Add Gatus for monitoring and subfolder kustomization bases

namespaces/ai/ollama/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: ollama-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
 
 replacements:
   - source:

namespaces/ai/openwebui/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: open-webui-
 resources:
-  - ../../../kustomize/helmchart/
+  - ../../../kustomize/bases/helmchart/
 
 patches:
   - path: patches/chart.yaml

namespaces/ai/tabby/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: tabby-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
 
 replacements:
   - source:

namespaces/apps/atuin/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: atuin-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
 
 replacements:
   - source:

namespaces/apps/dolibarr/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: dolibarr-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/apps/forgejo/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: forgejo-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
   - extra/ssh-service.yaml
   - extra/ssh-tcproute.yaml
 

namespaces/apps/linkwarden/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: linkwarden-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/apps/mealie/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: mealie-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/apps/paperless/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: paperless-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
   - extra/deploy-sync.yaml
   - extra/pvc-consume.yaml
   - extra/pvc-sftp.yaml

namespaces/apps/syncthing/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: syncthing-
 resources:
-  - ../../../kustomize/statefulset/
+  - ../../../kustomize/bases/statefulset/
 
 labels:
   - includeSelectors: true

namespaces/apps/vaultwarden/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: vaultwarden-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
 
 replacements:
   - source:

namespaces/auth/authentik/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: authentik-
 resources:
-  - ../../../kustomize/helmchart
+  - ../../../kustomize/bases/helmchart
 
 patches:
   - path: patches/chart.yaml

namespaces/cert-manager/cert-manager/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: cert-manager-
 resources:
-  - ../../../kustomize/helmchart-noaddons
+  - ../../../kustomize/bases/helmchart-noaddons
   - extras/cloudflare-token.yaml
 
 patches:

namespaces/core/gotenburg/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: gotenburg-
 resources:
-  - ../../../kustomize/deployservice/
+  - ../../../kustomize/bases/deployservice/
 
 replacements:
   - source:

namespaces/core/minio/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: minio-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
   - extras/server-svc.yaml
   - extras/server-route.yaml
 

namespaces/core/pgdump/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: pgdump-
 resources:
-  - ../../../kustomize/backups/
+  - ../../../kustomize/bases/backups/
 
 labels:
   - includeSelectors: true

namespaces/core/postgres/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: postgres-
 resources:
-  - ../../../kustomize/statefulset/
+  - ../../../kustomize/bases/statefulset/
   - extras/tcproute.yaml
 
 labels:

namespaces/core/redis/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: redis-
 resources:
-  - ../../../kustomize/statefulset/
+  - ../../../kustomize/bases/statefulset/
 
 labels:
   - includeSelectors: true

namespaces/core/tika/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: tika-
 resources:
-  - ../../../kustomize/deployservice/
+  - ../../../kustomize/bases/deployservice/
 
 replacements:
   - source:

namespaces/infisical/infisical/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: infisical-
 resources:
-  - ../../../kustomize/helmchart-noaddons
+  - ../../../kustomize/bases/helmchart-noaddons
 
 patches:
   - path: patches/chart.yaml

namespaces/longhorn/longhorn/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: longhorn-
 resources:
-  - ../../../kustomize/helmchart
+  - ../../../kustomize/bases/helmchart
   - extras/longhorn-public-storageclass.yaml
   - extras/longhorn-private-storageclass.yaml
   - extras/longhorn-secret.yaml

namespaces/monitoring/diun/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: diun-
 resources:
-  - ../../../kustomize/noservice/
+  - ../../../kustomize/bases/noservice/
   - extra/serviceaccount.yaml
   - extra/clusterrole.yaml
   - extra/clusterrolebinding.yaml

namespaces/monitoring/gatus/base-config.yaml

@@ -0,0 +1,24 @@
+metrics: true
+ui:
+  title: "JLP Homelab Health | Gatus"
+skip-invalid-config-update: true
+
+endpoints:
+  - name: website
+    url: https://twin.sh/health
+    interval: 5m
+    conditions:
+      - "[STATUS] == 200"
+      - "[BODY].status == UP"
+
+  - name: github
+    url: https://api.github.com/healthz
+    interval: 5m
+    conditions:
+      - "[STATUS] == 200"
+
+  - name: self
+    url: http://localhost:8080/health
+    interval: 5m
+    conditions:
+      - "[STATUS] == 200"

namespaces/monitoring/gatus/extras/sidecar-clusterRole.yaml

@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gatus-k8s-sidecar
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "secrets"]
+    verbs: ["get", "watch", "list"]

