fluxcd: monitoring promtail
This commit is contained in:
Márcio Fernandes
@@ -0,0 +1,11 @@
|
||||
creation_rules:
|
||||
# encrypt all values from file
|
||||
- path_regex: \.private\.dec\.yaml$
|
||||
encrypted_regex: '^(.*)$'
|
||||
age:
|
||||
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
|
||||
# encrypt secrets files
|
||||
- path_regex: .*.yaml
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
age:
|
||||
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
|
||||
@@ -8,15 +8,16 @@ kubectl create namespace monitoring
|
||||
|
||||
## promtail
|
||||
|
||||
### setup
|
||||
## Setup
|
||||
|
||||
Using flux for reconciliation.
|
||||
|
||||
``` bash
|
||||
# add repo
|
||||
helm repo add grafana https://grafana.github.io/helm-charts
|
||||
# Install & Upgrade
|
||||
helm upgrade --install promtail grafana/promtail --namespace monitoring \
|
||||
--values=./promtail/values.yaml \
|
||||
--values=./promtail//values.local.yaml
|
||||
./ops-scripts/apply-flux.sh
|
||||
```
|
||||
|
||||
## Continuous Deploy
|
||||
**Encrypt secrets:**
|
||||
|
||||
``` bash
|
||||
sops -e deploy/promtail/helm-values.private.dec.yaml > deploy/promtail/helm-values.private.yaml
|
||||
```
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
namespace: monitoring
|
||||
name: ci-cd
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments", "statefulsets","daemonsets"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["traefik.io"]
|
||||
resources: ["ingressroutes"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||
resources: ["clusterroles", "clusterrolebindings"]
|
||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
|
||||
# telegraf
|
||||
- apiGroups: ["monitoring.coreos.com"]
|
||||
resources: ["servicemonitors", "podmonitors", "prometheuses", "alertmanagers"]
|
||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ci-cd
|
||||
namespace: monitoring
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: casa-ci-cd
|
||||
namespace: home-assistant
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: ci-cd
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: ci-cd-cluster
|
||||
rules:
|
||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||
resources: ["clusterroles", "clusterrolebindings"]
|
||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ci-cd-clusterbinding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: casa-ci-cd
|
||||
namespace: home-assistant
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ci-cd-cluster
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
# telegraf
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
namespace: kube-system
|
||||
name: ci-cd-kube-system
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ci-cd-kube-system
|
||||
namespace: kube-system
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: casa-ci-cd
|
||||
namespace: home-assistant
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: ci-cd-kube-system
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -0,0 +1,2 @@
|
||||
**
|
||||
!.gitignore
|
||||
@@ -0,0 +1,11 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: monitoring
|
||||
resources:
|
||||
- promtail-app-sync.yaml
|
||||
secretGenerator:
|
||||
- name: flux-sops-age
|
||||
files:
|
||||
- "age.agekey=./.env.d/age.agekey"
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
@@ -0,0 +1,16 @@
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: promtail
|
||||
spec:
|
||||
interval: 1m
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: casa
|
||||
namespace: casa-limbosolutions-com
|
||||
path: services/monitoring/promtail
|
||||
prune: true
|
||||
decryption:
|
||||
provider: sops
|
||||
secretRef:
|
||||
name: flux-sops-age
|
||||
@@ -0,0 +1,22 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: monitoring
|
||||
spec:
|
||||
releaseName: promtail
|
||||
interval: 40h
|
||||
chart:
|
||||
spec:
|
||||
chart: promtail
|
||||
version: 6.x.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: https://grafana.github.io/helm-charts
|
||||
interval: 40h
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: promtail-helm-values
|
||||
valuesKey: values.yaml
|
||||
- kind: Secret
|
||||
name: promtail-helm-values
|
||||
valuesKey: values.private.yaml
|
||||
@@ -0,0 +1,7 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: grafana
|
||||
spec:
|
||||
interval: 40h
|
||||
url: https://grafana.github.io/helm-charts
|
||||
@@ -0,0 +1,18 @@
|
||||
config:
|
||||
clients:
|
||||
- url: ENC[AES256_GCM,data:AarLpmfJTu63kYzATeKf4m+60h93G5unSf2e8BplmCws7iVRzeFYGdvp14caaFZiZwWXe5rsdrMBQRc=,iv:Se74MvPyIP5xDcjrKBv3/X4G3G+Q9AYmdK/5t4yDuZc=,tag:A64ERrlrlCgf7PiQMT9WuQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWjJxcitwdjR3QzQrSGVn
|
||||
OVRFeTVrUGZMWlcycUREeWJWenpnVDVSbVJRClphakRuL2h2dEsvYWQ3VXJ4aHZL
|
||||
YzQrU0FiRWttRUpmQkd5eVJFVVZBdVkKLS0tIDB3Y1FwQU5ndVlOQzNkZHA3V1Vl
|
||||
bVpyTmhtUUhVTk9xZUFibHFyMVdqOEEKgoIrI9rJ1Q93AOZrP8r4rOggIGpSDv2H
|
||||
uLp0yj1VqyyvtB/RHu4/Gyef2P5IwjTBnYYhZHbfX3AnYYWN58Riog==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
|
||||
encrypted_regex: ^(.*)$
|
||||
lastmodified: "2026-06-07T21:04:02Z"
|
||||
mac: ENC[AES256_GCM,data:Ieh41SbHtPqOIT2ynSEnz+qwaCsEDo9cZOk63AyuiMqsT0vR8TR94gimOKrMgQhjLpJPREYg0hXALgq7x6BxMfzts8n+eRuDsVxah8e17Ad4Gk9Vq9RtHYL06RO4EhevhzuzX32W8N1jt2wJTSDA4Ztjh1QIAAd7YyNnvYOATBo=,iv:eNzc4ObZ7lplIDPjF8Ub4Rfq3AiWLyOGwAdMLY7ojvo=,tag:87y5KNeAYASA/wDs4ETWmw==,type:str]
|
||||
version: 3.13.1
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: monitoring
|
||||
resources:
|
||||
- helm-repo.yaml
|
||||
- helm-release.yaml
|
||||
secretGenerator:
|
||||
- name: promtail-helm-values
|
||||
files:
|
||||
- values.yaml=helm-values.yaml
|
||||
- values.private.yaml=helm-values.private.yaml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
Executable
+4
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
kubectl kustomize deploy/flux | kubectl apply -f -
|
||||
@@ -1 +0,0 @@
|
||||
**.local.**
|
||||
Reference in New Issue
Block a user