diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-app.yaml new file mode 100644 index 0000000..e8508f8 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-app.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cloud-postgres-exporter + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cloud-postgres-exporter + destination: + server: https://kubernetes.default.svc + namespace: cloud-prod + sources: + - repoURL: https://git.avroid.tech/K8s/k8s-configs.git + targetRevision: master + ref: values + - repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/ + chart: "prometheus-community/prometheus-postgres-exporter" + targetRevision: 6.9.0 + helm: + valueFiles: + - $values/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-ovveride.yaml + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ApplyOutOfSyncOnly=true + - CreateNamespace=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: cloud-postgres-exporter + namespace: argocd + # Finalizer that ensures that project is not deleted until it is not referenced by any application + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + sourceRepos: + - https://git.avroid.tech/K8s/k8s-configs.git + - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/ + # Only permit applications to deploy to the guestbook namespace in the same cluster + destinations: + - namespace: cloud-prod + server: https://kubernetes.default.svc + # Deny all cluster-scoped resources from being created, except for Namespace + clusterResourceWhitelist: + - group: '' + kind: Namespace diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-network-policy.yaml new file mode 100644 index 0000000..de7847e --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-network-policy.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: cloud-postgres-exporter-in + namespace: cloud-prod + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-postgres-exporter + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: cloud-prod + podSelector: + matchLabels: + app.kubernetes.io/name: cloud-prometheus +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: cloud-postgres-exporter-out + namespace: cloud-prod + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-postgres-exporter + policyTypes: + - Egress + ingress: [] + egress: + - ports: + - port: 9187 + protocol: TCP diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml new file mode 100644 index 0000000..aa4f0ca --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/managed-by: argocd + name: postgres-exporter-secret + namespace: cloud-prod + annotations: + vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech" + vault.security.banzaicloud.io/vault-role: "cloud-prod" + vault.security.banzaicloud.io/vault-skip-verify: "false" + vault.security.banzaicloud.io/vault-path: "avroid-office" +type: Opaque +data: + postgres_exporter.yml: | + dmF1bHQ6dGVhbS1kZXZvcHMvZGF0YS9zZXJ2aWNlcy9tb25pdG9yaW5nL2s4cy9jbG91ZC1wcm9kL3Bvc3RncmVzLWV4cG9ydGVyI3Bvc3RncmVzX2V4cG9ydGVyLnltbAo= diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-ovveride.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-ovveride.yaml new file mode 100644 index 0000000..c15fbe6 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-ovveride.yaml @@ -0,0 +1,46 @@ +replicaCount: 1 + +image: + registry: harbor.avroid.tech/quay-proxy + repository: prometheuscommunity/postgres-exporter + +automountServiceAccountToken: true + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 300m + memory: 256Mi + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: false + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: vault + +config: + # define an existing secret to be mounted as the config file + # needs to have the key 'postgres_exporter.yml' + existingSecret: + enabled: true + name: "postgres-exporter-secret" + +nodeSelector: + node-role.kubernetes.io/worker: "" + +annotations: + vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech" + vault.security.banzaicloud.io/vault-role: "cloud-prod" + vault.security.banzaicloud.io/vault-skip-verify: "false" + vault.security.banzaicloud.io/vault-path: "avroid-office" + +# Labels and annotations to attach to the deployment resource +deployment: + annotations: + vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech" + vault.security.banzaicloud.io/vault-role: "cloud-prod" + vault.security.banzaicloud.io/vault-skip-verify: "false" + vault.security.banzaicloud.io/vault-path: "avroid-office" diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis_exporter-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis-exporter-app.yaml similarity index 100% rename from clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis_exporter-app.yaml rename to clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis-exporter-app.yaml diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis_exporter-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis-exporter-network-policy.yaml similarity index 84% rename from clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis_exporter-network-policy.yaml rename to clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis-exporter-network-policy.yaml index 3005691..3927960 100644 --- a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis_exporter-network-policy.yaml +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/redis-exporter/argocd-apps-redis-exporter-network-policy.yaml @@ -9,7 +9,7 @@ metadata: spec: podSelector: matchLabels: - app.kubernetes.io/name: cloud-redis-exporter + app.kubernetes.io/name: prometheus-redis-exporter policyTypes: - Ingress ingress: @@ -29,7 +29,9 @@ metadata: labels: app.kubernetes.io/managed-by: argocd spec: - podSelector: {} + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-redis-exporter policyTypes: - Egress ingress: []