diff --git a/namespaces/monitoring/healthchecks/kustomization.yaml b/namespaces/monitoring/healthchecks/kustomization.yaml new file mode 100644 index 0000000..e9a830f --- /dev/null +++ b/namespaces/monitoring/healthchecks/kustomization.yaml @@ -0,0 +1,113 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: monitoring + unsetOnly: true + +namePrefix: healthchecks- +resources: + - ../../../kustomize/deployment/ + +replacements: + - source: + kind: Service + name: svc + targets: + - select: + kind: HTTPRoute + options: + create: true + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 1 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + +patches: + - path: patches/deployment.yaml + target: + kind: Deployment + name: app + - path: patches/delete-pvc.yaml + target: + kind: PersistentVolumeClaim + name: pvc + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: healthchecks + - pairs: + app.kubernetes.io/appNamespace: monitoring + +configMapGenerator: + - name: config + literals: + - ADMINS=jonathan@leechpepin.com + - DB=postgres + - DB_HOST=postgres.core.svc.cluster.local + - DB_NAME=hc + - DB_PORT=5432 + - DB_USER=hc + - DEFAULT_FROM_EMAIL=homelab@leechpepin.com + - EMAIL_HOST=blizzard.mxrouting.net + - EMAIL_HOST_USER=homelab@leechpepin.com + - EMAIL_PORT=465 + - EMAIL_USE_SSL=True + - EMAIL_USE_TLS=False + - INTEGRATION_ALLOW_PRIVATE_IPS=True + - SITE_NAME=JLP Healthchecks + - SITE_ROOT=https://healthchecks.leechpepin.com + - DEBUG=False + - REMOTE_USER_HEADER=HTTP_X_AUTHENTIK_EMAIL diff --git a/namespaces/monitoring/healthchecks/patches/delete-pvc.yaml b/namespaces/monitoring/healthchecks/patches/delete-pvc.yaml new file mode 100644 index 0000000..54ecf59 --- /dev/null +++ b/namespaces/monitoring/healthchecks/patches/delete-pvc.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc diff --git a/namespaces/monitoring/healthchecks/patches/deployment.yaml b/namespaces/monitoring/healthchecks/patches/deployment.yaml new file mode 100644 index 0000000..44fe382 --- /dev/null +++ b/namespaces/monitoring/healthchecks/patches/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + template: + spec: + tolerations: + - key: "public" + operator: "Equal" + value: "true" + effect: "NoSchedule" + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: public + operator: In + values: + - "true" + containers: + - name: healthchecks + image: healthchecks/healthchecks:latest + envFrom: + - configMapRef: + name: healthchecks-config + env: + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: healthchecks-secrets + key: HC_SECRET_KEY + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: healthchecks-secrets + key: HC_DB_PASSWORD + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: smtp-secrets + key: SMTP_PASSWORD + ports: + - containerPort: 8000 + name: healthchecks diff --git a/namespaces/monitoring/smtp-secrets.yaml b/namespaces/monitoring/smtp-secrets.yaml new file mode 100644 index 0000000..493f00b --- /dev/null +++ b/namespaces/monitoring/smtp-secrets.yaml @@ -0,0 +1,27 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: smtp-secrets + namespace: infisical + labels: + label-to-be-passed-to-managed-secret: homelab + annotations: + example.com/annotation-to-be-passed-to-managed-secret: "homelab" +spec: + hostAPI: https://app.infisical.com/api + resyncInterval: 10 + authentication: + # Universal Auth + universalAuth: + secretsScope: + projectSlug: homelab-n-f-yj + envSlug: prod + secretsPath: "/" # Root is "/" + recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false + credentialsRef: + secretName: universal-auth-credentials + secretNamespace: infisical + managedSecretReference: + secretName: smtp-secrets + secretNamespace: monitoring + creationPolicy: "Orphan" ## Owner | Orphan