sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add WB Istio routes and OpenObserve log export

Browse Source
This commit is contained in:
Kochetkov S 2026-05-27 11:30:23 +03:00
parent a4c7f745c2
commit afd4646137
7 changed files with 132 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
clusters/wb/infrastructure/kustomization.yaml
View File

@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../infrastructure/istio-config
- ../../../infrastructure/openobserve - ../../../infrastructure/openobserve
- ../../../infrastructure/vmstack - ../../../infrastructure/vmstack
- ../../../infrastructure/prometheus-stack - ../../../infrastructure/prometheus-stack
@ -10,6 +11,13 @@ resources:
- ../../../infrastructure/kafka-exporter - ../../../infrastructure/kafka-exporter
- ../../../infrastructure/postgres-exporter - ../../../infrastructure/postgres-exporter
patches: patches:
- path: ./patches/istio-config.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: istio-config
namespace: default
- path: ./patches/openobserve.yaml - path: ./patches/openobserve.yaml
target: target:
group: helm.toolkit.fluxcd.io group: helm.toolkit.fluxcd.io

108
clusters/wb/infrastructure/patches/istio-config.yaml Normal file
View File

@ -0,0 +1,108 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-config
namespace: default
spec:
interval: 5m
timeout: 10m
dependsOn: []
values:
global:
env: wb
environments:
wb:
namespaces: []
certManager:
clusterIssuers: {}
certificates: {}
istio:
envoyFilters: {}
authorizationPolicies: {}
requestAuthentications: {}
gateways:
gitea:
name: gitea-gw
namespace: gateway
selector:
istio: ingressgateway
servers:
- hosts:
- gitea-srx.wb.ru
tls:
credentialName: istio-gateway-wildcard-cert
grafana:
name: grafana-gw
namespace: gateway
selector:
istio: ingressgateway
servers:
- hosts:
- grafana-srx.wb.ru
tls:
credentialName: istio-gateway-wildcard-cert
openobserve:
name: openobserve-gw
namespace: gateway
selector:
istio: ingressgateway
servers:
- hosts:
- openobserve-srx.wb.ru
tls:
credentialName: istio-gateway-wildcard-cert
vmalert:
name: vmalert-gw
namespace: gateway
selector:
istio: ingressgateway
servers:
- hosts:
- vmalert-srx.wb.ru
tls:
credentialName: istio-gateway-wildcard-cert
virtualServices:
gitea-vs:
namespace: gitea
hosts:
- gitea-srx.wb.ru
gateways:
- gateway/gitea-gw
routes:
- path:
prefix: /
service: gitea.gitea.svc.cluster.local
port: 3000
grafana-vs:
namespace: prometheus-stack
hosts:
- grafana-srx.wb.ru
gateways:
- gateway/grafana-gw
routes:
- path:
prefix: /
service: prometheus-stack-grafana.prometheus-stack.svc.cluster.local
port: 80
openobserve-vs:
namespace: openobserve
hosts:
- openobserve-srx.wb.ru
gateways:
- gateway/openobserve-gw
routes:
- path:
prefix: /
service: openobserve-web.openobserve.svc.cluster.local
port: 5080
vmalert-vs:
namespace: goalert
hosts:
- vmalert-srx.wb.ru
gateways:
- gateway/vmalert-gw
routes:
- path:
prefix: /
service: goalert.goalert.svc.cluster.local
port: 8081

2
clusters/wb/infrastructure/patches/openobserve.yaml
View File

@ -107,6 +107,8 @@ spec:
openobserve: openobserve:
secret: secret:
create: true create: true
extraNamespaces:
- opentelemetry-collector
data: data:
ZO_ROOT_USER_EMAIL: admin@grafana-srx.wb.ru ZO_ROOT_USER_EMAIL: admin@grafana-srx.wb.ru
PGHOST: sarex-vpsql-01.xc.wb.ru PGHOST: sarex-vpsql-01.xc.wb.ru

8
clusters/wb/infrastructure/patches/opentelemetry-collector.yaml
View File

@ -9,6 +9,12 @@ spec:
values: values:
mode: daemonset mode: daemonset
fullnameOverride: otel-collector fullnameOverride: otel-collector
extraEnvs:
- name: OPENOBSERVE_BASIC_AUTH
valueFrom:
secretKeyRef:
name: openobserve-secret
key: OPENOBSERVE_BASIC_AUTH
presets: presets:
logsCollection: logsCollection:
enabled: true enabled: true
@ -37,6 +43,8 @@ spec:
exporters: exporters:
otlphttp/openobserve: otlphttp/openobserve:
endpoint: http://openobserve.openobserve.svc.cluster.local:5080/api/default endpoint: http://openobserve.openobserve.svc.cluster.local:5080/api/default
headers:
Authorization: Basic ${env:OPENOBSERVE_BASIC_AUTH}
tls: tls:
insecure: true insecure: true
service: service:

9
clusters/wb/infrastructure/patches/prometheus-stack.yaml
View File

@ -24,6 +24,9 @@ spec:
enabled: false enabled: false
grafana: grafana:
enabled: true enabled: true
adminUser: grafana-admin
admin:
existingSecret: ""
persistence: persistence:
enabled: true enabled: true
type: sts type: sts
@ -32,11 +35,7 @@ spec:
- ReadWriteOnce - ReadWriteOnce
size: 20Gi size: 20Gi
ingress: ingress:
enabled: true enabled: false
ingressClassName: nginx
hosts:
- grafana-srx.wb.ru
path: /
env: env:
GF_SERVER_DOMAIN: grafana-srx.wb.ru GF_SERVER_DOMAIN: grafana-srx.wb.ru
GF_SERVER_ROOT_URL: https://grafana-srx.wb.ru/ GF_SERVER_ROOT_URL: https://grafana-srx.wb.ru/

6
clusters/wb/infrastructure/patches/vmstack.yaml
View File

@ -36,11 +36,7 @@ spec:
extraArgs: extraArgs:
external.url: https://vmalert-srx.wb.ru external.url: https://vmalert-srx.wb.ru
ingress: ingress:
enabled: true enabled: false
ingressClassName: nginx
hosts:
- vmalert-srx.wb.ru
path: /
alertmanager: alertmanager:
enabled: true enabled: true
spec: spec:

2
infrastructure/openobserve/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart: chart:
spec: spec:
chart: openobserve chart: openobserve
version: "0.1.11" version: "0.1.12"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts