From 262417f1cf5c56aded53c82007b1c0ca63e587be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Apr 2024 13:51:38 +0200 Subject: [PATCH] A lot of updates and disable loki --- badhouseplants/helmfile.yaml | 6 +- badhouseplants/values/secrets.zot.yaml | 18 ++-- .../values.istio-gateway-resources.yaml | 10 ++ .../values/values.istio-ingressgateway.yaml | 4 + badhouseplants/values/values.istiod.yaml | 2 +- badhouseplants/values/values.loki.yaml | 91 +++++++++++++++++-- badhouseplants/values/values.postgres16.yaml | 17 ++++ badhouseplants/values/values.zot.yaml | 2 + releases.yaml | 36 +++++--- repositories.yaml | 2 + 10 files changed, 154 insertions(+), 34 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3d901cd..b1464e4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,8 +11,10 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: true + installed: false - <<: *chartmuseum + installed: false + - <<: *keel - <<: *drone installed: true namespace: drone-service @@ -115,7 +117,7 @@ releases: createNamespace: true - <<: *tandoor - installed: true + installed: false namespace: tandoor-application createNamespace: true diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 4019155..14ecac2 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] -authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] + config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] +authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 - dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk - WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv - REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ - ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 + emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw + N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy + ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V + WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T10:24:20Z" - mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + lastmodified: "2024-04-08T15:15:59Z" + mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..acbca74 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,6 +22,16 @@ istio-gateway: gateways: - name: badhouseplants-net servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 94fe69a..b97223d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -18,6 +18,10 @@ service: port: 80 protocol: TCP targetPort: 80 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 01529ce..d788392 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index f3a74e8..c160d28 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,24 +1,99 @@ --- global: dnsService: "coredns" -singleBinary: - replicas: 1 - persistence: - size: 5Gi + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' + commonConfig: + replication_factor: 1 + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: s3 + schema: v13 + index: + prefix: loki_index_ + period: 24h + ingester: + chunk_encoding: snappy + tracing: + enabled: true + querier: + # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing + max_concurrent: 2 + +compactor: + retention_enabled: true +limits_config: + retention_period: 14d + monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false -test: + +#gateway: +# ingress: +# enabled: true +# hosts: +# - host: FIXME +# paths: +# - path: / +# pathType: Prefix + +deploymentMode: SingleBinary +singleBinary: + persistence: + size: 5Gi + replicas: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + extraEnv: + # Keep a little bit lower than memory limits + - name: GOMEMLIMIT + value: 3750MiB + +chunksCache: + # default is 500MB, with limited memory keep this smaller + writebackSizeLimit: 10MB + +minio: enabled: false + +# Zero out replica counts of other deployment modes +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 + +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 compactor: - retention_enabled: true -limits_config: - retention_period: 14d + replicas: 0 +indexGateway: + replicas: 0 +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index cbcb751..92cef0b 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,3 +8,20 @@ persistence: metrics: enabled: false +primary: + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index c418f5c..e7afd09 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -7,6 +7,8 @@ istio: hostname: registry.badhouseplants.net service: zot port: 5000 +strategy: + type: Recreate service: type: ClusterIP persistence: true diff --git a/releases.yaml b/releases.yaml index f66cf73..2c7d858 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.0 + version: 3.12.1 values: - common/values.{{ .Release.Name }}.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.6 + version: 6.7.12 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.2.0 + version: 58.1.3 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.47.2 + version: 6.3.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.0 + version: 1.21.1 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.7 + version: 22.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.3 + version: 10.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.2 + version: 19.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.0 + version: 15.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.21.0 + version: 1.23.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -365,7 +365,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.2.0 + version: 2.3.1 inherit: - template: default-env-values - template: ext-istio-gateway @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.3 + version: 0.9.5 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.3 + version: 1.15.4 createNamespace: false namespace: kube-system inherit: @@ -443,3 +443,11 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel + name: keel + chart: keel/keel + version: 1.0.3 + createNamespace: false + namespace: kube-system + + diff --git a/repositories.yaml b/repositories.yaml index 2ce3602..2900540 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -57,3 +57,5 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: chartmuseum url: https://chartmuseum.github.io/charts + - name: keel + url: https://charts.keel.sh