sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use generated monitoring secrets

Browse Source
This commit is contained in:
Kochetkov S 2026-05-25 16:33:24 +03:00
parent 2131400030
commit 51c62cbccc
4 changed files with 239 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
clusters/wb/infrastructure/patches/glitchtip.yaml
View File

@ -13,6 +13,12 @@ spec:
deployment: deployment:
replicaCount: replicaCount:
_default: 1 _default: 1
podAnnotations:
_default: null
command:
_default: []
args:
_default: []
envs: envs:
- name: SERVER_ROLE - name: SERVER_ROLE
value: value:
@ -26,10 +32,65 @@ spec:
- name: ENABLE_OPEN_USER_REGISTRATION - name: ENABLE_OPEN_USER_REGISTRATION
value: value:
_default: "false" _default: "false"
secretEnvs:
- name: DATABASE_URL
secretName:
_default: glitchtip-secret
secretKey: DATABASE_URL
- name: PGHOST
secretName:
_default: glitchtip-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: glitchtip-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: glitchtip-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: glitchtip-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: glitchtip-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: glitchtip-secret
secretKey: PGSSLMODE
- name: REDIS_URL
secretName:
_default: glitchtip-secret
secretKey: REDIS_URL
- name: SECRET_KEY
secretName:
_default: glitchtip-secret
secretKey: SECRET_KEY
- name: EMAIL_URL
secretName:
_default: glitchtip-secret
secretKey: EMAIL_URL
- name: DEFAULT_FROM_EMAIL
secretName:
_default: glitchtip-secret
secretKey: DEFAULT_FROM_EMAIL
serviceAccount:
enabled: true
name:
_default: glitchtip
worker: worker:
deployment: deployment:
replicaCount: replicaCount:
_default: 1 _default: 1
podAnnotations:
_default: null
command:
_default: []
args:
_default: []
envs: envs:
- name: SERVER_ROLE - name: SERVER_ROLE
value: value:
@ -40,13 +101,93 @@ spec:
- name: GLITCHTIP_DOMAIN - name: GLITCHTIP_DOMAIN
value: value:
_default: https://glitchtip-srx.wb.ru _default: https://glitchtip-srx.wb.ru
secretEnvs:
- name: DATABASE_URL
secretName:
_default: glitchtip-secret
secretKey: DATABASE_URL
- name: PGHOST
secretName:
_default: glitchtip-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: glitchtip-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: glitchtip-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: glitchtip-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: glitchtip-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: glitchtip-secret
secretKey: PGSSLMODE
- name: REDIS_URL
secretName:
_default: glitchtip-secret
secretKey: REDIS_URL
- name: SECRET_KEY
secretName:
_default: glitchtip-secret
secretKey: SECRET_KEY
- name: EMAIL_URL
secretName:
_default: glitchtip-secret
secretKey: EMAIL_URL
- name: DEFAULT_FROM_EMAIL
secretName:
_default: glitchtip-secret
secretKey: DEFAULT_FROM_EMAIL
serviceAccount:
enabled: false
name:
_default: ""
glitchtip: glitchtip:
secret: secret:
create: true create: true
data:
PGHOST: sarex-vpsql-01.xc.wb.ru
PGPORT: "5432"
PGDATABASE: glitchtip
PGUSER: glitchtip
PGSSLMODE: disable
REDIS_URL: redis://glitchtip-redis:6379/0
EMAIL_URL: consolemail://
DEFAULT_FROM_EMAIL: glitchtip@grafana-srx.wb.ru
GLITCHTIP_ADMIN_EMAIL: admin@grafana-srx.wb.ru
migrate: migrate:
enabled: true enabled: true
env: env:
PORT: "8000" PORT: "8000"
GLITCHTIP_DOMAIN: https://glitchtip-srx.wb.ru GLITCHTIP_DOMAIN: https://glitchtip-srx.wb.ru
command:
- /bin/sh
- -ec
- |
python manage.py migrate --noinput
python manage.py shell <<'PY'
import os
from django.contrib.auth import get_user_model
email = os.environ["GLITCHTIP_ADMIN_EMAIL"]
password = os.environ["GLITCHTIP_ADMIN_PASSWORD"]
User = get_user_model()
user, _ = User.objects.get_or_create(email=email)
user.is_superuser = True
user.is_staff = True
user.is_active = True
user.set_password(password)
user.save(update_fields=["password", "is_superuser", "is_staff", "is_active"])
print(f"admin-user-ensured:{email}")
PY
vault: vault:
enabled: false enabled: false

98
clusters/wb/infrastructure/patches/openobserve.yaml
View File

@ -13,21 +13,115 @@ spec:
deployment: deployment:
replicaCount: replicaCount:
_default: 1 _default: 1
podAnnotations:
_default: null
image:
name:
_default: public.ecr.aws/zinclabs/openobserve:v0.60.3
pullPolicy:
_default: IfNotPresent
envs: envs:
- name: ZO_HTTP_PORT - name: ZO_HTTP_PORT
value: value:
_default: "5080" _default: "5080"
- name: ZO_LOCAL_MODE - name: ZO_LOCAL_MODE
value: value:
_default: "true" _default: "false"
- name: ZO_META_STORE
value:
_default: postgres
- name: ZO_CLUSTER_COORDINATOR
value:
_default: nats
- name: ZO_NATS_REPLICAS
value:
_default: "1"
- name: ZO_S3_PROVIDER
value:
_default: s3
- name: ZO_S3_SERVER_URL
value:
_default: http://10.49.10.90:9000
- name: ZO_S3_BUCKET_NAME
value:
_default: openobserve
- name: ZO_S3_REGION_NAME
value:
_default: ru-central1
- name: ZO_TELEMETRY - name: ZO_TELEMETRY
value: value:
_default: "false" _default: "false"
secretEnvs:
- name: ZO_ROOT_USER_EMAIL
secretName:
_default: openobserve-secret
secretKey: ZO_ROOT_USER_EMAIL
- name: ZO_ROOT_USER_PASSWORD
secretName:
_default: openobserve-secret
secretKey: ZO_ROOT_USER_PASSWORD
- name: ZO_META_POSTGRES_DSN
secretName:
_default: openobserve-secret
secretKey: ZO_META_POSTGRES_DSN
- name: ZO_NATS_ADDR
secretName:
_default: openobserve-secret
secretKey: ZO_NATS_ADDR
- name: PGHOST
secretName:
_default: openobserve-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: openobserve-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: openobserve-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: openobserve-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: openobserve-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: openobserve-secret
secretKey: PGSSLMODE
- name: ZO_S3_ACCESS_KEY
secretName:
_default: openobserve-secret
secretKey: ZO_S3_ACCESS_KEY
- name: ZO_S3_SECRET_KEY
secretName:
_default: openobserve-secret
secretKey: ZO_S3_SECRET_KEY
serviceAccount:
enabled: true
name:
_default: openobserve
openobserve: openobserve:
secret: secret:
create: true create: true
data:
ZO_ROOT_USER_EMAIL: admin@grafana-srx.wb.ru
PGHOST: sarex-vpsql-01.xc.wb.ru
PGPORT: "5432"
PGDATABASE: openobserve
PGUSER: openobserve
PGSSLMODE: disable
ZO_NATS_ADDR: nats://openobserve-nats:4222
nats: nats:
enabled: false enabled: true
replicaCount: 1
persistence:
enabled: true
size: 10Gi
storageClassName: local-path
otelCollector: otelCollector:
enabled: false enabled: false
vault: vault:

2
infrastructure/glitchtip/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart: chart:
spec: spec:
chart: glitchtip chart: glitchtip
version: "0.1.8" version: "0.1.9"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts

2
infrastructure/openobserve/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart: chart:
spec: spec:
chart: openobserve chart: openobserve
version: "0.1.10" version: "0.1.11"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts