diff --git a/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml b/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml index 889aa2d..6245fb0 100644 --- a/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml +++ b/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml @@ -13,14 +13,14 @@ spec: git: checkout: ref: - branch: feature/ci-gitops + branch: feature/bstein-dev-home commit: author: email: ops@bstein.dev name: flux-bot messageTemplate: "chore(bstein-dev-home): update images to {{range .Updated.Images}}{{.}}{{end}}" push: - branch: feature/ci-gitops + branch: feature/bstein-dev-home update: strategy: Setters path: services/bstein-dev-home diff --git a/clusters/atlas/flux-system/gotk-sync.yaml b/clusters/atlas/flux-system/gotk-sync.yaml index 006bdd3..5318f12 100644 --- a/clusters/atlas/flux-system/gotk-sync.yaml +++ b/clusters/atlas/flux-system/gotk-sync.yaml @@ -8,7 +8,7 @@ metadata: spec: interval: 1m0s ref: - branch: feature/ci-gitops + branch: feature/bstein-dev-home secretRef: name: flux-system-gitea url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git diff --git a/scripts/dashboards_render_atlas.py b/scripts/dashboards_render_atlas.py index a14f396..7ad117b 100644 --- a/scripts/dashboards_render_atlas.py +++ b/scripts/dashboards_render_atlas.py @@ -204,7 +204,9 @@ STUCK_TERMINATING_EXPR = ( ')) ' "or on() vector(0)" ) -UPTIME_WINDOW = "30d" +UPTIME_WINDOW = "365d" +# Keep the subquery step coarse so we don't request an excessive number of points. +UPTIME_STEP = "1h" TRAEFIK_READY_EXPR = ( "(" 'sum(kube_deployment_status_replicas_available{namespace=~"traefik|kube-system",deployment="traefik"})' @@ -225,7 +227,7 @@ NODE_TIEBREAKER = " + ".join( f"({node_filter(node)}) * 1e-6 * {idx}" for idx, node in enumerate(CONTROL_ALL + WORKER_NODES, start=1) ) -UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:5m])" +UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:{UPTIME_STEP}])" UPTIME_PERCENT_EXPR = UPTIME_AVG_EXPR UPTIME_NINES_EXPR = f"-log10(1 - clamp_max({UPTIME_AVG_EXPR}, 0.999999999))" UPTIME_THRESHOLDS = { @@ -735,12 +737,12 @@ def build_overview(): }, { "id": 27, - "title": "Atlas Availability (30d)", + "title": "Atlas Availability", "expr": UPTIME_PERCENT_EXPR, "kind": "stat", "thresholds": UPTIME_PERCENT_THRESHOLDS, "unit": "percentunit", - "decimals": 3, + "decimals": 4, "text_mode": "value", }, { diff --git a/services/bstein-dev-home/image.yaml b/services/bstein-dev-home/image.yaml index 4462ba5..3b6c757 100644 --- a/services/bstein-dev-home/image.yaml +++ b/services/bstein-dev-home/image.yaml @@ -16,12 +16,9 @@ metadata: spec: imageRepositoryRef: name: bstein-dev-home-frontend - filterTags: - pattern: '^v?(?P[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$' - extract: '$version' policy: semver: - range: ">=0.1.0" + range: ">=0.1.0-0" --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository @@ -40,9 +37,6 @@ metadata: spec: imageRepositoryRef: name: bstein-dev-home-backend - filterTags: - pattern: '^v?(?P[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$' - extract: '$version' policy: semver: - range: ">=0.1.0" + range: ">=0.1.0-0" diff --git a/services/bstein-dev-home/kustomization.yaml b/services/bstein-dev-home/kustomization.yaml index dd4d6e7..3268f6d 100644 --- a/services/bstein-dev-home/kustomization.yaml +++ b/services/bstein-dev-home/kustomization.yaml @@ -12,6 +12,6 @@ resources: - ingress.yaml images: - name: registry.bstein.dev/bstein/bstein-dev-home-frontend - newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"} + newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"} - name: registry.bstein.dev/bstein/bstein-dev-home-backend - newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} + newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} diff --git a/services/crypto/monerod/ingress.yaml b/services/crypto/monerod/ingress.yaml new file mode 100644 index 0000000..1ac06c7 --- /dev/null +++ b/services/crypto/monerod/ingress.yaml @@ -0,0 +1,25 @@ +# services/crypto/monerod/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: monerod + namespace: crypto + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: [ "monero.bstein.dev" ] + secretName: monero-bstein-dev-tls + rules: + - host: monero.bstein.