app: grafana + app: grafana ports: - name: http protocol: TCP @@ -67,7 +66,6 @@ spec: targetPort: 8880 --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -84,7 +82,7 @@ spec: secretName: apps-wildcard-cert routes: - conditions: - - prefix: / + - prefix: / services: - name: grafana port: 80 diff --git a/manifests/homeassistant.yaml b/manifests/homeassistant.yaml index fd2f6e6..b65334d 100644 --- a/manifests/homeassistant.yaml +++ b/manifests/homeassistant.yaml @@ -22,20 +22,20 @@ spec: spec: hostNetwork: true containers: - - name: ha - image: homeassistant - securityContext: - privileged: true - env: - - name: TZ - value: "America/Chicago" - volumeMounts: - - name: media - mountPath: /media - - name: config - mountPath: /config - - name: zigbee - mountPath: /dev/ttyACM0 + - name: ha + image: homeassistant + securityContext: + privileged: true + env: + - name: TZ + value: "America/Chicago" + volumeMounts: + - name: media + mountPath: /media + - name: config + mountPath: /config + - name: zigbee + mountPath: /dev/ttyACM0 volumes: - name: media @@ -49,7 +49,6 @@ spec: path: /dev/ttyACM0 --- - apiVersion: v1 kind: Service metadata: @@ -57,7 +56,7 @@ metadata: spec: type: ClusterIP selector: - app: homeassistant + app: homeassistant ports: - name: http protocol: TCP @@ -65,7 +64,6 @@ spec: targetPort: 8123 --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -82,7 +80,7 @@ spec: secretName: apps-wildcard-cert routes: - conditions: - - prefix: / + - prefix: / services: - name: homeassistant port: 80 diff --git a/manifests/keycloak.yaml b/manifests/keycloak.yaml index e25e791..f91ee28 100644 --- a/manifests/keycloak.yaml +++ b/manifests/keycloak.yaml @@ -15,51 +15,50 @@ spec: app: keycloak spec: containers: - - name: keycloak - image: keycloak - args: - - start - - --optimized - env: - - name: KEYCLOAK_ADMIN - value: "cto" - - name: KC_DB - value: "postgres" - - name: KC_HTTP_ENABLED - value: "true" - - name: KC_HOSTNAME_URL - value: "https://keycloak.apps.thelab.ms" - - name: KC_HOSTNAME_STRICT_HTTPS - value: "false" - - name: KC_PROXY - value: "edge" - - name: KC_DB_URL_HOST - value: "psql-keycloak.default.svc.cluster.local" - - name: KC_DB_URL_DATABASE - value: "postgres" - - name: KC_DB_USERNAME - value: "postgres" - - name: KC_FEATURES - value: "declarative-user-profile" - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-admin - key: KEYCLOAK_ADMIN_PASSWORD - - name: KC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-db - key: password - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /health/ready - port: 8080 + - name: keycloak + image: keycloak + args: + - start + - --optimized + env: + - name: KEYCLOAK_ADMIN + value: "cto" + - name: KC_DB + value: "postgres" + - name: KC_HTTP_ENABLED + value: "true" + - name: KC_HOSTNAME_URL + value: "https://keycloak.apps.thelab.ms" + - name: KC_HOSTNAME_STRICT_HTTPS + value: "false" + - name: KC_PROXY + value: "edge" + - name: KC_DB_URL_HOST + value: "psql-keycloak.default.svc.cluster.local" + - name: KC_DB_URL_DATABASE + value: "postgres" + - name: KC_DB_USERNAME + value: "postgres" + - name: KC_FEATURES + value: "declarative-user-profile" + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-admin + key: KEYCLOAK_ADMIN_PASSWORD + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-db + key: password + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /health/ready + port: 8080 --- - apiVersion: v1 kind: Service metadata: @@ -67,7 +66,7 @@ metadata: spec: type: ClusterIP selector: - app: keycloak + app: keycloak ports: - name: http protocol: TCP @@ -75,7 +74,6 @@ spec: targetPort: 8080 --- - apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: @@ -85,7 +83,6 @@ spec: - Ephemeral --- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -123,43 +120,42 @@ spec: type: Directory containers: - - name: csi-driver-registrar - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.9.3 - args: - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/identity.keycloak.org/csi.sock" - - "--health-port=9809" - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration + - name: csi-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.9.3 + args: + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/identity.keycloak.org/csi.sock" + - "--health-port=9809" + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration - - name: csi-driver - image: "ghcr.io/jveski/keycloak-k8s-shim:main-4788b4d" - securityContext: - privileged: true - args: - - --keycloak-url=https://keycloak.apps.thelab.ms - env: - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: root-ca - mountPath: /etc/ssl/certs - - name: keycloak-password - readOnly: true - mountPath: "/etc/keycloak" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: "Bidirectional" + - name: csi-driver + image: "ghcr.io/jveski/keycloak-k8s-shim:main-4788b4d" + securityContext: + privileged: true + args: + - --keycloak-url=https://keycloak.apps.thelab.ms + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: root-ca + mountPath: /etc/ssl/certs + - name: keycloak-password + readOnly: true + mountPath: "/etc/keycloak" + - name: mountpoint-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -176,7 +172,7 @@ spec: secretName: apps-wildcard-cert routes: - conditions: - - prefix: / + - prefix: / services: - name: keycloak port: 80 diff --git a/manifests/nvidia.ext.yaml b/manifests/nvidia.ext.yaml index b3418f2..ed7f649 100644 --- a/manifests/nvidia.ext.yaml +++ b/manifests/nvidia.ext.yaml @@ -5,7 +5,6 @@ metadata: handler: nvidia --- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -24,29 +23,29 @@ spec: priorityClassName: "system-node-critical" containers: - - image: nvidia-device-plugin - name: nvidia-device-plugin-ctr - env: - - name: FAIL_ON_INIT_ERROR - value: "false" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - name: device-plugin - mountPath: /var/lib/kubelet/device-plugins + - image: nvidia-device-plugin + name: nvidia-device-plugin-ctr + env: + - name: FAIL_ON_INIT_ERROR + value: "false" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins volumes: - - name: device-plugin - hostPath: - path: /var/lib/kubelet/device-plugins + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins # Below this was added and not part of the upstream manifest runtimeClassName: nvidia nodeSelector: kubernetes.io/hostname: "supermicro2" tolerations: - - key: specialPodsOnly - operator: Exists - effect: NoSchedule + - key: specialPodsOnly + operator: Exists + effect: NoSchedule diff --git a/manifests/prom.yaml b/manifests/prom.yaml index 2a870a4..6b2aaaa 100644 --- a/manifests/prom.yaml +++ b/manifests/prom.yaml @@ -5,7 +5,7 @@ metadata: spec: type: ClusterIP selector: - app: prom + app: prom ports: - name: http protocol: TCP @@ -13,29 +13,26 @@ spec: targetPort: 9090 --- - apiVersion: v1 kind: ServiceAccount metadata: name: prom --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prom subjects: -- kind: ServiceAccount - name: prom - namespace: default + - kind: ServiceAccount + name: prom + namespace: default roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -59,24 +56,24 @@ spec: runAsUser: 0 runAsGroup: 0 containers: - - name: prom - image: prometheus - command: - - prometheus - - --storage.tsdb.path=/durable - - --storage.tsdb.retention.time=1d - volumeMounts: - - name: storage - mountPath: /durable - - name: conf - mountPath: /prometheus/prometheus.yml - subPath: prometheus.yml - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /-/ready - port: 9090 + - name: prom + image: prometheus + command: + - prometheus + - --storage.tsdb.path=/durable + - --storage.tsdb.retention.time=1d + volumeMounts: + - name: storage + mountPath: /durable + - name: conf + mountPath: /prometheus/prometheus.yml + subPath: prometheus.yml + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /-/ready + port: 9090 volumes: - name: storage hostPath: @@ -86,7 +83,6 @@ spec: name: prom-config --- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -105,34 +101,33 @@ spec: prometheus.io/scrape: "true" spec: containers: - - args: - - --path.sysfs=/host/sys - - --path.rootfs=/host/root - - --no-collector.wifi - - --no-collector.hwmon - - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - - --collector.netclass.ignored-devices=^(veth.*)$ - name: node-exporter - image: prom-node-exporter - volumeMounts: - - mountPath: /host/sys - mountPropagation: HostToContainer + - args: + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --no-collector.wifi + - --no-collector.hwmon + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) + - --collector.netclass.ignored-devices=^(veth.*)$ + name: node-exporter + image: prom-node-exporter + volumeMounts: + - mountPath: /host/sys + mountPropagation: HostToContainer + name: sys + readOnly: true + - mountPath: /host/root + mountPropagation: HostToContainer + name: root + readOnly: true + volumes: + - hostPath: + path: /sys name: sys - readOnly: true - - mountPath: /host/root - mountPropagation: HostToContainer + - hostPath: + path: / name: root - readOnly: true - volumes: - - hostPath: - path: /sys - name: sys - - hostPath: - path: / - name: root --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -154,18 +149,17 @@ spec: prometheus.io/scrape: "true" spec: containers: - - name: mikrotik-exporter - image: prom-mikrotik-exporter - volumeMounts: - - name: conf - mountPath: /home/mktxp/mktxp + - name: mikrotik-exporter + image: prom-mikrotik-exporter + volumeMounts: + - name: conf + mountPath: /home/mktxp/mktxp volumes: - name: conf configMap: name: mikrotik-exporter-config --- - apiVersion: v1 kind: ConfigMap metadata: @@ -229,4 +223,4 @@ data: queue = True remote_dhcp_entry = None use_comments_over_names = True - check_for_updates = False \ No newline at end of file + check_for_updates = False diff --git a/manifests/psql-keycloak.yaml b/manifests/psql-keycloak.yaml index e9757fb..a629a8a 100644 --- a/manifests/psql-keycloak.yaml +++ b/manifests/psql-keycloak.yaml @@ -18,17 +18,17 @@ spec: spec: nodeName: supermicro1 containers: - - name: psql - image: postgres - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: wikijs - key: password - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data + - name: psql + image: postgres + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: wikijs + key: password + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data volumes: - name: data @@ -36,7 +36,6 @@ spec: path: /opt/keycloak-psql --- - apiVersion: v1 kind: Service metadata: @@ -44,7 +43,7 @@ metadata: spec: clusterIP: None selector: - app: psql-keycloak + app: psql-keycloak ports: - name: psql protocol: TCP diff --git a/manifests/psql-reporting.yaml b/manifests/psql-reporting.yaml index 063fe4f..05956ac 100644 --- a/manifests/psql-reporting.yaml +++ b/manifests/psql-reporting.yaml @@ -18,17 +18,17 @@ spec: spec: nodeName: supermicro1 containers: - - name: psql - image: postgres - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: reporting-psql - key: password - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data + - name: psql + image: postgres + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: reporting-psql + key: password + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data volumes: - name: data @@ -36,7 +36,6 @@ spec: path: /opt/reporting-psql --- - apiVersion: v1 kind: Service metadata: @@ -44,7 +43,7 @@ metadata: spec: clusterIP: None selector: - app: psql-reporting + app: psql-reporting ports: - name: psql protocol: TCP diff --git a/manifests/psql-wikijs.yaml b/manifests/psql-wikijs.yaml index 48a97c0..bae5ae8 100644 --- a/manifests/psql-wikijs.yaml +++ b/manifests/psql-wikijs.yaml @@ -18,17 +18,17 @@ spec: spec: nodeName: supermicro1 containers: - - name: psql - image: postgres - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: wikijs - key: password - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data + - name: psql + image: postgres + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: wikijs + key: password + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data volumes: - name: data @@ -36,7 +36,6 @@ spec: path: /opt/wikijs-psql --- - apiVersion: v1 kind: Service metadata: @@ -44,7 +43,7 @@ metadata: spec: clusterIP: None selector: - app: psql-wikijs + app: psql-wikijs ports: - name: psql protocol: TCP diff --git a/manifests/redirects.yaml b/manifests/redirects.yaml index abb7e8a..12cd28c 100644 --- a/manifests/redirects.yaml +++ b/manifests/redirects.yaml @@ -9,13 +9,12 @@ spec: secretName: wildcard-cert routes: - conditions: - - prefix: / + - prefix: / requestRedirectPolicy: hostname: docuseal.apps.thelab.ms path: /d/rzCA7aZaUrBfLH --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -27,13 +26,12 @@ spec: secretName: wildcard-cert routes: - conditions: - - prefix: / + - prefix: / requestRedirectPolicy: hostname: discord.gg path: /6zqaP8e5q4 --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -45,13 +43,12 @@ spec: secretName: wildcard-cert routes: - conditions: - - prefix: / + - prefix: / requestRedirectPolicy: hostname: wiki.apps.thelab.ms path: /en/join --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -63,13 +60,12 @@ spec: secretName: wildcard-cert routes: - conditions: - - prefix: / + - prefix: / requestRedirectPolicy: hostname: wiki.apps.thelab.ms path: /en/kb-migration --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -81,6 +77,6 @@ spec: secretName: wildcard-cert routes: - conditions: - - prefix: / + - prefix: / requestRedirectPolicy: hostname: wiki.apps.thelab.ms diff --git a/manifests/wikijs.yaml b/manifests/wikijs.yaml index 354c1d6..537a54a 100644 --- a/manifests/wikijs.yaml +++ b/manifests/wikijs.yaml @@ -15,35 +15,34 @@ spec: app: wikijs spec: containers: - - name: wikijs - image: wikijs - env: - - name: HA_ACTIVE - value: "true" - - name: DB_TYPE - value: "postgres" - - name: DB_USER - value: "postgres" - - name: DB_NAME - value: "postgres" - - name: DB_HOST - value: "psql-wikijs.default.svc.cluster.local" - - name: DB_PORT - value: "5432" - - name: DB_PASS - valueFrom: - secretKeyRef: - name: wikijs - key: password - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /healthz - port: 3000 + - name: wikijs + image: wikijs + env: + - name: HA_ACTIVE + value: "true" + - name: DB_TYPE + value: "postgres" + - name: DB_USER + value: "postgres" + - name: DB_NAME + value: "postgres" + - name: DB_HOST + value: "psql-wikijs.default.svc.cluster.local" + - name: DB_PORT + value: "5432" + - name: DB_PASS + valueFrom: + secretKeyRef: + name: wikijs + key: password + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /healthz + port: 3000 --- - apiVersion: v1 kind: Service metadata: @@ -51,7 +50,7 @@ metadata: spec: type: ClusterIP selector: - app: wikijs + app: wikijs ports: - name: http protocol: TCP @@ -59,7 +58,6 @@ spec: targetPort: 3000 --- - apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: @@ -76,7 +74,7 @@ spec: secretName: apps-wildcard-cert routes: - conditions: - - prefix: / + - prefix: / services: - name: wikijs port: 80 diff --git a/patches/contour-ds.yaml b/patches/contour-ds.yaml index 6b0d2ed..ce3a80e 100644 --- a/patches/contour-ds.yaml +++ b/patches/contour-ds.yaml @@ -7,10 +7,10 @@ spec: template: spec: tolerations: - - key: "specialPodsOnly" - value: "please" - operator: "Equal" - effect: "NoSchedule" + - key: "specialPodsOnly" + value: "please" + operator: "Equal" + effect: "NoSchedule" containers: - name: envoy ports: diff --git a/patches/contour-svc.yaml b/patches/contour-svc.yaml index 1b125c0..601c0ba 100644 --- a/patches/contour-svc.yaml +++ b/patches/contour-svc.yaml @@ -7,11 +7,11 @@ spec: $patch: replace type: ClusterIP ports: - - port: 80 - name: http - protocol: TCP - targetPort: 8080 - - port: 443 - name: https - protocol: TCP - targetPort: 8443 + - port: 80 + name: http + protocol: TCP + targetPort: 8080 + - port: 443 + name: https + protocol: TCP + targetPort: 8443 diff --git a/patches/oauth-sidecar.yaml b/patches/oauth-sidecar.yaml index f564a81..fcc96ad 100644 --- a/patches/oauth-sidecar.yaml +++ b/patches/oauth-sidecar.yaml @@ -6,43 +6,43 @@ spec: template: spec: containers: - - name: oauth2proxy - image: oauth2-proxy - volumeMounts: - - name: proxy-keycloak-creds - mountPath: /var/lib/keycloak - env: - - name: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON - value: "true" - - name: OAUTH2_PROXY_SILENCE_PING_LOGGING - value: "true" - - name: OAUTH2_PROXY_SCOPE - value: "openid email profile" - - name: OAUTH2_PROXY_HTTP_ADDRESS - value: ":8880" - - name: OAUTH2_PROXY_EMAIL_DOMAINS - value: "*" - - name: OAUTH2_PROXY_CLIENT_ID - value: "oauthproxy" - - name: OAUTH2_PROXY_PROVIDER - value: "keycloak-oidc" - - name: OAUTH2_PROXY_PASS_USER_HEADERS - value: "true" - - name: OAUTH2_PROXY_OIDC_ISSUER_URL - value: "https://keycloak.apps.thelab.ms/realms/master" - - name: OAUTH2_PROXY_CLIENT_SECRET_FILE - value: /var/lib/keycloak/client-secret - - name: OAUTH2_PROXY_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: oauth-cookie-secret - key: secret - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /ping - port: 8880 + - name: oauth2proxy + image: oauth2-proxy + volumeMounts: + - name: proxy-keycloak-creds + mountPath: /var/lib/keycloak + env: + - name: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON + value: "true" + - name: OAUTH2_PROXY_SILENCE_PING_LOGGING + value: "true" + - name: OAUTH2_PROXY_SCOPE + value: "openid email profile" + - name: OAUTH2_PROXY_HTTP_ADDRESS + value: ":8880" + - name: OAUTH2_PROXY_EMAIL_DOMAINS + value: "*" + - name: OAUTH2_PROXY_CLIENT_ID + value: "oauthproxy" + - name: OAUTH2_PROXY_PROVIDER + value: "keycloak-oidc" + - name: OAUTH2_PROXY_PASS_USER_HEADERS + value: "true" + - name: OAUTH2_PROXY_OIDC_ISSUER_URL + value: "https://keycloak.apps.thelab.ms/realms/master" + - name: OAUTH2_PROXY_CLIENT_SECRET_FILE + value: /var/lib/keycloak/client-secret + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: oauth-cookie-secret + key: secret + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 5 + httpGet: + path: /ping + port: 8880 volumes: - name: proxy-keycloak-creds