diff --git a/.woodpecker/deploy.yaml b/.woodpecker/deploy.yaml index 2e580d3..f9fc24d 100644 --- a/.woodpecker/deploy.yaml +++ b/.woodpecker/deploy.yaml @@ -91,4 +91,16 @@ steps: - pwd - kubectl apply -Rf manifests/pleroma # TODO: fix this - - envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f - \ No newline at end of file + - envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f - + prometheus: + image: cr.forge.lan/alk8s/alk8s + pull: true + environment: + KUBECONFIG_BASE64: + from_secret: kubeconfig_base64 + CI_COMMIT_SHA: ${CI_COMMIT_SHA} + commands: + - mkdir -p ~/.kube + - echo $KUBECONFIG_BASE64 | base64 -d > ~/.kube/config + - pwd + - kubectl apply -Rf manifests/prometheus \ No newline at end of file diff --git a/manifests/grafana/configmap.yaml b/manifests/grafana/configmap.yaml new file mode 100644 index 0000000..c40067f --- /dev/null +++ b/manifests/grafana/configmap.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: darkdork-dev + name: prometheus-config +data: + prometheus.yml: | + global: + scrape_interval: 15s + + scrape_configs: + - job_name: 'pleroma' + scheme: http + static_configs: + - targets: ['pleroma:4021'] \ No newline at end of file diff --git a/manifests/grafana/deployment.yaml b/manifests/grafana/deployment.yaml new file mode 100644 index 0000000..9327c57 --- /dev/null +++ b/manifests/grafana/deployment.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + namespace: darkdork-dev +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + imagePullSecrets: + - name: registry-credentials + containers: + - name: grafana + image: grafana/grafana + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + env: + - name: GF_SERVER_ROOT_URL + value: http://darkdork.grafana.lan + volumeMounts: + - name: grafana-data + mountPath: /var/lib/grafana + volumes: + - name: grafana-data + persistentVolumeClaim: + claimName: grafana-pvc + securityContext: + runAsUser: 472 + runAsGroup: 0 + fsGroup: 0 +--- diff --git a/manifests/grafana/ingress.yaml b/manifests/grafana/ingress.yaml new file mode 100644 index 0000000..4ecc701 --- /dev/null +++ b/manifests/grafana/ingress.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana + namespace: darkdork-dev +spec: + ingressClassName: nginx + rules: + - host: darkdork.grafana.lan + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 3000 +--- diff --git a/manifests/grafana/pvc.yaml b/manifests/grafana/pvc.yaml new file mode 100644 index 0000000..082c816 --- /dev/null +++ b/manifests/grafana/pvc.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana-pvc + namespace: darkdork-dev + labels: + app: grafana +spec: + storageClassName: longhorn-single-replica-best-effort + accessModes: + - ReadWriteOnce + resources: + requests: + storage: + 10Gi +--- diff --git a/manifests/grafana/service.yaml b/manifests/grafana/service.yaml new file mode 100644 index 0000000..d545d5c --- /dev/null +++ b/manifests/grafana/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: darkdork-dev +spec: + ports: + - port: 3000 + name: grafana + targetPort: 3000 + protocol: TCP + selector: + app: grafana +--- diff --git a/manifests/pleroma/configmap.yaml b/manifests/pleroma/configmap.yaml index 79c0bf7..031ec01 100644 --- a/manifests/pleroma/configmap.yaml +++ b/manifests/pleroma/configmap.yaml @@ -35,6 +35,13 @@ data: disabled: false, manual_metrics_start_delay: :no_delay, drop_metrics_groups: [], + grafana: [ + host: System.get_env("GRAFANA_HOST", "http://localhost:3000"), + auth_token: System.get_env("GRAFANA_TOKEN"), + upload_dashboards_on_start: false, + folder_name: "BEAM", + annotate_app_lifecycle: true + ], metrics_server: [ port: 4021, path: "/metrics", diff --git a/manifests/pleroma/jobs.yaml b/manifests/pleroma/jobs.yaml deleted file mode 100644 index 1a62836..0000000 --- a/manifests/pleroma/jobs.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# sX/vQ3gaDErEFr9wuYqlaJ/yWdswBMkY4wczeq6t3bEgwo2Ia+vHcN9pbf7dBjahEihjkZ7jS5W48DIfmOFsug== - -apiVersion: batch/v1 -kind: Job -metadata: - name: migrate - namespace: darkdork-dev -spec: - template: - spec: - imagePullSecrets: - - name: registry-credentials - containers: - - name: migrate - image: cr.forge.lan/darkdork-dev/pleroma:latest - command: [ "/bin/ash", "-c", "/opt/pleroma/bin/pleroma_ctl migrate" ] - env: - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /etc/pleroma/config.exs - subPath: config.exs - restartPolicy: Never - volumes: - - name: pleroma-config-volume - configMap: - name: pleroma-config - defaultMode: 0640 # Pleroma is picky about config file permissions. - securityContext: - fsGroup: 1000 # Ensures pleroma can still read the config file \ No newline at end of file diff --git a/manifests/pleroma/pvc.yaml b/manifests/pleroma/pvc.yaml index 591cdd9..b055d27 100644 --- a/manifests/pleroma/pvc.yaml +++ b/manifests/pleroma/pvc.yaml @@ -8,7 +8,7 @@ metadata: app: pleroma spec: accessModes: ["ReadWriteOnce"] - storageClassName: longhorn-single-replica + storageClassName: longhorn-single-replica-best-effort resources: requests: storage: 2Gi \ No newline at end of file diff --git a/manifests/pleroma/service.yaml b/manifests/pleroma/service.yaml index 28ea493..96bc549 100644 --- a/manifests/pleroma/service.yaml +++ b/manifests/pleroma/service.yaml @@ -7,8 +7,13 @@ metadata: spec: ports: - port: 80 + name: http targetPort: 4000 protocol: TCP + - port: 4021 + name: prometheus + targetPort: 4021 + protocol: TCP selector: app: pleroma --- diff --git a/manifests/pleroma/templates/deployment.yaml b/manifests/pleroma/templates/deployment.yaml index c994d73..b30d9d6 100644 --- a/manifests/pleroma/templates/deployment.yaml +++ b/manifests/pleroma/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: pleromax + name: pleroma namespace: darkdork-dev spec: replicas: 1 @@ -15,166 +15,174 @@ spec: app: pleroma spec: imagePullSecrets: - - name: registry-credentials + - name: registry-credentials initContainers: - - name: init - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} - imagePullPolicy: IfNotPresent - command: [ "sh", "-c", "mix ecto.migrate" ] - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs + - name: init + image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} + imagePullPolicy: IfNotPresent + command: [ "sh", "-c", "mix ecto.migrate" ] + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs containers: - - name: pleroma - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} - imagePullPolicy: IfNotPresent - command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] - ports: - - containerPort: 4000 - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs - - name: pleroma-emoji-volume - mountPath: /static-files/emoji/ - subPath: emoji/ + - name: pleroma + image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] + ports: + - containerPort: 4000 + - containerPort: 4021 + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: GRAFANA_HOST + value: darkdork.grafana.lan + - name: GRAFANA_TOKEN + valueFrom: + secretKeyRef: + name: pleroma + key: grafana-token + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs + - name: pleroma-emoji-volume + mountPath: /static-files/emoji/ + subPath: emoji/ volumes: - name: pleroma-config-volume configMap: diff --git a/manifests/postgres/pvc.yaml b/manifests/postgres/pvc.yaml index c555668..932887e 100644 --- a/manifests/postgres/pvc.yaml +++ b/manifests/postgres/pvc.yaml @@ -1,19 +1,3 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgres-pvc - namespace: darkdork-dev - labels: - app: postgres -spec: - volumeName: pvc-43c3a05b-5556-4d7c-83e3-ee6436f1a48e - accessModes: ["ReadWriteOnce"] - storageClassName: longhorn-ssd - resources: - requests: - storage: 10Gi - --- apiVersion: v1 kind: PersistentVolumeClaim @@ -28,18 +12,4 @@ spec: resources: requests: storage: 15Gi - --- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgres-local-path-test-pvc - namespace: darkdork-dev - labels: - app: postgres -spec: - accessModes: ["ReadWriteOnce"] - storageClassName: local-path - resources: - requests: - storage: 10Gi \ No newline at end of file diff --git a/manifests/postgres/statefulset.yaml b/manifests/postgres/statefulset.yaml index 8fe7c2e..0b3edb5 100644 --- a/manifests/postgres/statefulset.yaml +++ b/manifests/postgres/statefulset.yaml @@ -114,9 +114,6 @@ spec: - name: postgres-config-volume configMap: name: postgres-config - - name: postgres-storage - persistentVolumeClaim: - claimName: postgres-pvc - name: postgres-local persistentVolumeClaim: claimName: postgres-local-pvc \ No newline at end of file diff --git a/manifests/prometheus/configmap.yaml b/manifests/prometheus/configmap.yaml new file mode 100644 index 0000000..c40067f --- /dev/null +++ b/manifests/prometheus/configmap.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: darkdork-dev + name: prometheus-config +data: + prometheus.yml: | + global: + scrape_interval: 15s + + scrape_configs: + - job_name: 'pleroma' + scheme: http + static_configs: + - targets: ['pleroma:4021'] \ No newline at end of file diff --git a/manifests/prometheus/deployment.yaml b/manifests/prometheus/deployment.yaml new file mode 100644 index 0000000..9e5c737 --- /dev/null +++ b/manifests/prometheus/deployment.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus + namespace: darkdork-dev +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + spec: + imagePullSecrets: + - name: registry-credentials + containers: + - name: prometheus + image: prom/prometheus + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9090 + volumeMounts: + - name: prometheus-data + mountPath: /prometheus + - name: prometheus-config + mountPath: /etc/prometheus/prometheus.yml + subPath: prometheus.yml + volumes: + - name: prometheus-data + persistentVolumeClaim: + claimName: prometheus-pvc + - name: prometheus-config + configMap: + name: prometheus-config + securityContext: + fsGroup: 1000 +--- diff --git a/manifests/prometheus/ingress.yaml b/manifests/prometheus/ingress.yaml new file mode 100644 index 0000000..17ec259 --- /dev/null +++ b/manifests/prometheus/ingress.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prometheus + namespace: darkdork-dev +spec: + ingressClassName: nginx + rules: + - host: darkdork.prometheus.lan + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus + port: + number: 9090 +--- diff --git a/manifests/prometheus/pvc.yaml b/manifests/prometheus/pvc.yaml new file mode 100644 index 0000000..c3f7206 --- /dev/null +++ b/manifests/prometheus/pvc.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prometheus-pvc + namespace: darkdork-dev + labels: + app: prometheus +spec: + storageClassName: longhorn-ssd + accessModes: + - ReadWriteOnce + resources: + requests: + storage: + 10Gi +--- diff --git a/manifests/prometheus/service.yaml b/manifests/prometheus/service.yaml new file mode 100644 index 0000000..b2412de --- /dev/null +++ b/manifests/prometheus/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: prometheus + namespace: darkdork-dev +spec: + ports: + - port: 9090 + name: prometheus + targetPort: 9090 + protocol: TCP + selector: + app: prometheus +---