core: fix postmark DNS and time sync
This commit is contained in:
parent
84cd05b08a
commit
34c42cfb62
@ -32,6 +32,9 @@ data:
|
|||||||
192.168.22.9 notes.bstein.dev
|
192.168.22.9 notes.bstein.dev
|
||||||
192.168.22.9 office.bstein.dev
|
192.168.22.9 office.bstein.dev
|
||||||
192.168.22.9 pegasus.bstein.dev
|
192.168.22.9 pegasus.bstein.dev
|
||||||
|
3.136.224.193 pm-bounces.bstein.dev
|
||||||
|
3.150.68.49 pm-bounces.bstein.dev
|
||||||
|
18.189.137.81 pm-bounces.bstein.dev
|
||||||
192.168.22.9 registry.bstein.dev
|
192.168.22.9 registry.bstein.dev
|
||||||
192.168.22.9 scm.bstein.dev
|
192.168.22.9 scm.bstein.dev
|
||||||
192.168.22.9 secret.bstein.dev
|
192.168.22.9 secret.bstein.dev
|
||||||
|
|||||||
@ -6,5 +6,6 @@ resources:
|
|||||||
- ../modules/profiles/atlas-ha
|
- ../modules/profiles/atlas-ha
|
||||||
- coredns-custom.yaml
|
- coredns-custom.yaml
|
||||||
- coredns-deployment.yaml
|
- coredns-deployment.yaml
|
||||||
|
- ntp-sync-daemonset.yaml
|
||||||
- ../sources/cert-manager/letsencrypt.yaml
|
- ../sources/cert-manager/letsencrypt.yaml
|
||||||
- ../sources/cert-manager/letsencrypt-prod.yaml
|
- ../sources/cert-manager/letsencrypt-prod.yaml
|
||||||
|
|||||||
50
infrastructure/core/ntp-sync-daemonset.yaml
Normal file
50
infrastructure/core/ntp-sync-daemonset.yaml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# infrastructure/core/ntp-sync-daemonset.yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: ntp-sync
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
app: ntp-sync
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: ntp-sync
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: ntp-sync
|
||||||
|
spec:
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: DoesNotExist
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
operator: DoesNotExist
|
||||||
|
containers:
|
||||||
|
- name: ntp-sync
|
||||||
|
image: public.ecr.aws/docker/library/busybox:1.36.1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["/bin/sh", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
set -eu
|
||||||
|
while true; do
|
||||||
|
ntpd -q -p pool.ntp.org || true
|
||||||
|
sleep 300
|
||||||
|
done
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add: ["SYS_TIME"]
|
||||||
|
runAsUser: 0
|
||||||
|
runAsGroup: 0
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 16Mi
|
||||||
|
limits:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 64Mi
|
||||||
@ -18,9 +18,9 @@ spec:
|
|||||||
prometheus.io/path: "/metrics"
|
prometheus.io/path: "/metrics"
|
||||||
vault.hashicorp.com/agent-inject: "true"
|
vault.hashicorp.com/agent-inject: "true"
|
||||||
vault.hashicorp.com/role: "monitoring"
|
vault.hashicorp.com/role: "monitoring"
|
||||||
vault.hashicorp.com/agent-inject-secret-postmark-env: "kv/data/atlas/monitoring/postmark-exporter"
|
vault.hashicorp.com/agent-inject-secret-postmark-env: "kv/data/atlas/shared/postmark-relay"
|
||||||
vault.hashicorp.com/agent-inject-template-postmark-env: |
|
vault.hashicorp.com/agent-inject-template-postmark-env: |
|
||||||
{{- with secret "kv/data/atlas/monitoring/postmark-exporter" -}}
|
{{- with secret "kv/data/atlas/shared/postmark-relay" -}}
|
||||||
export POSTMARK_SERVER_TOKEN="{{ index .Data.data "apikey" }}"
|
export POSTMARK_SERVER_TOKEN="{{ index .Data.data "apikey" }}"
|
||||||
export POSTMARK_SERVER_TOKEN_FALLBACK="{{ index .Data.data "apikey" }}"
|
export POSTMARK_SERVER_TOKEN_FALLBACK="{{ index .Data.data "apikey" }}"
|
||||||
{{- if index .Data.data "sending-limit" }}
|
{{- if index .Data.data "sending-limit" }}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user