Merge branch 'feature/bstein-dev-home'

clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml

@@ -13,14 +13,14 @@ spec:
   git:
     checkout:
       ref:
-        branch: feature/ci-gitops
+        branch: feature/bstein-dev-home
     commit:
       author:
         email: ops@bstein.dev
         name: flux-bot
       messageTemplate: "chore(bstein-dev-home): update images to {{range .Updated.Images}}{{.}}{{end}}"
     push:
-      branch: feature/ci-gitops
+      branch: feature/bstein-dev-home
   update:
     strategy: Setters
     path: services/bstein-dev-home

clusters/atlas/flux-system/gotk-sync.yaml

@@ -8,7 +8,7 @@ metadata:
 spec:
   interval: 1m0s
   ref:
-    branch: feature/ci-gitops
+    branch: feature/bstein-dev-home
   secretRef:
     name: flux-system-gitea
   url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git

scripts/dashboards_render_atlas.py

@@ -204,7 +204,9 @@ STUCK_TERMINATING_EXPR = (
     ')) '
     "or on() vector(0)"
 )
-UPTIME_WINDOW = "30d"
+UPTIME_WINDOW = "365d"
+# Keep the subquery step coarse so we don't request an excessive number of points.
+UPTIME_STEP = "1h"
 TRAEFIK_READY_EXPR = (
     "("
     'sum(kube_deployment_status_replicas_available{namespace=~"traefik|kube-system",deployment="traefik"})'
@@ -225,7 +227,7 @@ NODE_TIEBREAKER = " + ".join(
     f"({node_filter(node)}) * 1e-6 * {idx}"
     for idx, node in enumerate(CONTROL_ALL + WORKER_NODES, start=1)
 )
-UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:5m])"
+UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:{UPTIME_STEP}])"
 UPTIME_PERCENT_EXPR = UPTIME_AVG_EXPR
 UPTIME_NINES_EXPR = f"-log10(1 - clamp_max({UPTIME_AVG_EXPR}, 0.999999999))"
 UPTIME_THRESHOLDS = {
@@ -735,12 +737,12 @@ def build_overview():
         },
         {
             "id": 27,
-            "title": "Atlas Availability (30d)",
+            "title": "Atlas Availability",
             "expr": UPTIME_PERCENT_EXPR,
             "kind": "stat",
             "thresholds": UPTIME_PERCENT_THRESHOLDS,
             "unit": "percentunit",
-            "decimals": 3,
+            "decimals": 4,
             "text_mode": "value",
         },
         {

services/bstein-dev-home/image.yaml

@@ -16,12 +16,9 @@ metadata:
 spec:
   imageRepositoryRef:
     name: bstein-dev-home-frontend
-  filterTags:
-    pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
-    extract: '$version'
   policy:
     semver:
-      range: ">=0.1.0"
+      range: ">=0.1.0-0"
 ---
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
@@ -40,9 +37,6 @@ metadata:
 spec:
   imageRepositoryRef:
     name: bstein-dev-home-backend
-  filterTags:
-    pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
-    extract: '$version'
   policy:
     semver:
-      range: ">=0.1.0"
+      range: ">=0.1.0-0"

services/bstein-dev-home/kustomization.yaml

@@ -12,6 +12,6 @@ resources:
   - ingress.yaml
 images:
   - name: registry.bstein.dev/bstein/bstein-dev-home-frontend
-    newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"}
+    newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"}
   - name: registry.bstein.dev/bstein/bstein-dev-home-backend
-    newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
+    newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}

services/crypto/monerod/ingress.yaml

@@ -0,0 +1,25 @@
+# services/crypto/monerod/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: monerod
+  namespace: crypto
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts: [ "monero.bstein.dev" ]
+      secretName: monero-bstein-dev-tls
+  rules:
+    - host: monero.bstein.dev
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: monerod
+                port: { number: 18081 }

services/crypto/monerod/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - cm-release-keys.yaml
   - deployment.yaml
   - service.yaml
+  - ingress.yaml

services/jenkins/helmrelease.yaml

@@ -59,6 +59,14 @@ spec:
           cpu: 1500m
           memory: 3Gi
       javaOpts: "-Xms512m -Xmx2048m"
+      startupProbe:
+        httpGet:
+          path: /login
+          port: http
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        failureThreshold: 20
       jenkinsUrl: https://ci.bstein.dev
       ingress:
         enabled: true
@@ -71,14 +79,20 @@ spec:
           - secretName: jenkins-tls
             hosts:
               - ci.bstein.dev
+      hostAliases:
+        - ip: 38.28.125.112
+          hostnames:
+            - sso.bstein.dev
       installPlugins:
         - kubernetes
         - workflow-aggregator
         - git
+        - pipeline-utility-steps
         - configuration-as-code
         - oic-auth
         - job-dsl
         - configuration-as-code-support
+        - simple-theme-plugin
       containerEnv:
         - name: ENABLE_OIDC
           value: "true"
@@ -190,6 +204,23 @@ spec:
             println("Failed to configure OIDC realm: ${e}")
             throw e
           }
+        theme.groovy: |
+          import jenkins.model.Jenkins
+          import org.codefirst.SimpleThemeDecorator
+
+          def instance = Jenkins.get()
+          def decorators = instance.getExtensionList(SimpleThemeDecorator.class)
+
+          if (decorators?.size() > 0) {
+            def theme = decorators[0]
+            theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css")
+            theme.setJsUrl("")
+            theme.setTheme("")
+            instance.save()
+            println("Applied simple-theme-plugin dark theme")
+          } else {
+            println("simple-theme-plugin not installed; skipping theme configuration")
+          }
       JCasC:
         defaultConfig: false
         securityRealm: ""
@@ -264,7 +295,6 @@ spec:
                 creationOfLegacyTokenEnabled: false
                 tokenGenerationOnCreationEnabled: false
                 usageStatisticsEnabled: true
-            unclassified:
           creds.yaml: |
             credentials:
               system:

services/monitoring/dashboards/atlas-overview.json

@@ -213,7 +213,7 @@
     {
       "id": 27,
       "type": "stat",
-      "title": "Atlas Availability (30d)",
+      "title": "Atlas Availability",
       "datasource": {
         "type": "prometheus",
         "uid": "atlas-vm"
@@ -226,7 +226,7 @@
       },
       "targets": [
         {
-          "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])",
+          "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
           "refId": "A"
         }
       ],
@@ -265,7 +265,7 @@
           "custom": {
             "displayMode": "auto"
           },
-          "decimals": 3
+          "decimals": 4
         },
         "overrides": []
       },

services/monitoring/grafana-dashboard-overview.yaml

@@ -222,7 +222,7 @@ data:
         {
           "id": 27,
           "type": "stat",
-          "title": "Atlas Availability (30d)",
+          "title": "Atlas Availability",
           "datasource": {
             "type": "prometheus",
             "uid": "atlas-vm"
@@ -235,7 +235,7 @@ data:
           },
           "targets": [
             {
-              "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])",
+              "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
               "refId": "A"
             }
           ],
@@ -274,7 +274,7 @@ data:
               "custom": {
                 "displayMode": "auto"
               },
-              "decimals": 3
+              "decimals": 4
             },
             "overrides": []
           },

services/pegasus/deployment.yaml

@@ -16,7 +16,8 @@ spec:
     metadata: { labels: { app: pegasus } }
     spec:
       nodeSelector:
-        kubernetes.io/arch: amd64
+        kubernetes.io/arch: arm64
+        node-role.kubernetes.io/worker: "true"
       securityContext:
         runAsNonRoot: true
         runAsUser: 65532