bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'feature/bstein-dev-home'

Browse Source
This commit is contained in:
Brad Stein 2025-12-19 15:44:41 -03:00
commit f5964439b0
11 changed files with 78 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml
View File

@ -13,14 +13,14 @@ spec:
git: git:
checkout: checkout:
ref: ref:
branch: feature/ci-gitops branch: feature/bstein-dev-home
commit: commit:
author: author:
email: ops@bstein.dev email: ops@bstein.dev
name: flux-bot name: flux-bot
messageTemplate: "chore(bstein-dev-home): update images to {{range .Updated.Images}}{{.}}{{end}}" messageTemplate: "chore(bstein-dev-home): update images to {{range .Updated.Images}}{{.}}{{end}}"
push: push:
branch: feature/ci-gitops branch: feature/bstein-dev-home
update: update:
strategy: Setters strategy: Setters
path: services/bstein-dev-home path: services/bstein-dev-home

2
clusters/atlas/flux-system/gotk-sync.yaml
View File

@ -8,7 +8,7 @@ metadata:
spec: spec:
interval: 1m0s interval: 1m0s
ref: ref:
branch: feature/ci-gitops branch: feature/bstein-dev-home
secretRef: secretRef:
name: flux-system-gitea name: flux-system-gitea
url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git

10
scripts/dashboards_render_atlas.py
View File

@ -204,7 +204,9 @@ STUCK_TERMINATING_EXPR = (
')) ' ')) '
"or on() vector(0)" "or on() vector(0)"
) )
UPTIME_WINDOW = "30d" UPTIME_WINDOW = "365d"
# Keep the subquery step coarse so we don't request an excessive number of points.
UPTIME_STEP = "1h"
TRAEFIK_READY_EXPR = ( TRAEFIK_READY_EXPR = (
"(" "("
'sum(kube_deployment_status_replicas_available{namespace=~"traefik|kube-system",deployment="traefik"})' 'sum(kube_deployment_status_replicas_available{namespace=~"traefik|kube-system",deployment="traefik"})'
@ -225,7 +227,7 @@ NODE_TIEBREAKER = " + ".join(
f"({node_filter(node)}) * 1e-6 * {idx}" f"({node_filter(node)}) * 1e-6 * {idx}"
for idx, node in enumerate(CONTROL_ALL + WORKER_NODES, start=1) for idx, node in enumerate(CONTROL_ALL + WORKER_NODES, start=1)
) )
UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:5m])" UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:{UPTIME_STEP}])"
UPTIME_PERCENT_EXPR = UPTIME_AVG_EXPR UPTIME_PERCENT_EXPR = UPTIME_AVG_EXPR
UPTIME_NINES_EXPR = f"-log10(1 - clamp_max({UPTIME_AVG_EXPR}, 0.999999999))" UPTIME_NINES_EXPR = f"-log10(1 - clamp_max({UPTIME_AVG_EXPR}, 0.999999999))"
UPTIME_THRESHOLDS = { UPTIME_THRESHOLDS = {
@ -735,12 +737,12 @@ def build_overview():
}, },
{ {
"id": 27, "id": 27,
"title": "Atlas Availability (30d)", "title": "Atlas Availability",
"expr": UPTIME_PERCENT_EXPR, "expr": UPTIME_PERCENT_EXPR,
"kind": "stat", "kind": "stat",
"thresholds": UPTIME_PERCENT_THRESHOLDS, "thresholds": UPTIME_PERCENT_THRESHOLDS,
"unit": "percentunit", "unit": "percentunit",
"decimals": 3, "decimals": 4,
"text_mode": "value", "text_mode": "value",
}, },
{ {

10
services/bstein-dev-home/image.yaml
View File

@ -16,12 +16,9 @@ metadata:
spec: spec:
imageRepositoryRef: imageRepositoryRef:
name: bstein-dev-home-frontend name: bstein-dev-home-frontend
filterTags:
pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
extract: '$version'
policy: policy:
semver: semver:
range: ">=0.1.0" range: ">=0.1.0-0"
--- ---
apiVersion: image.toolkit.fluxcd.io/v1beta2 apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository kind: ImageRepository
@ -40,9 +37,6 @@ metadata:
spec: spec:
imageRepositoryRef: imageRepositoryRef:
name: bstein-dev-home-backend name: bstein-dev-home-backend
filterTags:
pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
extract: '$version'
policy: policy:
semver: semver:
range: ">=0.1.0" range: ">=0.1.0-0"

4
services/bstein-dev-home/kustomization.yaml
View File

@ -12,6 +12,6 @@ resources:
- ingress.yaml - ingress.yaml
images: images:
- name: registry.bstein.dev/bstein/bstein-dev-home-frontend - name: registry.bstein.dev/bstein/bstein-dev-home-frontend
newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"} newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"}
- name: registry.bstein.dev/bstein/bstein-dev-home-backend - name: registry.bstein.dev/bstein/bstein-dev-home-backend
newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}

