SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 32 Packages Projects Releases Wiki Activity

feat: start switching to new cloudnative-pg, remove label selectors for prometheus stack resources

This commit is contained in:
SeanOMik 2024-10-16 19:48:40 -04:00
parent 8930139280
commit 95f9682843
Signed by: SeanOMik
GPG Key ID: FEC9E2FC15235964
17 changed files with 365 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/main/apps/database/kustomization.yaml
View File

@ -3,7 +3,7 @@ kind: Kustomization
resources: resources:
- ./namespace.yaml - ./namespace.yaml
#- ./network_policy.yaml #- ./network_policy.yaml
- ./postgresql - ./postgresql/ks.yaml
- ./redis - ./redis
- ./minio - ./minio
- ./mysql - ./mysql

37
kubernetes/main/apps/database/postgresql/app/helm-release.yaml Normal file
View File

@ -0,0 +1,37 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cloudnative-pg
namespace: database
spec:
interval: 30m
chart:
spec:
chart: cloudnative-pg
version: 0.22.0
sourceRef:
kind: HelmRepository
name: cloudnative-pg
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: minio
namespace: database
- name: openebs
namespace: openebs-system
values:
crds:
create: true
monitoring:
podMonitorEnabled: false
grafanaDashboard:
create: true

6
kubernetes/main/apps/database/postgresql/pgadmin4/helm-repository.yaml → kubernetes/main/apps/database/postgresql/app/helm-repository.yaml
View File

@ -1,8 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1 apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository kind: HelmRepository
metadata: metadata:
name: runix-charts name: cloudnative-pg
namespace: flux-system namespace: flux-system
spec: spec:
interval: 1m interval: 2h
url: https://helm.runix.net url: https://cloudnative-pg.io/charts

2
kubernetes/main/apps/database/postgresql/pgadmin4/kustomization.yaml → kubernetes/main/apps/database/postgresql/app/kustomization.yaml
View File

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./pgadmin4.sops.yaml - ./secret.sops.yaml
- ./helm-repository.yaml - ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml

76
kubernetes/main/apps/database/postgresql/app/secret.sops.yaml Normal file
View File

