DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Automated upload for observability.buildth.ing

Browse source
This commit is contained in:
Automated pipeline 2026-03-04 09:55:46 +00:00 committed by Actions pipeline
parent f15b30d02c
commit 464a9eb22e
32 changed files with 890 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

36
otc/observability.buildth.ing/stacks/observability/grafana-operator/manifests/grafana.yaml
View file

@ -8,7 +8,7 @@ spec:
persistentVolumeClaim:
metadata:
annotations:
everest.io/disk-volume-type: SATA
everest.io/disk-volume-type: GPSSD
everest.io/crypt-key-id: c02a26f1-3c7e-486d-ba5a-266c321bb203
spec:
storageClassName: csi-disk
@ -17,6 +17,40 @@ spec:
resources:
requests:
storage: 10Gi
deployment:
spec:
template:
spec:
containers:
- name: grafana
env:
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: clientSecret
name: dex-grafana-client
config:
log.console:
level: debug
server:
root_url: "https://grafana.observability.buildth.ing"
auth:
disable_login: "true"
disable_login_form: "true"
auth.generic_oauth:
enabled: "true"
name: Forgejo
allow_sign_up: "true"
use_refresh_token: "true"
client_id: grafana
client_secret: $__env{OAUTH_CLIENT_SECRET}
scopes: openid email profile offline_access groups
auth_url: https://dex.observability.buildth.ing/auth
token_url: https://dex.observability.buildth.ing/token
api_url: https://dex.observability.buildth.ing/userinfo
redirect_uri: https://grafana.observability.buildth.ing/login/generic_oauth
role_attribute_path: "contains(groups[*], 'DevFW') && 'GrafanaAdmin' || 'None'"
allow_assign_grafana_admin: "true"
ingress:
metadata:
annotations:

11
otc/observability.buildth.ing/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml
View file

@ -27,3 +27,14 @@ spec:
annotations:
value: "{{ $value }}"
description: 'forgejo s3 backup job failed in cluster environment {{ $labels.cluster_environment }}'
- name: disk-consumption-high
rules:
- alert: disk consumption high
expr: 1-(kubelet_volume_stats_available_bytes / kubelet_volume_stats_capacity_bytes) > 0.6
for: 30s
labels:
severity: major
job: "{{ $labels.job }}"
annotations:
value: "{{ $value }}"
description: 'disk consumption of pvc {{ $labels.namespace }}/{{ $labels.persistentvolumeclaim }} is high in cluster environment {{ $labels.cluster_environment }}'

2
otc/observability.buildth.ing/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
View file

@ -9,7 +9,7 @@ spec:
storageMetadata:
annotations:
everest.io/crypt-key-id: c02a26f1-3c7e-486d-ba5a-266c321bb203
everest.io/disk-volume-type: SATA
everest.io/disk-volume-type: GPSSD
storage:
storageClassName: csi-disk
accessModes:

6
otc/observability.buildth.ing/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
View file

@ -5,11 +5,13 @@ metadata:
namespace: observability
spec:
username: simple-user
password: simple-password
passwordRef:
key: password
name: simple-user-secret
targetRefs:
- static:
url: http://vmsingle-o12y:8429
paths: ["/api/v1/write"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]
paths: ["/insert/elasticsearch/.*"]

