diff --git a/otc/benchmark.t09.de/edfbuilder.yaml b/otc/benchmark.t09.de/edfbuilder.yaml deleted file mode 100644 index 1d105ce..0000000 --- a/otc/benchmark.t09.de/edfbuilder.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: edfbuilder - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/registry" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/coder.yaml b/otc/benchmark.t09.de/registry/coder.yaml deleted file mode 100644 index 2c36d8d..0000000 --- a/otc/benchmark.t09.de/registry/coder.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: coder-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/coder" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/core.yaml b/otc/benchmark.t09.de/registry/core.yaml deleted file mode 100644 index 7a9b64c..0000000 --- a/otc/benchmark.t09.de/registry/core.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: core - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/core" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/docs.yaml b/otc/benchmark.t09.de/registry/docs.yaml deleted file mode 100644 index 9d88777..0000000 --- a/otc/benchmark.t09.de/registry/docs.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: docs-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: argocd-stack - repoURL: "https://edp.buildth.ing/DevFW-CICD/website-and-documentation" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/forgejo.yaml b/otc/benchmark.t09.de/registry/forgejo.yaml deleted file mode 100644 index 2442409..0000000 --- a/otc/benchmark.t09.de/registry/forgejo.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: forgejo - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/forgejo" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/garm.yaml b/otc/benchmark.t09.de/registry/garm.yaml deleted file mode 100644 index 1e44b8b..0000000 --- a/otc/benchmark.t09.de/registry/garm.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: garm-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/garm" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/observability-client.yaml b/otc/benchmark.t09.de/registry/observability-client.yaml deleted file mode 100644 index 1ca1b3e..0000000 --- a/otc/benchmark.t09.de/registry/observability-client.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: observability-client - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/observability-client" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/observability.yaml b/otc/benchmark.t09.de/registry/observability.yaml deleted file mode 100644 index e5473d3..0000000 --- a/otc/benchmark.t09.de/registry/observability.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: observability - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/observability" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/otc.yaml b/otc/benchmark.t09.de/registry/otc.yaml deleted file mode 100644 index dbba541..0000000 --- a/otc/benchmark.t09.de/registry/otc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: otc - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/otc" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/registry/terralist.yaml b/otc/benchmark.t09.de/registry/terralist.yaml deleted file mode 100644 index 3ef37d1..0000000 --- a/otc/benchmark.t09.de/registry/terralist.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: terralist-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/benchmark.t09.de/stacks/terralist" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver.yaml b/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver.yaml deleted file mode 100644 index aeb18c9..0000000 --- a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: sizer-receiver - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: ci-sizer - source: - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver" diff --git a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml b/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml deleted file mode 100644 index 7e9261b..0000000 --- a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sizer-receiver - labels: - app: sizer-receiver -spec: - strategy: - type: Recreate - replicas: 1 - selector: - matchLabels: - app: sizer-receiver - template: - metadata: - labels: - app: sizer-receiver - spec: - securityContext: - fsGroup: 65534 - containers: - - name: receiver - image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:latest - imagePullPolicy: Always - args: - - --db=/data/metrics.db - ports: - - name: http - containerPort: 8080 - protocol: TCP - env: - - name: RECEIVER_READ_TOKEN - valueFrom: - secretKeyRef: - name: sizer-tokens - key: read-token - - name: RECEIVER_HMAC_KEY - valueFrom: - secretKeyRef: - name: sizer-tokens - key: hmac-key - - name: GARM_URL - value: "http://garm.garm.svc.cluster.local:80" - - name: GARM_USER - value: "admin" - - name: GARM_PASSWORD - valueFrom: - secretKeyRef: - name: garm-fixed-credentials - key: admin_password - - name: RECEIVER_OIDC_ISSUER - value: "https://dex.benchmark.t09.de" - - name: RECEIVER_OIDC_CLIENT_ID - value: "ci-sizer" - - name: RECEIVER_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: sizer-oidc-client - key: client-secret - - name: RECEIVER_OIDC_REDIRECT_URI - value: "https://sizer.benchmark.t09.de/ui/callback" - - name: RECEIVER_SESSION_TTL - value: "12h" - - name: RECEIVER_ALLOWED_ORG - value: "DevFW-CICD" - - name: RECEIVER_CPU_SIZING_MODE - value: "observe" - - name: RECEIVER_MEMORY_QOS - value: "guaranteed" - volumeMounts: - - name: data - mountPath: /data - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 5 - periodSeconds: 30 - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 2 - periodSeconds: 10 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi - volumes: - - name: data - persistentVolumeClaim: - claimName: sizer-receiver-data ---- -apiVersion: v1 -kind: Service -metadata: - name: sizer-receiver - labels: - app: sizer-receiver -spec: - selector: - app: sizer-receiver - ports: - - name: http - port: 8080 - targetPort: http - protocol: TCP ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sizer-receiver-data - labels: - app: sizer-receiver - annotations: - everest.io/disk-volume-type: GPSSD -spec: - storageClassName: csi-disk - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml b/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml deleted file mode 100644 index 79d90f3..0000000 --- a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: main - - name: sizer-receiver - namespace: ci-sizer -spec: - ingressClassName: nginx - rules: - - host: sizer.benchmark.t09.de - http: - paths: - - backend: - service: - name: sizer-receiver - port: - number: 8080 - path: / - pathType: Prefix - - host: ci-sizer.benchmark.t09.de - http: - paths: - - backend: - service: - name: sizer-receiver - port: - number: 8080 - path: / - pathType: Prefix - tls: - - hosts: - - sizer.benchmark.t09.de - secretName: sizer-receiver-tls diff --git a/otc/benchmark.t09.de/stacks/coder/coder.yaml b/otc/benchmark.t09.de/stacks/coder/coder.yaml deleted file mode 100644 index f40d6a6..0000000 --- a/otc/benchmark.t09.de/stacks/coder/coder.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: coder - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: coder - sources: - - repoURL: https://helm.coder.com/v2 - chart: coder - targetRevision: 2.28.3 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/coder/coder/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/coder/coder/manifests" diff --git a/otc/benchmark.t09.de/stacks/coder/coder/manifests/postgres.yaml b/otc/benchmark.t09.de/stacks/coder/coder/manifests/postgres.yaml deleted file mode 100644 index cae4b97..0000000 --- a/otc/benchmark.t09.de/stacks/coder/coder/manifests/postgres.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: coder-db - namespace: coder -spec: - instances: 1 - primaryUpdateStrategy: unsupervised - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "1Gi" - cpu: "1" - managed: - roles: - - name: coder - createdb: true - login: true - passwordSecret: - name: coder-db-user - storage: - size: 10Gi - storageClass: csi-disk ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: coder - namespace: coder -spec: - cluster: - name: coder-db - name: coder - owner: coder ---- diff --git a/otc/benchmark.t09.de/stacks/coder/coder/values.yaml b/otc/benchmark.t09.de/stacks/coder/coder/values.yaml deleted file mode 100644 index eef7ac4..0000000 --- a/otc/benchmark.t09.de/stacks/coder/coder/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -coder: - # You can specify any environment variables you'd like to pass to Coder - # here. Coder consumes environment variables listed in - # `coder server --help`, and these environment variables are also passed - # to the workspace provisioner (so you can consume them in your Terraform - # templates for auth keys etc.). - # - # Please keep in mind that you should not set `CODER_HTTP_ADDRESS`, - # `CODER_TLS_ENABLE`, `CODER_TLS_CERT_FILE` or `CODER_TLS_KEY_FILE` as - # they are already set by the Helm chart and will cause conflicts. - env: - - name: CODER_ACCESS_URL - value: https://coder.benchmark.t09.de - - name: CODER_PG_CONNECTION_URL - valueFrom: - secretKeyRef: - # You'll need to create a secret called coder-db-url with your - # Postgres connection URL like: - # postgres://coder:password@postgres:5432/coder?sslmode=disable - name: coder-db-user - key: url - # For production deployments, we recommend configuring your own GitHub - # OAuth2 provider and disabling the default one. - - name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE - value: "false" - - name: EDGE_CONNECT_ENDPOINT - valueFrom: - secretKeyRef: - name: edge-credential - key: endpoint - - name: EDGE_CONNECT_USERNAME - valueFrom: - secretKeyRef: - name: edge-credential - key: username - - name: EDGE_CONNECT_PASSWORD - valueFrom: - secretKeyRef: - name: edge-credential - key: password - - # (Optional) For production deployments the access URL should be set. - # If you're just trying Coder, access the dashboard via the service IP. - # - name: CODER_ACCESS_URL - # value: "https://coder.example.com" - - #tls: - # secretNames: - # - my-tls-secret-name - service: - type: ClusterIP - - ingress: - enable: true - className: nginx - host: coder.benchmark.t09.de - annotations: - cert-manager.io/cluster-issuer: main - tls: - enable: true - secretName: coder-tls-secret diff --git a/otc/benchmark.t09.de/stacks/core/argocd.yaml b/otc/benchmark.t09.de/stacks/core/argocd.yaml deleted file mode 100644 index 33d9a7d..0000000 --- a/otc/benchmark.t09.de/stacks/core/argocd.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: argocd - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: argocd - sources: - - repoURL: https://github.com/argoproj/argo-helm.git - path: charts/argo-cd - # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged - # As logout make problems, it is suggested to switch from path based routing to an own argocd domain, - # similar to the CNOE amazon reference implementation and in our case, Forgejo - targetRevision: argo-cd-9.4.6 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/core/argocd/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/core/argocd/manifests" diff --git a/otc/benchmark.t09.de/stacks/core/argocd/manifests/argocd-server-ingress.yaml b/otc/benchmark.t09.de/stacks/core/argocd/manifests/argocd-server-ingress.yaml deleted file mode 100644 index 1c7f405..0000000 --- a/otc/benchmark.t09.de/stacks/core/argocd/manifests/argocd-server-ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: main - - name: argocd-server - namespace: argocd -spec: - ingressClassName: nginx - rules: - - host: argocd.benchmark.t09.de - http: - paths: - - backend: - service: - name: argocd-server - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - argocd.benchmark.t09.de - secretName: argocd-net-tls diff --git a/otc/benchmark.t09.de/stacks/core/argocd/values.yaml b/otc/benchmark.t09.de/stacks/core/argocd/values.yaml deleted file mode 100644 index a6521b0..0000000 --- a/otc/benchmark.t09.de/stacks/core/argocd/values.yaml +++ /dev/null @@ -1,42 +0,0 @@ -global: - domain: argocd.benchmark.t09.de - -configs: - params: - server.insecure: true - cm: - oidc.config: | - name: FORGEJO - issuer: https://dex.benchmark.t09.de - clientID: controller-argocd-dex - clientSecret: $dex-argo-client:clientSecret - requestedScopes: - - openid - - profile - - email - - groups - application.resourceTrackingMethod: annotation - timeout.reconciliation: 60s - resource.exclusions: | - - apiGroups: - - "*" - kinds: - - ProviderConfigUsage - - apiGroups: - - cilium.io - kinds: - - CiliumIdentity - clusters: - - "*" - url: https://argocd.benchmark.t09.de - rbac: - policy.csv: 'g, DevFW, role:admin' - - tls: - certificates: - -notifications: - enabled: false - -dex: - enabled: false diff --git a/otc/benchmark.t09.de/stacks/core/cloudnative-pg.yaml b/otc/benchmark.t09.de/stacks/core/cloudnative-pg.yaml deleted file mode 100644 index aae0345..0000000 --- a/otc/benchmark.t09.de/stacks/core/cloudnative-pg.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cloudnative-pg - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: cloudnative-pg - sources: - - repoURL: https://cloudnative-pg.github.io/charts - chart: cloudnative-pg - targetRevision: 0.26.1 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/core/cloudnative-pg/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/core/cloudnative-pg/values.yaml b/otc/benchmark.t09.de/stacks/core/cloudnative-pg/values.yaml deleted file mode 100644 index cfebbfc..0000000 --- a/otc/benchmark.t09.de/stacks/core/cloudnative-pg/values.yaml +++ /dev/null @@ -1 +0,0 @@ -# No need for values here. diff --git a/otc/benchmark.t09.de/stacks/core/dex.yaml b/otc/benchmark.t09.de/stacks/core/dex.yaml deleted file mode 100644 index bb58b24..0000000 --- a/otc/benchmark.t09.de/stacks/core/dex.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: dex - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: dex - sources: - - repoURL: https://charts.dexidp.io - chart: dex - targetRevision: 0.23.0 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/core/dex/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/core/dex/values.yaml b/otc/benchmark.t09.de/stacks/core/dex/values.yaml deleted file mode 100644 index 6da315e..0000000 --- a/otc/benchmark.t09.de/stacks/core/dex/values.yaml +++ /dev/null @@ -1,76 +0,0 @@ -ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: main - hosts: - - host: dex.benchmark.t09.de - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - dex.benchmark.t09.de - secretName: dex-cert - -envVars: - - name: FORGEJO_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: dex-forgejo-client - key: clientSecret - - name: FORGEJO_CLIENT_ID - valueFrom: - secretKeyRef: - name: dex-forgejo-client - key: clientID - - name: OIDC_DEX_GRAFANA_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: dex-grafana-client - key: clientSecret - - name: OIDC_DEX_ARGO_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: dex-argo-client - key: clientSecret - - name: LOG_LEVEL - value: debug - -config: - # Set it to a valid URL - issuer: https://dex.benchmark.t09.de - - # See https://dexidp.io/docs/storage/ for more options - storage: - type: memory - - oauth2: - skipApprovalScreen: true - alwaysShowLoginScreen: false - - connectors: - - type: gitea - id: gitea - name: Forgejo - config: - clientID: "$FORGEJO_CLIENT_ID" - clientSecret: "$FORGEJO_CLIENT_SECRET" - redirectURI: https://dex.benchmark.t09.de/callback - baseURL: https://edp.buildth.ing - # loadAllGroups: true - orgs: - - name: DevFW - enablePasswordDB: false - - staticClients: - - id: controller-argocd-dex - name: ArgoCD Client - redirectURIs: - - "https://argocd.benchmark.t09.de/auth/callback" - secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET" - - id: grafana - redirectURIs: - - "https://grafana.benchmark.t09.de/login/generic_oauth" - name: "Grafana" - secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET" diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner.yaml deleted file mode 100644 index 5889ae5..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: forgejo-runner - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - server: "https://kubernetes.default.svc" - source: - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/forgejo/forgejo-runner" diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml deleted file mode 100644 index fa1ab7e..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: forgejo-runner - name: forgejo-runner - namespace: gitea -spec: - # Two replicas means that if one is busy, the other can pick up jobs. - replicas: 3 - selector: - matchLabels: - app: forgejo-runner - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - app: forgejo-runner - spec: - restartPolicy: Always - volumes: - - name: docker-certs - emptyDir: {} - - name: runner-data - emptyDir: {} - # Initialise our configuration file using offline registration - # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration - initContainers: - - name: runner-register - image: code.forgejo.org/forgejo/runner:12.6.4 - command: - - "sh" - - "-c" - - | - forgejo-runner \ - register \ - --no-interactive \ - --token ${RUNNER_SECRET} \ - --name ${RUNNER_NAME} \ - --instance ${FORGEJO_INSTANCE_URL} \ - --labels docker:docker://node:24-bookworm,ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04,ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-24.04,ubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:act-24.04 - env: - - name: RUNNER_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: RUNNER_SECRET - valueFrom: - secretKeyRef: - name: forgejo-runner-token - key: token - - name: FORGEJO_INSTANCE_URL - value: https://benchmark.t09.de - volumeMounts: - - name: runner-data - mountPath: /data - containers: - - name: runner - image: code.forgejo.org/forgejo/runner:12.6.4 - command: - - "sh" - - "-c" - - | - while ! nc -z 127.0.0.1 2376 config.yml ; - sed -i -e "s|privileged: .*|privileged: true|" config.yml - sed -i -e "s|network: .*|network: host|" config.yml ; - sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://127.0.0.1:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; - sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; - sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; - /bin/forgejo-runner --config config.yml daemon - securityContext: - allowPrivilegeEscalation: true - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - env: - - name: DOCKER_HOST - value: tcp://localhost:2376 - - name: DOCKER_CERT_PATH - value: /certs/client - - name: DOCKER_TLS_VERIFY - value: "1" - volumeMounts: - - name: docker-certs - mountPath: /certs - - name: runner-data - mountPath: /data - - name: daemon - image: docker:28.0.4-dind - env: - - name: DOCKER_TLS_CERTDIR - value: /certs - securityContext: - privileged: true - volumeMounts: - - name: docker-certs - mountPath: /certs diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server.yaml deleted file mode 100644 index 17e91c5..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: forgejo-server - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: gitea - sources: - - repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git - path: . - targetRevision: v16.2.0 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests" \ No newline at end of file diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml deleted file mode 100644 index e850f89..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 5120m - cert-manager.io/cluster-issuer: main - - name: forgejo-server - namespace: gitea -spec: - ingressClassName: nginx - rules: - - host: benchmark.t09.de - http: - paths: - - backend: - service: - name: forgejo-server-http - port: - number: 3000 - path: / - pathType: Prefix - tls: - - hosts: - - benchmark.t09.de - secretName: forgejo-net-tls diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml deleted file mode 100644 index 18762aa..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: forgejo-s3-backup - namespace: gitea -spec: - schedule: "0 1 * * *" - concurrencyPolicy: "Forbid" - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - startingDeadlineSeconds: 600 # 10 minutes - jobTemplate: - spec: - # 60 min until backup - 10 min start - (backoffLimit * activeDeadlineSeconds) - some time sync buffer - activeDeadlineSeconds: 1350 - backoffLimit: 2 - ttlSecondsAfterFinished: 259200 # - template: - spec: - containers: - - name: rclone - image: rclone/rclone:1.70 - imagePullPolicy: IfNotPresent - env: - - name: SOURCE_BUCKET - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: bucket-name - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: access-key - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: secret-key - volumeMounts: - - name: rclone-config - mountPath: /config/rclone - readOnly: true - - name: backup-dir - mountPath: /backup - readOnly: false - command: - - /bin/sh - - -c - - | - rclone sync source:/${SOURCE_BUCKET} /backup -v --ignore-checksum - restartPolicy: OnFailure - volumes: - - name: rclone-config - secret: - secretName: forgejo-s3-backup - - name: backup-dir - persistentVolumeClaim: - claimName: s3-backup ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: s3-backup - namespace: gitea - annotations: - everest.io/disk-volume-type: GPSSD - everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3 -spec: - storageClassName: csi-disk - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Gi ---- -apiVersion: v1 -kind: Secret -metadata: - name: forgejo-s3-backup - namespace: gitea -type: Opaque -stringData: - rclone.conf: | - [source] - type = s3 - provider = HuaweiOBS - env_auth = true - endpoint = obs.eu-de.otc.t-systems.com - region = eu-de - acl = private diff --git a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml deleted file mode 100644 index 8a18a98..0000000 --- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml +++ /dev/null @@ -1,183 +0,0 @@ - -# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. -strategy: - type: Recreate - -redis-cluster: - enabled: false - -redis: - enabled: false - -postgresql: - enabled: false - -postgresql-ha: - enabled: false - -persistence: - enabled: true - size: 200Gi - storageClass: csi-disk - annotations: - everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3 - everest.io/disk-volume-type: GPSSD - -test: - enabled: false - -deployment: - env: - - name: SSL_CERT_DIR - value: /etc/ssl/forgejo - -extraVolumeMounts: - - mountPath: /etc/ssl/forgejo - name: custom-database-certs-volume - readOnly: true - -extraVolumes: - - name: custom-database-certs-volume - secret: - secretName: custom-database-certs - -gitea: - metrics: - enabled: true - serviceMonitor: - enabled: true - additionalConfigFromEnvs: - - name: FORGEJO__storage__MINIO_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: access-key - - name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: secret-key - - name: FORGEJO__queue__CONN_STR - valueFrom: - secretKeyRef: - name: redis-forgejo-cloud-credentials - key: connection-string - - name: FORGEJO__session__PROVIDER_CONFIG - valueFrom: - secretKeyRef: - name: redis-forgejo-cloud-credentials - key: connection-string - - name: FORGEJO__cache__HOST - valueFrom: - secretKeyRef: - name: redis-forgejo-cloud-credentials - key: connection-string - - name: FORGEJO__database__HOST - valueFrom: - secretKeyRef: - name: postgres-forgejo-cloud-credentials - key: host_port - - name: FORGEJO__database__NAME - valueFrom: - secretKeyRef: - name: postgres-forgejo-cloud-credentials - key: database - - name: FORGEJO__database__USER - valueFrom: - secretKeyRef: - name: postgres-forgejo-cloud-credentials - key: username - - name: FORGEJO__database__PASSWD - valueFrom: - secretKeyRef: - name: postgres-forgejo-cloud-credentials - key: password - # Either 'elasticsearch' or 'bleve' (go in memory search engine) - - name: FORGEJO__indexer__ISSUE_INDEXER_TYPE - valueFrom: - secretKeyRef: - name: elasticsearch-cloud-credentials - key: type - - name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR - valueFrom: - secretKeyRef: - name: elasticsearch-cloud-credentials - key: connection-string - - name: FORGEJO__indexer__ISSUE_INDEXER_ENABLED - valueFrom: - secretKeyRef: - name: elasticsearch-cloud-credentials - key: enabled - - name: FORGEJO__mailer__PASSWD - valueFrom: - secretKeyRef: - name: email-user-credentials - key: connection-string - - admin: - existingSecret: gitea-credential - - config: - APP_NAME: 'EDP' - APP_SLOGAN: 'Build your thing in minutes' - storage: - MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443 - STORAGE_TYPE: minio - MINIO_LOCATION: eu-de - MINIO_BUCKET: "edp-forgejo-non-prod-benchmark" - MINIO_USE_SSL: true - - queue: - TYPE: redis - - session: - PROVIDER: redis - - cache: - ENABLED: true - ADAPTER: redis - - security: - GLOBAL_TWO_FACTOR_REQUIREMENT: admin - - service: - DISABLE_REGISTRATION: true - ENABLE_NOTIFY_MAIL: true - - other: - SHOW_FOOTER_VERSION: false - SHOW_FOOTER_TEMPLATE_LOAD_TIME: false - - database: - DB_TYPE: postgres - SSL_MODE: verify-ca - - server: - DOMAIN: 'benchmark.t09.de' - ROOT_URL: 'https://benchmark.t09.de:443' - - mailer: - ENABLED: true - USER: ipcei-cis-devfw@mms-support.de - PROTOCOL: smtps - FROM: '"IPCEI CIS DevFW" ' - SMTP_ADDR: mail.mms-support.de - SMTP_PORT: 465 - -service: - ssh: - type: LoadBalancer - nodePort: 32222 - externalTrafficPolicy: Cluster - annotations: - kubernetes.io/elb.id: 5ee936a2-6308-4924-9fdf-0256cbdf3baa - -image: - pullPolicy: "IfNotPresent" - # Overrides the image tag whose default is the chart appVersion. - #tag: "8.0.3" - # Adds -rootless suffix to image name - # rootless: true - fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless - -forgejo: {} diff --git a/otc/benchmark.t09.de/stacks/garm/garm.yaml b/otc/benchmark.t09.de/stacks/garm/garm.yaml deleted file mode 100644 index fee3847..0000000 --- a/otc/benchmark.t09.de/stacks/garm/garm.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: garm - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: garm - sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm - path: charts/garm - targetRevision: v0.0.15 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/garm/garm/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/garm/garm/values.yaml b/otc/benchmark.t09.de/stacks/garm/garm/values.yaml deleted file mode 100644 index 3143f5d..0000000 --- a/otc/benchmark.t09.de/stacks/garm/garm/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: main - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - hosts: - - host: garm.benchmark.t09.de - paths: - - path: / - pathType: Prefix - tls: - - secretName: garm-net-tls - hosts: - - garm.benchmark.t09.de - -# Credentials and Secrets -credentials: - edgeConnect: - existingSecretName: "edge-credential" - gitea: - url: "https://benchmark.t09.de" # Required - db: - existingSecretName: garm-fixed-credentials - -image: - repository: edp.buildth.ing/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-22 - -providerConfig: - edgeConnect: - organization: edp2 - region: EU - edgeConnectUrl: "https://hub.apps.edge.platform.mg3.mdb.osc.live" - cloudlet: - name: Hamburg - organization: TelekomOP - edgeConnectK8s: - sizer: - sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:0.0.4 - -garm: - logging: - logLevel: info diff --git a/otc/benchmark.t09.de/stacks/observability-client/metrics-server.yaml b/otc/benchmark.t09.de/stacks/observability-client/metrics-server.yaml deleted file mode 100644 index 454a0b7..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/metrics-server.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: metrics-server - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: observability - sources: - - chart: metrics-server - repoURL: https://kubernetes-sigs.github.io/metrics-server/ - targetRevision: 3.12.2 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/observability-client/metrics-server/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/observability-client/metrics-server/values.yaml b/otc/benchmark.t09.de/stacks/observability-client/metrics-server/values.yaml deleted file mode 100644 index e96ba41..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/metrics-server/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -metrics: - enabled: true -serviceMonitor: - enabled: true diff --git a/otc/benchmark.t09.de/stacks/observability-client/vector.yaml b/otc/benchmark.t09.de/stacks/observability-client/vector.yaml deleted file mode 100644 index a56dbe8..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/vector.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vector - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: observability - sources: - - chart: vector - repoURL: https://helm.vector.dev - targetRevision: 0.43.0 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/observability-client/vector/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/observability-client/vector/values.yaml b/otc/benchmark.t09.de/stacks/observability-client/vector/values.yaml deleted file mode 100644 index 3fb5e53..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/vector/values.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -- Enable deployment of vector -role: Agent -dataDir: /vector-data-dir -resources: {} -args: - - -w - - --config-dir - - /etc/vector/ -env: - - name: VECTOR_USER - valueFrom: - secretKeyRef: - name: simple-user-secret - key: username - - name: VECTOR_PASSWORD - valueFrom: - secretKeyRef: - name: simple-user-secret - key: password -containerPorts: - - name: prom-exporter - containerPort: 9090 - protocol: TCP -service: - enabled: false -customConfig: - data_dir: /vector-data-dir - api: - enabled: false - address: 0.0.0.0:8686 - playground: true - sources: - k8s: - type: kubernetes_logs - internal_metrics: - type: internal_metrics - transforms: - parser: - type: remap - inputs: [k8s] - source: | - ._msg = parse_json(.message) ?? .message - del(.message) - # Add the cluster environment to the log event - .cluster_environment = "benchmark" - sinks: - vlogs: - type: elasticsearch - inputs: [parser] - endpoints: - - https://o12y.observability./insert/elasticsearch/ - auth: - strategy: basic - user: ${VECTOR_USER} - password: ${VECTOR_PASSWORD} - mode: bulk - api_version: v8 - compression: gzip - healthcheck: - enabled: false - request: - headers: - AccountID: "0" - ProjectID: "0" - query: - _msg_field: _msg - _time_field: _time - _stream_fields: cluster_environment,kubernetes.container_name,kubernetes.namespace \ No newline at end of file diff --git a/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack.yaml b/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack.yaml deleted file mode 100644 index bcc2fbc..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vm-client - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - destination: - name: in-cluster - namespace: observability - sources: - - chart: victoria-metrics-k8s-stack - repoURL: https://victoriametrics.github.io/helm-charts/ - targetRevision: 0.48.1 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/observability-client/vm-client-stack/manifests" diff --git a/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack/values.yaml b/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack/values.yaml deleted file mode 100644 index dde927b..0000000 --- a/otc/benchmark.t09.de/stacks/observability-client/vm-client-stack/values.yaml +++ /dev/null @@ -1,1288 +0,0 @@ -global: - # -- Cluster label to use for dashboards and rules - clusterLabel: cluster - # -- Global license configuration - license: - key: "" - keyRef: {} - # name: secret-license - # key: license - cluster: - # -- K8s cluster domain suffix, uses for building storage pods' FQDN. Details are [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/) - dnsDomain: cluster.local. - -# -- Override chart name -nameOverride: "" -# -- Resource full name override -fullnameOverride: "" -# -- Tenant to use for Grafana datasources and remote write -tenant: "0" -# -- If this chart is used in "Argocd" with "releaseName" field then -# VMServiceScrapes couldn't select the proper services. -# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME' -argocdReleaseOverride: "" - -# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour -victoria-metrics-operator: - enabled: true - crds: - plain: true - cleanup: - enabled: true - image: - repository: bitnami/kubectl - pullPolicy: IfNotPresent - serviceMonitor: - enabled: true - operator: - # -- By default, operator converts prometheus-operator objects. - disable_prometheus_converter: false - # group pinguin added the admissionWebhooks value according to https://docs.victoriametrics.com/helm/victoriametrics-k8s-stack/#argocd-issues - admissionWebhooks: - certManager: - enabled: true - -defaultDashboards: - # -- Enable custom dashboards installation - enabled: false - defaultTimezone: utc - labels: {} - annotations: {} - grafanaOperator: - # -- Create dashboards as CRDs (requires grafana-operator to be installed) - enabled: false - spec: - instanceSelector: - matchLabels: - dashboards: grafana - allowCrossNamespaceImport: false - # -- Create dashboards as ConfigMap despite dependency it requires is not installed - dashboards: - victoriametrics-vmalert: - enabled: true - victoriametrics-operator: - enabled: true - # -- In ArgoCD using client-side apply this dashboard reaches annotations size limit and causes k8s issues without server side apply - # See [this issue](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack#metadataannotations-too-long-must-have-at-most-262144-bytes-on-dashboards) - node-exporter-full: - enabled: true - -# -- Create default rules for monitoring the cluster -defaultRules: - # -- Labels, which are used for grouping results of the queries. Note that these labels are joined with `.Values.global.clusterLabel` - additionalGroupByLabels: [] - create: true - - # -- Common properties for VMRule groups - group: - spec: - # -- Optional HTTP URL parameters added to each rule request - params: {} - - # -- Common properties for all VMRules - rule: - spec: - # -- Additional labels for all VMRules - labels: {} - # -- Additional annotations for all VMRules - annotations: {} - - # -- Common properties for VMRules alerts - alerting: - spec: - # -- Additional labels for VMRule alerts - labels: {} - # -- Additional annotations for VMRule alerts - annotations: {} - - # -- Common properties for VMRules recording rules - recording: - spec: - # -- Additional labels for VMRule recording rules - labels: {} - # -- Additional annotations for VMRule recording rules - annotations: {} - - # -- Per rule properties - rules: {} - # CPUThrottlingHigh: - # create: true - # spec: - # for: 15m - # labels: - # severity: critical - # -- Rule group properties - groups: - etcd: - create: true - # -- Common properties for all rules in a group - rules: {} - # spec: - # annotations: - # dashboard: https://example.com/dashboard/1 - general: - create: true - rules: {} - k8sContainerCpuLimits: - create: true - rules: {} - k8sContainerCpuRequests: - create: true - rules: {} - k8sContainerCpuUsageSecondsTotal: - create: true - rules: {} - k8sContainerMemoryLimits: - create: true - rules: {} - k8sContainerMemoryRequests: - create: true - rules: {} - k8sContainerMemoryRss: - create: true - rules: {} - k8sContainerMemoryCache: - create: true - rules: {} - k8sContainerMemoryWorkingSetBytes: - create: true - rules: {} - k8sContainerMemorySwap: - create: true - rules: {} - k8sPodOwner: - create: true - rules: {} - k8sContainerResource: - create: true - rules: {} - kubeApiserver: - create: true - rules: {} - kubeApiserverAvailability: - create: true - rules: {} - kubeApiserverBurnrate: - create: true - rules: {} - kubeApiserverHistogram: - create: true - rules: {} - kubeApiserverSlos: - create: true - rules: {} - kubelet: - create: true - rules: {} - kubePrometheusGeneral: - create: true - rules: {} - kubePrometheusNodeRecording: - create: true - rules: {} - kubernetesApps: - create: true - rules: {} - targetNamespace: ".*" - kubernetesResources: - create: true - rules: {} - kubernetesStorage: - create: true - rules: {} - targetNamespace: ".*" - kubernetesSystem: - create: true - rules: {} - kubernetesSystemKubelet: - create: true - rules: {} - kubernetesSystemApiserver: - create: true - rules: {} - kubernetesSystemControllerManager: - create: true - rules: {} - kubeScheduler: - create: true - rules: {} - kubernetesSystemScheduler: - create: true - rules: {} - kubeStateMetrics: - create: true - rules: {} - nodeNetwork: - create: true - rules: {} - node: - create: true - rules: {} - vmagent: - create: true - rules: {} - vmsingle: - create: true - rules: {} - vmcluster: - create: true - rules: {} - vmHealth: - create: true - rules: {} - vmoperator: - create: true - rules: {} - alertmanager: - create: true - rules: {} - - # -- Runbook url prefix for default rules - runbookUrl: https://runbooks.prometheus-operator.dev/runbooks - - # -- Labels for default rules - labels: {} - # -- Annotations for default rules - annotations: {} - -# -- Provide custom recording or alerting rules to be deployed into the cluster. -additionalVictoriaMetricsMap: -# rule-name: -# groups: -# - name: my_group -# rules: -# - record: my_record -# expr: 100 * my_record - -external: - grafana: - # -- External Grafana host - host: "" - # -- External Grafana datasource name - datasource: VictoriaMetrics - # -- External VM read and write URLs - vm: - read: - url: "" - # bearerTokenSecret: - # name: dbaas-read-access-token - # key: bearerToken - write: - url: "" - # bearerTokenSecret: - # name: dbaas-read-access-token - # key: bearerToken - -# Configures vmsingle params -vmsingle: - # -- VMSingle annotations - annotations: {} - # -- Create VMSingle CR - enabled: false - # -- Full spec for VMSingle CRD. Allowed values describe [here](https://docs.victoriametrics.com/operator/api#vmsinglespec) - spec: - port: "8429" - # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) - retentionPeriod: "1" - replicaCount: 1 - extraArgs: {} - storage: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - ingress: - # -- Enable deployment of ingress for server component - enabled: false - # -- Ingress annotations - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # -- Ingress extra labels - labels: {} - # -- Ingress default path - path: "" - # -- Ingress path type - pathType: Prefix - # -- Ingress controller class name - ingressClassName: "" - - # -- Array of host objects - hosts: [] - # - vmsingle.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmsingle-ingress-tls - # hosts: - # - vmsingle.domain.com - -vmcluster: - # -- Create VMCluster CR - enabled: false - # -- VMCluster annotations - annotations: {} - # -- Full spec for VMCluster CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmclusterspec) - spec: - # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) - retentionPeriod: "1" - replicationFactor: 2 - vmstorage: - replicaCount: 2 - storageDataPath: /vm-data - storage: - volumeClaimTemplate: - spec: - resources: - requests: - storage: 10Gi - resources: - {} - # limits: - # cpu: "1" - # memory: 1500Mi - vmselect: - # -- Set this value to false to disable VMSelect - enabled: true - port: "8481" - replicaCount: 2 - cacheMountPath: /select-cache - extraArgs: {} - storage: - volumeClaimTemplate: - spec: - resources: - requests: - storage: 2Gi - resources: - {} - # limits: - # cpu: "1" - # memory: "1000Mi" - # requests: - # cpu: "0.5" - # memory: "500Mi" - vminsert: - # -- Set this value to false to disable VMInsert - enabled: true - port: "8480" - replicaCount: 2 - extraArgs: {} - resources: - {} - # limits: - # cpu: "1" - # memory: 1000Mi - # requests: - # cpu: "0.5" - # memory: "500Mi" - - ingress: - storage: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: "" - - # -- Array of host objects - hosts: [] - # - vmstorage.domain.com - - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmstorage-ingress-tls - # hosts: - # - vmstorage.domain.com - select: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vmselect }}' - - # -- Array of host objects - hosts: [] - # - vmselect.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmselect-ingress-tls - # hosts: - # - vmselect.domain.com - insert: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vminsert }}' - - # -- Array of host objects - hosts: [] - # - vminsert.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vminsert-ingress-tls - # hosts: - # - vminsert.domain.com - -alertmanager: - # -- Create VMAlertmanager CR - enabled: false - # -- Alertmanager annotations - annotations: {} - # -- (object) Full spec for VMAlertmanager CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertmanagerspec) - spec: - replicaCount: 1 - port: "9093" - selectAllByDefault: true - image: - tag: v0.28.1 - externalURL: "" - routePrefix: / - - # -- (string) If this one defined, it will be used for alertmanager configuration and config parameter will be ignored - configSecret: "" - # -- - # @raw - # enable storing .Values.alertmanager.config in VMAlertmanagerConfig instead of k8s Secret. - # Note: VMAlertmanagerConfig and plain Alertmanager config structures are not equal. - # If you're migrating existing config, please make sure that `.Values.alertmanager.config`: - # - with `useManagedConfig: false` has structure described [here](https://prometheus.io/docs/alerting/latest/configuration/). - # - with `useManagedConfig: true` has structure described [here](https://docs.victoriametrics.com/operator/api/#vmalertmanagerconfig). - useManagedConfig: false - # -- (object) Alertmanager configuration - config: - route: - receiver: "blackhole" - # group_by: ["alertgroup", "job"] - # group_wait: 30s - # group_interval: 5m - # repeat_interval: 12h - # routes: - # - # # Duplicate code_owner routes to teams - # # These will send alerts to team channels but continue - # # processing through the rest of the tree to handled by on-call - # - matchers: - # - code_owner_channel!="" - # - severity=~"info|warning|critical" - # group_by: ["code_owner_channel", "alertgroup", "job"] - # receiver: slack-code-owners - # - # # Standard on-call routes - # - matchers: - # - severity=~"info|warning|critical" - # receiver: slack-monitoring - # continue: true - # - # inhibit_rules: - # - target_matchers: - # - severity=~"warning|info" - # source_matchers: - # - severity=critical - # equal: - # - cluster - # - namespace - # - alertname - # - target_matchers: - # - severity=info - # source_matchers: - # - severity=warning - # equal: - # - cluster - # - namespace - # - alertname - # - target_matchers: - # - severity=info - # source_matchers: - # - alertname=InfoInhibitor - # equal: - # - cluster - # - namespace - - receivers: - - name: blackhole - # - name: "slack-monitoring" - # slack_configs: - # - channel: "#channel" - # send_resolved: true - # title: '{{ template "slack.monzo.title" . }}' - # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' - # color: '{{ template "slack.monzo.color" . }}' - # text: '{{ template "slack.monzo.text" . }}' - # actions: - # - type: button - # text: "Runbook :green_book:" - # url: "{{ (index .Alerts 0).Annotations.runbook_url }}" - # - type: button - # text: "Query :mag:" - # url: "{{ (index .Alerts 0).GeneratorURL }}" - # - type: button - # text: "Dashboard :grafana:" - # url: "{{ (index .Alerts 0).Annotations.dashboard }}" - # - type: button - # text: "Silence :no_bell:" - # url: '{{ template "__alert_silence_link" . }}' - # - type: button - # text: '{{ template "slack.monzo.link_button_text" . }}' - # url: "{{ .CommonAnnotations.link_url }}" - # - name: slack-code-owners - # slack_configs: - # - channel: "#{{ .CommonLabels.code_owner_channel }}" - # send_resolved: true - # title: '{{ template "slack.monzo.title" . }}' - # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' - # color: '{{ template "slack.monzo.color" . }}' - # text: '{{ template "slack.monzo.text" . }}' - # actions: - # - type: button - # text: "Runbook :green_book:" - # url: "{{ (index .Alerts 0).Annotations.runbook }}" - # - type: button - # text: "Query :mag:" - # url: "{{ (index .Alerts 0).GeneratorURL }}" - # - type: button - # text: "Dashboard :grafana:" - # url: "{{ (index .Alerts 0).Annotations.dashboard }}" - # - type: button - # text: "Silence :no_bell:" - # url: '{{ template "__alert_silence_link" . }}' - # - type: button - # text: '{{ template "slack.monzo.link_button_text" . }}' - # url: "{{ .CommonAnnotations.link_url }}" - # - # -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512) - monzoTemplate: - enabled: true - - # -- (object) Extra alert templates - templateFiles: - {} - # template_1.tmpl: |- - # {{ define "hello" -}} - # hello, Victoria! - # {{- end }} - # template_2.tmpl: "" - - # -- (object) Alertmanager ingress configuration - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: '{{ .Values.alertmanager.spec.routePrefix | default "/" }}' - pathType: Prefix - - hosts: - - alertmanager.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: alertmanager-ingress-tls - # hosts: - # - alertmanager.domain.com - -vmalert: - # -- VMAlert annotations - annotations: {} - # -- Create VMAlert CR - enabled: false - - # -- Controls whether VMAlert should use VMAgent or VMInsert as a target for remotewrite - remoteWriteVMAgent: false - # -- (object) Full spec for VMAlert CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertspec) - spec: - port: "8080" - selectAllByDefault: true - evaluationInterval: 20s - extraArgs: - http.pathPrefix: "/" - - # External labels to add to all generated recording rules and alerts - externalLabels: {} - - # -- (object) Extra VMAlert annotation templates - templateFiles: - {} - # template_1.tmpl: |- - # {{ define "hello" -}} - # hello, Victoria! - # {{- end }} - # template_2.tmpl: "" - - # -- Allows to configure static notifiers, discover notifiers via Consul and DNS, - # see specification [here](https://docs.victoriametrics.com/vmalert/#notifier-configuration-file). - # This configuration will be created as separate secret and mounted to VMAlert pod. - additionalNotifierConfigs: {} - # dns_sd_configs: - # - names: - # - my.domain.com - # type: 'A' - # port: 9093 - # -- (object) VMAlert ingress config - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "" - pathType: Prefix - - hosts: - - vmalert.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: vmalert-ingress-tls - # hosts: - # - vmalert.domain.com - -vmauth: - # -- Enable VMAuth CR - enabled: false - # -- VMAuth annotations - annotations: {} - # -- (object) Full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec) - # It's possible to use given below predefined variables in spec: - # * `{{ .vm.read }}` - parsed vmselect, vmsingle or external.vm.read URL - # * `{{ .vm.write }}` - parsed vminsert, vmsingle or external.vm.write URL - spec: - port: "8427" - ingress: - class_name: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: main - host: o12y.benchmark.t09.de - tlsHosts: - - o12y.benchmark.t09.de - tlsSecretName: vmauth-tls-secret - unauthorizedUserAccessSpec: {} - selectAllByDefault: true - -vmagent: - # -- Create VMAgent CR - enabled: true - # -- VMAgent annotations - annotations: {} - # -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec) - additionalRemoteWrites: - # [] - - url: https://o12y.observability./api/v1/write - basicAuth: - username: - name: simple-user-secret - key: username - password: - name: simple-user-secret - key: password - # -- (object) Full spec for VMAgent CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmagentspec) - spec: - port: "8429" - selectAllByDefault: true - scrapeInterval: 20s - externalLabels: - cluster_environment: "benchmark" - # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. - # For example: - # cluster: cluster-name - extraArgs: - promscrape.streamParse: "true" - # Do not store original labels in vmagent's memory by default. This reduces the amount of memory used by vmagent - # but makes vmagent debugging UI less informative. See: https://docs.victoriametrics.com/vmagent/#relabel-debug - promscrape.dropOriginalLabels: "true" - # -- (object) VMAgent ingress configuration - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "" - pathType: Prefix - - hosts: - - vmagent.domain.com - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: vmagent-ingress-tls - # hosts: - # - vmagent.domain.com - -defaultDatasources: - grafanaOperator: - # -- Create datasources as CRDs (requires grafana-operator to be installed) - enabled: false - annotations: {} - spec: - instanceSelector: - matchLabels: - dashboards: grafana - allowCrossNamespaceImport: false - victoriametrics: - # -- Create per replica prometheus compatible datasource - perReplica: false - # -- List of prometheus compatible datasource configurations. - # VM `url` will be added to each of them in templates. - datasources: - - name: VictoriaMetrics - type: prometheus - access: proxy - isDefault: true - - name: VictoriaMetrics (DS) - isDefault: false - access: proxy - type: victoriametrics-metrics-datasource - version: "0.15.1" - # -- List of alertmanager datasources. - # Alertmanager generated `url` will be added to each datasource in template if alertmanager is enabled - alertmanager: - # -- Create per replica alertmanager compatible datasource - perReplica: false - datasources: - - name: Alertmanager - access: proxy - jsonData: - implementation: prometheus - # -- Configure additional grafana datasources (passed through tpl). - # Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details - extra: - - name: victoria-logs - access: proxy - type: VictoriaLogs - url: http://vlogs-victorialogs:9428 - version: 1 - -# -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) -grafana: - enabled: false - # all values for grafana helm chart can be specified here - persistence: - enabled: true - type: pvc - storageClassName: "default" - sidecar: - datasources: - enabled: true - initDatasources: true - label: grafana_datasource - dashboards: - provider: - name: default - orgid: 1 - folder: /var/lib/grafana/dashboards - defaultFolderName: default - enabled: true - multicluster: false - - # -- Create datasource configmap even if grafana deployment has been disabled - forceDeployDatasource: false - - # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana: - # Note that Grafana will need internet access to install the datasource plugin. - # - # plugins: - # - victoriametrics-metrics-datasource - - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - pathType: Prefix - - hosts: - - grafana.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: grafana-ingress-tls - # hosts: - # - grafana.domain.com - - # -- Grafana VM scrape config - vmScrape: - # whether we should create a service scrape resource for grafana - enabled: true - - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Grafana - spec: - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "grafana.name" .Subcharts.grafana }}' - endpoints: - - port: '{{ .Values.grafana.service.portName }}' - -# -- prometheus-node-exporter dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/values.yaml) -prometheus-node-exporter: - enabled: true - - # all values for prometheus-node-exporter helm chart can be specified here - service: - # Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards - # - labels: - jobLabel: node-exporter - extraArgs: - - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|erofs|sysfs|tracefs)$ - # -- Node Exporter VM scrape config - vmScrape: - # whether we should create a service scrape resource for node-exporter - enabled: true - - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Node Exporter - spec: - jobLabel: jobLabel - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "prometheus-node-exporter.name" (index .Subcharts "prometheus-node-exporter") }}' - endpoints: - - port: metrics - metricRelabelConfigs: - - action: drop - source_labels: [mountpoint] - regex: "/var/lib/kubelet/pods.+" -# -- kube-state-metrics dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics/values.yaml) -kube-state-metrics: - enabled: true - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Kube State Metrics - vmScrape: - enabled: true - spec: - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "kube-state-metrics.name" (index .Subcharts "kube-state-metrics") }}' - app.kubernetes.io/instance: '{{ include "vm.release" . }}' - endpoints: - - port: http - honorLabels: true - metricRelabelConfigs: - - action: labeldrop - regex: (uid|container_id|image_id) - jobLabel: app.kubernetes.io/name - -# -- Component scraping the kubelets -kubelet: - enabled: true - vmScrapes: - # -- Enable scraping /metrics/cadvisor from kubelet's service - cadvisor: - enabled: true - spec: - path: /metrics/cadvisor - # -- Enable scraping /metrics/probes from kubelet's service - probes: - enabled: true - spec: - path: /metrics/probes - # -- Enabled scraping /metrics/resource from kubelet's service - resources: - enabled: true - spec: - path: /metrics/resource - kubelet: - spec: {} - # -- Spec for VMNodeScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmnodescrapespec) - vmScrape: - kind: VMNodeScrape - spec: - scheme: "https" - honorLabels: true - interval: "30s" - scrapeTimeout: "5s" - tlsConfig: - insecureSkipVerify: true - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # drop high cardinality label and useless metrics for cadvisor and kubelet - metricRelabelConfigs: - - action: labeldrop - regex: (uid) - - action: labeldrop - regex: (id|name) - - action: drop - source_labels: [__name__] - regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count) - relabelConfigs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - targetLabel: job - replacement: kubelet - # ignore timestamps of cadvisor's metrics by default - # more info here https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4697#issuecomment-1656540535 - honorTimestamps: false -# Component scraping the kube api server -kubeApiServer: - # -- Enable Kube Api Server metrics scraping - enabled: true - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: https - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - jobLabel: component - namespaceSelector: - matchNames: - - default - selector: - matchLabels: - component: apiserver - provider: kubernetes - -# Component scraping the kube controller manager -kubeControllerManager: - # -- Enable kube controller manager metrics scraping - enabled: true - - # -- If your kube controller manager is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # If using kubeControllerManager.endpoints only the port and targetPort are used - service: - # -- Create service for kube controller manager metrics scraping - enabled: true - # -- Kube controller manager service port - port: 10257 - # -- Kube controller manager service target port - targetPort: 10257 - # -- Kube controller manager service pod selector - selector: - component: kube-controller-manager - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: - - kube-system - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - -# Component scraping kubeDns. Use either this or coreDns -kubeDns: - # -- Enabled KubeDNS metrics scraping - enabled: false - service: - # -- Create Service for KubeDNS metrics - enabled: false - # -- KubeDNS service ports - ports: - dnsmasq: - port: 10054 - targetPort: 10054 - skydns: - port: 10055 - targetPort: 10055 - # -- KubeDNS service pods selector - selector: - k8s-app: kube-dns - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - port: http-metrics-dnsmasq - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - - port: http-metrics-skydns - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - -# Component scraping coreDns. Use either this or kubeDns -coreDns: - # -- Enabled CoreDNS metrics scraping - enabled: true - service: - # -- Create service for CoreDNS metrics - enabled: true - # -- CoreDNS service port - port: 9153 - # -- CoreDNS service target port - targetPort: 9153 - # -- CoreDNS service pod selector - selector: - k8s-app: kube-dns - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - port: http-metrics - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - -# Component scraping etcd -kubeEtcd: - # -- Enabled KubeETCD metrics scraping - enabled: true - - # -- If your etcd is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used - service: - # -- Enable service for ETCD metrics scraping - enabled: true - # -- ETCD service port - port: 2379 - # -- ETCD service target port - targetPort: 2379 - # -- ETCD service pods selector - selector: - component: etcd - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# Component scraping kube scheduler -kubeScheduler: - # -- Enable KubeScheduler metrics scraping - enabled: true - - # -- If your kube scheduler is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # If using kubeScheduler.endpoints only the port and targetPort are used - service: - # -- Enable service for KubeScheduler metrics scrape - enabled: true - # -- KubeScheduler service port - port: 10259 - # -- KubeScheduler service target port - targetPort: 10259 - # -- KubeScheduler service pod selector - selector: - component: kube-scheduler - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# Component scraping kube proxy -kubeProxy: - # -- Enable kube proxy metrics scraping - enabled: false - - # -- If your kube proxy is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - service: - # -- Enable service for kube proxy metrics scraping - enabled: true - # -- Kube proxy service port - port: 10249 - # -- Kube proxy service target port - targetPort: 10249 - # -- Kube proxy service pod selector - selector: - k8s-app: kube-proxy - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# -- Add extra objects dynamically to this chart -extraObjects: [] - diff --git a/otc/benchmark.t09.de/stacks/observability/grafana-operator.yaml b/otc/benchmark.t09.de/stacks/observability/grafana-operator.yaml deleted file mode 100644 index 6c208d5..0000000 --- a/otc/benchmark.t09.de/stacks/observability/grafana-operator.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: grafana-operator - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true - destination: - name: in-cluster - namespace: observability - sources: - - chart: grafana-operator - repoURL: ghcr.io/grafana/helm-charts - targetRevision: v5.18.0 - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests" diff --git a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/argocd.yaml b/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/argocd.yaml deleted file mode 100644 index b348ff7..0000000 --- a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/argocd.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: argocd -spec: - instanceSelector: - matchLabels: - dashboards: "grafana" - url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json" diff --git a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml b/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml deleted file mode 100644 index 199a104..0000000 --- a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml +++ /dev/null @@ -1,75 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: Grafana -metadata: - name: grafana - labels: - dashboards: "grafana" -spec: - persistentVolumeClaim: - metadata: - annotations: - everest.io/disk-volume-type: GPSSD - everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3 - spec: - storageClassName: csi-disk - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - deployment: - spec: - template: - spec: - containers: - - name: grafana - env: - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: clientSecret - name: dex-grafana-client - config: - log.console: - level: debug - server: - root_url: "https://grafana.benchmark.t09.de" - auth: - disable_login: "true" - disable_login_form: "true" - auth.generic_oauth: - enabled: "true" - name: Forgejo - allow_sign_up: "true" - use_refresh_token: "true" - client_id: grafana - client_secret: $__env{OAUTH_CLIENT_SECRET} - scopes: openid email profile offline_access groups - auth_url: https://dex.benchmark.t09.de/auth - token_url: https://dex.benchmark.t09.de/token - api_url: https://dex.benchmark.t09.de/userinfo - redirect_uri: https://grafana.benchmark.t09.de/login/generic_oauth - role_attribute_path: "contains(groups[*], 'DevFW') && 'GrafanaAdmin' || 'None'" - allow_assign_grafana_admin: "true" - ingress: - metadata: - annotations: - cert-manager.io/cluster-issuer: main - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - spec: - ingressClassName: nginx - rules: - - host: grafana.benchmark.t09.de - http: - paths: - - backend: - service: - name: grafana-service - port: - number: 3000 - path: / - pathType: Prefix - tls: - - hosts: - - grafana.benchmark.t09.de - secretName: grafana-net-tls diff --git a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml b/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml deleted file mode 100644 index c13d6a2..0000000 --- a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: ingress-nginx -spec: - instanceSelector: - matchLabels: - dashboards: "grafana" - url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json" diff --git a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/victoria-logs.yaml b/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/victoria-logs.yaml deleted file mode 100644 index 4018fbd..0000000 --- a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/victoria-logs.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDashboard -metadata: - name: victoria-logs -spec: - instanceSelector: - matchLabels: - dashboards: "grafana" - url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json" diff --git a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack.yaml b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack.yaml deleted file mode 100644 index 3a6506f..0000000 --- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: o12y - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true - destination: - name: in-cluster - namespace: observability - sources: - - chart: victoria-metrics-k8s-stack - repoURL: https://victoriametrics.github.io/helm-charts/ - targetRevision: 0.48.1 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests" diff --git a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml deleted file mode 100644 index 110ee7e..0000000 --- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMRule -metadata: - name: forgejo-alerts - namespace: observability -spec: - groups: - - name: forgejo - rules: - - alert: forgejo down - expr: sum by(cluster_environment) (up{pod=~"forgejo-server-.*"}) < 1 - for: 30s - labels: - severity: critical - job: "{{ $labels.job }}" - annotations: - value: "{{ $value }}" - description: 'forgejo is down in cluster environment {{ $labels.cluster_environment }}' - - name: forgejo-backup - rules: - - alert: forgejo s3 backup job failed - expr: max by(cluster_environment) (kube_job_status_failed{job_name=~"forgejo-s3-backup-.*"}) != 0 - for: 30s - labels: - severity: critical - job: "{{ $labels.job }}" - annotations: - value: "{{ $value }}" - description: 'forgejo s3 backup job failed in cluster environment {{ $labels.cluster_environment }}' - - name: disk-consumption-high - rules: - - alert: disk consumption high - expr: 1-(kubelet_volume_stats_available_bytes / kubelet_volume_stats_capacity_bytes) > 0.6 - for: 30s - labels: - severity: major - job: "{{ $labels.job }}" - annotations: - value: "{{ $value }}" - description: 'disk consumption of pvc {{ $labels.namespace }}/{{ $labels.persistentvolumeclaim }} is high in cluster environment {{ $labels.cluster_environment }}' diff --git a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml deleted file mode 100644 index a23bc0c..0000000 --- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VLogs -metadata: - name: victorialogs - namespace: observability -spec: - retentionPeriod: "12" - removePvcAfterDelete: true - storageMetadata: - annotations: - everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3 - everest.io/disk-volume-type: GPSSD - storage: - storageClassName: csi-disk - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 50Gi - resources: - requests: - memory: 500Mi - cpu: 500m - limits: - memory: 10Gi - cpu: 2 diff --git a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml deleted file mode 100644 index 5759093..0000000 --- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMUser -metadata: - name: simple-user - namespace: observability -spec: - username: simple-user - passwordRef: - key: password - name: simple-user-secret - targetRefs: - - static: - url: http://vmsingle-o12y:8429 - paths: ["/api/v1/write"] - - static: - url: http://vlogs-victorialogs:9428 - paths: ["/insert/elasticsearch/.*"] \ No newline at end of file diff --git a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml deleted file mode 100644 index b6565f0..0000000 --- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml +++ /dev/null @@ -1,1230 +0,0 @@ -global: - # -- Cluster label to use for dashboards and rules - clusterLabel: cluster - # -- Global license configuration - license: - key: "" - keyRef: {} - # name: secret-license - # key: license - cluster: - # -- K8s cluster domain suffix, uses for building storage pods' FQDN. Details are [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/) - dnsDomain: cluster.local. - -# -- Override chart name -nameOverride: "" -# -- Resource full name override -fullnameOverride: "o12y" -# -- Tenant to use for Grafana datasources and remote write -tenant: "0" -# -- If this chart is used in "Argocd" with "releaseName" field then -# VMServiceScrapes couldn't select the proper services. -# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME' -argocdReleaseOverride: "o12y" - -# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour -victoria-metrics-operator: - enabled: true - crds: - plain: true - cleanup: - enabled: true - image: - repository: bitnami/kubectl - pullPolicy: IfNotPresent - serviceMonitor: - enabled: true - operator: - # -- By default, operator converts prometheus-operator objects. - disable_prometheus_converter: false - # group pinguin added the admissionWebhooks value according to https://docs.victoriametrics.com/helm/victoriametrics-k8s-stack/#argocd-issues - admissionWebhooks: - certManager: - enabled: true - -defaultDashboards: - # -- Enable custom dashboards installation - enabled: true - defaultTimezone: utc - labels: {} - annotations: {} - grafanaOperator: - # -- Create dashboards as CRDs (requires grafana-operator to be installed) - enabled: true - spec: - instanceSelector: - matchLabels: - dashboards: grafana - allowCrossNamespaceImport: false - # -- Create dashboards as ConfigMap despite dependency it requires is not installed - dashboards: - victoriametrics-vmalert: - enabled: true - victoriametrics-operator: - enabled: true - # -- In ArgoCD using client-side apply this dashboard reaches annotations size limit and causes k8s issues without server side apply - # See [this issue](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack#metadataannotations-too-long-must-have-at-most-262144-bytes-on-dashboards) - node-exporter-full: - enabled: true - -# -- Create default rules for monitoring the cluster -defaultRules: - # -- Labels, which are used for grouping results of the queries. Note that these labels are joined with `.Values.global.clusterLabel` - additionalGroupByLabels: [] - create: true - - # -- Common properties for VMRule groups - group: - spec: - # -- Optional HTTP URL parameters added to each rule request - params: {} - - # -- Common properties for all VMRules - rule: - spec: - # -- Additional labels for all VMRules - labels: {} - # -- Additional annotations for all VMRules - annotations: {} - - # -- Common properties for VMRules alerts - alerting: - spec: - # -- Additional labels for VMRule alerts - labels: {} - # -- Additional annotations for VMRule alerts - annotations: {} - - # -- Common properties for VMRules recording rules - recording: - spec: - # -- Additional labels for VMRule recording rules - labels: {} - # -- Additional annotations for VMRule recording rules - annotations: {} - - # -- Per rule properties - rules: {} - # CPUThrottlingHigh: - # create: true - # spec: - # for: 15m - # labels: - # severity: critical - # -- Rule group properties - groups: - etcd: - create: true - # -- Common properties for all rules in a group - rules: {} - # spec: - # annotations: - # dashboard: https://example.com/dashboard/1 - general: - create: true - rules: {} - k8sContainerCpuLimits: - create: true - rules: {} - k8sContainerCpuRequests: - create: true - rules: {} - k8sContainerCpuUsageSecondsTotal: - create: true - rules: {} - k8sContainerMemoryLimits: - create: true - rules: {} - k8sContainerMemoryRequests: - create: true - rules: {} - k8sContainerMemoryRss: - create: true - rules: {} - k8sContainerMemoryCache: - create: true - rules: {} - k8sContainerMemoryWorkingSetBytes: - create: true - rules: {} - k8sContainerMemorySwap: - create: true - rules: {} - k8sPodOwner: - create: true - rules: {} - k8sContainerResource: - create: true - rules: {} - kubeApiserver: - create: true - rules: {} - kubeApiserverAvailability: - create: true - rules: {} - kubeApiserverBurnrate: - create: true - rules: {} - kubeApiserverHistogram: - create: true - rules: {} - kubeApiserverSlos: - create: true - rules: {} - kubelet: - create: true - rules: {} - kubePrometheusGeneral: - create: true - rules: {} - kubePrometheusNodeRecording: - create: true - rules: {} - kubernetesApps: - create: true - rules: {} - targetNamespace: ".*" - kubernetesResources: - create: true - rules: {} - kubernetesStorage: - create: true - rules: {} - targetNamespace: ".*" - kubernetesSystem: - create: true - rules: {} - kubernetesSystemKubelet: - create: true - rules: {} - kubernetesSystemApiserver: - create: true - rules: {} - kubernetesSystemControllerManager: - create: false - rules: {} - kubeScheduler: - create: false - rules: {} - kubernetesSystemScheduler: - create: false - rules: {} - kubeStateMetrics: - create: true - rules: {} - nodeNetwork: - create: true - rules: {} - node: - create: true - rules: {} - vmagent: - create: true - rules: {} - vmsingle: - create: true - rules: {} - vmcluster: - create: true - rules: {} - vmHealth: - create: true - rules: {} - vmoperator: - create: true - rules: {} - alertmanager: - create: true - rules: {} - - # -- Runbook url prefix for default rules - runbookUrl: https://runbooks.prometheus-operator.dev/runbooks - - # -- Labels for default rules - labels: {} - # -- Annotations for default rules - annotations: {} - -# -- Provide custom recording or alerting rules to be deployed into the cluster. -additionalVictoriaMetricsMap: -# rule-name: -# groups: -# - name: my_group -# rules: -# - record: my_record -# expr: 100 * my_record - -external: - grafana: - # -- External Grafana host - host: "" - # -- External Grafana datasource name - datasource: VictoriaMetrics - # -- External VM read and write URLs - vm: - read: - url: "" - # bearerTokenSecret: - # name: dbaas-read-access-token - # key: bearerToken - write: - url: "" - # bearerTokenSecret: - # name: dbaas-read-access-token - # key: bearerToken - -# Configures vmsingle params -vmsingle: - # -- VMSingle annotations - annotations: {} - # -- Create VMSingle CR - enabled: true - # -- Full spec for VMSingle CRD. Allowed values describe [here](https://docs.victoriametrics.com/operator/api#vmsinglespec) - spec: - port: "8429" - # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) - retentionPeriod: "1" - replicaCount: 1 - extraArgs: {} - storageMetadata: - annotations: - everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3 - everest.io/disk-volume-type: GPSSD - storage: - storageClassName: csi-disk - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - ingress: - # -- Enable deployment of ingress for server component - enabled: false - # -- Ingress annotations - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # -- Ingress extra labels - labels: {} - # -- Ingress default path - path: "" - # -- Ingress path type - pathType: Prefix - # -- Ingress controller class name - ingressClassName: "" - - # -- Array of host objects - hosts: [] - # - vmsingle.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmsingle-ingress-tls - # hosts: - # - vmsingle.domain.com - -vmcluster: - # -- Create VMCluster CR - enabled: false - # -- VMCluster annotations - annotations: {} - # -- Full spec for VMCluster CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmclusterspec) - spec: - # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) - retentionPeriod: "1" - replicationFactor: 2 - vmstorage: - replicaCount: 2 - storageDataPath: /vm-data - storage: - volumeClaimTemplate: - spec: - resources: - requests: - storage: 10Gi - resources: - {} - # limits: - # cpu: "1" - # memory: 1500Mi - vmselect: - # -- Set this value to false to disable VMSelect - enabled: true - port: "8481" - replicaCount: 2 - cacheMountPath: /select-cache - extraArgs: {} - storage: - volumeClaimTemplate: - spec: - resources: - requests: - storage: 2Gi - resources: - {} - # limits: - # cpu: "1" - # memory: "1000Mi" - # requests: - # cpu: "0.5" - # memory: "500Mi" - vminsert: - # -- Set this value to false to disable VMInsert - enabled: true - port: "8480" - replicaCount: 2 - extraArgs: {} - resources: - {} - # limits: - # cpu: "1" - # memory: 1000Mi - # requests: - # cpu: "0.5" - # memory: "500Mi" - - ingress: - storage: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: "" - - # -- Array of host objects - hosts: [] - # - vmstorage.domain.com - - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmstorage-ingress-tls - # hosts: - # - vmstorage.domain.com - select: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vmselect }}' - - # -- Array of host objects - hosts: [] - # - vmselect.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vmselect-ingress-tls - # hosts: - # - vmselect.domain.com - insert: - # -- Enable deployment of ingress for server component - enabled: false - - # -- Ingress annotations - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress extra labels - labels: {} - - # -- Ingress controller class name - ingressClassName: "" - - # -- Ingress path type - pathType: Prefix - - # -- Ingress default path - path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vminsert }}' - - # -- Array of host objects - hosts: [] - # - vminsert.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - - # -- Array of TLS objects - tls: [] - # - secretName: vminsert-ingress-tls - # hosts: - # - vminsert.domain.com - -alertmanager: - # -- Create VMAlertmanager CR - enabled: true - # -- Alertmanager annotations - annotations: {} - # -- (object) Full spec for VMAlertmanager CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertmanagerspec) - spec: - replicaCount: 1 - port: "9093" - selectAllByDefault: true - image: - tag: v0.28.1 - externalURL: "" - routePrefix: / - - # -- (string) If this one defined, it will be used for alertmanager configuration and config parameter will be ignored - configSecret: "" - # -- - # @raw - # enable storing .Values.alertmanager.config in VMAlertmanagerConfig instead of k8s Secret. - # Note: VMAlertmanagerConfig and plain Alertmanager config structures are not equal. - # If you're migrating existing config, please make sure that `.Values.alertmanager.config`: - # - with `useManagedConfig: false` has structure described [here](https://prometheus.io/docs/alerting/latest/configuration/). - # - with `useManagedConfig: true` has structure described [here](https://docs.victoriametrics.com/operator/api/#vmalertmanagerconfig). - useManagedConfig: true - # -- (object) Alertmanager configuration - config: - route: - receiver: "blackhole" - routes: - - matchers: - - severity=~"critical|major" - receiver: outlook - receivers: - - name: blackhole - - name: outlook - email_configs: - - smarthost: 'mail.mms-support.de:465' - auth_username: 'ipcei-cis-devfw@mms-support.de' - auth_password: - name: email-user-credentials - key: connection-string - from: '"IPCEI CIS DevFW" ' - to: 'f9f9953a.mg.telekom.de@de.teams.ms' - headers: - subject: 'Grafana Mail Alerts' - require_tls: false - - # -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512) - monzoTemplate: - enabled: true - - # -- (object) Extra alert templates - templateFiles: - {} - # template_1.tmpl: |- - # {{ define "hello" -}} - # hello, Victoria! - # {{- end }} - # template_2.tmpl: "" - - # -- (object) Alertmanager ingress configuration - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: '{{ .Values.alertmanager.spec.routePrefix | default "/" }}' - pathType: Prefix - - hosts: - - alertmanager.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: alertmanager-ingress-tls - # hosts: - # - alertmanager.domain.com - -vmalert: - # -- VMAlert annotations - annotations: {} - # -- Create VMAlert CR - enabled: true - - # -- Controls whether VMAlert should use VMAgent or VMInsert as a target for remotewrite - remoteWriteVMAgent: false - # -- (object) Full spec for VMAlert CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertspec) - spec: - port: "8080" - selectAllByDefault: true - evaluationInterval: 20s - extraArgs: - http.pathPrefix: "/" - - # External labels to add to all generated recording rules and alerts - externalLabels: {} - - # -- (object) Extra VMAlert annotation templates - templateFiles: - {} - # template_1.tmpl: |- - # {{ define "hello" -}} - # hello, Victoria! - # {{- end }} - # template_2.tmpl: "" - - # -- Allows to configure static notifiers, discover notifiers via Consul and DNS, - # see specification [here](https://docs.victoriametrics.com/vmalert/#notifier-configuration-file). - # This configuration will be created as separate secret and mounted to VMAlert pod. - additionalNotifierConfigs: {} - # dns_sd_configs: - # - names: - # - my.domain.com - # type: 'A' - # port: 9093 - # -- (object) VMAlert ingress config - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "" - pathType: Prefix - - hosts: - - vmalert.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: vmalert-ingress-tls - # hosts: - # - vmalert.domain.com - -vmauth: - # -- Enable VMAuth CR - enabled: true - # -- VMAuth annotations - annotations: {} - # -- (object) Full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec) - # It's possible to use given below predefined variables in spec: - # * `{{ .vm.read }}` - parsed vmselect, vmsingle or external.vm.read URL - # * `{{ .vm.write }}` - parsed vminsert, vmsingle or external.vm.write URL - spec: - port: "8427" - ingress: - class_name: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: main - host: o12y.observability. - tlsHosts: - - o12y.observability. - tlsSecretName: vmauth-tls-secret - unauthorizedUserAccessSpec: {} - selectAllByDefault: true - -vmagent: - # -- Create VMAgent CR - enabled: false - # -- VMAgent annotations - annotations: {} - # -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec) - additionalRemoteWrites: - [] - #- url: http://some-remote-write/api/v1/write - # -- (object) Full spec for VMAgent CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmagentspec) - spec: - port: "8429" - selectAllByDefault: true - scrapeInterval: 20s - externalLabels: {} - # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. - # For example: - # cluster: cluster-name - extraArgs: - promscrape.streamParse: "true" - # Do not store original labels in vmagent's memory by default. This reduces the amount of memory used by vmagent - # but makes vmagent debugging UI less informative. See: https://docs.victoriametrics.com/vmagent/#relabel-debug - promscrape.dropOriginalLabels: "true" - # -- (object) VMAgent ingress configuration - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "" - pathType: Prefix - - hosts: - - vmagent.domain.com - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: vmagent-ingress-tls - # hosts: - # - vmagent.domain.com - -defaultDatasources: - grafanaOperator: - # -- Create datasources as CRDs (requires grafana-operator to be installed) - enabled: true - annotations: {} - spec: - plugins: - - name: victoriametrics-metrics-datasource - version: 0.16.0 - - name: victoriametrics-logs-datasource - version: 0.17.0 - instanceSelector: - matchLabels: - dashboards: grafana - allowCrossNamespaceImport: false - victoriametrics: - # -- Create per replica prometheus compatible datasource - perReplica: false - # -- List of prometheus compatible datasource configurations. - # VM `url` will be added to each of them in templates. - datasources: - - name: VictoriaMetrics - type: prometheus - access: proxy - isDefault: true - - name: VictoriaMetrics (DS) - isDefault: false - access: proxy - type: victoriametrics-metrics-datasource - version: "0.15.1" - # -- List of alertmanager datasources. - # Alertmanager generated `url` will be added to each datasource in template if alertmanager is enabled - alertmanager: - # -- Create per replica alertmanager compatible datasource - perReplica: false - datasources: - - name: Alertmanager - access: proxy - jsonData: - implementation: prometheus - # -- Configure additional grafana datasources (passed through tpl). - # Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details - extra: - - name: VictoriaLogs - access: proxy - type: victoriametrics-logs-datasource - url: http://vlogs-victorialogs:9428 - version: 0.18.0 - -# -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) -grafana: - enabled: false - # all values for grafana helm chart can be specified here - persistence: - enabled: false - type: pvc - storageClassName: "default" - grafana.ini: - # auth: - # login_maximum_inactive_lifetime_duration: 0 - # login_maximum_lifetime_duration: 0 - security: - disable_brute_force_login_protection: true - sidecar: - datasources: - enabled: true - initDatasources: true - label: grafana_datasource - dashboards: - provider: - name: default - orgid: 1 - folder: /var/lib/grafana/dashboards - defaultFolderName: default - enabled: true - multicluster: false - - # dashboards: - # default: - # victoria-logs: - # url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json" - # victoria-logs-explorer: - # url: "https://grafana.com/api/dashboards/22759/revisions/6/download" - # ingress-nginx: - # url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json" - # argocd: - # url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json" - - # -- Create datasource configmap even if grafana deployment has been disabled - forceDeployDatasource: true - - # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana: - # Note that Grafana will need internet access to install the datasource plugin. - - plugins: - - victoriametrics-metrics-datasource - - victoriametrics-logs-datasource - - ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - pathType: Prefix - - hosts: - - grafana.domain.com - # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: service - tls: [] - # - secretName: grafana-ingress-tls - # hosts: - # - grafana.domain.com - - # -- Grafana VM scrape config - vmScrape: - # whether we should create a service scrape resource for grafana - enabled: true - - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Grafana - spec: - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "grafana.name" .Subcharts.grafana }}' - endpoints: - - port: '{{ .Values.grafana.service.portName }}' - -# -- prometheus-node-exporter dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/values.yaml) -prometheus-node-exporter: - enabled: true - - # all values for prometheus-node-exporter helm chart can be specified here - service: - # Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards - # - labels: - jobLabel: node-exporter - extraArgs: - - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|erofs|sysfs|tracefs)$ - # -- Node Exporter VM scrape config - vmScrape: - # whether we should create a service scrape resource for node-exporter - enabled: true - - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Node Exporter - spec: - jobLabel: jobLabel - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "prometheus-node-exporter.name" (index .Subcharts "prometheus-node-exporter") }}' - endpoints: - - port: metrics - metricRelabelConfigs: - - action: drop - source_labels: [mountpoint] - regex: "/var/lib/kubelet/pods.+" -# -- kube-state-metrics dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics/values.yaml) -kube-state-metrics: - enabled: true - # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Kube State Metrics - vmScrape: - enabled: true - spec: - selector: - matchLabels: - app.kubernetes.io/name: '{{ include "kube-state-metrics.name" (index .Subcharts "kube-state-metrics") }}' - app.kubernetes.io/instance: '{{ include "vm.release" . }}' - endpoints: - - port: http - honorLabels: true - metricRelabelConfigs: - - action: labeldrop - regex: (uid|container_id|image_id) - jobLabel: app.kubernetes.io/name - -# -- Component scraping the kubelets -kubelet: - enabled: true - vmScrapes: - # -- Enable scraping /metrics/cadvisor from kubelet's service - cadvisor: - enabled: true - spec: - path: /metrics/cadvisor - # -- Enable scraping /metrics/probes from kubelet's service - probes: - enabled: true - spec: - path: /metrics/probes - # -- Enabled scraping /metrics/resource from kubelet's service - resources: - enabled: true - spec: - path: /metrics/resource - kubelet: - spec: {} - # -- Spec for VMNodeScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmnodescrapespec) - vmScrape: - kind: VMNodeScrape - spec: - scheme: "https" - honorLabels: true - interval: "30s" - scrapeTimeout: "5s" - tlsConfig: - insecureSkipVerify: true - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # drop high cardinality label and useless metrics for cadvisor and kubelet - metricRelabelConfigs: - - action: labeldrop - regex: (uid) - - action: labeldrop - regex: (id|name) - - action: drop - source_labels: [__name__] - regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count) - relabelConfigs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - targetLabel: job - replacement: kubelet - # ignore timestamps of cadvisor's metrics by default - # more info here https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4697#issuecomment-1656540535 - honorTimestamps: false -# Component scraping the kube api server -kubeApiServer: - # -- Enable Kube Api Server metrics scraping - enabled: true - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: https - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - jobLabel: component - namespaceSelector: - matchNames: - - default - selector: - matchLabels: - component: apiserver - provider: kubernetes - -# Component scraping the kube controller manager -kubeControllerManager: - # -- Enable kube controller manager metrics scraping - enabled: false - - # -- If your kube controller manager is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # If using kubeControllerManager.endpoints only the port and targetPort are used - service: - # -- Create service for kube controller manager metrics scraping - enabled: true - # -- Kube controller manager service port - port: 10257 - # -- Kube controller manager service target port - targetPort: 10257 - # -- Kube controller manager service pod selector - selector: - component: kube-controller-manager - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: - - kube-system - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - -# Component scraping kubeDns. Use either this or coreDns -kubeDns: - # -- Enabled KubeDNS metrics scraping - enabled: false - service: - # -- Create Service for KubeDNS metrics - enabled: false - # -- KubeDNS service ports - ports: - dnsmasq: - port: 10054 - targetPort: 10054 - skydns: - port: 10055 - targetPort: 10055 - # -- KubeDNS service pods selector - selector: - k8s-app: kube-dns - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - port: http-metrics-dnsmasq - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - - port: http-metrics-skydns - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - -# Component scraping coreDns. Use either this or kubeDns -coreDns: - # -- Enabled CoreDNS metrics scraping - enabled: true - service: - # -- Create service for CoreDNS metrics - enabled: true - # -- CoreDNS service port - port: 9153 - # -- CoreDNS service target port - targetPort: 9153 - # -- CoreDNS service pod selector - selector: - k8s-app: kube-dns - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - port: http-metrics - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - -# Component scraping etcd -kubeEtcd: - # -- Enabled KubeETCD metrics scraping - enabled: true - - # -- If your etcd is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used - service: - # -- Enable service for ETCD metrics scraping - enabled: true - # -- ETCD service port - port: 2379 - # -- ETCD service target port - targetPort: 2379 - # -- ETCD service pods selector - selector: - component: etcd - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# Component scraping kube scheduler -kubeScheduler: - # -- Enable KubeScheduler metrics scraping - enabled: false - - # -- If your kube scheduler is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - # If using kubeScheduler.endpoints only the port and targetPort are used - service: - # -- Enable service for KubeScheduler metrics scrape - enabled: true - # -- KubeScheduler service port - port: 10259 - # -- KubeScheduler service target port - targetPort: 10259 - # -- KubeScheduler service pod selector - selector: - component: kube-scheduler - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# Component scraping kube proxy -kubeProxy: - # -- Enable kube proxy metrics scraping - enabled: false - - # -- If your kube proxy is not deployed as a pod, specify IPs it can be found on - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - service: - # -- Enable service for kube proxy metrics scraping - enabled: true - # -- Kube proxy service port - port: 10249 - # -- Kube proxy service target port - targetPort: 10249 - # -- Kube proxy service pod selector - selector: - k8s-app: kube-proxy - - # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) - vmScrape: - spec: - jobLabel: jobLabel - namespaceSelector: - matchNames: [kube-system] - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # bearerTokenSecret: - # key: "" - port: http-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -# -- Add extra objects dynamically to this chart -extraObjects: [] - diff --git a/otc/benchmark.t09.de/stacks/otc/cert-manager/manifests/clusterissuer.yaml b/otc/benchmark.t09.de/stacks/otc/cert-manager/manifests/clusterissuer.yaml deleted file mode 100644 index 73d0b7f..0000000 --- a/otc/benchmark.t09.de/stacks/otc/cert-manager/manifests/clusterissuer.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: main -spec: - acme: - email: admin@think-ahead.tech - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: cluster-issuer-account-key - solvers: - - http01: - ingress: - ingressClassName: nginx diff --git a/otc/benchmark.t09.de/stacks/otc/cert-manager/values.yaml b/otc/benchmark.t09.de/stacks/otc/cert-manager/values.yaml deleted file mode 100644 index a0b2211..0000000 --- a/otc/benchmark.t09.de/stacks/otc/cert-manager/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -crds: - enabled: true - -replicaCount: 1 diff --git a/otc/benchmark.t09.de/stacks/otc/cert-manger.yaml b/otc/benchmark.t09.de/stacks/otc/cert-manger.yaml deleted file mode 100644 index 2c93d4c..0000000 --- a/otc/benchmark.t09.de/stacks/otc/cert-manger.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: cert-manager - sources: - - chart: cert-manager - repoURL: https://charts.jetstack.io - targetRevision: v1.17.2 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/otc/cert-manager/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/otc/cert-manager/manifests" diff --git a/otc/benchmark.t09.de/stacks/otc/ingress-nginx.yaml b/otc/benchmark.t09.de/stacks/otc/ingress-nginx.yaml deleted file mode 100644 index 33d6d7b..0000000 --- a/otc/benchmark.t09.de/stacks/otc/ingress-nginx.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ingress-nginx - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: ingress-nginx - sources: - - repoURL: https://github.com/kubernetes/ingress-nginx.git - path: charts/ingress-nginx - targetRevision: helm-chart-4.12.1 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml b/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml deleted file mode 100644 index 038cbc5..0000000 --- a/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml +++ /dev/null @@ -1,31 +0,0 @@ -controller: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - service: - annotations: - kubernetes.io/elb.class: union - kubernetes.io/elb.port: '80' - kubernetes.io/elb.id: 5ee936a2-6308-4924-9fdf-0256cbdf3baa - kubernetes.io/elb.ip: 80.158.90.69 - - ingressClassResource: - name: nginx - - # added for idpbuilder - allowSnippetAnnotations: true - - # added for idpbuilder - config: - proxy-buffer-size: 32k - use-forwarded-headers: "true" - - # monitoring nginx - metrics: - enabled: true - serviceMonitor: - additionalLabels: - release: "ingress-nginx" - enabled: true diff --git a/otc/benchmark.t09.de/stacks/otc/storageclass.yaml b/otc/benchmark.t09.de/stacks/otc/storageclass.yaml deleted file mode 100644 index bf46764..0000000 --- a/otc/benchmark.t09.de/stacks/otc/storageclass.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: storageclass - namespace: argocd - labels: - example: otc - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - namespace: default - server: "https://kubernetes.default.svc" - source: - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - path: "otc/benchmark.t09.de/stacks/otc/storageclass" - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 diff --git a/otc/benchmark.t09.de/stacks/otc/storageclass/storageclass.yaml b/otc/benchmark.t09.de/stacks/otc/storageclass/storageclass.yaml deleted file mode 100644 index 038bf24..0000000 --- a/otc/benchmark.t09.de/stacks/otc/storageclass/storageclass.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.beta.kubernetes.io/is-default-class: "true" - labels: - kubernetes.io/cluster-service: "true" - name: default -parameters: - kubernetes.io/description: "" - kubernetes.io/hw:passthrough: "true" - kubernetes.io/storagetype: BS - kubernetes.io/volumetype: SATA - kubernetes.io/zone: eu-de-02 -provisioner: flexvolume-huawei.com/fuxivol -reclaimPolicy: Delete -volumeBindingMode: Immediate -allowVolumeExpansion: true \ No newline at end of file diff --git a/otc/benchmark.t09.de/stacks/terralist/terralist.yaml b/otc/benchmark.t09.de/stacks/terralist/terralist.yaml deleted file mode 100644 index 83afc42..0000000 --- a/otc/benchmark.t09.de/stacks/terralist/terralist.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# helm upgrade --install --create-namespace --namespace terralist terralist oci://ghcr.io/terralist/helm-charts/terralist -f terralist-values.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: terralist - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: terralist - sources: - - repoURL: https://github.com/terralist/helm-charts - path: charts/terralist - targetRevision: terralist-0.8.1 - helm: - valueFiles: - - $values/otc/benchmark.t09.de/stacks/terralist/terralist/values.yaml - - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/benchmark.t09.de/stacks/terralist/terralist/values.yaml b/otc/benchmark.t09.de/stacks/terralist/terralist/values.yaml deleted file mode 100644 index 95af42f..0000000 --- a/otc/benchmark.t09.de/stacks/terralist/terralist/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -controllers: - main: - strategy: Recreate - containers: - app: - env: - - name: TERRALIST_OAUTH_PROVIDER - value: oidc - - name: TERRALIST_OI_CLIENT_ID - valueFrom: - secretKeyRef: - name: oidc-credentials - key: client-id - - name: TERRALIST_OI_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: oidc-credentials - key: client-secret - - name: TERRALIST_OI_AUTHORIZE_URL - valueFrom: - secretKeyRef: - name: oidc-credentials - key: authorize-url - - name: TERRALIST_OI_TOKEN_URL - valueFrom: - secretKeyRef: - name: oidc-credentials - key: token-url - - name: TERRALIST_OI_USERINFO_URL - valueFrom: - secretKeyRef: - name: oidc-credentials - key: userinfo-url - - name: TERRALIST_OI_SCOPE - valueFrom: - secretKeyRef: - name: oidc-credentials - key: scope - - name: TERRALIST_TOKEN_SIGNING_SECRET - valueFrom: - secretKeyRef: - name: terralist-secret - key: token-signing-secret - - name: TERRALIST_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: terralist-secret - key: cookie-secret - - name: TERRALIST_URL - value: https://terralist.benchmark.t09.de - - name: TERRALIST_SQLITE_PATH - value: /data/db.sqlite - - name: TERRALIST_LOCAL_STORE - value: /data/modules - - name: TERRALIST_PROVIDERS_ANONYMOUS_READ - value: "true" - -ingress: - main: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: main - hosts: - - host: terralist.benchmark.t09.de - paths: - - path: / - pathType: Prefix - service: - identifier: main - port: http - tls: - - hosts: - - terralist.benchmark.t09.de - secretName: terralist-tls-secret - -persistence: - data: - enabled: true - accessMode: ReadWriteOnce - size: 10Gi - retain: false - storageClass: "csi-disk" - annotations: - everest.io/disk-volume-type: GPSSD - globalMounts: - - path: /data diff --git a/otc/dev.t09.de/registry/ci-sizer.yaml b/otc/dev.t09.de/registry/ci-sizer.yaml deleted file mode 100644 index 58df27e..0000000 --- a/otc/dev.t09.de/registry/ci-sizer.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ci-sizer-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "otc/dev.t09.de/stacks/ci-sizer" - repoURL: "https://edp.buildth.ing/DevFW-CICD/stacks-instances" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/otc/dev.t09.de/stacks/core/dex/values.yaml b/otc/dev.t09.de/stacks/core/dex/values.yaml index c3e842a..8a2a79d 100644 --- a/otc/dev.t09.de/stacks/core/dex/values.yaml +++ b/otc/dev.t09.de/stacks/core/dex/values.yaml @@ -34,11 +34,6 @@ envVars: secretKeyRef: name: dex-argo-client key: clientSecret - - name: FORGEJO_RUNNER_SIZER_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: dex-runner-sizer-client - key: clientSecret - name: LOG_LEVEL value: debug @@ -79,8 +74,3 @@ config: - "https://grafana.dev.t09.de/login/generic_oauth" name: "Grafana" secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET" - - id: ci-sizer - name: "CI Sizer" - redirectURIs: - - "https://sizer.dev.t09.de/ui/callback" - secretEnv: "FORGEJO_RUNNER_SIZER_CLIENT_SECRET" diff --git a/otc/dev.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml b/otc/dev.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml index 8e5146a..bcefb1d 100644 --- a/otc/dev.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml +++ b/otc/dev.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 5120m + nginx.ingress.kubernetes.io/proxy-body-size: 512m cert-manager.io/cluster-issuer: main name: forgejo-server diff --git a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml index ec901a0..4c35c43 100644 --- a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml @@ -137,9 +137,6 @@ gitea: ENABLED: true ADAPTER: redis - security: - GLOBAL_TWO_FACTOR_REQUIREMENT: admin - service: DISABLE_REGISTRATION: true ENABLE_NOTIFY_MAIL: true diff --git a/otc/dev.t09.de/stacks/garm/garm.yaml b/otc/dev.t09.de/stacks/garm/garm.yaml index 3754f9a..43c7d4e 100644 --- a/otc/dev.t09.de/stacks/garm/garm.yaml +++ b/otc/dev.t09.de/stacks/garm/garm.yaml @@ -20,7 +20,7 @@ spec: sources: - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm path: charts/garm - targetRevision: v0.0.15 + targetRevision: v0.0.12 helm: valueFiles: - $values/otc/dev.t09.de/stacks/garm/garm/values.yaml diff --git a/otc/dev.t09.de/stacks/garm/garm/values.yaml b/otc/dev.t09.de/stacks/garm/garm/values.yaml index e1ee11d..eebfcf1 100644 --- a/otc/dev.t09.de/stacks/garm/garm/values.yaml +++ b/otc/dev.t09.de/stacks/garm/garm/values.yaml @@ -26,7 +26,7 @@ credentials: image: repository: edp.buildth.ing/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-22 + tag: v0.1.7-forgejo-3 providerConfig: edgeConnect: @@ -37,9 +37,8 @@ providerConfig: name: Hamburg organization: TelekomOP edgeConnectK8s: - pendingTimeout: "5m" sizer: - sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest + sidecarImage: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-collector:latest sidecarPushEndpoint: https://sizer.dev.t09.de/api/v1/metrics baseUrl: "https://sizer.dev.t09.de" readToken: diff --git a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver.yaml b/otc/dev.t09.de/stacks/garm/sizer-receiver.yaml similarity index 85% rename from otc/dev.t09.de/stacks/ci-sizer/sizer-receiver.yaml rename to otc/dev.t09.de/stacks/garm/sizer-receiver.yaml index 4f1b6bc..1425cc6 100644 --- a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver.yaml +++ b/otc/dev.t09.de/stacks/garm/sizer-receiver.yaml @@ -18,8 +18,8 @@ spec: limit: -1 destination: name: in-cluster - namespace: ci-sizer + namespace: garm source: repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances targetRevision: HEAD - path: "otc/dev.t09.de/stacks/ci-sizer/sizer-receiver" + path: "otc/dev.t09.de/stacks/garm/sizer-receiver" diff --git a/otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml b/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml similarity index 90% rename from otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml rename to otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml index 2d3eeaa..91a1049 100644 --- a/otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml +++ b/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml @@ -5,6 +5,8 @@ metadata: labels: app: sizer-receiver spec: + strategy: + type: Recreate replicas: 1 selector: matchLabels: @@ -16,7 +18,8 @@ spec: spec: containers: - name: receiver - image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:0.0.4 + image: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-receiver:latest + imagePullPolicy: Always args: - --db=/data/metrics.db ports: @@ -34,10 +37,6 @@ spec: secretKeyRef: name: sizer-tokens key: hmac-key - - name: RECEIVER_CPU_SIZING_MODE - value: "observe" - - name: RECEIVER_MEMORY_QOS - value: "guaranteed" volumeMounts: - name: data mountPath: /data diff --git a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml b/otc/dev.t09.de/stacks/garm/sizer-receiver/ingress.yaml similarity index 96% rename from otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml rename to otc/dev.t09.de/stacks/garm/sizer-receiver/ingress.yaml index 9a28977..bc50d98 100644 --- a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/ingress.yaml +++ b/otc/dev.t09.de/stacks/garm/sizer-receiver/ingress.yaml @@ -6,7 +6,7 @@ metadata: cert-manager.io/cluster-issuer: main name: sizer-receiver - namespace: ci-sizer + namespace: garm spec: ingressClassName: nginx rules: diff --git a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml index e5d71d6..8203a51 100644 --- a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml +++ b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 5120m + nginx.ingress.kubernetes.io/proxy-body-size: 512m cert-manager.io/cluster-issuer: main name: forgejo-server diff --git a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml index 71f1649..cc153d1 100644 --- a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml +++ b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -72,7 +72,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 500Gi + storage: 100Gi --- apiVersion: v1 kind: Secret diff --git a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml index c9e7a8a..2b64cca 100644 --- a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml @@ -137,9 +137,6 @@ gitea: ENABLED: true ADAPTER: redis - security: - GLOBAL_TWO_FACTOR_REQUIREMENT: admin - service: DISABLE_REGISTRATION: true ENABLE_NOTIFY_MAIL: true @@ -180,4 +177,4 @@ image: # rootless: true fullOverride: observability.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless -forgejo: {} +forgejo: {} \ No newline at end of file diff --git a/otc/edp.buildth.ing/stacks/garm/garm.yaml b/otc/edp.buildth.ing/stacks/garm/garm.yaml index 1a44c7c..ab493b2 100644 --- a/otc/edp.buildth.ing/stacks/garm/garm.yaml +++ b/otc/edp.buildth.ing/stacks/garm/garm.yaml @@ -20,7 +20,7 @@ spec: sources: - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm path: charts/garm - targetRevision: v0.0.11 + targetRevision: v0.0.7 helm: valueFiles: - $values/otc/edp.buildth.ing/stacks/garm/garm/values.yaml diff --git a/otc/edp.buildth.ing/stacks/garm/garm/values.yaml b/otc/edp.buildth.ing/stacks/garm/garm/values.yaml index 7c4eccc..7ad8f26 100644 --- a/otc/edp.buildth.ing/stacks/garm/garm/values.yaml +++ b/otc/edp.buildth.ing/stacks/garm/garm/values.yaml @@ -26,7 +26,7 @@ credentials: image: repository: observability.buildth.ing/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-21 + tag: v0.1.7-forgejo-1 providerConfig: edgeConnect: @@ -36,9 +36,6 @@ providerConfig: cloudlet: name: Hamburg organization: TelekomOP - edgeConnectK8s: - sizer: - sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:0.0.4 garm: logging: diff --git a/otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml similarity index 84% rename from otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml rename to otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml index a382e6a..4fd45cf 100644 --- a/otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml +++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: sizer-receiver + name: optimiser-receiver namespace: argocd labels: env: dev @@ -22,4 +22,4 @@ spec: source: repoURL: https://observability.buildth.ing/DevFW-CICD/stacks-instances targetRevision: HEAD - path: "otc/edp.buildth.ing/stacks/garm/sizer-receiver" + path: "otc/edp.buildth.ing/stacks/garm/optimiser-receiver" diff --git a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml similarity index 51% rename from otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml rename to otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml index dd918d5..f7e366b 100644 --- a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml +++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml @@ -1,27 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: sizer-receiver + name: optimiser-receiver labels: - app: sizer-receiver + app: optimiser-receiver spec: - strategy: - type: Recreate replicas: 1 selector: matchLabels: - app: sizer-receiver + app: optimiser-receiver template: metadata: labels: - app: sizer-receiver + app: optimiser-receiver spec: - securityContext: - fsGroup: 65534 containers: - name: receiver - image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:latest - imagePullPolicy: Always + image: edp.buildth.ing/devfw-cicd/forgejo-runner-optimiser-receiver:0.0.3 args: - --db=/data/metrics.db ports: @@ -32,41 +27,13 @@ spec: - name: RECEIVER_READ_TOKEN valueFrom: secretKeyRef: - name: sizer-tokens + name: optimiser-tokens key: read-token - name: RECEIVER_HMAC_KEY valueFrom: secretKeyRef: - name: sizer-tokens + name: optimiser-tokens key: hmac-key - - name: GARM_URL - value: "http://garm.garm.svc.cluster.local:80" - - name: GARM_USER - value: "admin" - - name: GARM_PASSWORD - valueFrom: - secretKeyRef: - name: garm-fixed-credentials - key: admin_password - - name: RECEIVER_OIDC_ISSUER - value: "https://dex.dev.t09.de" - - name: RECEIVER_OIDC_CLIENT_ID - value: "ci-sizer" - - name: RECEIVER_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: sizer-oidc-client - key: client-secret - - name: RECEIVER_OIDC_REDIRECT_URI - value: "https://sizer.dev.t09.de/ui/callback" - - name: RECEIVER_SESSION_TTL - value: "12h" - - name: RECEIVER_ALLOWED_ORG - value: "DevFW" - - name: RECEIVER_CPU_SIZING_MODE - value: "observe" - - name: RECEIVER_MEMORY_QOS - value: "guaranteed" volumeMounts: - name: data mountPath: /data @@ -92,17 +59,17 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: sizer-receiver-data + claimName: optimiser-receiver-data --- apiVersion: v1 kind: Service metadata: - name: sizer-receiver + name: optimiser-receiver labels: - app: sizer-receiver + app: optimiser-receiver spec: selector: - app: sizer-receiver + app: optimiser-receiver ports: - name: http port: 8080 @@ -112,9 +79,9 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: sizer-receiver-data + name: optimiser-receiver-data labels: - app: sizer-receiver + app: optimiser-receiver annotations: everest.io/disk-volume-type: GPSSD spec: diff --git a/otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml similarity index 69% rename from otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml rename to otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml index 3fcc484..aa6ac34 100644 --- a/otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml +++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml @@ -5,22 +5,22 @@ metadata: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: main - name: sizer-receiver + name: optimiser-receiver namespace: garm spec: ingressClassName: nginx rules: - - host: sizer.edp.buildth.ing + - host: optimiser.edp.buildth.ing http: paths: - backend: service: - name: sizer-receiver + name: optimiser-receiver port: number: 8080 path: / pathType: Prefix tls: - hosts: - - sizer.edp.buildth.ing - secretName: sizer-receiver-tls + - optimiser.edp.buildth.ing + secretName: optimiser-receiver-tls diff --git a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml index 842a7cc..581f2d2 100644 --- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml +++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -72,7 +72,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 500Gi + storage: 100Gi --- apiVersion: v1 kind: Secret diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7190a60 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +}