nocodelytics
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update dashboard

This commit is contained in:
Florian Herrengt 2022-12-07 11:00:34 +00:00
parent 4f28934bf7
commit f285e4f9fd
8 changed files with 591 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

323
k8s-dashboard.yml Normal file
View File

@ -0,0 +1,323 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30003
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames:
[
"kubernetes-dashboard-key-holder",
"kubernetes-dashboard-certs",
"kubernetes-dashboard-csrf",
]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames:
[
"heapster",
"http:heapster:",
"https:heapster:",
"dashboard-metrics-scraper",
"http:dashboard-metrics-scraper",
]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.6.1
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --token-ttl=0
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=https://52.211.62.142:30003
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
kubernetes.io/arch: arm64
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "arch"
operator: "Equal"
value: "arm64"
effect: "NoSchedule"
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
kubernetes.io/arch: arm64
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "arch"
operator: "Equal"
value: "arm64"
effect: "NoSchedule"
volumes:
- name: tmp-volume
emptyDir: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard

126
kuma.yml Normal file
View File

@ -0,0 +1,126 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kuma-pvc-2
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuma
namespace: default
spec:
replicas: 1
selector:
matchLabels:
ms: kuma
template:
metadata:
labels:
ms: kuma
spec:
containers:
- name: kuma
image: louislam/uptime-kuma
volumeMounts:
- name: volv
mountPath: /app/data
# resources:
# limits:
# memory: "512Mi"
# cpu: "100m"
volumes:
- name: volv
persistentVolumeClaim:
claimName: kuma-pvc-2
nodeSelector:
kubernetes.io/arch: arm64
tolerations:
- key: "arch"
operator: "Equal"
value: "arm64"
effect: "NoSchedule"
---
apiVersion: v1
kind: Service
metadata:
name: kuma
namespace: default
spec:
type: NodePort
selector:
ms: kuma
ports:
- port: 3001
targetPort: 3001
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: kuma-letsencrypt-prod
namespace: default
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: florian@nocodelytics.com
privateKeySecretRef:
name: kuma-letsencrypt-prod
solvers:
- http01:
ingress:
class: traefik
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kuma
namespace: default
spec:
secretName: kuma-net-tls
issuerRef:
name: kuma-letsencrypt-prod
kind: Issuer
commonName: status.nocodelytics.com
dnsNames:
- status.nocodelytics.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kuma-nginx-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/redirect-entry-point: https
cert-manager.io/acme-challenge-type: http01
spec:
rules:
- host: status.nocodelytics.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- path: /
pathType: Prefix
backend:
service:
name: kuma
port:
number: 3001
tls:
- hosts:
- status.nocodelytics.com
secretName: kuma-net-tls

1
kustomization/bases/kustomization.yaml
View File

@ -1,6 +1,7 @@
resources:
- ./namespace.yaml
- ./nocodelytics-dashboard.yaml
# - ./nocodelytics-events-worker.yaml
# - ./nocodelytics-tracker-api.yaml
# - ./clickhouse.yaml
- ./cert-manager.yaml

30
kustomization/bases/nocodelytics-dashboard.yaml
View File

@ -17,6 +17,11 @@ metadata:
name: nocodelytics-dashboard
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
ms: nocodelytics-dashboard
@ -31,18 +36,41 @@ spec:
- name: nocodelytics-dashboard
imagePullPolicy: Always
image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 10
failureThreshold: 5
periodSeconds: 10
terminationGracePeriodSeconds: 60
env:
- name: PORT
value: "8080"
- name: K8S_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: K8S_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: secrets
key: ENCRYPTION_KEY
resources:
requests:
memory: "256Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "100m"
cpu: "200m"
nodeSelector:
kubernetes.io/arch: arm64
tolerations:

37
kustomization/bases/nocodelytics-events-worker.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nocodelytics-events-worker
spec:
replicas: 1
selector:
matchLabels:
ms: nocodelytics-events-worker
template:
metadata:
labels:
ms: nocodelytics-events-worker
spec:
containers:
- name: nocodelytics-events-worker
image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest
command:
[
"node",
"./api/.build/src/queue/workers/metricEventWorker/metricEventWorker.js",
]
resources:
requests:
memory: "256Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "200m"
env:
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: secrets
key: ENCRYPTION_KEY
imagePullSecrets:
- name: regcred

7
kustomization/bases/nocodelytics-tracker-api.yaml
View File

@ -32,9 +32,12 @@ spec:
imagePullPolicy: Always
image: container-registry.nocodelytics.com/nocodelytics-tracker-api:latest
resources:
requests:
memory: "128Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "100m"
cpu: "200m"
nodeSelector:
kubernetes.io/arch: arm64
tolerations:
@ -81,8 +84,6 @@ spec:
backend:
service:
name: nocodelytics-tracker-api
# port:
# number: 3001
tls:
- hosts:
- nocodelytics-tracker-api.nocodelytics.com

14
kustomization/overlays/production/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
namespace: production
resources:
- ../../bases
patchesStrategicMerge:
- ./nocodelytics-dashboard.yaml
# - ./nocodelytics-tracker-api.yaml
patches:
- target:
kind: Namespace
name: default
patch: |-
- op: replace
path: /metadata/name
value: production

57
kustomization/overlays/production/nocodelytics-dashboard.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nocodelytics-dashboard
spec:
commonName: api.nocodelytics.com
dnsNames:
- api.nocodelytics.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nocodelytics-dashboard-nginx-ingress
spec:
rules:
- host: api.nocodelytics.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- path: /
pathType: Prefix
backend:
service:
name: nocodelytics-dashboard
port:
number: 8080
tls:
- hosts:
- api.nocodelytics.com
secretName: nocodelytics-dashboard-net-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nocodelytics-dashboard
spec:
replicas: 2
selector:
matchLabels:
ms: nocodelytics-dashboard
template:
metadata:
labels:
ms: nocodelytics-dashboard
spec:
containers:
- name: nocodelytics-dashboard
image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest
env:
- name: NODE_ENV
value: production