63
otc/observability.buildth.ing/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -289,7 +289,7 @@ vmsingle:
storageMetadata:
annotations:
everest.io/crypt-key-id: c02a26f1-3c7e-486d-ba5a-266c321bb203
everest.io/disk-volume-type: SATA
everest.io/disk-volume-type: GPSSD
storage:
storageClassName: csi-disk
accessModes:
@ -301,7 +301,8 @@ vmsingle:
# -- Enable deployment of ingress for server component
enabled: false
# -- Ingress annotations
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# -- Ingress extra labels
@ -350,8 +351,9 @@ vmcluster:
spec:
resources:
requests:
storage: 10Gi
resources: {}
storage: 10Gi
resources:
{}
# limits:
# cpu: "1"
# memory: 1500Mi
@ -368,7 +370,8 @@ vmcluster:
resources:
requests:
storage: 2Gi
resources: {}
resources:
{}
# limits:
# cpu: "1"
# memory: "1000Mi"
@ -381,7 +384,8 @@ vmcluster:
port: "8480"
replicaCount: 2
extraArgs: {}
resources: {}
resources:
{}
# limits:
# cpu: "1"
# memory: 1000Mi
@ -474,7 +478,8 @@ vmcluster:
enabled: false
# -- Ingress annotations
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
@ -538,7 +543,7 @@ alertmanager:
config:
route:
receiver: "blackhole"
routes:
routes:
- matchers:
- severity=~"critical|major"
receiver: outlook
@ -546,15 +551,15 @@ alertmanager:
- name: blackhole
- name: outlook
email_configs:
- smarthost: "mail.mms-support.de:465"
auth_username: "ipcei-cis-devfw@mms-support.de"
auth_password:
- smarthost: 'mail.mms-support.de:465'
auth_username: 'ipcei-cis-devfw@mms-support.de'
auth_password:
name: email-user-credentials
key: connection-string
from: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
to: "f9f9953a.mg.telekom.de@de.teams.ms"
to: 'f9f9953a.mg.telekom.de@de.teams.ms'
headers:
subject: "Grafana Mail Alerts"
subject: 'Grafana Mail Alerts'
require_tls: false
# -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512)
@ -562,7 +567,8 @@ alertmanager:
enabled: true
# -- (object) Extra alert templates
templateFiles: {}
templateFiles:
{}
# template_1.tmpl: |-
# {{ define "hello" -}}
# hello, Victoria!
@ -576,7 +582,8 @@ alertmanager:
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
@ -619,7 +626,8 @@ vmalert:
externalLabels: {}
# -- (object) Extra VMAlert annotation templates
templateFiles: {}
templateFiles:
{}
# template_1.tmpl: |-
# {{ define "hello" -}}
# hello, Victoria!
@ -642,7 +650,8 @@ vmalert:
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
@ -681,9 +690,9 @@ vmauth:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
host: o12y.observability.buildth.ing
host: o12y.observability.
tlsHosts:
- o12y.observability.buildth.ing
- o12y.observability.
tlsSecretName: vmauth-tls-secret
unauthorizedUserAccessSpec: {}
selectAllByDefault: true
@ -694,7 +703,8 @@ vmagent:
# -- VMAgent annotations
annotations: {}
# -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec)
additionalRemoteWrites: []
additionalRemoteWrites:
[]
#- url: http://some-remote-write/api/v1/write
# -- (object) Full spec for VMAgent CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmagentspec)
spec:
@ -717,7 +727,8 @@ vmagent:
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
@ -781,7 +792,7 @@ defaultDatasources:
implementation: prometheus
# -- Configure additional grafana datasources (passed through tpl).
# Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details
extra:
extra:
- name: VictoriaLogs
access: proxy
type: victoriametrics-logs-datasource
@ -832,7 +843,7 @@ grafana:
# Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana:
# Note that Grafana will need internet access to install the datasource plugin.
plugins:
- victoriametrics-metrics-datasource
- victoriametrics-logs-datasource
@ -843,7 +854,8 @@ grafana:
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
@ -877,7 +889,7 @@ grafana:
matchLabels:
app.kubernetes.io/name: '{{ include "grafana.name" .Subcharts.grafana }}'
endpoints:
- port: "{{ .Values.grafana.service.portName }}"
- port: '{{ .Values.grafana.service.portName }}'
# -- prometheus-node-exporter dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/values.yaml)
prometheus-node-exporter:
@ -1215,3 +1227,4 @@ kubeProxy:
# -- Add extra objects dynamically to this chart
extraObjects: []