@ -0,0 +1,76 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudnative-pg-secret
namespace: database
labels:
cnpg.io/reload: "true"
stringData:
username: ENC[AES256_GCM,data:SZUXJOMnDmI=,iv:huI5AHvtfU6aCo6drbdZxJ2QwOGwKAd4CfSi8WWUQHU=,tag:fIETu/Yyx01raNTnmBt8AA==,type:str]
password: ENC[AES256_GCM,data:qlcpDS3RhNtSowFuMYlpL11WdR4tZK9M3eZug9TerA4=,iv:9d7ChBA4VcFRszCm3rfPJSYESK2it/dryK0TetDM2Ns=,tag:Z7EI76aBEltrUym/T8MuiA==,type:str]
minioAccessKey: ENC[AES256_GCM,data:CsmN8wuSLLOtiA0PWeaWuw==,iv:oRNB1nhRPH7fRf98exEZ7lGSpvqVRx4l+tQyjPU2rog=,tag:Gx9SRd2UnHNgBiVtalrHAA==,type:str]
minioSecretKey: ENC[AES256_GCM,data:gW5lUoSY2oTLhczB0CySIOadmrltk+zMpYJ6XPRQmtI=,iv:NfnjIwfILvCS99tUdHbCvJwztNPpT8ne4oAg4yOjgFM=,tag:kC6EKVPCGbQxwKySjkgYhw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-16T23:46:50Z"
mac: ENC[AES256_GCM,data:1j9tp3Z30k3LC40djCriXYr78LLmSAUkssqBJgk/RKDt6eHbBPwtUhzmLewF8dSxo2shLl/jzKPCsL8HP+kHSvL9bCtrgDBnIEJabGISAHDTDBXkLB+uzVlfx0diDbX0fpZZNBSPCzFHYiebGqY1scUVsN1sBOPxUNrbIi9iKro=,iv:rYsu3+KPmuXBAp/ciYmojj3LEBL8F6PjwXQ1pmJVm5c=,tag:d3r+p29s4POVhCKeAal1cg==,type:str]
pgp:
- created_at: "2024-10-16T23:46:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/8CSIYw9BE0BxpPpMtJ9xK6xTHIuWnlWAOwhugvLal6i5T
xPFPfRH0uJp9fhayw//pvGz+4JaoqjcHymxEVtqWhAlFRo1WZdllAx97svKySZpC
WxtpEZhur1iwaylKLUinxaltGxumIGD6pGw8VowlyFic944SKqgJAfM8myuddnAk
waWX8H4coSBFLOcsEavieKhOOrsd6D3ppzKNtvYFOb4BAy3YyJHkfw3N1zkraw2L
D5kdBBugLITYpZX8Iqj/UiOAOn05Xgy31p2XjsX0c3JGm5oCcwf+u3BgrVyHvYXN
Z2k7j8e5FbjaxOcBzS0rrrHM+yJahJfQOyCL4A7guISBlLYaJ+BHh3qg4kxhtCau
jHKjglj1Jz50xY9hnH/+UK9jhCMActmZmAQg45hTDynGr6NsOPr43Q6XoUoGUB6X
WbamAIbEnM9u6/Ve6MUkCxMBlA45pQc72v6j4p40aZDqoNWp0PTr4BcYfYvgJafq
MIzxI431+l5x4MAw4ZC14tvhKJX6wNqujn7ZZW8qFAixQwIBuZcogh8YrcLGqHEo
iTbrg2xRnT9C3npm+gQsk80h78sHyPlm0P9EAOCWjnRSZeixSjly9htn5sIKBS+O
yxWfQVDlplYv5V10roKxbfCzMIzHEeayyUaAQib0Z5RsYZfQkemT7zE/U8DftK+F
AgwDAAAAAAAAAAABEACy1DQRnTKLAY8UzS6xRQrauc82a6VzW5TDfiMGiXDZKa+y
9mij9kY7n+727YFZqZiUfEUpOL3pArj+I3PDSv2viPLWo0+1mN4stLt9SwMt+F0m
5DuoTCslrJpupoFxrw+N1uzI0c6UZtYFP5c2iLy3JLPlbCCAdbB6vLqDDaXko8J/
Mf/i5H5Q1Qqfa33NbdfeDkVU6yN+QlbFK3P42FkddUwfKHc7hBn0XpkwheCR+WIj
ocntnX6ksgbbZQmiISWIfBRbxDQaKQ+OIW72OxAY5g6/E2+mIOMraV2YC7zfT/aO
zARTjdoV+hknKlv788i4JBN569YligYo3BB/j6YAczp0V5KvF/4RmcDQYGXIWSjG
9kevuO/5uD82aQCkXkmrjyeNsBUQAFxjTU/ULxanMzud3bcistbejrGkfunuYune
bnPlMDwjd0Wnxv05fmaJ05K5W35ngLCa+7bsoTdqi4KLmWe/OQDOkbRL7awRfEXA
J2JqCiPfZeC+VxM+ysMIYMvpaTyQ+LXNbRRYpMXlHRlqkU2WXeM5vKwj0wqivQ30
mmffcBpTFBspHjO1Gz4asrZnoKh9IiPK/qtoi0EEKXQAPFV8AQcN7gtzCSUpASq6
mkL+uhjeRd8UjQZnGrZnhNOkQuwiM/pvoAODz5NgNgi5NBTnsgvi4rtXopiTytRm
AQkCEMbcxdunAlkuYk3TYUGstkww6uVItWY+9pgipjTEhXXDXdNvjpler7793AJj
1XSt0W1FGnpJUYMrhnMFgUAdDh+pCXkKnyk8bR6OlEnoDlR6AZqlqtcYUn8lIRq5
dXeV4tC4
=xH0Y
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-16T23:46:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/+Im71eAhkMXAiemDau+TBGU3DEsw9LrdmOPvODknhmUF5
kONOLSDoN9C4F36iGhFrnAFBa/Z/y3wgZdzgSdFZaXjZyja9aRzwu0eC5jfniR/6
r8MFHwP0OA9Vi66Iin77fzpl9bK7W/XY+KHtI6a6rxcGYcp8cqeeIRqUco8jPUpx
gTwaYyi3C/vzLdZhljQw/5TR8HN11P/pvDu4SGDhNMMEEZi3AphimExrbD9efXFJ
QYVvMlgN0X+CqVHmeyasXnsR9dcMoJXxz054BsPiRkJVPPQOR7+1lRu3h3gVfvym
ZzgMikmZArI+lUVXwppNHPRj9fVpqTq7GBuUrwdOCU9crXx/vi4+M20ocesRaV58
bZqzyV92fN8YeqLRkpHm3Mlf8HK9L/Rk4tdpD2MtL29uUlu8wEecLW0dLXx8QoLG
h+m9XOqFHssmCRY5QxHhtzk5BclE3X8iYZRns43puMC3ZZwdINqE8t9FOMJ0lZJq
Q2mzkpyo3ozCh8gKOOAO1McjVGdoqURSngbQgGmmX+qBBcSuHv03134aEq4aqYkB
F7g+9dbacs1MphuN5CaMRhOMY7v87KOQKtziVK4DcX1AsR8EoGc9TzNa1h/7jJ2Y
gfA0Mg1kAYdm9973o6PHV7fpJ/AS6xqvma9N6SaQJtyiqquXFU7Fuf0hNEsI1+TU
ZgEJAhCImWzfnwav7b6R9xzAYrwkkKhrHA4B4cG8XzvZfmWOEMvWkr+CaOppbVxJ
zg0KInkWzw0RU/NVx3bTrKOXwv4Q8vlswFaioA+eDkYEcMtqAiT3LEvhF5Ueqi6d
BhnMEZd1cw==
=txQ7
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

17
kubernetes/main/apps/database/postgresql/cert.yaml
View File

@ -1,17 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgres-cert
namespace: database
spec:
secretName: postgres-cert
duration: 2160h # 90d
renewBefore: 360h # 15d
issuerRef:
name: ca-issuer
kind: ClusterIssuer
dnsNames:
- postgresql.database

83
kubernetes/main/apps/database/postgresql/cluster/cluster16.yaml Normal file
View File

@ -0,0 +1,83 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres16
namespace: database
spec:
instances: 3
imageName: ghcr.io/cloudnative-pg/postgresql:16.4-28
primaryUpdateStrategy: unsupervised
storage:
size: 20Gi
storageClass: openebs-zfs-mainpool
superuserSecret:
name: cloudnative-pg-secret
enableSuperuserAccess: true
postgresql:
parameters:
max_connections: "400"
shared_buffers: 256MB
nodeMaintenanceWindow:
inProgress: false
reusePVC: true
resources:
requests:
cpu: 500m
limits:
memory: 4Gi
monitoring:
enablePodMonitor: true
backup:
retentionPolicy: 30d
barmanObjectStore: &barmanObjectStore
data:
compression: bzip2
wal:
compression: bzip2
maxParallel: 8
destinationPath: s3://cloudnative-pg/
endpointURL: http://minio.database.svc:9000
# Note: serverName version needs to be inclemented
# when recovering from an existing cnpg cluster
serverName: &currentCluster postgres16-v2
s3Credentials:
accessKeyId:
name: cloudnative-pg-secret
key: minioAccessKey
secretAccessKey:
name: cloudnative-pg-secret
key: minioSecretKey
# Note: previousCluster needs to be set to the name of the previous
# cluster when recovering from an existing cnpg cluster
bootstrap:
recovery:
source: &previousCluster postgres16-v1
# initdb:
# import:
# type: monolith
# databases:
# - "*"
# roles:
# - "*"
# source:
# externalCluster: old-cluster
# Note: externalClusters is needed when recovering from an existing cnpg cluster
externalClusters:
- name: *previousCluster
barmanObjectStore:
<<: *barmanObjectStore
serverName: *previousCluster
# - name: old-cluster
# connectionParameters:
# # Use the correct IP or host name for the source database
# host: postgresql.database.svc
# user: postgres
# dbname: postgres
# #sslmode: require
# password:
# name: cloudnative-pg-secret
# key: password

8
kubernetes/main/apps/database/postgresql/cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./cluster16.yaml
- ./scheduledbackup.yaml
- ./prometheusrule.yaml

76
kubernetes/main/apps/database/postgresql/cluster/prometheusrule.yaml Normal file
View File

@ -0,0 +1,76 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: cloudnative-pg-rules
labels:
prometheus: k8s
role: alert-rules
spec:
groups:
- name: cloudnative-pg.rules
rules:
- alert: LongRunningTransaction
annotations:
description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query.
summary: A query is taking longer than 5 minutes.
expr: |-
cnpg_backends_max_tx_duration_seconds > 300
for: 1m
labels:
severity: warning
- alert: BackendsWaiting
annotations:
description: Pod {{ $labels.pod }} has been waiting for longer than 5 minutes
summary: If a backend is waiting for longer than 5 minutes
expr: |-
cnpg_backends_waiting_total > 300
for: 1m
labels:
severity: warning
- alert: PGDatabase
annotations:
description: Over 300,000,000 transactions from frozen xid on pod {{ $labels.pod }}
summary: Number of transactions from the frozen XID to the current one
expr: |-
cnpg_pg_database_xid_age > 300000000
for: 1m
labels:
severity: warning
- alert: PGReplication
annotations:
description: Standby is lagging behind by over 300 seconds (5 minutes)
summary: The standby is lagging behind the primary
expr: |-
cnpg_pg_replication_lag > 300
for: 1m
labels:
severity: warning
- alert: LastFailedArchiveTime
annotations:
description: Archiving failed for {{ $labels.pod }}
summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
expr: |-
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
for: 1m
labels:
severity: warning
- alert: DatabaseDeadlockConflicts
annotations:
description: There are over 10 deadlock conflicts in {{ $labels.pod }}
summary: Checks the number of database conflicts
expr: |-
cnpg_pg_stat_database_deadlocks > 10
for: 1m
labels:
severity: warning
- alert: ReplicaFailingReplication
annotations:
description: Replica {{ $labels.pod }} is failing to replicate
summary: Checks if the replica is failing to replicate
expr: |-
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
for: 1m
labels:
severity: warning

12
kubernetes/main/apps/database/postgresql/cluster/scheduledbackup.yaml Normal file
View File

@ -0,0 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: postgres
spec:
schedule: "@daily"
immediate: true
backupOwnerReference: self
cluster:
name: postgres16

49
kubernetes/main/apps/database/postgresql/helm-release.yaml
View File

@ -1,49 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: database
spec:
interval: 5m
chart:
spec:
chart: postgresql
version: 14.3.x
sourceRef:
kind: HelmRepository
name: bitnami-charts
namespace: flux-system
values:
auth:
existingSecret: "pgsql-secrets"
secretKeys:
adminPasswordKey: "adminPassword"
replicationPasswordKey: "replicationPassword"
tls:
enabled: true
certificatesSecret: postgres-cert
certFilename: "tls.crt"
certKeyFilename: "tls.key"
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
volumePermissions:
enabled: true
primary:
persistence:
existingClaim: "postgresql-pv-claim"
containerSecurityContext:
enabled: true
runAsUser: 10000
readReplicas:
containerSecurityContext:
enabled: true
runAsUser: 10000

56
kubernetes/main/apps/database/postgresql/ks.yaml Normal file
View File

@ -0,0 +1,56 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudnative-pg
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/apps/database/postgresql/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudnative-pg-cluster
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/apps/database/postgresql/cluster
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: cloudnative-pg
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

8
kubernetes/main/apps/database/postgresql/kustomization.yaml
View File

@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./pgsql-pv.yaml
- ./pgsql.sops.yaml
- ./cert.yaml
- ./helm-release.yaml
#- ./pgadmin4

47
kubernetes/main/apps/database/postgresql/pgadmin4/helm-release.yaml
View File

@ -1,47 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: pgadmin4
namespace: database
spec:
interval: 5m
chart:
spec:
chart: pgadmin4
version: "1.29.0"
sourceRef:
kind: HelmRepository
name: runix-charts
namespace: flux-system
values:
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &host pgadm.${SECRET_NEW_DOMAIN}
paths:
- path: "/"
pathType: Prefix
tls:
- hosts:
- *host
# securityContext:
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
#
# containerSecurityContext:
# enabled: true
# allowPrivilegeEscalation: false
# envVarsFromConfigMaps:
# - pgadmin4-secret
persistentVolume:
enabled: false
volumePermissions:
enabled: true

27
kubernetes/main/apps/database/postgresql/pgsql-pv.yaml
View File

@ -1,27 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgresql-pv
namespace: database
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 12Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgresql-pv-claim
namespace: database
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

62
kubernetes/main/apps/database/postgresql/pgsql.sops.yaml
View File

@ -1,62 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: pgsql-secrets
namespace: database
stringData:
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-10-22T16:25:15Z"
mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str]
pgp:
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
c5WTfk81xmbT
=UE14
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
GFDjOxp0lMGV
=LHSB
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.0

14
kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml
View File

@ -59,11 +59,21 @@ spec:
prometheusSpec: prometheusSpec:
enableAdminAPI: false enableAdminAPI: false
retention: 1d retention: 1d
remoteWrite: remoteWrite:
- url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write - url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write
# select everything
podMonitorSelectorNilUsesHelmValues: false
podMonitorSelector: {}
serviceMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelector: {}
ruleSelectorNilUsesHelmValues: false
ruleSelector: {}
probeSelectorNilUsesHelmValues: false
probeSelector: {}
scrapeConfigSelectorNilUsesHelmValues: false
scrapeConfigSelector: {}
storageSpec: storageSpec:
volumeClaimTemplate: volumeClaimTemplate: