Update quay.io/prometheus/alertmanager:main Docker digest to 12e1a50

Merge pull request 'Update Helm release cert-manager-webhook-dnsimple to v0.0.11' (#191 ) from renovate/cert-manager-webhook-dnsimple-0.x into main
Reviewed-on: #191
2024-01-05 11:09:04 +00:00 · 2024-01-05 02:40:43 +00:00 · 2024-01-05 02:37:55 +00:00 · 2024-01-04 18:07:51 -06:00 · 2024-01-04 17:54:05 -06:00 · 2024-01-04 17:41:04 -06:00
13 changed files with 137 additions and 29 deletions
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: cert-manager-webhook-dnsimple
-      version: 0.0.10
+      version: 0.0.11
      interval: 30m
      sourceRef:
        kind: HelmRepository
--- a/kubernetes/apps/database/crunchy-postgres/operator/kustomization.yaml
+++ b/kubernetes/apps/database/crunchy-postgres/operator/kustomization.yaml
@ -5,3 +5,5 @@ kind: Kustomization
 namespace: database
 resources:
  - ./helmrelease.yaml
+  - ./objectbucketclaim.yaml
+  - ./podmonitor.yaml
--- a/kubernetes/apps/database/crunchy-postgres/operator/objectbucketclaim.yaml
+++ b/kubernetes/apps/database/crunchy-postgres/operator/objectbucketclaim.yaml
@ -3,8 +3,8 @@
 apiVersion: objectbucket.io/v1alpha1
 kind: ObjectBucketClaim
 metadata:
-  name: pgo-peertube-backup-bucket-v1
+  name: crunchy-postgres
  namespace: monitoring
 spec:
-  bucketName: pgo-peertube-backup-v1
+  bucketName: crunchy-postgres
  storageClassName: ceph-bucket
--- a/kubernetes/apps/database/crunchy-postgres/operator/podmonitor.yaml
+++ b/kubernetes/apps/database/crunchy-postgres/operator/podmonitor.yaml
@ -0,0 +1,33 @@
+# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: crunchy-postgres-exporter
+spec:
+  selector:
+    matchLabels:
+      postgres-operator.crunchydata.com/crunchy-postgres-exporter: 'true'
+  namespaceSelector:
+    matchNames:
+      - peertube
+  podMetricsEndpoints:
+    - port: "exporter"
+      relabelings:
+        - sourceLabels: [__meta_kubernetes_pod_container_port_number]
+          action: keep
+          regex: "9187"
+        - sourceLabels: [__meta_kubernetes_namespace]
+          targetLabel: kubernetes_namespace
+        - sourceLabels: [__meta_kubernetes_pod_name]
+          targetLabel: pod
+        - sourceLabels: [__meta_kubernetes_namespace, __meta_kubernetes_pod_label_postgres_operator_crunchydata_com_cluster]
+          separator: ":"
+          targetLabel: pg_cluster
+          replacement: "$1$2"
+        - sourceLabels: [__meta_kubernetes_pod_ip]
+          targetLabel: ip
+        - sourceLabels: [__meta_kubernetes_pod_label_postgres_operator_crunchydata_com_instance]
+          targetLabel: deployment
+        - sourceLabels: [__meta_kubernetes_pod_label_postgres_operator_crunchydata_com_role]
+          targetLabel: role
--- a/kubernetes/apps/monitoring/alertmanager/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/alertmanager/app/helmrelease.yaml
@ -27,7 +27,7 @@ spec:
          main:
            image:
              repository: quay.io/prometheus/alertmanager
-              tag: main@sha256:c9158d4597dda0887f089c9a6d81c5c989fb147bb66e562c81a97f896a6198ce
+              tag: main@sha256:12e1a50fbb3970f0df6bf96f712d009f48fbf55f29256ce80b4f38c78b8b4264
              pullPolicy: IfNotPresent
    podAnnotations:
      reloader.stakater.com/auto: "true"
--- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
@ -154,6 +154,14 @@ spec:
            editable: true
            options:
              path: /var/lib/grafana/dashboards/thanos
+          - name: crunchy-postgres
+            orgId: 1
+            folder: Crunchy Postgres
+            type: file
+            disableDeletion: false
+            editable: true
+            options:
+              path: /var/lib/grafana/dashboards/crunchy-postgres
    dashboards:
      default:
        external-dns:
@ -183,6 +191,28 @@ spec:
          gnetId: 5342
          revision: 9
          datasource: Prometheus
+      crunchy-postgres:
+        pgbackrest:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/pgbackrest.json
+          datasource: Prometheus
+        pods:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/pod_details.json
+          datasource: Prometheus
+        postgresql:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/postgresql_details.json
+          datasource: Prometheus
+        postgresql-overview:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/postgresql_overview.json
+          datasource: Prometheus
+        postgresql-health:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/postgresql_service_health.json
+          datasource: Prometheus
+        postgresql-alerts:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/prometheus_alerts.json
+          datasource: Prometheus
+        query-stats:
+          url: https://raw.githubusercontent.com/CrunchyData/pgmonitor/development/grafana/containers/query_statistics.json
+          datasource: Prometheus
      flux:
        flux-cluster:
          url: https://raw.githubusercontent.com/fluxcd/flux2-monitoring-example/main/monitoring/configs/dashboards/cluster.json
--- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
@ -102,7 +102,7 @@ spec:
              - severity = "warning"
            equal: ["alertname", "namespace"]
      ingress:
-        enabled: true
+        enabled: false
      alertmanagerSpec:
        replicas: 3
        storage:
--- a/kubernetes/apps/network/ingress-nginx/ks.yaml
+++ b/kubernetes/apps/network/ingress-nginx/ks.yaml
@ -17,8 +17,8 @@ spec:
  wait: true
  dependsOn:
    - name: cluster-apps-cert-manager-issuers
-# ---
-# # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 # apiVersion: kustomize.toolkit.fluxcd.io/v1
 # kind: Kustomization
 # metadata:
--- a/kubernetes/apps/network/ingress-nginx/peertube/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/peertube/helmrelease.yaml
@ -29,7 +29,7 @@ spec:
          load-balancer.hetzner.cloud/location: fsn1
          load-balancer.hetzner.cloud/protocol: tcp
          load-balancer.hetzner.cloud/name: peertube-nginx
-          load-balancer.hetzner.cloud/use-private-ip: true
+          load-balancer.hetzner.cloud/use-private-ip: false
          load-balancer.hetzner.cloud/uses-proxyprotocol: true

      publishService:
--- a/kubernetes/apps/peertube/peertube/app/externalsecret.yaml
+++ b/kubernetes/apps/peertube/peertube/app/externalsecret.yaml
@ -55,7 +55,7 @@ spec:
            source: "(.*)"
            target: "peertube_$1"
    - extract:
-        key: crunchybridge
+        key: crunchy-postgres
      rewrite:
        - regexp:
            source: "(.*)"
--- a/kubernetes/apps/peertube/peertube/app/helmrelease.yaml
+++ b/kubernetes/apps/peertube/peertube/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: app-template
-      version: 2.0.3
+      version: 2.4.0
      interval: 30m
      sourceRef:
        kind: HelmRepository
@ -22,11 +22,24 @@ spec:
      main:
        annotations:
          reloader.stakater.com/auto: "true"
+        initContainers:
+          init-config:
+            image:
+              repository: docker.io/chocobozzz/peertube
+              tag: &peertube-version v6.0.2-bookworm
+            command:
+              - "/bin/sh"
+              - "-c"
+            args:
+              - cp /app/support/docker/production/config/* /config;
+                cp /app/config/default.yaml /config;
+                chown -R peertube:peertube /data /config;
+                cp -r /app/client/dist/* /assets/;
        containers:
          main:
            image:
              repository: docker.io/chocobozzz/peertube
-              tag: v6.0.2-bookworm
+              tag: *peertube-version
              pullPolicy: Always
            envFrom:
              - secretRef:
@ -44,25 +57,54 @@ spec:
                failureThreshold: 3
                periodSeconds: 30
                initialDelaySeconds: 15
+          nginx:
+            image:
+              repository: docker.io/library/nginx
+              tag: 1.25.3-alpine
+              pullPolicy: Always
    service:
      main:
        ports:
          http:
            port: &port-api 9000

+    ingress:
+      main:
+        enabled: true
+        className: "peertube-nginx"
+        annotations:
+          nginx.ingress.kubernetes.io/proxy-body-size: "0"
+          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+          nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+        hosts:
+          - host: &host "khazadtube.tv"
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
+        tls:
+          - hosts:
+              - *host
+
    persistence:
-      config:
+      # config:
+      #   enabled: true
+      #   type: configMap
+      #   name: peertube-configmap
+      #   globalMounts:
+      #     - path: /config
+      nginx-conf:
        enabled: true
        type: configMap
-        name: peertube-configmap
+        name: peertube-nginx
        globalMounts:
-          - path: /config
-      media:
-        existingClaim: nas-storage
-        advancedMounts:
-          main:
-            main:
-              - path: /data
+          - path: /etc/nginx/conf.d
+      assets:
+        type: emptyDir
+        globalMounts:
+          - path: /assets
+

    resources:
      requests:
--- a/kubernetes/apps/peertube/peertube/app/kustomization.yaml
+++ b/kubernetes/apps/peertube/peertube/app/kustomization.yaml
@ -5,10 +5,9 @@ kind: Kustomization
 namespace: peertube
 resources:
  - ./externalsecret.yaml
-  # - ./helmrelease.yaml
+  - ./helmrelease.yaml
  # - ./ingress.yaml
  - ./postgresCluster.yaml
-  - ./objectbucketclaim.yaml
  - ./pvc.yaml
 configMapGenerator:
  - name: peertube-configmap
--- a/kubernetes/apps/peertube/peertube/app/postgresCluster.yaml
+++ b/kubernetes/apps/peertube/peertube/app/postgresCluster.yaml
@ -13,12 +13,12 @@ spec:
      postgresql:
        synchronous_commit: "on"
        pg_hba:
-          - host peertube peertube 10.32.0.0/16 md5
-          - host all peertube 127.0.0.1 md5
-  # monitoring:
-  #   pgmonitor:
-  #     exporter:
-  #       image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0
+          - hostnossl all all 10.32.0.0/16 md5
+          - hostnossl all all all md5
+  monitoring:
+    pgmonitor:
+      exporter:
+        image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.5.0-0

  instances:
    - name: postgres
@ -35,6 +35,8 @@ spec:
      databases:
        - peertube
      options: "SUPERUSER"
+      password:
+        type: AlphaNumeric
  backups:
    pgbackrest:
      configuration:
@ -56,6 +58,6 @@ spec:
            full: "0 1 * * 0"
            differential: "0 1 * * 1-6"
          s3:
-            bucket: "pgo-peertube-backup-v1"
+            bucket: "crunchy-postgres"
            endpoint: "rook-ceph-rgw-ceph-objectstore.rook-ceph.svc"
            region: ""
Author	SHA1	Message	Date
Smeagol	7420814710	Update quay.io/prometheus/alertmanager:main Docker digest to 12e1a50	2024-01-05 11:09:04 +00:00
Joseph Hanson	c3a3d6d111	Merge pull request 'Update Helm release cert-manager-webhook-dnsimple to v0.0.11' (#191 ) from renovate/cert-manager-webhook-dnsimple-0.x into main Reviewed-on: #191	2024-01-05 02:40:43 +00:00
Smeagol	ccd6f09d37	Update Helm release cert-manager-webhook-dnsimple to v0.0.11	2024-01-05 02:37:55 +00:00
Joseph Hanson	49e525cf5d	Remove loadbalancer.	2024-01-04 18:07:51 -06:00
Joseph Hanson	e57efa2aa3	apply ingress/cert.	2024-01-04 17:54:05 -06:00
Joseph Hanson	fb03638cd7	Disable ingress.	2024-01-04 17:41:04 -06:00
Joseph Hanson	d80673daf9	Deploy peertube loadbalancer.	2024-01-04 17:29:11 -06:00
Joseph Hanson	27d9722e2f	Update secret name.	2024-01-04 17:13:52 -06:00
Joseph Hanson	7666558378	Add assets dir.	2024-01-04 17:00:16 -06:00
Joseph Hanson	1122775f03	Fix image/version syntax	2024-01-04 16:36:45 -06:00
Joseph Hanson	4b9f40740e	deploy peertube hr	2024-01-04 16:34:33 -06:00
Joseph Hanson	59b0e69e8f	lazy yaml	2024-01-04 16:33:35 -06:00
Joseph Hanson	48611b23c1	initial configuration of peertube container	2024-01-04 16:31:18 -06:00
Joseph Hanson	8be46bccde	Correct port usage of name instead of number.	2024-01-04 14:10:12 -06:00
Joseph Hanson	754073318c	fixing pod monitor	2024-01-04 13:35:54 -06:00
Joseph Hanson	8a541ee1e0	Include namespace.	2024-01-04 13:03:10 -06:00
Joseph Hanson	36b18602d1	Adding Crunchy-Postgres Dashboards.	2024-01-04 12:52:55 -06:00
Joseph Hanson	0490a15eec	Add PodMonitor for crunchy exporter.	2024-01-04 12:30:10 -06:00
Joseph Hanson	93a10ea9e3	Added crunchy postgres monitoring.	2024-01-04 11:02:29 -06:00
Joseph Hanson	110781bea4	Move pgo backup bucket and reconfig peertube pg cluster	2024-01-04 10:39:55 -06:00