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: monerod + port: { number: 18081 } diff --git a/services/crypto/monerod/kustomization.yaml b/services/crypto/monerod/kustomization.yaml index 73b6cf6..d6c1b19 100644 --- a/services/crypto/monerod/kustomization.yaml +++ b/services/crypto/monerod/kustomization.yaml @@ -6,3 +6,4 @@ resources: - cm-release-keys.yaml - deployment.yaml - service.yaml + - ingress.yaml diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml index e9b0e15..4cdede0 100644 --- a/services/jenkins/helmrelease.yaml +++ b/services/jenkins/helmrelease.yaml @@ -59,6 +59,14 @@ spec: cpu: 1500m memory: 3Gi javaOpts: "-Xms512m -Xmx2048m" + startupProbe: + httpGet: + path: /login + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 20 jenkinsUrl: https://ci.bstein.dev ingress: enabled: true @@ -71,14 +79,20 @@ spec: - secretName: jenkins-tls hosts: - ci.bstein.dev + hostAliases: + - ip: 38.28.125.112 + hostnames: + - sso.bstein.dev installPlugins: - kubernetes - workflow-aggregator - git + - pipeline-utility-steps - configuration-as-code - oic-auth - job-dsl - configuration-as-code-support + - simple-theme-plugin containerEnv: - name: ENABLE_OIDC value: "true" @@ -190,6 +204,23 @@ spec: println("Failed to configure OIDC realm: ${e}") throw e } + theme.groovy: | + import jenkins.model.Jenkins + import org.codefirst.SimpleThemeDecorator + + def instance = Jenkins.get() + def decorators = instance.getExtensionList(SimpleThemeDecorator.class) + + if (decorators?.size() > 0) { + def theme = decorators[0] + theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css") + theme.setJsUrl("") + theme.setTheme("") + instance.save() + println("Applied simple-theme-plugin dark theme") + } else { + println("simple-theme-plugin not installed; skipping theme configuration") + } JCasC: defaultConfig: false securityRealm: "" @@ -264,7 +295,6 @@ spec: creationOfLegacyTokenEnabled: false tokenGenerationOnCreationEnabled: false usageStatisticsEnabled: true - unclassified: creds.yaml: | credentials: system: diff --git a/services/monitoring/dashboards/atlas-overview.json b/services/monitoring/dashboards/atlas-overview.json index 9088ea1..70062e0 100644 --- a/services/monitoring/dashboards/atlas-overview.json +++ b/services/monitoring/dashboards/atlas-overview.json @@ -213,7 +213,7 @@ { "id": 27, "type": "stat", - "title": "Atlas Availability (30d)", + "title": "Atlas Availability", "datasource": { "type": "prometheus", "uid": "atlas-vm" @@ -226,7 +226,7 @@ }, "targets": [ { - "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])", + "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])", "refId": "A" } ], @@ -265,7 +265,7 @@ "custom": { "displayMode": "auto" }, - "decimals": 3 + "decimals": 4 }, "overrides": [] }, diff --git a/services/monitoring/grafana-dashboard-overview.yaml b/services/monitoring/grafana-dashboard-overview.yaml index 5fe8b6f..cfd2cd6 100644 --- a/services/monitoring/grafana-dashboard-overview.yaml +++ b/services/monitoring/grafana-dashboard-overview.yaml @@ -222,7 +222,7 @@ data: { "id": 27, "type": "stat", - "title": "Atlas Availability (30d)", + "title": "Atlas Availability", "datasource": { "type": "prometheus", "uid": "atlas-vm" @@ -235,7 +235,7 @@ data: }, "targets": [ { - "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])", + "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])", "refId": "A" } ], @@ -274,7 +274,7 @@ data: "custom": { "displayMode": "auto" }, - "decimals": 3 + "decimals": 4 }, "overrides": [] }, diff --git a/services/pegasus/deployment.yaml b/services/pegasus/deployment.yaml index 3a10dfe..34270b0 100644 --- a/services/pegasus/deployment.yaml +++ b/services/pegasus/deployment.yaml @@ -16,7 +16,8 @@ spec: metadata: { labels: { app: pegasus } } spec: nodeSelector: - kubernetes.io/arch: amd64 + kubernetes.io/arch: arm64 + node-role.kubernetes.io/worker: "true" securityContext: runAsNonRoot: true runAsUser: 65532