Add healthchecks and email functionality

namespaces/monitoring/healthchecks/kustomization.yaml

@@ -0,0 +1,113 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: monitoring
+    unsetOnly: true
+
+namePrefix: healthchecks-
+resources:
+  - ../../../kustomize/deployment/
+
+replacements:
+  - source:
+      kind: Service
+      name: svc
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+        fieldPaths:
+          - spec.rules.0.backendRefs.0.name
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.hostnames.0
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "-"
+          index: 0
+        fieldPaths:
+          - spec.managedSecretReference.secretName
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 2
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+      - select:
+          kind: Service
+        fieldPaths:
+          - spec.ports.0.name
+          - spec.ports.0.targetPort
+  - source:
+      kind: Deployment
+      name: app
+      fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+    targets:
+      - select:
+          kind: InfisicalSecret
+        fieldPaths:
+          - spec.managedSecretReference.secretNamespace
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 1
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+
+patches:
+  - path: patches/deployment.yaml
+    target:
+      kind: Deployment
+      name: app
+  - path: patches/delete-pvc.yaml
+    target:
+      kind: PersistentVolumeClaim
+      name: pvc
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: healthchecks
+  - pairs:
+      app.kubernetes.io/appNamespace: monitoring
+
+configMapGenerator:
+  - name: config
+    literals:
+      - ADMINS=jonathan@leechpepin.com
+      - DB=postgres
+      - DB_HOST=postgres.core.svc.cluster.local
+      - DB_NAME=hc
+      - DB_PORT=5432
+      - DB_USER=hc
+      - DEFAULT_FROM_EMAIL=homelab@leechpepin.com
+      - EMAIL_HOST=blizzard.mxrouting.net
+      - EMAIL_HOST_USER=homelab@leechpepin.com
+      - EMAIL_PORT=465
+      - EMAIL_USE_SSL=True
+      - EMAIL_USE_TLS=False
+      - INTEGRATION_ALLOW_PRIVATE_IPS=True
+      - SITE_NAME=JLP Healthchecks
+      - SITE_ROOT=https://healthchecks.leechpepin.com
+      - DEBUG=False
+      - REMOTE_USER_HEADER=HTTP_X_AUTHENTIK_EMAIL

namespaces/monitoring/healthchecks/patches/delete-pvc.yaml

@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc

namespaces/monitoring/healthchecks/patches/deployment.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  template:
+    spec:
+      tolerations:
+        - key: "public"
+          operator: "Equal"
+          value: "true"
+          effect: "NoSchedule"
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              preference:
+                matchExpressions:
+                  - key: public
+                    operator: In
+                    values:
+                      - "true"
+      containers:
+        - name: healthchecks
+          image: healthchecks/healthchecks:latest
+          envFrom:
+            - configMapRef:
+                name: healthchecks-config
+          env:
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: healthchecks-secrets
+                  key: HC_SECRET_KEY
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: healthchecks-secrets
+                  key: HC_DB_PASSWORD
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: smtp-secrets
+                  key: SMTP_PASSWORD
+          ports:
+            - containerPort: 8000
+              name: healthchecks

namespaces/monitoring/smtp-secrets.yaml

@@ -0,0 +1,27 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: smtp-secrets
+  namespace: infisical
+  labels:
+    label-to-be-passed-to-managed-secret: homelab
+  annotations:
+    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
+spec:
+  hostAPI: https://app.infisical.com/api
+  resyncInterval: 10
+  authentication:
+    # Universal Auth
+    universalAuth:
+      secretsScope:
+        projectSlug: homelab-n-f-yj
+        envSlug: prod
+        secretsPath: "/" # Root is "/"
+        recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+      credentialsRef:
+        secretName: universal-auth-credentials
+        secretNamespace: infisical
+  managedSecretReference:
+    secretName: smtp-secrets
+    secretNamespace: monitoring
+    creationPolicy: "Orphan" ## Owner | Orphan