monitoring: move grafana smtp to vault
This commit is contained in:
parent
37302664c2
commit
b8e50bb0a6
@ -1727,7 +1727,7 @@ def build_storage_dashboard():
|
|||||||
stat_panel(
|
stat_panel(
|
||||||
31,
|
31,
|
||||||
"Maintenance Cron Freshness (s)",
|
"Maintenance Cron Freshness (s)",
|
||||||
'time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace="maintenance",cronjob=~"image-sweeper|grafana-smtp-sync"})',
|
'time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace="maintenance",cronjob="image-sweeper"})',
|
||||||
{"h": 4, "w": 12, "x": 12, "y": 44},
|
{"h": 4, "w": 12, "x": 12, "y": 44},
|
||||||
unit="s",
|
unit="s",
|
||||||
thresholds={
|
thresholds={
|
||||||
|
|||||||
@ -494,7 +494,7 @@
|
|||||||
},
|
},
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace=\"maintenance\",cronjob=~\"image-sweeper|grafana-smtp-sync\"})",
|
"expr": "time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace=\"maintenance\",cronjob=\"image-sweeper\"})",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|||||||
@ -244,7 +244,7 @@ data:
|
|||||||
to: 0
|
to: 0
|
||||||
datasourceUid: atlas-vm
|
datasourceUid: atlas-vm
|
||||||
model:
|
model:
|
||||||
expr: time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace="maintenance",cronjob=~"image-sweeper|grafana-smtp-sync"})
|
expr: time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace="maintenance",cronjob="image-sweeper"})
|
||||||
intervalMs: 60000
|
intervalMs: 60000
|
||||||
maxDataPoints: 43200
|
maxDataPoints: 43200
|
||||||
legendFormat: '{{cronjob}}'
|
legendFormat: '{{cronjob}}'
|
||||||
|
|||||||
@ -503,7 +503,7 @@ data:
|
|||||||
},
|
},
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace=\"maintenance\",cronjob=~\"image-sweeper|grafana-smtp-sync\"})",
|
"expr": "time() - max by (cronjob) (kube_cronjob_status_last_successful_time{namespace=\"maintenance\",cronjob=\"image-sweeper\"})",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|||||||
@ -1,44 +0,0 @@
|
|||||||
# services/monitoring/grafana-smtp-sync-cronjob.yaml
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: CronJob
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
spec:
|
|
||||||
schedule: "15 3 * * *"
|
|
||||||
concurrencyPolicy: Forbid
|
|
||||||
jobTemplate:
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
serviceAccountName: grafana-smtp-sync
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
containers:
|
|
||||||
- name: sync
|
|
||||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args:
|
|
||||||
- |
|
|
||||||
set -euo pipefail
|
|
||||||
if ! command -v jq >/dev/null 2>&1; then
|
|
||||||
apt-get update >/dev/null && apt-get install -y jq >/dev/null
|
|
||||||
fi
|
|
||||||
exec /scripts/sync.sh
|
|
||||||
env:
|
|
||||||
- name: SOURCE_NS
|
|
||||||
value: mailu-mailserver
|
|
||||||
- name: SOURCE_SECRET
|
|
||||||
value: mailu-postmark-relay
|
|
||||||
- name: TARGET_NS
|
|
||||||
value: monitoring
|
|
||||||
- name: TARGET_SECRET
|
|
||||||
value: grafana-smtp
|
|
||||||
volumeMounts:
|
|
||||||
- name: script
|
|
||||||
mountPath: /scripts
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- name: script
|
|
||||||
configMap:
|
|
||||||
name: grafana-smtp-sync-script
|
|
||||||
defaultMode: 0555
|
|
||||||
@ -1,49 +0,0 @@
|
|||||||
# services/monitoring/grafana-smtp-sync-rbac.yaml
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["secrets"]
|
|
||||||
verbs: ["get"]
|
|
||||||
resourceNames:
|
|
||||||
- mailu-postmark-relay
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["secrets"]
|
|
||||||
verbs: ["get", "create", "update", "patch"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
# services/monitoring/grafana-smtp-sync-serviceaccount.yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: grafana-smtp-sync
|
|
||||||
namespace: monitoring
|
|
||||||
@ -20,9 +20,6 @@ resources:
|
|||||||
- postmark-exporter-deployment.yaml
|
- postmark-exporter-deployment.yaml
|
||||||
- vault-sync-deployment.yaml
|
- vault-sync-deployment.yaml
|
||||||
- grafana-alerting-config.yaml
|
- grafana-alerting-config.yaml
|
||||||
- grafana-smtp-sync-serviceaccount.yaml
|
|
||||||
- grafana-smtp-sync-rbac.yaml
|
|
||||||
- grafana-smtp-sync-cronjob.yaml
|
|
||||||
- grafana-folders.yaml
|
- grafana-folders.yaml
|
||||||
- helmrelease.yaml
|
- helmrelease.yaml
|
||||||
- grafana-org-bootstrap.yaml
|
- grafana-org-bootstrap.yaml
|
||||||
@ -34,12 +31,6 @@ configMapGenerator:
|
|||||||
- monitoring_postmark_exporter.py=scripts/postmark_exporter.py
|
- monitoring_postmark_exporter.py=scripts/postmark_exporter.py
|
||||||
options:
|
options:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
||||||
- name: grafana-smtp-sync-script
|
|
||||||
namespace: monitoring
|
|
||||||
files:
|
|
||||||
- sync.sh=scripts/grafana_smtp_sync.sh
|
|
||||||
options:
|
|
||||||
disableNameSuffixHash: true
|
|
||||||
- name: jetson-tegrastats-exporter-script
|
- name: jetson-tegrastats-exporter-script
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
files:
|
files:
|
||||||
|
|||||||
@ -1,31 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
SOURCE_NS=${SOURCE_NS:-mailu-mailserver}
|
|
||||||
SOURCE_SECRET=${SOURCE_SECRET:-mailu-postmark-relay}
|
|
||||||
TARGET_NS=${TARGET_NS:-monitoring}
|
|
||||||
TARGET_SECRET=${TARGET_SECRET:-grafana-smtp}
|
|
||||||
|
|
||||||
tmp=$(mktemp)
|
|
||||||
cleanup() { rm -f "$tmp"; }
|
|
||||||
trap cleanup EXIT
|
|
||||||
|
|
||||||
kubectl -n "$SOURCE_NS" get secret "$SOURCE_SECRET" -o json > "$tmp"
|
|
||||||
|
|
||||||
pass=$(jq -r '.data["relay-password"]' "$tmp")
|
|
||||||
user=$pass
|
|
||||||
|
|
||||||
if [ -z "$user" ] || [ -z "$pass" ] || [ "$user" = "null" ] || [ "$pass" = "null" ]; then
|
|
||||||
echo "missing credentials from $SOURCE_NS/$SOURCE_SECRET" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat <<SECRET | kubectl -n "$TARGET_NS" apply -f -
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: $TARGET_SECRET
|
|
||||||
stringData:
|
|
||||||
username: $(echo "$user" | base64 -d)
|
|
||||||
password: $(echo "$pass" | base64 -d)
|
|
||||||
SECRET
|
|
||||||
@ -25,6 +25,12 @@ spec:
|
|||||||
- objectName: "postmark-exporter__sending-limit"
|
- objectName: "postmark-exporter__sending-limit"
|
||||||
secretPath: "kv/data/atlas/monitoring/postmark-exporter"
|
secretPath: "kv/data/atlas/monitoring/postmark-exporter"
|
||||||
secretKey: "sending-limit"
|
secretKey: "sending-limit"
|
||||||
|
- objectName: "postmark-relay__relay-username"
|
||||||
|
secretPath: "kv/data/atlas/shared/postmark-relay"
|
||||||
|
secretKey: "relay-username"
|
||||||
|
- objectName: "postmark-relay__relay-password"
|
||||||
|
secretPath: "kv/data/atlas/shared/postmark-relay"
|
||||||
|
secretKey: "relay-password"
|
||||||
secretObjects:
|
secretObjects:
|
||||||
- secretName: grafana-admin
|
- secretName: grafana-admin
|
||||||
type: Opaque
|
type: Opaque
|
||||||
@ -42,3 +48,10 @@ spec:
|
|||||||
key: server-token-fallback
|
key: server-token-fallback
|
||||||
- objectName: postmark-exporter__sending-limit
|
- objectName: postmark-exporter__sending-limit
|
||||||
key: sending-limit
|
key: sending-limit
|
||||||
|
- secretName: grafana-smtp
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
- objectName: postmark-relay__relay-username
|
||||||
|
key: username
|
||||||
|
- objectName: postmark-relay__relay-password
|
||||||
|
key: password
|
||||||
|
|||||||
@ -98,7 +98,7 @@ write_policy_and_role "comms" "comms" "comms-vault,atlasbot" \
|
|||||||
write_policy_and_role "jenkins" "jenkins" "jenkins-vault-sync" \
|
write_policy_and_role "jenkins" "jenkins" "jenkins-vault-sync" \
|
||||||
"jenkins/*" ""
|
"jenkins/*" ""
|
||||||
write_policy_and_role "monitoring" "monitoring" "monitoring-vault-sync" \
|
write_policy_and_role "monitoring" "monitoring" "monitoring-vault-sync" \
|
||||||
"monitoring/*" ""
|
"monitoring/* shared/postmark-relay" ""
|
||||||
write_policy_and_role "logging" "logging" "logging-vault-sync" \
|
write_policy_and_role "logging" "logging" "logging-vault-sync" \
|
||||||
"logging/*" ""
|
"logging/*" ""
|
||||||
write_policy_and_role "pegasus" "jellyfin" "pegasus-vault-sync" \
|
write_policy_and_role "pegasus" "jellyfin" "pegasus-vault-sync" \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user