namespaces/monitoring/gatus/extras/sidecar-crb.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gatus-k8s-sidecar
+roleRef:
+  kind: ClusterRole
+  name: gatus-k8s-sidecar
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: gatus-k8s-sidecar
+    namespace: monitoring

namespaces/monitoring/gatus/extras/sidecar-serviceAccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gatus-k8s-sidecar

namespaces/monitoring/gatus/kustomization.yaml

@@ -0,0 +1,149 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: monitoring
+    unsetOnly: true
+
+namePrefix: gatus-
+resources:
+  - ../../../kustomize/bases/deployment/
+  - extras/sidecar-crb.yaml
+  - extras/sidecar-serviceAccount.yaml
+  - extras/sidecar-clusterRole.yaml
+
+patches:
+  - path: patches/deployment.yaml
+    target:
+      kind: Deployment
+      name: app
+  - path: patches/pvc.yaml
+    target:
+      kind: PersistentVolumeClaim
+      name: pvc
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: gatus
+  - pairs:
+      app.kubernetes.io/appNamespace: monitoring
+  - pairs:
+      app.kubernetes.io/routePrefix: status
+
+configMapGenerator:
+  - name: gatus-config
+    files:
+      - base-config.yaml
+  - name: gatus-settings
+    literals:
+      - GATUS_CONFIG_PATH=/config
+  - name: k8s-sidecar-settings
+    literals:
+      - LABEL="homelab.kubernetes.io/k8s-sidecar"
+      - LABEL_VALUE="gatus"
+      - FOLDER="/config"
+      - METHOD="SLEEP"
+      - SLEEP_TIME=60
+
+replacements:
+  # Service
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: Service
+        fieldPaths:
+          - spec.ports.0.name
+          - spec.ports.0.targetPort
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+    targets:
+      - select:
+          kind: Service
+        fieldPaths:
+          - spec.ports.0.port
+  # Secrets
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+    targets:
+      - select:
+          kind: InfisicalSecret
+        fieldPaths:
+          - spec.managedSecretReference.secretNamespace
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "-"
+          index: 0
+        fieldPaths:
+          - spec.managedSecretReference.secretName
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 2
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+  # HTTP Route
+  - source:
+      kind: Service
+      name: svc
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+        fieldPaths:
+          - spec.rules.0.backendRefs.0.name
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.hostnames.0
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+    targets:
+      - select:
+          kind: HTTPRoute
+        fieldPaths:
+          - spec.rules.0.backendRefs.0.port
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/routePrefix]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.hostnames.0

namespaces/monitoring/gatus/patches/deployment.yaml

@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  template:
+    spec:
+      serviceAccountName: gatus-k8s-sidecar
+      tolerations:
+        - key: "public"
+          operator: "Equal"
+          value: "true"
+          effect: "NoSchedule"
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              preference:
+                matchExpressions:
+                  - key: public
+                    operator: In
+                    values:
+                      - "true"
+      containers:
+        - name: gatus
+          image: twinproduction/gatus:v5.17.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: gatus
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 250m
+              memory: 100M
+            requests:
+              cpu: 50m
+              memory: 30M
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 5
+          envFrom:
+            - configMapRef:
+                name: gatus-settings
+          volumeMounts:
+            - mountPath: /config/config.yaml
+              name: gatus-config
+              subPath: base-config.yaml
+        - name: config-collector
+          image: kiwigrid/k8s-sidecar:1.30.3
+          volumeMounts:
+            - name: collected
+              mountPath: /config/
+          envFrom:
+            - configMapRef:
+                name: k8s-sidecar-settings
+      volumes:
+        - configMap:
+            name: gatus-config
+          name: gatus-config
+        - name: collected
+          emptyDir: {}

namespaces/monitoring/gatus/patches/pvc.yaml

@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc

namespaces/monitoring/healthchecks/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: healthchecks-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/monitoring/ntfy/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: ntfy-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/monitoring/umami/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: umami-
 resources:
-  - ../../../kustomize/public-oidc/
+  - ../../../kustomize/bases/public-oidc/
 
 replacements:
   - source:

namespaces/monitoring/uptime-kuma/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: uptime-kuma-
 resources:
-  - ../../../kustomize/deployment/
+  - ../../../kustomize/bases/deployment/
   # - extra/middleware-auth.yaml
 
 replacements:

namespaces/traefik/traefik/kustomization.yaml

@@ -12,7 +12,7 @@ transformers:
 
 namePrefix: traefik-lb
 resources:
-  - ../../../kustomize/helmchart-noaddons/
+  - ../../../kustomize/bases/helmchart-noaddons/
 
 patches:
   - path: patches/chart.yaml