25
services/crypto/monerod/ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
# services/crypto/monerod/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: monerod
namespace: crypto
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts: [ "monero.bstein.dev" ]
secretName: monero-bstein-dev-tls
rules:
- host: monero.bstein.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: monerod
port: { number: 18081 }

1
services/crypto/monerod/kustomization.yaml
View File

@ -6,3 +6,4 @@ resources:
- cm-release-keys.yaml - cm-release-keys.yaml
- deployment.yaml - deployment.yaml
- service.yaml - service.yaml
- ingress.yaml

32
services/jenkins/helmrelease.yaml
View File

@ -59,6 +59,14 @@ spec:
cpu: 1500m cpu: 1500m
memory: 3Gi memory: 3Gi
javaOpts: "-Xms512m -Xmx2048m" javaOpts: "-Xms512m -Xmx2048m"
startupProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 20
jenkinsUrl: https://ci.bstein.dev jenkinsUrl: https://ci.bstein.dev
ingress: ingress:
enabled: true enabled: true
@ -71,14 +79,20 @@ spec:
- secretName: jenkins-tls - secretName: jenkins-tls
hosts: hosts:
- ci.bstein.dev - ci.bstein.dev
hostAliases:
- ip: 38.28.125.112
hostnames:
- sso.bstein.dev
installPlugins: installPlugins:
- kubernetes - kubernetes
- workflow-aggregator - workflow-aggregator
- git - git
- pipeline-utility-steps
- configuration-as-code - configuration-as-code
- oic-auth - oic-auth
- job-dsl - job-dsl
- configuration-as-code-support - configuration-as-code-support
- simple-theme-plugin
containerEnv: containerEnv:
- name: ENABLE_OIDC - name: ENABLE_OIDC
value: "true" value: "true"
@ -190,6 +204,23 @@ spec:
println("Failed to configure OIDC realm: ${e}") println("Failed to configure OIDC realm: ${e}")
throw e throw e
} }
theme.groovy: |
import jenkins.model.Jenkins
import org.codefirst.SimpleThemeDecorator
def instance = Jenkins.get()
def decorators = instance.getExtensionList(SimpleThemeDecorator.class)
if (decorators?.size() > 0) {
def theme = decorators[0]
theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css")
theme.setJsUrl("")
theme.setTheme("")
instance.save()
println("Applied simple-theme-plugin dark theme")
} else {
println("simple-theme-plugin not installed; skipping theme configuration")
}
JCasC: JCasC:
defaultConfig: false defaultConfig: false
securityRealm: "" securityRealm: ""
@ -264,7 +295,6 @@ spec:
creationOfLegacyTokenEnabled: false creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true usageStatisticsEnabled: true
unclassified:
creds.yaml: | creds.yaml: |
credentials: credentials:
system: system:

6
services/monitoring/dashboards/atlas-overview.json
View File

@ -213,7 +213,7 @@
{ {
"id": 27, "id": 27,
"type": "stat", "type": "stat",
"title": "Atlas Availability (30d)", "title": "Atlas Availability",
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "atlas-vm" "uid": "atlas-vm"
@ -226,7 +226,7 @@
}, },
"targets": [ "targets": [
{ {
"expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])", "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
"refId": "A" "refId": "A"
} }
], ],
@ -265,7 +265,7 @@
"custom": { "custom": {
"displayMode": "auto" "displayMode": "auto"
}, },
"decimals": 3 "decimals": 4
}, },
"overrides": [] "overrides": []
}, },

6
services/monitoring/grafana-dashboard-overview.yaml
View File

@ -222,7 +222,7 @@ data:
{ {
"id": 27, "id": 27,
"type": "stat", "type": "stat",
"title": "Atlas Availability (30d)", "title": "Atlas Availability",
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "atlas-vm" "uid": "atlas-vm"
@ -235,7 +235,7 @@ data:
}, },
"targets": [ "targets": [
{ {
"expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])", "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
"refId": "A" "refId": "A"
} }
], ],
@ -274,7 +274,7 @@ data:
"custom": { "custom": {
"displayMode": "auto" "displayMode": "auto"
}, },
"decimals": 3 "decimals": 4
}, },
"overrides": [] "overrides": []
}, },

3
services/pegasus/deployment.yaml
View File

@ -16,7 +16,8 @@ spec:
metadata: { labels: { app: pegasus } } metadata: { labels: { app: pegasus } }
spec: spec:
nodeSelector: nodeSelector:
kubernetes.io/arch: amd64 kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65532 runAsUser: 65532