diff --git a/kubernetes/apps/database/dragonfly/app/helmrelease.yaml b/kubernetes/apps/database/dragonfly/app/helmrelease.yaml new file mode 100644 index 0000000..31b8633 --- /dev/null +++ b/kubernetes/apps/database/dragonfly/app/helmrelease.yaml @@ -0,0 +1,102 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app dragonfly-operator +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + dragonfly-operator: + strategy: RollingUpdate + containers: + app: + image: + repository: ghcr.io/dragonflydb/operator + tag: v1.1.7 + command: ["/manager"] + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=:8080 + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /healthz + port: &port 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /readyz + port: *port + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + resources: + requests: + cpu: 10m + limits: + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + seccompProfile: { type: RuntimeDefault } + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + service: + app: + controller: *app + ports: + http: + port: *port + metrics: + port: 8080 + serviceAccount: + create: true + name: *app + serviceMonitor: + app: + serviceName: *app + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s diff --git a/kubernetes/apps/database/dragonfly/app/kustomization.yaml b/kubernetes/apps/database/dragonfly/app/kustomization.yaml index f7d16c4..c4a3e49 100644 --- a/kubernetes/apps/database/dragonfly/app/kustomization.yaml +++ b/kubernetes/apps/database/dragonfly/app/kustomization.yaml @@ -3,4 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./dragonfly.yaml + # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator + - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.7/manifests/crd.yaml + - ./helmrelease.yaml + - ./rbac.yaml diff --git a/kubernetes/apps/database/dragonfly/app/rbac.yaml b/kubernetes/apps/database/dragonfly/app/rbac.yaml new file mode 100644 index 0000000..6e1e092 --- /dev/null +++ b/kubernetes/apps/database/dragonfly/app/rbac.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dragonfly-operator +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods", "services"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["dragonflydb.io"] + resources: ["dragonflies"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["dragonflydb.io"] + resources: ["dragonflies/finalizers"] + verbs: ["update"] + - apiGroups: ["dragonflydb.io"] + resources: ["dragonflies/status"] + verbs: ["get", "patch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dragonfly-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dragonfly-operator +subjects: + - kind: ServiceAccount + name: dragonfly-operator + namespace: database diff --git a/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml b/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml new file mode 100644 index 0000000..fc37f36 --- /dev/null +++ b/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/dragonflydb.io/dragonfly_v1alpha1.json +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: dragonfly +spec: + image: ghcr.io/dragonflydb/dragonfly:v1.22.0 + replicas: 3 + env: + - name: MAX_MEMORY + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: 1Mi + args: + - --maxmemory=$(MAX_MEMORY)Mi + - --proactor_threads=2 + - --cluster_mode=emulated + - --default_lua_flags=allow-undeclared-keys + resources: + requests: + cpu: 100m + limits: + memory: 512Mi + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: "DoNotSchedule" + labelSelector: + matchLabels: + app.kubernetes.io/part-of: dragonfly diff --git a/kubernetes/apps/database/dragonfly/cluster/kustomization.yaml b/kubernetes/apps/database/dragonfly/cluster/kustomization.yaml new file mode 100644 index 0000000..6f0f305 --- /dev/null +++ b/kubernetes/apps/database/dragonfly/cluster/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./cluster.yaml + - ./podmonitor.yaml diff --git a/kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml b/kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml new file mode 100644 index 0000000..bbe3329 --- /dev/null +++ b/kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml @@ -0,0 +1,13 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: dragonfly +spec: + selector: + matchLabels: + app: dragonfly + podTargetLabels: ["app"] + podMetricsEndpoints: + - port: admin diff --git a/kubernetes/apps/database/dragonfly/ks.yaml b/kubernetes/apps/database/dragonfly/ks.yaml index b23fe2e..237f377 100644 --- a/kubernetes/apps/database/dragonfly/ks.yaml +++ b/kubernetes/apps/database/dragonfly/ks.yaml @@ -3,19 +3,44 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app dragonfly + name: &app dragonfly-operator namespace: flux-system spec: targetNamespace: database commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores path: ./kubernetes/apps/database/dragonfly/app prune: true sourceRef: kind: GitRepository name: theshire - wait: false + wait: true interval: 30m retryInterval: 1m - timeout: 15m + timeout: 5m +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app dragonfly-cluster + namespace: flux-system +spec: + targetNamespace: database + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: dragonfly-operator + path: ./kubernetes/apps/database/dragonfly/cluster + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m