diff --git a/apps/kube-prometheus-stack/release-alloy.yaml b/apps/kube-prometheus-stack/release-alloy.yaml deleted file mode 100644 index 14bab6a..0000000 --- a/apps/kube-prometheus-stack/release-alloy.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: alloy - namespace: kube-prometheus-stack -spec: - chart: - spec: - chart: alloy - version: 1.x - sourceRef: - kind: HelmRepository - name: grafana - interval: 15m - releaseName: alloy - values: - alloy: - configMap: - content: |- - // Write your Alloy config here: - loki.write "default" { - endpoint { - url = "http://loki:3100/loki/api/v1/push" - } - } - - // discovery.kubernetes allows you to find scrape targets from Kubernetes resources. - // It watches cluster state and ensures targets are continually synced with what is currently running in your cluster. - discovery.kubernetes "pod" { - role = "pod" - // Restrict to pods on the node to reduce cpu & memory usage - selectors { - role = "pod" - field = "spec.nodeName=" + coalesce(sys.env("HOSTNAME"), constants.hostname) - } - } - - // discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules. - // If no rules are defined, then the input targets are exported as-is. - discovery.relabel "pod_logs" { - targets = discovery.kubernetes.pod.targets - - // Label creation - "namespace" field from "__meta_kubernetes_namespace" - rule { - source_labels = ["__meta_kubernetes_namespace"] - action = "replace" - target_label = "namespace" - } - - // Label creation - "pod" field from "__meta_kubernetes_pod_name" - rule { - source_labels = ["__meta_kubernetes_pod_name"] - action = "replace" - target_label = "pod" - } - - // Label creation - "container" field from "__meta_kubernetes_pod_container_name" - rule { - source_labels = ["__meta_kubernetes_pod_container_name"] - action = "replace" - target_label = "container" - } - - // Label creation - "app" field from "__meta_kubernetes_pod_label_app_kubernetes_io_name" - rule { - source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"] - action = "replace" - target_label = "app" - } - - // Label creation - "job" field from "__meta_kubernetes_namespace" and "__meta_kubernetes_pod_container_name" - // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name - rule { - source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"] - action = "replace" - target_label = "job" - separator = "/" - replacement = "$1" - } - - // Label creation - "__path__" field from "__meta_kubernetes_pod_uid" and "__meta_kubernetes_pod_container_name" - // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log - rule { - source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"] - action = "replace" - target_label = "__path__" - separator = "/" - replacement = "/var/log/pods/*$1/*.log" - } - - // Label creation - "container_runtime" field from "__meta_kubernetes_pod_container_id" - rule { - source_labels = ["__meta_kubernetes_pod_container_id"] - action = "replace" - target_label = "container_runtime" - regex = `^(\S+):\/\/.+$` - replacement = "$1" - } - } - - // loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API. - loki.source.kubernetes "pod_logs" { - targets = discovery.relabel.pod_logs.output - forward_to = [loki.process.pod_logs.receiver] - } - - // loki.process receives log entries from other Loki components, applies one or more processing stages, - // and forwards the results to the list of receivers in the component's arguments. - loki.process "pod_logs" { - stage.static_labels { - values = { - cluster = "server", - } - } - - forward_to = [loki.write.default.receiver] - } - - // loki.source.kubernetes_events tails events from the Kubernetes API and converts them - // into log lines to forward to other Loki components. - loki.source.kubernetes_events "cluster_events" { - job_name = "integrations/kubernetes/eventhandler" - log_format = "logfmt" - forward_to = [ - loki.process.cluster_events.receiver, - ] - } - - // loki.process receives log entries from other loki components, applies one or more processing stages, - // and forwards the results to the list of receivers in the component's arguments. - loki.process "cluster_events" { - forward_to = [loki.write.default.receiver] - - stage.static_labels { - values = { - cluster = "server", - } - } - - stage.labels { - values = { - kubernetes_cluster_events = "job", - } - } - } diff --git a/apps/kube-prometheus-stack/release-loki.yaml b/apps/kube-prometheus-stack/release-loki.yaml deleted file mode 100644 index 6995e33..0000000 --- a/apps/kube-prometheus-stack/release-loki.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: loki - namespace: kube-prometheus-stack -spec: - chart: - spec: - chart: loki - version: 6.x - sourceRef: - kind: HelmRepository - name: grafana-community - interval: 15m - releaseName: loki - values: - loki: - auth_enabled: false - commonConfig: - replication_factor: 3 - schemaConfig: - configs: - - from: "2024-04-01" - store: tsdb - object_store: s3 - schema: v13 - index: - prefix: loki_index_ - period: 24h - pattern_ingester: - enabled: true - limits_config: - allow_structured_metadata: true - volume_enabled: true - ruler: - enable_api: true - - minio: - enabled: true - - deploymentMode: SingleBinary - - singleBinary: - replicas: 3 - - # Zero out replica counts of other deployment modes - backend: - replicas: 0 - read: - replicas: 0 - write: - replicas: 0 - - ingester: - replicas: 0 - querier: - replicas: 0 - queryFrontend: - replicas: 0 - queryScheduler: - replicas: 0 - distributor: - replicas: 0 - compactor: - replicas: 0 - indexGateway: - replicas: 0 - bloomCompactor: - replicas: 0 - bloomGateway: - replicas: 0 diff --git a/apps/kube-prometheus-stack/repository-grafana-community.yaml b/apps/kube-prometheus-stack/repository-grafana-community.yaml deleted file mode 100644 index 48ac92d..0000000 --- a/apps/kube-prometheus-stack/repository-grafana-community.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: grafana-community - namespace: kube-prometheus-stack -spec: - interval: 15m - url: https://grafana-community.github.io/helm-charts diff --git a/apps/wger/mail-secret.yaml b/apps/wger/mail-secret.yaml new file mode 100644 index 0000000..f33d60e --- /dev/null +++ b/apps/wger/mail-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mail + namespace: wger +stringData: + mail-password: ENC[AES256_GCM,data:gYAXemcZvSM7Ja98zbcL2fI0cU+5egbuKg==,iv:IBOka/ZtRfoBxDMxUIvjMWkJCLVQkrBhCE6wi95LYd8=,tag:sCAvs8Pl/0ZgxiNhVDXJkQ==,type:str] +sops: + age: + - recipient: age1s0206tnfaaw849x5xmt95axgu8qhxzlu5ywrwz09tpt8lwpx858q089nq9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RzBGVUZ3VjZUYzJFQUNO + ODFuT2YwTHQ4clZ6Z0YzNjNBUzRpS3VsUlZVCmRVUEdoZi9kdno0eGRxQWJDK2FU + WXFkTmdaN24xN1FEQWZWNTNwM1NPeFkKLS0tIEx6azVkdWRqTGtZajd2UnpTTExI + aWtMNy85b3hNZmhCZVdoTFFRU2Q4aW8KCkxYXDpS+dcsoE56UCRU9Ag2I5jFY3w8 + E3EjBj5PPbx6Wlhyp/PjOPGNt8QBFhx8Opbh+LkAC5UGVf6Pq98Fvw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-05-14T00:41:41Z" + mac: ENC[AES256_GCM,data:sFIyRDQMugRQzY4tAf5ch3jzw/7pmKngHLOX6VoBGTHbgPQGtGdutB4eCd2ZfDgf8W7b55szs0rIMG2bT8zZ9EgMsbz1BUJ8wrGoT1GqBXg4eaaXarS2NJ9PGhf7oSYGJosO/VWa1R876MnuXiLkY26LHxSFJN7USnH1qC82kTA=,iv:c6ee1sUuTmgz2LeInrUJbdkjDqw8/3azRFD0MVnShEQ=,tag:ztS7Ck3a/0wKJEYrbmsbuQ==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.12.2 diff --git a/apps/wger/release.yaml b/apps/wger/release.yaml new file mode 100644 index 0000000..2d4cb17 --- /dev/null +++ b/apps/wger/release.yaml @@ -0,0 +1,48 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: wger + namespace: wger +spec: + chart: + spec: + chart: wger + version: 0.3.x + sourceRef: + kind: HelmRepository + name: wger + interval: 15m + releaseName: wger + values: + app: + timezone: "America/Toronto" + mail: + enabled: true + server: mail.michaelthomson.dev + port: 465 + user: server@michaelthomson.dev + from_email: server@michaelthomson.dev + secret: + name: mail + key: mail-password + nginx: + enabled: true + persistence: + enabled: true + size: 8Gi + ingress: + enabled: true + url: wger.michaelthomson.dev + tls: true + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net + external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + postgres: + storage: + className: longhorn + requestedSize: 8Gi + redis: + enabled: true diff --git a/apps/wger/repository.yaml b/apps/wger/repository.yaml new file mode 100644 index 0000000..94d8678 --- /dev/null +++ b/apps/wger/repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: wger + namespace: wger +spec: + interval: 15m + url: https://wger-project.github.io/helm-charts diff --git a/bootstrap/apps/kustomization-wger.yaml b/bootstrap/apps/kustomization-wger.yaml new file mode 100644 index 0000000..4266fa0 --- /dev/null +++ b/bootstrap/apps/kustomization-wger.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: wger + namespace: flux-system +spec: + interval: 15m + path: ./apps/wger + prune: true + wait: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-age + dependsOn: + - name: infra-configs diff --git a/infrastructure/namespaces/namespace-wger.yaml b/infrastructure/namespaces/namespace-wger.yaml new file mode 100644 index 0000000..0064906 --- /dev/null +++ b/infrastructure/namespaces/namespace-wger.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: wger