From d9382c23739d26c0037081e041582515592e2c89 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 5 Sep 2024 22:55:58 -0500 Subject: [PATCH] add gatus --- .../gatus/app/externalsecret.yaml | 23 +++ .../observability/gatus/app/helmrelease.yaml | 131 +++++++++++++++++ .../gatus/app/kustomization.yaml | 14 ++ .../apps/observability/gatus/app/rbac.yaml | 22 +++ .../gatus/app/resources/config.yml | 133 ++++++++++++++++++ kubernetes/apps/observability/gatus/ks.yaml | 29 ++++ .../apps/observability/kustomization.yaml | 1 + 7 files changed, 353 insertions(+) create mode 100644 kubernetes/apps/observability/gatus/app/externalsecret.yaml create mode 100644 kubernetes/apps/observability/gatus/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/gatus/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/gatus/app/rbac.yaml create mode 100644 kubernetes/apps/observability/gatus/app/resources/config.yml create mode 100644 kubernetes/apps/observability/gatus/ks.yaml diff --git a/kubernetes/apps/observability/gatus/app/externalsecret.yaml b/kubernetes/apps/observability/gatus/app/externalsecret.yaml new file mode 100644 index 0000000..87a017a --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/externalsecret.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gatus +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: gatus-secret + template: + engineVersion: v2 + data: + CUSTOM_PUSHOVER_TOKEN: "{{ .gatus_token }}" + CUSTOM_PUSHOVER_USER_KEY: "{{ .userkey_jahanson }}" + DATABASE_URI: "postgresql://{{ .pg_username }}:{{ .pg_password }}@postgres-primary-real.database.svc:{{ .pg_port }}/{{ .pg_database }}" + dataFrom: + - extract: + key: pushover + - extract: + key: gatus diff --git a/kubernetes/apps/observability/gatus/app/helmrelease.yaml b/kubernetes/apps/observability/gatus/app/helmrelease.yaml new file mode 100644 index 0000000..b1f6954 --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml @@ -0,0 +1,131 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: gatus +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + gatus: + annotations: + reloader.stakater.com/auto: "true" + initContainers: + init-config: + image: + repository: ghcr.io/kiwigrid/k8s-sidecar + tag: 1.27.6@sha256:db85bd5532530d288736b35e63baceacbf570bf863d85a0404b33c1e1631f63b + env: + FOLDER: /config + LABEL: gatus.io/enabled + NAMESPACE: ALL + RESOURCE: both + UNIQUE_FILENAMES: true + METHOD: WATCH + restartPolicy: Always + resources: &resources + requests: + cpu: 10m + limits: + memory: 256Mi + containers: + app: + image: + repository: ghcr.io/twin/gatus + tag: v5.12.1@sha256:3cc4e90534c05599f07fbdf15580401aa7771fac15f51d1dc8f7de265d70d12f + env: + TZ: America/Chicago + GATUS_CONFIG_PATH: /config + GATUS_DELAY_START_SECONDS: 5 + CUSTOM_WEB_PORT: &port 80 + envFrom: + - secretRef: + name: gatus-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: *resources + pod: + dnsConfig: + options: + - { name: ndots, value: "1" } + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + service: + app: + controller: gatus + ports: + http: + port: *port + serviceMonitor: + app: + serviceName: gatus + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + app: + className: external-nginx + annotations: + external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" + external-dns.alpha.kubernetes.io/target: external.hsn.dev + hosts: + - host: &host status.hsn.dev + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: [*host] + serviceAccount: + create: true + name: gatus + persistence: + config: + type: emptyDir + config-file: + type: configMap + name: gatus-configmap + globalMounts: + - path: /config/config.yaml + subPath: config.yaml + readOnly: true diff --git a/kubernetes/apps/observability/gatus/app/kustomization.yaml b/kubernetes/apps/observability/gatus/app/kustomization.yaml new file mode 100644 index 0000000..a01ba0b --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/kustomization.yaml @@ -0,0 +1,14 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ./rbac.yaml +configMapGenerator: + - name: gatus-configmap + files: + - config.yaml=./resources/config.yml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/observability/gatus/app/rbac.yaml b/kubernetes/apps/observability/gatus/app/rbac.yaml new file mode 100644 index 0000000..0f12c43 --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/rbac.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gatus +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gatus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatus +subjects: + - kind: ServiceAccount + name: gatus + namespace: observability diff --git a/kubernetes/apps/observability/gatus/app/resources/config.yml b/kubernetes/apps/observability/gatus/app/resources/config.yml new file mode 100644 index 0000000..293831d --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/resources/config.yml @@ -0,0 +1,133 @@ +--- +# Note: Gatus vars should be escaped with $${VAR_NAME} to avoid interpolation by Flux +web: + port: $${CUSTOM_WEB_PORT} +storage: + type: postgres + path: $${DATABASE_URI} + caching: true +metrics: true +debug: false +ui: + title: Status | Gatus + header: Status +alerting: + pushover: + application-token: $${CUSTOM_PUSHOVER_TOKEN} + user-key: $${CUSTOM_PUSHOVER_USER_KEY} + default-alert: + description: health-check failed + send-on-resolved: true + failure-threshold: 5 + success-threshold: 2 +connectivity: + checker: + target: 1.1.1.1:53 + interval: 1m +endpoints: + - name: status + group: external + url: https://status.hsn.dev + interval: 1m + client: + dns-resolver: tcp://1.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + # - name: Umami + # group: external + # url: https://umi.hsn.dev/script.js + # interval: 1m + # client: + # dns-resolver: tcp://1.1.1.1:53 + # conditions: + # - "[STATUS] == 200" + # alerts: + # - type: pushover + - name: Nextcloud External + group: external + url: https://nc.hsn.dev + interval: 1m + ui: + hide-url: true + hide-hostname: true + client: + dns-resolver: tcp://1.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + - name: flux-webhook + group: external + url: https://flux-receiver.hsn.dev + interval: 1m + client: + dns-resolver: tcp://1.1.1.1:53 + conditions: + - "[STATUS] == 404" + alerts: + - type: pushover + - name: Elessar + group: internal + url: https://elessar.jahanson.tech + interval: 1m + client: + dns-resolver: tcp://10.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + - name: Sting + group: internal + url: http://sting.jahanson.tech + interval: 1m + client: + dns-resolver: tcp://10.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + # - name: Gandalf + # group: internal + # url: https://gandalf.jahanson.tech:8443 + # interval: 1m + # client: + # dns-resolver: tcp://10.1.1.1:53 + # conditions: + # - "[STATUS] == 200" + # alerts: + # - type: pushover + - name: Gollum + group: internal + url: http://gollum.jahanson.tech + interval: 1m + client: + dns-resolver: tcp://10.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + - name: Nextcloud Internal + group: internal + url: https://nc.hsn.dev + interval: 1m + ui: + hide-url: true + hide-hostname: true + client: + dns-resolver: tcp://10.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + - name: Home Assistant + group: internal + url: https://hass.jahanson.tech + interval: 1m + client: + dns-resolver: tcp://10.1.1.1:53 + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover diff --git a/kubernetes/apps/observability/gatus/ks.yaml b/kubernetes/apps/observability/gatus/ks.yaml new file mode 100644 index 0000000..58a7210 --- /dev/null +++ b/kubernetes/apps/observability/gatus/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app gatus + namespace: flux-system +spec: + targetNamespace: observability + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: crunchy-postgres-operator + - name: external-secrets-stores + path: ./kubernetes/apps/observability/gatus/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + DB_NAME: gatus + DB_USER: gatus diff --git a/kubernetes/apps/observability/kustomization.yaml b/kubernetes/apps/observability/kustomization.yaml index 6d86711..67ac344 100644 --- a/kubernetes/apps/observability/kustomization.yaml +++ b/kubernetes/apps/observability/kustomization.yaml @@ -8,3 +8,4 @@ resources: # Flux-Kustomizations - ./kube-prometheus-stack/ks.yaml - ./prometheus-operator-crds/ks.yaml + - ./gatus/ks.yaml