diff --git a/clusters/wb/infrastructure/kustomization.yaml b/clusters/wb/infrastructure/kustomization.yaml index 0b69ebf..76c1ede 100644 --- a/clusters/wb/infrastructure/kustomization.yaml +++ b/clusters/wb/infrastructure/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ../../../infrastructure/istio-config - ../../../infrastructure/openobserve - ../../../infrastructure/vmstack - ../../../infrastructure/prometheus-stack @@ -10,6 +11,13 @@ resources: - ../../../infrastructure/kafka-exporter - ../../../infrastructure/postgres-exporter patches: + - path: ./patches/istio-config.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: istio-config + namespace: default - path: ./patches/openobserve.yaml target: group: helm.toolkit.fluxcd.io diff --git a/clusters/wb/infrastructure/patches/istio-config.yaml b/clusters/wb/infrastructure/patches/istio-config.yaml new file mode 100644 index 0000000..2cd2460 --- /dev/null +++ b/clusters/wb/infrastructure/patches/istio-config.yaml @@ -0,0 +1,108 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-config + namespace: default +spec: + interval: 5m + timeout: 10m + dependsOn: [] + values: + global: + env: wb + environments: + wb: + namespaces: [] + certManager: + clusterIssuers: {} + certificates: {} + istio: + envoyFilters: {} + authorizationPolicies: {} + requestAuthentications: {} + gateways: + gitea: + name: gitea-gw + namespace: gateway + selector: + istio: ingressgateway + servers: + - hosts: + - gitea-srx.wb.ru + tls: + credentialName: istio-gateway-wildcard-cert + grafana: + name: grafana-gw + namespace: gateway + selector: + istio: ingressgateway + servers: + - hosts: + - grafana-srx.wb.ru + tls: + credentialName: istio-gateway-wildcard-cert + openobserve: + name: openobserve-gw + namespace: gateway + selector: + istio: ingressgateway + servers: + - hosts: + - openobserve-srx.wb.ru + tls: + credentialName: istio-gateway-wildcard-cert + vmalert: + name: vmalert-gw + namespace: gateway + selector: + istio: ingressgateway + servers: + - hosts: + - vmalert-srx.wb.ru + tls: + credentialName: istio-gateway-wildcard-cert + virtualServices: + gitea-vs: + namespace: gitea + hosts: + - gitea-srx.wb.ru + gateways: + - gateway/gitea-gw + routes: + - path: + prefix: / + service: gitea.gitea.svc.cluster.local + port: 3000 + grafana-vs: + namespace: prometheus-stack + hosts: + - grafana-srx.wb.ru + gateways: + - gateway/grafana-gw + routes: + - path: + prefix: / + service: prometheus-stack-grafana.prometheus-stack.svc.cluster.local + port: 80 + openobserve-vs: + namespace: openobserve + hosts: + - openobserve-srx.wb.ru + gateways: + - gateway/openobserve-gw + routes: + - path: + prefix: / + service: openobserve-web.openobserve.svc.cluster.local + port: 5080 + vmalert-vs: + namespace: goalert + hosts: + - vmalert-srx.wb.ru + gateways: + - gateway/vmalert-gw + routes: + - path: + prefix: / + service: goalert.goalert.svc.cluster.local + port: 8081 diff --git a/clusters/wb/infrastructure/patches/openobserve.yaml b/clusters/wb/infrastructure/patches/openobserve.yaml index 11a0efb..3e45975 100644 --- a/clusters/wb/infrastructure/patches/openobserve.yaml +++ b/clusters/wb/infrastructure/patches/openobserve.yaml @@ -107,6 +107,8 @@ spec: openobserve: secret: create: true + extraNamespaces: + - opentelemetry-collector data: ZO_ROOT_USER_EMAIL: admin@grafana-srx.wb.ru PGHOST: sarex-vpsql-01.xc.wb.ru diff --git a/clusters/wb/infrastructure/patches/opentelemetry-collector.yaml b/clusters/wb/infrastructure/patches/opentelemetry-collector.yaml index 3ea14a9..8ebb15d 100644 --- a/clusters/wb/infrastructure/patches/opentelemetry-collector.yaml +++ b/clusters/wb/infrastructure/patches/opentelemetry-collector.yaml @@ -9,6 +9,12 @@ spec: values: mode: daemonset fullnameOverride: otel-collector + extraEnvs: + - name: OPENOBSERVE_BASIC_AUTH + valueFrom: + secretKeyRef: + name: openobserve-secret + key: OPENOBSERVE_BASIC_AUTH presets: logsCollection: enabled: true @@ -37,6 +43,8 @@ spec: exporters: otlphttp/openobserve: endpoint: http://openobserve.openobserve.svc.cluster.local:5080/api/default + headers: + Authorization: Basic ${env:OPENOBSERVE_BASIC_AUTH} tls: insecure: true service: diff --git a/clusters/wb/infrastructure/patches/prometheus-stack.yaml b/clusters/wb/infrastructure/patches/prometheus-stack.yaml index dbedcdf..a526963 100644 --- a/clusters/wb/infrastructure/patches/prometheus-stack.yaml +++ b/clusters/wb/infrastructure/patches/prometheus-stack.yaml @@ -24,6 +24,9 @@ spec: enabled: false grafana: enabled: true + adminUser: grafana-admin + admin: + existingSecret: "" persistence: enabled: true type: sts @@ -32,11 +35,7 @@ spec: - ReadWriteOnce size: 20Gi ingress: - enabled: true - ingressClassName: nginx - hosts: - - grafana-srx.wb.ru - path: / + enabled: false env: GF_SERVER_DOMAIN: grafana-srx.wb.ru GF_SERVER_ROOT_URL: https://grafana-srx.wb.ru/ diff --git a/clusters/wb/infrastructure/patches/vmstack.yaml b/clusters/wb/infrastructure/patches/vmstack.yaml index e9fa699..d6a6614 100644 --- a/clusters/wb/infrastructure/patches/vmstack.yaml +++ b/clusters/wb/infrastructure/patches/vmstack.yaml @@ -36,11 +36,7 @@ spec: extraArgs: external.url: https://vmalert-srx.wb.ru ingress: - enabled: true - ingressClassName: nginx - hosts: - - vmalert-srx.wb.ru - path: / + enabled: false alertmanager: enabled: true spec: diff --git a/infrastructure/openobserve/base/helmrelease.yaml b/infrastructure/openobserve/base/helmrelease.yaml index bf3361b..b92acab 100644 --- a/infrastructure/openobserve/base/helmrelease.yaml +++ b/infrastructure/openobserve/base/helmrelease.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: openobserve - version: "0.1.11" + version: "0.1.12" sourceRef: kind: HelmRepository name: yc-oci-charts