stuff

2020-06-25 11:45:07 +02:00
parent 86ab365f03
commit b63246be9e
19 changed files with 459 additions and 2 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -31,3 +31,9 @@
 [submodule "mosquitto/charts"]
 	path = mosquitto/charts
 	url = https://github.com/smizy/charts.git
+[submodule "external-storage"]
+	path = external-storage
+	url = https://github.com/kubernetes-incubator/external-storage.git
+[submodule "mosquitto-exporter"]
+	path = mosquitto-exporter
+	url = https://github.com/sapcc/mosquitto-exporter.git
--- a/dashboard-adminuser-serviceaccount.yaml
+++ b/dashboard-adminuser-serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
--- a/dashboard-ingress.yaml
+++ b/dashboard-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: k8s-dashboard
+  namespace: kubernetes-dashboard
+spec:
+  rules:
+  - host: k8s-dashboard.lan 
+    http:
+      paths:
+      - backend:
+          serviceName: kubernetes-dashboard 
+          servicePort: http
+        path: /
+        pathType: ImplementationSpecific
+status:
+  loadBalancer: {}
+
--- a/2
+++ b/2
--- a/external-dns/values.yaml
+++ b/external-dns/values.yaml
@@ -0,0 +1,215 @@
+# Default values for coredns.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: coredns/coredns
+  tag: "1.6.9"
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+serviceType: "ClusterIP"
+
+prometheus:
+  monitor:
+    enabled: false
+    additionalLabels: {}
+    namespace: ""
+
+service:
+# clusterIP: ""
+# loadBalancerIP: ""
+# externalTrafficPolicy: ""
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9153"
+
+serviceAccount:
+  create: false
+  # The name of the ServiceAccount to use
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+rbac:
+  # If true, create & use RBAC resources
+  create: true
+  # If true, create and use PodSecurityPolicy
+  pspEnable: false
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  # name:
+
+# isClusterService specifies whether chart should be deployed as cluster-service or normal k8s app.
+isClusterService: false 
+
+# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
+priorityClassName: ""
+
+# Default zone is what Kubernetes recommends:
+# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
+servers:
+- zones:
+  - zone: .
+  port: 53
+  plugins:
+  - name: errors
+  # Serves a /health endpoint on :8080, required for livenessProbe
+  - name: health
+    configBlock: |-
+      lameduck 5s
+  # Serves a /ready endpoint on :8181, required for readinessProbe
+  - name: ready
+  # Required to query kubernetes API for data
+  - name: kubernetes
+    parameters: cluster.local in-addr.arpa ip6.arpa
+    configBlock: |-
+      pods insecure
+      fallthrough in-addr.arpa ip6.arpa
+      ttl 30
+  # Serves a /metrics endpoint on :9153, required for serviceMonitor
+  - name: prometheus
+    parameters: 0.0.0.0:9153
+  - name: forward
+    parameters: . /etc/resolv.conf
+  - name: cache
+    parameters: 30
+  - name: loop
+  - name: reload
+  - name: loadbalance
+
+# Complete example with all the options:
+# - zones:                 # the `zones` block can be left out entirely, defaults to "."
+#   - zone: hello.world.   # optional, defaults to "."
+#     scheme: tls://       # optional, defaults to "" (which equals "dns://" in CoreDNS)
+#   - zone: foo.bar.
+#     scheme: dns://
+#     use_tcp: true        # set this parameter to optionally expose the port on tcp as well as udp for the DNS protocol
+#                          # Note that this will not work if you are also exposing tls or grpc on the same server
+#   port: 12345            # optional, defaults to "" (which equals 53 in CoreDNS)
+#   plugins:               # the plugins to use for this server block
+#   - name: kubernetes     # name of plugin, if used multiple times ensure that the plugin supports it!
+#     parameters: foo bar  # list of parameters after the plugin
+#     configBlock: |-      # if the plugin supports extra block style config, supply it here
+#       hello world
+#       foo bar
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
+# for example:
+#   affinity:
+#     nodeAffinity:
+#      requiredDuringSchedulingIgnoredDuringExecution:
+#        nodeSelectorTerms:
+#        - matchExpressions:
+#          - key: foo.bar.com/role
+#            operator: In
+#            values:
+#            - master
+affinity: {}
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
+# for example:
+#   tolerations:
+#   - key: foo.bar.com/role
+#     operator: Equal
+#     value: master
+#     effect: NoSchedule
+tolerations: []
+
+# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+podDisruptionBudget: {}
+
+# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
+zoneFiles: []
+#  - filename: example.db
+#    domain: example.com
+#    contents: |
+#      example.com.   IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
+#      example.com.   IN NS  b.iana-servers.net.
+#      example.com.   IN NS  a.iana-servers.net.
+#      example.com.   IN A   192.168.99.102
+#      *.example.com. IN A   192.168.99.102
+
+# optional array of extra volumes to create
+extraVolumes: []
+# - name: some-volume-name
+#   emptyDir: {}
+# optional array of mount points for extraVolumes
+extraVolumeMounts: []
+# - name: some-volume-name
+#   mountPath: /etc/wherever
+
+# optional array of secrets to mount inside coredns container
+# possible usecase: need for secure connection with etcd backend
+extraSecrets: []
+# - name: etcd-client-certs
+#   mountPath: /etc/coredns/tls/etcd
+# - name: some-fancy-secret
+#   mountPath: /etc/wherever
+
+# Custom labels to apply to Deployment, Pod, Service, ServiceMonitor. Including autoscaler if enabled.
+customLabels: {}
+
+## Configue a cluster-proportional-autoscaler for coredns
+# See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
+autoscaler:
+  # Enabled the cluster-proportional-autoscaler
+  enabled: false
+
+  # Number of cores in the cluster per coredns replica
+  coresPerReplica: 256
+  # Number of nodes in the cluster per coredns replica
+  nodesPerReplica: 16
+  # Min size of replicaCount
+  min: 0
+  # Max size of replicaCount (default of 0 is no max)
+  max: 0
+  # Whether to include unschedulable nodes in the nodes/cores calculations - this requires version 1.8.0+ of the autoscaler
+  includeUnschedulableNodes: false
+  # If true does not allow single points of failure to form
+  preventSinglePointFailure: true
+
+  image:
+    repository: k8s.gcr.io/cluster-proportional-autoscaler-amd64
+    tag: "1.8.0"
+    pullPolicy: IfNotPresent
+
+  # Optional priority class to be used for the autoscaler pods. priorityClassName used if not set.
+  priorityClassName: ""
+
+  # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
+  affinity: {}
+
+  # Node labels for pod assignment
+  # Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  nodeSelector: {}
+
+  # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
+  tolerations: []
+
+  # resources for autoscaler pod
+  resources:
+    requests:
+      cpu: "20m"
+      memory: "10Mi"
+    limits:
+      cpu: "20m"
+      memory: "10Mi"
+
+  # Options for autoscaler configmap
+  configmap:
+    ## Annotations for the coredns-autoscaler configmap
+    # i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
+    annotations: {}
--- a/1
+++ b/1
--- a/grafana-storage.yaml
+++ b/grafana-storage.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana-storage
+  namespace: monitoring
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+spec:
+  storageClassName: fast
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
--- a/kube-dns-loadbalancer-svc.yaml
+++ b/kube-dns-loadbalancer-svc.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns-tcp
+  namespace: kube-system
+  annotations:
+    metallb.universe.tf/address-pool: default
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+spec:
+  selector:
+    k8s-app: kube-dns
+  ports:
+    - protocol: TCP
+      port: 53
+      targetPort: 53
+  type: LoadBalancer
+  loadBalancerIP: 172.23.255.253
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns-udp
+  namespace: kube-system
+  annotations:
+    metallb.universe.tf/address-pool: default
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+spec:
+  selector:
+    k8s-app: kube-dns
+  ports:
+    - protocol: UDP
+      port: 53
+      targetPort: 53
+  type: LoadBalancer
+  loadBalancerIP: 172.23.255.253
--- a/metallb-address-pool.yaml
+++ b/metallb-address-pool.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+        namespace: metallb-system
+        name: config
+data:
+        config: |
+          address-pools:
+          - name: default
+            protocol: layer2
+            addresses:
+            - 172.23.255.1-172.23.255.254 
--- a/1
+++ b/1
--- a/mosquitto/charts
+++ b/mosquitto/charts
--- a/pihole-ingress.yaml
+++ b/pihole-ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: pihole 
+  annotations:
+      nginx.ingress.kubernetes.io/rewrite-target: /admin/$1
+spec:
+  rules:
+  - host: pihole.lan
+    http:
+        paths:
+        - backend:
+            serviceName: pihole-tcp
+            servicePort: http
+          path: /(.*)
+          pathType: ImplementationSpecific
--- a/pihole-pvc.yaml
+++ b/pihole-pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pihole-data 
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+spec:
+  storageClassName: fast
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
--- a/prometheus/README.md
+++ b/prometheus/README.md
@@ -0,0 +1,5 @@
+from :https://github.com/coreos/prometheus-operator/blob/master/Documentation/additional-scrape-config.md
+# create new secret:
+kubectl create secret generic additional-scrape-configs --from-file=prometheus-additional.yaml --dry-run -oyaml > additional-scrape-configs.yaml
+# add "namespace: monitoring"
+# apply
--- a/prometheus/additional-scrape-configs.yaml
+++ b/prometheus/additional-scrape-configs.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  prometheus-additional.yaml: LSBqb2JfbmFtZTogbXlzcWxkCiAgc3RhdGljX2NvbmZpZ3M6CiAgLSB0YXJnZXRzOgogICAgLSBtYXJpYWRiLmxhbjo5MTA0Ci0gam9iX25hbWU6IG1xdHQubW9zcXVpdHRvCiAgc3RhdGljX2NvbmZpZ3M6CiAgLSB0YXJnZXRzOgogICAgLSBtcXR0Lmxhbjo5MjM0Ci0gam9iX25hbWU6IGhhcHJveHkKICBzdGF0aWNfY29uZmlnczoKICAtIHRhcmdldHM6CiAgICAtIGRydWNraS5jaGFvczo5MTAxCiAgICAtIHJpb3QwMS5jaGFvczo5MTAxCi0gam9iX25hbWU6IGtsaXBwZXIKICBzdGF0aWNfY29uZmlnczoKICAtIHRhcmdldHM6CiAgICAtIGRydWNraS5jaGFvczozOTAzCi0gam9iX25hbWU6IG9jdG9wcmludAogIG1ldHJpY3NfcGF0aDogL3BsdWdpbi9wcm9tZXRoZXVzX2V4cG9ydGVyL21ldHJpY3MKICBwYXJhbXM6CiAgICBhcGlrZXk6CiAgICAtIDMwRThCMDFCRkQ2NzRFNUJCRDQ0NkQwOEM0NzMwREY0CiAgc3RhdGljX2NvbmZpZ3M6CiAgLSB0YXJnZXRzOgogICAgLSBkcnVja2kuY2hhb3M6ODAKLSBqb2JfbmFtZTogb3BlbmhhYjIKICBtZXRyaWNzX3BhdGg6IC8KICBzdGF0aWNfY29uZmlnczoKICAtIHRhcmdldHM6CiAgICAtIGF1dG8uY2hhb3M6OTk5OQotIGpvYl9uYW1lOiBub2RlCiAgc3RhdGljX2NvbmZpZ3M6CiAgLSB0YXJnZXRzOgogICAgLSBkdW1vbnQuY2hhb3M6OTEwMAogICAgLSBhdXRvMDE6OTEwMAogICAgLSBkcnVja2kuY2hhb3M6OTEwMAogICAgLSBlYmluMDEuY2hhb3M6OTEwMAogICAgLSBlYmluMDIuY2hhb3M6OTEwMAogICAgLSBsZW5ueS5jaGFvczo5MTAwCiAgICAtIHJpb3QwMS5jaGFvczo5MTAwCiAgICAtIHRydWhlOjkxMDAKICAgIC0gdHVtb3IuY2hhb3M6OTEwMAogICAgLSB3b2huejo5MTAwCiAgICAtIHlvcmkuY2hhb3M6OTEwMAo=
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: additional-scrape-configs
+  namespace: monitoring
--- a/prometheus/prometheus-additional.yaml
+++ b/prometheus/prometheus-additional.yaml
@@ -0,0 +1,44 @@
+- job_name: mysqld
+  static_configs:
+  - targets:
+    - mariadb.lan:9104
+- job_name: mqtt.mosquitto
+  static_configs:
+  - targets:
+    - mqtt.lan:9234
+- job_name: haproxy
+  static_configs:
+  - targets:
+    - drucki.chaos:9101
+    - riot01.chaos:9101
+- job_name: klipper
+  static_configs:
+  - targets:
+    - drucki.chaos:3903
+- job_name: octoprint
+  metrics_path: /plugin/prometheus_exporter/metrics
+  params:
+    apikey:
+    - 30E8B01BFD674E5BBD446D08C4730DF4
+  static_configs:
+  - targets:
+    - drucki.chaos:80
+- job_name: openhab2
+  metrics_path: /
+  static_configs:
+  - targets:
+    - auto.chaos:9999
+- job_name: node
+  static_configs:
+  - targets:
+    - dumont.chaos:9100
+    - auto01:9100
+    - drucki.chaos:9100
+    - ebin01.chaos:9100
+    - ebin02.chaos:9100
+    - lenny.chaos:9100
+    - riot01.chaos:9100
+    - truhe:9100
+    - tumor.chaos:9100
+    - wohnz:9100
+    - yori.chaos:9100
--- a/prometheus/prometheus-pvc.yaml
+++ b/prometheus/prometheus-pvc.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prometheus-k8s-db-prometheus-k8s-0 
+  namespace: monitoring
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+spec:
+  storageClassName: fast
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
--- a/pv-fast.yaml
+++ b/pv-fast.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: grafana-storage
+spec:
+  capacity:
+    storage: 5Gi # Doesn't really matter, as EFS does not enforce it anyway
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - timeo=300
+    - retrans=2
+  nfs:
+    path: /k8s-data-fast/grafana
+    server: ebin01.chaos 
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prometheus-k8s-db-prometheus-k8s-0 
+spec:
+  capacity:
+    storage: 50Gi # Doesn't really matter, as EFS does not enforce it anyway
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - timeo=300
+    - retrans=2
+  nfs:
+    path: /k8s-data-fast/prometheus
+    server: ebin02.chaos 
--- a/storage-classes.yaml
+++ b/storage-classes.yaml
@@ -0,0 +1,9 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fast
+  annotations:
+    storageclass.kubernetes.io/is-default-class: true
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain