From 7f9e4a250467c5af74c86707be7ca65a2b71d79a Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 21 Oct 2024 10:37:53 -0500
Subject: [PATCH] add unpoller

---
 .../apps/observability/kustomization.yaml     |  1 +
 .../unpoller/app/externalsecret.yaml          | 20 +++++
 .../unpoller/app/helmrelease.yaml             | 79 +++++++++++++++++++
 .../unpoller/app/kustomization.yaml           |  7 ++
 .../apps/observability/unpoller/ks.yaml       | 20 +++++
 5 files changed, 127 insertions(+)
 create mode 100644 kubernetes/apps/observability/unpoller/app/externalsecret.yaml
 create mode 100644 kubernetes/apps/observability/unpoller/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/observability/unpoller/app/kustomization.yaml
 create mode 100644 kubernetes/apps/observability/unpoller/ks.yaml

diff --git a/kubernetes/apps/observability/kustomization.yaml b/kubernetes/apps/observability/kustomization.yaml
index 7b5d56c6..963b4e7b 100644
--- a/kubernetes/apps/observability/kustomization.yaml
+++ b/kubernetes/apps/observability/kustomization.yaml
@@ -10,6 +10,7 @@ resources:
   - ./gatus/ks.yaml
   - ./node-exporter/ks.yaml
   - ./prometheus-operator-crds/ks.yaml
+  - ./unpoller/ks.yaml
   - ./vector-agent/ks.yaml
   - ./vector-aggregator/ks.yaml
   - ./victoria-metrics/ks.yaml
diff --git a/kubernetes/apps/observability/unpoller/app/externalsecret.yaml b/kubernetes/apps/observability/unpoller/app/externalsecret.yaml
new file mode 100644
index 00000000..637bda3d
--- /dev/null
+++ b/kubernetes/apps/observability/unpoller/app/externalsecret.yaml
@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: unpoller
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: unpoller-secret
+    template:
+      engineVersion: v2
+      data:
+        UP_UNIFI_DEFAULT_USER: "{{ .username }}"
+        UP_UNIFI_DEFAULT_PASS: "{{ .password }}"
+  dataFrom:
+    - extract:
+        key: unpoller
diff --git a/kubernetes/apps/observability/unpoller/app/helmrelease.yaml b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml
new file mode 100644
index 00000000..61922124
--- /dev/null
+++ b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml
@@ -0,0 +1,79 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: unpoller
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    - name: kube-prometheus-stack
+      namespace: observability
+  values:
+    controllers:
+      unpoller:
+        containers:
+          app:
+            image:
+              repository: ghcr.io/unpoller/unpoller
+              tag: v2.11.2@sha256:73b39c0b3b8fa92aa82a7613d3486253ffbd8c057833b4621402a268159bf2a2
+            env:
+              TZ: America/Chicago
+              UP_UNIFI_DEFAULT_ROLE: home-ops
+              UP_UNIFI_DEFAULT_URL: https://10.33.44.1
+              UP_PROMETHEUS_HTTP_LISTEN: 0.0.0.0:80
+              UP_INFLUXDB_DISABLE: true
+            envFrom:
+              - secretRef:
+                  name: unpoller-secret
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 128Mi
+    defaultPodOptions:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        seccompProfile: { type: RuntimeDefault }
+    service:
+      app:
+        controller: unpoller
+        ports:
+          http:
+            port: 80
+    serviceMonitor:
+      app:
+        serviceName: unpoller
+        endpoints:
+          - port: http
+            scheme: http
+            path: /metrics
+            interval: 2m # Unifi API only polls at 2m intervals
+            scrapeTimeout: 10s
diff --git a/kubernetes/apps/observability/unpoller/app/kustomization.yaml b/kubernetes/apps/observability/unpoller/app/kustomization.yaml
new file mode 100644
index 00000000..4eed917b
--- /dev/null
+++ b/kubernetes/apps/observability/unpoller/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/observability/unpoller/ks.yaml b/kubernetes/apps/observability/unpoller/ks.yaml
new file mode 100644
index 00000000..9fd34102
--- /dev/null
+++ b/kubernetes/apps/observability/unpoller/ks.yaml
@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app unpoller
+  namespace: flux-system
+spec:
+  targetNamespace: observability
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/observability/unpoller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  timeout: 5m