From f1c1e96c6b5ec9a21395879ab961aa890bbfe184 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Tue, 20 Feb 2024 11:50:05 +0100 Subject: [PATCH] apps: add gatus status --- apps/kustomization.yaml | 1 + apps/status-kustomization.yaml | 13 +++++++ apps/status/gatus-kustomization.yaml | 35 ++++++++++++++++++ apps/status/gatus-secrets-kustomization.yaml | 22 +++++++++++ .../gatus-kustomization-variables.yaml | 7 ++++ .../gatus-secrets/gatus-oauth-secret.yaml | 11 ++++++ .../status/gatus-secrets/gatus-variables.yaml | 9 +++++ apps/status/gatus/gatus-oauth-client.yaml | 21 +++++++++++ apps/status/gatus/gatus-pvc.yaml | 15 ++++++++ apps/status/gatus/gatus-release.yaml | 27 ++++++++++++++ apps/status/gatus/gatus-values-configmap.yaml | 37 +++++++++++++++++++ apps/status/kustomization.yaml | 5 +++ infrastructure/sources/minicloudlabs.yaml | 8 ++++ 13 files changed, 211 insertions(+) create mode 100644 apps/status-kustomization.yaml create mode 100644 apps/status/gatus-kustomization.yaml create mode 100644 apps/status/gatus-secrets-kustomization.yaml create mode 100644 apps/status/gatus-secrets/gatus-kustomization-variables.yaml create mode 100644 apps/status/gatus-secrets/gatus-oauth-secret.yaml create mode 100644 apps/status/gatus-secrets/gatus-variables.yaml create mode 100644 apps/status/gatus/gatus-oauth-client.yaml create mode 100644 apps/status/gatus/gatus-pvc.yaml create mode 100644 apps/status/gatus/gatus-release.yaml create mode 100644 apps/status/gatus/gatus-values-configmap.yaml create mode 100644 apps/status/kustomization.yaml create mode 100644 infrastructure/sources/minicloudlabs.yaml diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 21f49f9..fa01a36 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -7,3 +7,4 @@ resources: - support-kustomization.yaml - flow-kustomization.yaml - meet-kustomization.yaml + - status-kustomization.yaml diff --git a/apps/status-kustomization.yaml b/apps/status-kustomization.yaml new file mode 100644 index 0000000..97e8f4a --- /dev/null +++ b/apps/status-kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: add-status + namespace: flux-system +spec: + interval: 10m + prune: true + path: ./apps/status + sourceRef: + kind: GitRepository + name: stackspout diff --git a/apps/status/gatus-kustomization.yaml b/apps/status/gatus-kustomization.yaml new file mode 100644 index 0000000..ac35c02 --- /dev/null +++ b/apps/status/gatus-kustomization.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: gatus + namespace: flux-system +spec: + interval: 5m + retryInterval: 2m + timeout: 10m + wait: true + prune: true + path: ./apps/status/gatus + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: local-path-provisioner + - name: gatus-secrets + - name: nginx + - name: single-sign-on + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-gatus-kustomization-variables + - kind: Secret + name: stackspin-gatus-variables + # OIDC + - kind: Secret + name: stackspin-gatus-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/status/gatus-secrets-kustomization.yaml b/apps/status/gatus-secrets-kustomization.yaml new file mode 100644 index 0000000..f9042e0 --- /dev/null +++ b/apps/status/gatus-secrets-kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: gatus-secrets + namespace: flux-system +spec: + interval: 5m + timeout: 4m + wait: true + prune: true + path: ./apps/status/gatus-secrets + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: secrets-controller + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables diff --git a/apps/status/gatus-secrets/gatus-kustomization-variables.yaml b/apps/status/gatus-secrets/gatus-kustomization-variables.yaml new file mode 100644 index 0000000..b074a65 --- /dev/null +++ b/apps/status/gatus-secrets/gatus-kustomization-variables.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-gatus-kustomization-variables + namespace: flux-system +data: + gatus_domain: status.${domain} diff --git a/apps/status/gatus-secrets/gatus-oauth-secret.yaml b/apps/status/gatus-secrets/gatus-oauth-secret.yaml new file mode 100644 index 0000000..c12fb2d --- /dev/null +++ b/apps/status/gatus-secrets/gatus-oauth-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-gatus-oauth-variables + namespace: flux-system +spec: + data: + client_id: gatus + fields: + - fieldName: client_secret + length: "32" diff --git a/apps/status/gatus-secrets/gatus-variables.yaml b/apps/status/gatus-secrets/gatus-variables.yaml new file mode 100644 index 0000000..814ae6e --- /dev/null +++ b/apps/status/gatus-secrets/gatus-variables.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-gatus-variables + namespace: flux-system +spec: + fields: + - fieldname: password diff --git a/apps/status/gatus/gatus-oauth-client.yaml b/apps/status/gatus/gatus-oauth-client.yaml new file mode 100644 index 0000000..99509b3 --- /dev/null +++ b/apps/status/gatus/gatus-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: gatus-oauth-client + # Has to live in the same namespace as the stackspin-gatus-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-gatus-oauth-variables + #redirectUris: + # - https://${gatus_domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post diff --git a/apps/status/gatus/gatus-pvc.yaml b/apps/status/gatus/gatus-pvc.yaml new file mode 100644 index 0000000..c3715ca --- /dev/null +++ b/apps/status/gatus/gatus-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gatus-data + namespace: stackspout + labels: + stackspin.net/backupSet: "gatus" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/status/gatus/gatus-release.yaml b/apps/status/gatus/gatus-release.yaml new file mode 100644 index 0000000..be81437 --- /dev/null +++ b/apps/status/gatus/gatus-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: gatus + namespace: stackspout +spec: + releaseName: gatus + chart: + spec: + chart: gatus + version: 1.0 # TODO + sourceRef: + kind: HelmRepository + name: minicloudlabs + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-gatus-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-gatus-override + optional: true + - kind: Secret + name: stackspin-gatus-override + optional: true diff --git a/apps/status/gatus/gatus-values-configmap.yaml b/apps/status/gatus/gatus-values-configmap.yaml new file mode 100644 index 0000000..29a4f85 --- /dev/null +++ b/apps/status/gatus/gatus-values-configmap.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-gatus-values + namespace: stackspout +data: + values.yaml: | + # https://github.com/minicloudlabs/helm-charts/blob/main/charts/gatus/values.yaml + # TODO verify structure matches chart + + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: [ "${gatus_domain}" ] + tls: + - secretName: gatus-tls + hosts: + - "${gatus_domain}" + + security: + oidc: + issuer-url: "https://${hydra_domain}" + redirect-url: "https://${gatus_domain}/authorization-code/callback" + client-id: "${client_id}" + client-secret: "${client_secret}" + scopes: ["openid"] + #autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration' + + # TODO Adjust gatus Mailing config + # mailer: + # enabled: "${outgoing_mail_enabled}" + # host: "${outgoing_mail_smtp_host}" + # port: "${outgoing_mail_smtp_port}" + # username: "${outgoing_mail_smtp_user}" + # password: "${outgoing_mail_smtp_password}" + # fromemail: "${outgoing_mail_from_address}" diff --git a/apps/status/kustomization.yaml b/apps/status/kustomization.yaml new file mode 100644 index 0000000..9570d40 --- /dev/null +++ b/apps/status/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - gatus-kustomization.yaml + - gatus-secrets-kustomization.yaml diff --git a/infrastructure/sources/minicloudlabs.yaml b/infrastructure/sources/minicloudlabs.yaml new file mode 100644 index 0000000..945d4ea --- /dev/null +++ b/infrastructure/sources/minicloudlabs.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: minicloudlabs + namespace: flux-system +spec: + interval: 60m + url: https://minicloudlabs.github.io/helm-charts