red/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: red:f7556d0e12bc205d524e9b44841fb34c3b9c2c62
Branches Tags
red:master
...
compare: red:bc9ab668ce0b2bccd9b88fdd8c02cfbc3aba8cfa
Branches Tags
red:master

10 commits
f7556d0e12 ... bc9ab668ce

Author SHA1 Message Date
red
bc9ab668ce fix name 2025-07-13 23:34:50 -04:00
red
09cfae8682 update pleroma pvc 2025-07-13 23:19:57 -04:00
red
d4fafa70fb update postgres pvcs 2025-07-13 23:19:48 -04:00
red
ce09636223 remove old job 2025-07-13 23:04:55 -04:00
red
8fe7e207fa configure grafana dashboard upload 2025-07-13 23:00:49 -04:00
red
5b7bf44d1e grafana 2025-07-13 22:53:18 -04:00
red
c182edd12c remove old pvc 2025-07-13 22:53:12 -04:00
red
965e4454f1 update prometheus config 2025-07-13 22:05:25 -04:00
red
e2cf25d255 add prometheus to deploy pipeline 2025-07-13 22:03:34 -04:00
red
242b70eb21 enable prometheus ports, configure prometheus server 2025-07-13 21:50:33 -04:00
18 changed files with 408 additions and 234 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.woodpecker/deploy.yaml
View file

@ -91,4 +91,16 @@ steps:
- pwd - pwd
- kubectl apply -Rf manifests/pleroma - kubectl apply -Rf manifests/pleroma
# TODO: fix this # TODO: fix this
- envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f - - envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f -
prometheus:
image: cr.forge.lan/alk8s/alk8s
pull: true
environment:
KUBECONFIG_BASE64:
from_secret: kubeconfig_base64
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands:
- mkdir -p ~/.kube
- echo $KUBECONFIG_BASE64 | base64 -d > ~/.kube/config
- pwd
- kubectl apply -Rf manifests/prometheus

16
manifests/grafana/configmap.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: darkdork-dev
name: prometheus-config
data:
prometheus.yml: |
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'pleroma'
scheme: http
static_configs:
- targets: ['pleroma:4021']

39
manifests/grafana/deployment.yaml Normal file
View file

@ -0,0 +1,39 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: grafana
image: grafana/grafana
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
env:
- name: GF_SERVER_ROOT_URL
value: http://darkdork.grafana.lan
volumeMounts:
- name: grafana-data
mountPath: /var/lib/grafana
volumes:
- name: grafana-data
persistentVolumeClaim:
claimName: grafana-pvc
securityContext:
runAsUser: 472
runAsGroup: 0
fsGroup: 0
---

20
manifests/grafana/ingress.yaml Normal file
View file

@ -0,0 +1,20 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana
namespace: darkdork-dev
spec:
ingressClassName: nginx
rules:
- host: darkdork.grafana.lan
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
---

17
manifests/grafana/pvc.yaml Normal file
View file

@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-pvc
namespace: darkdork-dev
labels:
app: grafana
spec:
storageClassName: longhorn-single-replica-best-effort
accessModes:
- ReadWriteOnce
resources:
requests:
storage:
10Gi
---

15
manifests/grafana/service.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: darkdork-dev
spec:
ports:
- port: 3000
name: grafana
targetPort: 3000
protocol: TCP
selector:
app: grafana
---

7
manifests/pleroma/configmap.yaml
View file

@ -35,6 +35,13 @@ data:
disabled: false, disabled: false,
manual_metrics_start_delay: :no_delay, manual_metrics_start_delay: :no_delay,
drop_metrics_groups: [], drop_metrics_groups: [],
grafana: [
host: System.get_env("GRAFANA_HOST", "http://localhost:3000"),
auth_token: System.get_env("GRAFANA_TOKEN"),
upload_dashboards_on_start: false,
folder_name: "BEAM",
annotate_app_lifecycle: true
],
metrics_server: [ metrics_server: [
port: 4021, port: 4021,
path: "/metrics", path: "/metrics",

40
manifests/pleroma/jobs.yaml
View file

@ -1,40 +0,0 @@
# sX/vQ3gaDErEFr9wuYqlaJ/yWdswBMkY4wczeq6t3bEgwo2Ia+vHcN9pbf7dBjahEihjkZ7jS5W48DIfmOFsug==
apiVersion: batch/v1
kind: Job
metadata:
name: migrate
namespace: darkdork-dev
spec:
template:
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: migrate
image: cr.forge.lan/darkdork-dev/pleroma:latest
command: [ "/bin/ash", "-c", "/opt/pleroma/bin/pleroma_ctl migrate" ]
env:
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /etc/pleroma/config.exs
subPath: config.exs
restartPolicy: Never
volumes:
- name: pleroma-config-volume
configMap:
name: pleroma-config
defaultMode: 0640 # Pleroma is picky about config file permissions.
securityContext:
fsGroup: 1000 # Ensures pleroma can still read the config file

2
manifests/pleroma/pvc.yaml
View file

@ -8,7 +8,7 @@ metadata:
app: pleroma app: pleroma
spec: spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
storageClassName: longhorn-single-replica storageClassName: longhorn-single-replica-best-effort
resources: resources:
requests: requests:
storage: 2Gi storage: 2Gi

5
manifests/pleroma/service.yaml
View file

@ -7,8 +7,13 @@ metadata:
spec: spec:
ports: ports:
- port: 80 - port: 80
name: http
targetPort: 4000 targetPort: 4000
protocol: TCP protocol: TCP
- port: 4021
name: prometheus
targetPort: 4021
protocol: TCP
selector: selector:
app: pleroma app: pleroma
--- ---

326
manifests/pleroma/templates/deployment.yaml
View file

@ -2,7 +2,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: pleromax name: pleroma
namespace: darkdork-dev namespace: darkdork-dev
spec: spec:
replicas: 1 replicas: 1
@ -15,166 +15,174 @@ spec:
app: pleroma app: pleroma
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: registry-credentials - name: registry-credentials
initContainers: initContainers:
- name: init - name: init
image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: [ "sh", "-c", "mix ecto.migrate" ] command: [ "sh", "-c", "mix ecto.migrate" ]
env: env:
- name: MIX_ENV - name: MIX_ENV
value: prod value: prod
- name: SIGNING_SALT - name: SIGNING_SALT
value: quYau0c value: quYau0c
- name: DOMAIN - name: DOMAIN
value: darkdork.dev value: darkdork.dev
- name: INSTANCE_NAME - name: INSTANCE_NAME
value: DarkDork.dev value: DarkDork.dev
- name: ADMIN_EMAIL - name: ADMIN_EMAIL
value: pwm@crlf.ninja value: pwm@crlf.ninja
- name: NOTIFY_EMAIL - name: NOTIFY_EMAIL
value: pleroma@crlf.ninja value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN - name: REGISTRATIONS_OPEN
value: "false" value: "false"
- name: INVITES_ENABLED - name: INVITES_ENABLED
value: "true" value: "true"
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: secret-key-base key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY - name: WEB_PUSH_PUBLIC_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: web-push-public-key key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY - name: WEB_PUSH_PRIVATE_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: web-push-private-key key: web-push-private-key
- name: DEFAULT_SIGNER - name: DEFAULT_SIGNER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: default-signer key: default-signer
- name: MEDIA_URL - name: MEDIA_URL
value: "https://media.darkdork.dev" value: "https://media.darkdork.dev"
- name: S3_BUCKET - name: S3_BUCKET
value: pleroma.darkdork.dev value: pleroma.darkdork.dev
- name: S3_ACCESS_KEY - name: S3_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: minio-access-key key: minio-access-key
- name: S3_SECRET_KEY - name: S3_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pleroma name: pleroma
key: minio-secret-key key: minio-secret-key
- name: S3_SCHEME - name: S3_SCHEME
value: "http://" value: "http://"
- name: S3_HOST - name: S3_HOST
value: minio value: minio
- name: S3_PORT - name: S3_PORT
value: "80" value: "80"
- name: DB_HOST - name: DB_HOST
value: postgres value: postgres
- name: DB_NAME - name: DB_NAME
value: pleroma value: pleroma
- name: DB_USER - name: DB_USER
value: pleroma value: pleroma
- name: DB_PASS - name: DB_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres name: postgres
key: postgres-password key: postgres-password
volumeMounts: volumeMounts:
- name: pleroma-config-volume - name: pleroma-config-volume
mountPath: /pleroma/config/prod.secret.exs mountPath: /pleroma/config/prod.secret.exs
subPath: prod.secret.exs subPath: prod.secret.exs
containers: containers:
- name: pleroma - name: pleroma
image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"]
ports: ports:
- containerPort: 4000 - containerPort: 4000
env: - containerPort: 4021
- name: MIX_ENV env:
value: prod - name: MIX_ENV
- name: SIGNING_SALT value: prod
value: quYau0c - name: SIGNING_SALT
- name: DOMAIN value: quYau0c
value: darkdork.dev - name: DOMAIN
- name: INSTANCE_NAME value: darkdork.dev
value: DarkDork.dev - name: INSTANCE_NAME
- name: ADMIN_EMAIL value: DarkDork.dev
value: pwm@crlf.ninja - name: ADMIN_EMAIL
- name: NOTIFY_EMAIL value: pwm@crlf.ninja
value: pleroma@crlf.ninja - name: NOTIFY_EMAIL
- name: REGISTRATIONS_OPEN value: pleroma@crlf.ninja
value: "false" - name: REGISTRATIONS_OPEN
- name: INVITES_ENABLED value: "false"
value: "true" - name: INVITES_ENABLED
- name: SECRET_KEY_BASE value: "true"
valueFrom: - name: SECRET_KEY_BASE
secretKeyRef: valueFrom:
name: pleroma secretKeyRef:
key: secret-key-base name: pleroma
- name: WEB_PUSH_PUBLIC_KEY key: secret-key-base
valueFrom: - name: GRAFANA_HOST
secretKeyRef: value: darkdork.grafana.lan
name: pleroma - name: GRAFANA_TOKEN
key: web-push-public-key valueFrom:
- name: WEB_PUSH_PRIVATE_KEY secretKeyRef:
valueFrom: name: pleroma
secretKeyRef: key: grafana-token
name: pleroma - name: WEB_PUSH_PUBLIC_KEY
key: web-push-private-key valueFrom:
- name: DEFAULT_SIGNER secretKeyRef:
valueFrom: name: pleroma
secretKeyRef: key: web-push-public-key
name: pleroma - name: WEB_PUSH_PRIVATE_KEY
key: default-signer valueFrom:
- name: MEDIA_URL secretKeyRef:
value: "https://media.darkdork.dev" name: pleroma
- name: S3_BUCKET key: web-push-private-key
value: pleroma.darkdork.dev - name: DEFAULT_SIGNER
- name: S3_ACCESS_KEY valueFrom:
valueFrom: secretKeyRef:
secretKeyRef: name: pleroma
name: pleroma key: default-signer
key: minio-access-key - name: MEDIA_URL
- name: S3_SECRET_KEY value: "https://media.darkdork.dev"
valueFrom: - name: S3_BUCKET
secretKeyRef: value: pleroma.darkdork.dev
name: pleroma - name: S3_ACCESS_KEY
key: minio-secret-key valueFrom:
- name: S3_SCHEME secretKeyRef:
value: "http://" name: pleroma
- name: S3_HOST key: minio-access-key
value: minio - name: S3_SECRET_KEY
- name: S3_PORT valueFrom:
value: "80" secretKeyRef:
- name: DB_HOST name: pleroma
value: postgres key: minio-secret-key
- name: DB_NAME - name: S3_SCHEME
value: pleroma value: "http://"
- name: DB_USER - name: S3_HOST
value: pleroma value: minio
- name: DB_PASS - name: S3_PORT
valueFrom: value: "80"
secretKeyRef: - name: DB_HOST
name: postgres value: postgres
key: postgres-password - name: DB_NAME
volumeMounts: value: pleroma
- name: pleroma-config-volume - name: DB_USER
mountPath: /pleroma/config/prod.secret.exs value: pleroma
subPath: prod.secret.exs - name: DB_PASS
- name: pleroma-emoji-volume valueFrom:
mountPath: /static-files/emoji/ secretKeyRef:
subPath: emoji/ name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /pleroma/config/prod.secret.exs
subPath: prod.secret.exs
- name: pleroma-emoji-volume
mountPath: /static-files/emoji/
subPath: emoji/
volumes: volumes:
- name: pleroma-config-volume - name: pleroma-config-volume
configMap: configMap:

30
manifests/postgres/pvc.yaml
View file

@ -1,19 +1,3 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: darkdork-dev
labels:
app: postgres
spec:
volumeName: pvc-43c3a05b-5556-4d7c-83e3-ee6436f1a48e
accessModes: ["ReadWriteOnce"]
storageClassName: longhorn-ssd
resources:
requests:
storage: 10Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -28,18 +12,4 @@ spec:
resources: resources:
requests: requests:
storage: 15Gi storage: 15Gi
--- ---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-local-path-test-pvc
namespace: darkdork-dev
labels:
app: postgres
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: local-path
resources:
requests:
storage: 10Gi

3
manifests/postgres/statefulset.yaml
View file

@ -114,9 +114,6 @@ spec:
- name: postgres-config-volume - name: postgres-config-volume
configMap: configMap:
name: postgres-config name: postgres-config
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-pvc
- name: postgres-local - name: postgres-local
persistentVolumeClaim: persistentVolumeClaim:
claimName: postgres-local-pvc claimName: postgres-local-pvc

16
manifests/prometheus/configmap.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: darkdork-dev
name: prometheus-config
data:
prometheus.yml: |
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'pleroma'
scheme: http
static_configs:
- targets: ['pleroma:4021']

40
manifests/prometheus/deployment.yaml Normal file
View file

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
imagePullSecrets:
- name: registry-credentials
containers:
- name: prometheus
image: prom/prometheus
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9090
volumeMounts:
- name: prometheus-data
mountPath: /prometheus
- name: prometheus-config
mountPath: /etc/prometheus/prometheus.yml
subPath: prometheus.yml
volumes:
- name: prometheus-data
persistentVolumeClaim:
claimName: prometheus-pvc
- name: prometheus-config
configMap:
name: prometheus-config
securityContext:
fsGroup: 1000
---

20
manifests/prometheus/ingress.yaml Normal file
View file

@ -0,0 +1,20 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prometheus
namespace: darkdork-dev
spec:
ingressClassName: nginx
rules:
- host: darkdork.prometheus.lan
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus
port:
number: 9090
---

17
manifests/prometheus/pvc.yaml Normal file
View file

@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus-pvc
namespace: darkdork-dev
labels:
app: prometheus
spec:
storageClassName: longhorn-ssd
accessModes:
- ReadWriteOnce
resources:
requests:
storage:
10Gi
---

15
manifests/prometheus/service.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: darkdork-dev
spec:
ports:
- port: 9090
name: prometheus
targetPort: 9090
protocol: TCP
selector:
app: prometheus
---