home_lab/k8s_flux_infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixin

Browse Source
This commit is contained in:
V 2025-11-15 21:55:53 +00:00
parent c3f078539a
commit b52c4d45ef
19 changed files with 3678 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1383
components/monitoring/configs/base/dashboards/cluster.json Normal file
View File

File diff suppressed because it is too large Load Diff

1730
components/monitoring/configs/base/dashboards/control-plane.json Normal file
View File

File diff suppressed because it is too large Load Diff

15
components/monitoring/configs/base/kustomization.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- podmonitor.yaml
configMapGenerator:
- name: flux-grafana-dashboards
files:
- dashboards/control-plane.json
- dashboards/cluster.json
options:
labels:
grafana_dashboard: "1"
app.kubernetes.io/part-of: flux
app.kubernetes.io/component: monitoring

24
components/monitoring/configs/base/podmonitor.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: flux-system
labels:
app.kubernetes.io/part-of: flux
app.kubernetes.io/component: monitoring
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchExpressions:
- key: app
operator: In
values:
- helm-controller
- source-controller
- kustomize-controller
- notification-controller
- image-automation-controller
- image-reflector-controller
podMetricsEndpoints:
- port: http-prom

4
components/monitoring/configs/dev-amd64/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base

4
components/monitoring/configs/dev-arm64/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base

5
components/monitoring/controllers/base/.sops.yaml Normal file
View File

@ -0,0 +1,5 @@
creation_rules:
- path_regex: kube-prometheus-stack.yaml$
encrypted_regex: "^(values)$"
age:
- age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq

88
components/monitoring/controllers/base/kube-prometheus-stack.yaml Normal file
View File

@ -0,0 +1,88 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: prometheus-community
spec:
interval: 12h
type: oci
url: oci://ghcr.io/prometheus-community/charts
sops:
age:
- recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK
SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4
WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1
aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c
UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-15T21:55:33Z"
mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str]
encrypted_regex: ^(values)$
version: 3.11.0
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kube-prometheus-stack
spec:
serviceAccountName: flux
interval: 1h
chart:
spec:
version: 79.4.1
chart: kube-prometheus-stack
sourceRef:
kind: HelmRepository
name: prometheus-community
interval: 12h
install:
crds: Create
timeout: 9m
upgrade:
crds: CreateReplace
timeout: 9m
driftDetection:
mode: enabled
ignore:
- paths:
- /metadata/annotations/prometheus-operator-validated
target:
kind: PrometheusRule
valuesFrom:
- kind: ConfigMap
name: flux-kube-state-metrics-config
valuesKey: kube-state-metrics-config.yaml
values:
alertmanager:
enabled: ENC[AES256_GCM,data:Zn/Z7mM=,iv:IgjdHi9neAE6zBl8fh2vZzKjWK0uyYwaFiwAaWGNsn0=,tag:nPKyaDGD/gF5pSLaFaFIwA==,type:bool]
prometheus:
prometheusSpec:
retention: ENC[AES256_GCM,data:JNxX,iv:OdccSVIP3Cwuw5IvgopUqD+PqwopJ6uNz3pNqTiROsE=,tag:3MHC/iAP+hbs2ENHgfcPwQ==,type:str]
resources:
requests:
cpu: ENC[AES256_GCM,data:w5nT5Q==,iv:2KCf5LnI+81UVruK2PAnZf/jllU3m6t6iIpzIhC7YjU=,tag:Cw1ScqWJrBoSrI07HFmNVg==,type:str]
memory: ENC[AES256_GCM,data:FygMqxI=,iv:EDey9YVLFE4rGBS6t+sdkdiMgy6pHbkTCZiP3t/ufV8=,tag:o55+b7C6KAShwe9PWtAzbQ==,type:str]
podMonitorNamespaceSelector: {}
podMonitorSelector:
matchLabels:
app.kubernetes.io/component: ENC[AES256_GCM,data:4d0Zmt3LGrMPtw==,iv:yC5C2DcLikC3vDzt3vxgmN7qbNrtXxOv3+P6qXahO/g=,tag:10rrR+f2XCFRfTrZFZibZQ==,type:str]
grafana:
defaultDashboardsEnabled: ENC[AES256_GCM,data:lKLSfOM=,iv:Wfm9WSrqA+0wjtV8NoEazPiI5HZ14GcVoHg1qN96w6E=,tag:L5S2poSh9mVuDlepD3cmKw==,type:bool]
adminPassword: ENC[AES256_GCM,data:8vu+mANLfCyz4u8jOQ==,iv:n/sp7MAHS5W1EMMD6muDDu2G8QT0MVW3NvmPGAptqNM=,tag:+0MLZWCXGEmirg+HnIRClQ==,type:str]
sops:
age:
- recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK
SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4
WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1
aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c
UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-15T21:55:33Z"
mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str]
encrypted_regex: ^(values)$
version: 3.11.0

277
components/monitoring/controllers/base/kube-state-metrics-config.yaml Normal file
View File

@ -0,0 +1,277 @@
kube-state-metrics:
# For kube-prometheus-stacks that are already installed and configured with
# custom collectors, commenting out the collectors and extraArgs below will
# retain any existing kube-state-metrics configuration.
collectors: [ ]
extraArgs:
- --custom-resource-state-only=true
rbac:
extraRules:
- apiGroups:
- source.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
- helm.toolkit.fluxcd.io
- notification.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
resources:
- gitrepositories
- buckets
- helmrepositories
- helmcharts
- ocirepositories
- kustomizations
- helmreleases
- alerts
- providers
- receivers
- imagerepositories
- imagepolicies
- imageupdateautomations
verbs: [ "list", "watch" ]
customResourceState:
enabled: true
config:
spec:
resources:
- groupVersionKind:
group: kustomize.toolkit.fluxcd.io
version: v1
kind: Kustomization
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux Kustomization resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, lastAppliedRevision ]
source_name: [ spec, sourceRef, name ]
- groupVersionKind:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux HelmRelease resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, history, "0", chartVersion ]
chart_name: [ status, history, "0", chartName ]
chart_app_version: [ status, history, "0", appVersion ]
chart_ref_name: [ spec, chartRef, name ]
chart_source_name: [ spec, chart, spec, sourceRef, name ]
- groupVersionKind:
group: source.toolkit.fluxcd.io
version: v1
kind: GitRepository
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux GitRepository resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, artifact, revision ]
url: [ spec, url ]
- groupVersionKind:
group: source.toolkit.fluxcd.io
version: v1beta2
kind: Bucket
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux Bucket resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, artifact, revision ]
endpoint: [ spec, endpoint ]
bucket_name: [ spec, bucketName ]
- groupVersionKind:
group: source.toolkit.fluxcd.io
version: v1
kind: HelmRepository
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux HelmRepository resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, artifact, revision ]
url: [ spec, url ]
- groupVersionKind:
group: source.toolkit.fluxcd.io
version: v1
kind: HelmChart
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux HelmChart resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, artifact, revision ]
chart_name: [ spec, chart ]
chart_version: [ spec, version ]
- groupVersionKind:
group: source.toolkit.fluxcd.io
version: v1beta2
kind: OCIRepository
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux OCIRepository resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
revision: [ status, artifact, revision ]
url: [ spec, url ]
- groupVersionKind:
group: notification.toolkit.fluxcd.io
version: v1beta3
kind: Alert
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux Alert resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
suspended: [ spec, suspend ]
- groupVersionKind:
group: notification.toolkit.fluxcd.io
version: v1beta3
kind: Provider
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux Provider resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
suspended: [ spec, suspend ]
- groupVersionKind:
group: notification.toolkit.fluxcd.io
version: v1
kind: Receiver
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux Receiver resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
webhook_path: [ status, webhookPath ]
- groupVersionKind:
group: image.toolkit.fluxcd.io
version: v1beta2
kind: ImageRepository
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux ImageRepository resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
image: [ spec, image ]
- groupVersionKind:
group: image.toolkit.fluxcd.io
version: v1beta2
kind: ImagePolicy
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux ImagePolicy resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
source_name: [ spec, imageRepositoryRef, name ]
- groupVersionKind:
group: image.toolkit.fluxcd.io
version: v1beta2
kind: ImageUpdateAutomation
metricNamePrefix: gotk
metrics:
- name: "resource_info"
help: "The current state of a Flux ImageUpdateAutomation resource."
each:
type: Info
info:
labelsFromPath:
name: [ metadata, name ]
labelsFromPath:
exported_namespace: [ metadata, namespace ]
ready: [ status, conditions, "[type=Ready]", status ]
suspended: [ spec, suspend ]
source_name: [ spec, sourceRef, name ]

18
components/monitoring/controllers/base/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- namespace.yaml
- kube-prometheus-stack.yaml
- metrics-server.yaml
- rbac.yaml
configMapGenerator:
- name: flux-kube-state-metrics-config
files:
- kube-state-metrics-config.yaml
options:
labels:
app.kubernetes.io/part-of: flux
app.kubernetes.io/component: monitoring
configurations:
- kustomizeconfig.yaml

6
components/monitoring/controllers/base/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,6 @@
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- path: spec/valuesFrom/name
kind: HelmRelease

27
components/monitoring/controllers/base/metrics-server.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: metrics-server
spec:
interval: 1h
url: oci://ghcr.io/controlplaneio-fluxcd/charts/metrics-server
layerSelector:
mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
operation: copy
ref:
tag: "3.13.0" # {"$imagepolicy": "flux-system:metrics-server:tag"}
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: metrics-server
spec:
serviceAccountName: flux
interval: 1h
chartRef:
kind: OCIRepository
name: metrics-server
# https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/values.yaml
values:
args:
- --kubelet-insecure-tls

8
components/monitoring/controllers/base/namespace.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
app.kubernetes.io/component: monitoring
toolkit.fluxcd.io/tenant: platform-team
pod-security.kubernetes.io/enforce: privileged

25
components/monitoring/controllers/base/rbac.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: monitoring
toolkit.fluxcd.io/tenant: platform-team
name: flux-monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: flux
namespace: monitoring
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flux
namespace: monitoring
labels:
app.kubernetes.io/component: monitoring
toolkit.fluxcd.io/tenant: platform-team

22
components/monitoring/controllers/dev-amd64/kustomization.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches:
- patch: |
- op: replace
path: /spec/values/prometheus/prometheusSpec/retention
value: 24h
target:
kind: HelmRelease
name: kube-prometheus-stack
# Remove subcomponent based on environment
# - patch: |
# $patch: delete
# apiVersion: helm.toolkit.fluxcd.io/v2
# kind: HelmRelease
# metadata:
# name: metrics-server
# target:
# kind: HelmRelease
# name: metrics-server

22
components/monitoring/controllers/dev-arm64/kustomization.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches:
- patch: |
- op: replace
path: /spec/values/prometheus/prometheusSpec/retention
value: 24h
target:
kind: HelmRelease
name: kube-prometheus-stack
# Remove subcomponent based on environment
# - patch: |
# $patch: delete
# apiVersion: helm.toolkit.fluxcd.io/v2
# kind: HelmRelease
# metadata:
# name: metrics-server
# target:
# kind: HelmRelease
# name: metrics-server

0
update/monitoring/kustomization.yaml → update/kustomization.yaml
View File

0
update/monitoring/kyverno.yaml → update/kyverno.yaml
View File

20
update/metrics-server.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
name: metrics-server
spec:
image: "ghcr.io/controlplaneio-fluxcd/charts/metrics-server"
interval: 12h
provider: generic
---
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImagePolicy
metadata:
name: metrics-server
spec:
imageRepositoryRef:
name: metrics-server
policy:
semver:
range: ">=3.0.0"