From 1f2b764e34c2bc4ae5764d968d075ae55138fca1 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Tue, 14 Apr 2026 00:41:02 +0000 Subject: [PATCH] chore: Update manifests after change --- .../manifests/blocky/ConfigMap-blocky.yaml | 1 + .../manifests/blocky/Deployment-blocky.yaml | 2 +- .../manifests/gatus/ConfigMap-gatus.yaml | 13 +- .../manifests/gatus/Deployment-gatus.yaml | 2 +- .../homepage/ConfigMap-homepage.yaml | 18 +- .../homepage/Deployment-homepage.yaml | 2 +- ...r-sparkyfitness-postgresql-18-cluster.yaml | 57 ++++ ...ConfigMap-sparkyfitness-server-config.yaml | 31 ++ .../Deployment-sparkyfitness-frontend.yaml | 93 ++++++ .../Deployment-sparkyfitness-server.yaml | 135 +++++++++ ...ternalSecret-sparkyfitness-key-secret.yaml | 22 ++ ...ernalSecret-sparkyfitness-oidc-secret.yaml | 22 ++ ...tgresql-18-backup-garage-local-secret.yaml | 38 +++ ...fitness-postgresql-18-recovery-secret.yaml | 38 +++ ...-server-backup-backup-secret-external.yaml | 58 ++++ ...ess-server-backup-backup-secret-local.yaml | 58 ++++ ...ss-server-backup-backup-secret-remote.yaml | 58 ++++ .../HTTPRoute-sparkyfitness.yaml | 23 ++ ...ess-postgresql-18-backup-garage-local.yaml | 33 +++ ...-sparkyfitness-postgresql-18-recovery.yaml | 32 +++ ...lumeClaim-sparkyfitness-server-backup.yaml | 17 ++ ...umeClaim-sparkyfitness-server-uploads.yaml | 17 ++ ...arkyfitness-postgresql-18-alert-rules.yaml | 270 ++++++++++++++++++ ...-server-backup-backup-source-external.yaml | 29 ++ ...ess-server-backup-backup-source-local.yaml | 29 ++ ...ss-server-backup-backup-source-remote.yaml | 29 ++ ...resql-18-scheduled-backup-live-backup.yaml | 24 ++ .../Service-sparkyfitness-frontend.yaml | 21 ++ .../Service-sparkyfitness-server.yaml | 21 ++ ...ServiceAccount-sparkyfitness-frontend.yaml | 11 + .../ServiceAccount-sparkyfitness-server.yaml | 11 + 31 files changed, 1204 insertions(+), 11 deletions(-) create mode 100644 clusters/cl01tl/manifests/sparkyfitness/Cluster-sparkyfitness-postgresql-18-cluster.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ConfigMap-sparkyfitness-server-config.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-frontend.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-server.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-key-secret.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-oidc-secret.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-backup-garage-local-secret.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-recovery-secret.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-external.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-remote.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/HTTPRoute-sparkyfitness.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-backup-garage-local.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-recovery.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-backup.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-uploads.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/PrometheusRule-sparkyfitness-postgresql-18-alert-rules.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-external.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-remote.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ScheduledBackup-sparkyfitness-postgresql-18-scheduled-backup-live-backup.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-frontend.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-server.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-frontend.yaml create mode 100644 clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-server.yaml diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index 52c6db9dc..d5e499669 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -149,6 +149,7 @@ data: sonarr IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl + sparkyfitness IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index c79edf81b..60401eddf 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: efcf1edf529a57d14351e68c54b80821293ffd06322973fbb96cc432a9014b09 + checksum/configMaps: f8de88b5a9037f61f1dd5bd0dae68035d99dc8758c173b69f06a55a2b1d93304 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index e7a968a14..125bb9f93 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -193,8 +193,8 @@ data: - '[CERTIFICATE_EXPIRATION] > 240h' group: core interval: 30s - name: roundcube - url: https://mail.alexlebens.net + name: sparkyfitness + url: https://sparkyfitness.alexlebens.net - alerts: - type: ntfy conditions: @@ -357,6 +357,15 @@ data: interval: 30s name: authentik url: https://authentik.alexlebens.net + - alerts: + - type: ntfy + conditions: + - '[STATUS] == 200' + - '[CERTIFICATE_EXPIRATION] > 240h' + group: core + interval: 30s + name: roundcube + url: https://mail.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index 206053bfc..66ce348df 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: 05213f56dc4393f377b38aa9a0eeee4a8633a07094e095f9690e2aba53902cbf + checksum/config: fa939ee3306d395924758008b12352f8785d18da1ed5c5728b9a62facdfed267 spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 2e7008daf..63774ba9e 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -215,11 +215,11 @@ data: href: https://searxng.alexlebens.net/ siteMonitor: http://searxng-browser.searxng:80 statusStyle: dot - - Email: - icon: sh-roundcube.webp - description: Roundcube - href: https://mail.alexlebens.net - siteMonitor: http://roundcube.roundcube:80 + - Fitness Tracker: + icon: sh-sparkyfitness.webp + description: Sparky Fitness + href: https://sparkyfitness.alexlebens.net + siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80 statusStyle: dot - Documents: icon: sh-paperless-ngx.webp @@ -417,7 +417,13 @@ data: href: https://authentik.alexlebens.net siteMonitor: http://authentik-server.authentik:80 statusStyle: dot - - Email: + - Email Client: + icon: sh-roundcube.webp + description: Roundcube + href: https://mail.alexlebens.net + siteMonitor: http://roundcube.roundcube:80 + statusStyle: dot + - Email Server: icon: sh-stalwart.webp description: Stalwart href: https://stalwart.alexlebens.net diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index a0cfbd70c..6df14b7ac 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 889405bdd0d5e6e81665a22fa1eb81842cfdd6da9d301a6f165843725191e6a5 + checksum/configMaps: 1191af1b56a3c06d7cc4f5ddf91144a1c682e9c3ca13a4d0eea26e148e2c6d50 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/sparkyfitness/Cluster-sparkyfitness-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/sparkyfitness/Cluster-sparkyfitness-postgresql-18-cluster.yaml new file mode 100644 index 000000000..4b9e45126 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/Cluster-sparkyfitness-postgresql-18-cluster.yaml @@ -0,0 +1,57 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: sparkyfitness-postgresql-18-cluster + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-postgresql-18-cluster + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + instances: 3 + imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie" + imagePullPolicy: IfNotPresent + postgresUID: 26 + postgresGID: 26 + storage: + size: 10Gi + storageClass: local-path + walStorage: + size: 2Gi + storageClass: local-path + resources: + limits: + hugepages-2Mi: 256Mi + requests: + cpu: 20m + memory: 80Mi + affinity: + enablePodAntiAffinity: true + topologyKey: kubernetes.io/hostname + primaryUpdateMethod: switchover + primaryUpdateStrategy: unsupervised + logLevel: info + enableSuperuserAccess: false + enablePDB: true + postgresql: + parameters: + hot_standby_feedback: "on" + max_slot_wal_keep_size: 2000MB + shared_buffers: 128MB + monitoring: + enablePodMonitor: true + disableDefaultQueries: false + plugins: + - name: barman-cloud.cloudnative-pg.io + enabled: true + isWALArchiver: true + parameters: + barmanObjectName: "sparkyfitness-postgresql-18-backup-garage-local" + serverName: "sparkyfitness-postgresql-18-backup-1" + bootstrap: + initdb: + database: app + owner: app diff --git a/clusters/cl01tl/manifests/sparkyfitness/ConfigMap-sparkyfitness-server-config.yaml b/clusters/cl01tl/manifests/sparkyfitness/ConfigMap-sparkyfitness-server-config.yaml new file mode 100644 index 000000000..b22a1a602 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ConfigMap-sparkyfitness-server-config.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sparkyfitness-server-config + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +data: + NODE_ENV: "production" + TZ: "America/Chicago" + SPARKY_FITNESS_LOG_LEVEL: "info" + SPARKY_FITNESS_DB_HOST: "sparkyfitness-postgresql-18-cluster-rw" + SPARKY_FITNESS_DB_PORT: "5432" + SPARKY_FITNESS_DB_NAME: "app" + SPARKY_FITNESS_FRONTEND_URL: "https://sparkyfitness.alexlebens.net" + SPARKY_FITNESS_DISABLE_SIGNUP: "false" + ALLOW_PRIVATE_NETWORK_CORS: "true" + SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS: "https://sparkyfitness.alexlebens.net" + SPARKY_FITNESS_FORCE_EMAIL_LOGIN: "true" + SPARKY_FITNESS_DISABLE_EMAIL_LOGIN: "false" + SPARKY_FITNESS_OIDC_AUTH_ENABLED: "true" + SPARKY_FITNESS_OIDC_PROVIDER_SLUG: "sparky-fitness" + SPARKY_FITNESS_OIDC_PROVIDER_NAME: "Authentik" + SPARKY_FITNESS_OIDC_ISSUER_URL: "https://authentik.alexlebens.net" + SPARKY_FITNESS_OIDC_SCOPE: "openid email profile" + SPARKY_FITNESS_OIDC_AUTO_REGISTER: "true" + SPARKY_FITNESS_OIDC_AUTO_REDIRECT: "false" + SPARKY_FITNESS_OIDC_LOGO_URL: "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp" diff --git a/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-frontend.yaml b/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-frontend.yaml new file mode 100644 index 000000000..7c2f9d484 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-frontend.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sparkyfitness-frontend + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: frontend +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: frontend + template: + metadata: + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: frontend + spec: + serviceAccountName: sparkyfitness-frontend + securityContext: + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + containers: + - name: frontend + image: ghcr.io/codewithcj/sparkyfitness-server:v0.16.5.7@sha256:c57a0a07b3470bd0c280d63d02b45adfe7360441b396e9bd445d7b0d22823356 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 10 + env: + - name: SPARKY_FITNESS_FRONTEND_URL + value: "https://sparkyfitness.alexlebens.net" + - name: SPARKY_FITNESS_SERVER_HOST + value: sparkyfitness-server + - name: SPARKY_FITNESS_SERVER_PORT + value: "3010" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETUID + drop: + - ALL + readOnlyRootFilesystem: true + resources: + limits: {} + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - name: tmp + mountPath: /tmp + - name: nginx-cache + mountPath: /var/cache/nginx + - name: nginx-run + mountPath: /var/run + - name: nginx-conf + mountPath: /etc/nginx/conf.d + volumes: + - name: tmp + emptyDir: {} + - name: nginx-cache + emptyDir: {} + - name: nginx-run + emptyDir: {} + - name: nginx-conf + emptyDir: {} diff --git a/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-server.yaml b/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-server.yaml new file mode 100644 index 000000000..298737beb --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/Deployment-sparkyfitness-server.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sparkyfitness-server + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: server + template: + metadata: + annotations: + checksum/config: 7ee011b27eb2afafec798a38873ddb6cceeba9fcf9beba1b4b104fe5bc8baf71 + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: server + spec: + serviceAccountName: sparkyfitness-server + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: server + image: ghcr.io/codewithcj/sparkyfitness-server:v0.16.5.7@sha256:7cdb8cb3ae7f90c7590dac3b92cea3a8e24d51b28eb836a1f6d5201cd45bc080 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 3010 + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /api/health + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 10 + envFrom: + - configMapRef: + name: sparkyfitness-server-config + env: + - name: SPARKY_FITNESS_API_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: sparkyfitness-key-secret + key: api_encryption_key + - name: BETTER_AUTH_SECRET + valueFrom: + secretKeyRef: + name: sparkyfitness-key-secret + key: better_auth_secret + - name: SPARKY_FITNESS_APP_DB_USER + valueFrom: + secretKeyRef: + name: sparkyfitness-postgresql-18-cluster-app + key: username + - name: SPARKY_FITNESS_APP_DB_PASSWORD + valueFrom: + secretKeyRef: + name: sparkyfitness-postgresql-18-cluster-app + key: password + - name: SPARKY_FITNESS_DB_USER + valueFrom: + secretKeyRef: + name: sparkyfitness-postgresql-18-cluster-app + key: username + - name: SPARKY_FITNESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: sparkyfitness-postgresql-18-cluster-app + key: password + - name: SPARKY_FITNESS_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: sparkyfitness-oidc-secret + key: client_id + - name: SPARKY_FITNESS_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: sparkyfitness-oidc-secret + key: client_secret + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 1000 + resources: + limits: {} + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - name: backup + mountPath: /app/SparkyFitnessServer/backup + - name: uploads + mountPath: /app/SparkyFitnessServer/uploads + - name: temp-uploads + mountPath: /app/SparkyFitnessServer/temp_uploads + - name: tmp + mountPath: /tmp + volumes: + - name: backup + persistentVolumeClaim: + claimName: sparkyfitness-server-backup + - name: uploads + persistentVolumeClaim: + claimName: sparkyfitness-server-uploads + - name: temp-uploads + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-key-secret.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-key-secret.yaml new file mode 100644 index 000000000..c0ccad8b2 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-key-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-key-secret + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-key-secret + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: api_encryption_key + remoteRef: + key: /cl01tl/sparkyfitness/key + property: api_encryption_key + - secretKey: better_auth_secret + remoteRef: + key: /cl01tl/sparkyfitness/key + property: better_auth_secret diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-oidc-secret.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-oidc-secret.yaml new file mode 100644 index 000000000..5040a7436 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-oidc-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-oidc-secret + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-oidc-secret + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client_id + remoteRef: + key: /authentik/oidc/sparkyfitness + property: client + - secretKey: client_secret + remoteRef: + key: /authentik/oidc/sparkyfitness + property: secret diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-backup-garage-local-secret.yaml new file mode 100644 index 000000000..0ca6e2081 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-backup-garage-local-secret.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-postgresql-18-backup-garage-local-secret + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-postgresql-18-backup-garage-local-secret + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-recovery-secret.yaml new file mode 100644 index 000000000..670a92257 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-postgresql-18-recovery-secret.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-postgresql-18-recovery-secret + namespace: sparkyfitness + labels: + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-postgresql-18-recovery-secret +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-external.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-external.yaml new file mode 100644 index 000000000..05bc43888 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-external.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-server-backup-backup-secret-external + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup-secret-external +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sparkyfitness/sparkyfitness-server-backup" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-local.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-local.yaml new file mode 100644 index 000000000..3d333ee4a --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-server-backup-backup-secret-local + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sparkyfitness/sparkyfitness-server-backup" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-remote.yaml new file mode 100644 index 000000000..1eb997e90 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ExternalSecret-sparkyfitness-server-backup-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sparkyfitness-server-backup-backup-secret-remote + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sparkyfitness/sparkyfitness-server-backup" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sparkyfitness/HTTPRoute-sparkyfitness.yaml b/clusters/cl01tl/manifests/sparkyfitness/HTTPRoute-sparkyfitness.yaml new file mode 100644 index 000000000..3e8bb759a --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/HTTPRoute-sparkyfitness.yaml @@ -0,0 +1,23 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 +spec: + parentRefs: + - name: traefik-gateway + namespace: traefik + hostnames: + - "sparkyfitness.alexlebens.net" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: sparkyfitness-frontend + port: 80 diff --git a/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-backup-garage-local.yaml new file mode 100644 index 000000000..84bb6b5ba --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-backup-garage-local.yaml @@ -0,0 +1,33 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: sparkyfitness-postgresql-18-backup-garage-local + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-postgresql-18-backup-garage-local + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + retentionPolicy: 7d + instanceSidecarConfiguration: + env: + - name: AWS_REQUEST_CHECKSUM_CALCULATION + value: when_required + - name: AWS_RESPONSE_CHECKSUM_VALIDATION + value: when_required + configuration: + destinationPath: s3://postgres-backups/cl01tl/sparkyfitness/sparkyfitness-postgresql-18-cluster + endpointURL: http://garage-main.garage:3900 + s3Credentials: + accessKeyId: + name: sparkyfitness-postgresql-18-backup-garage-local-secret + key: ACCESS_KEY_ID + secretAccessKey: + name: sparkyfitness-postgresql-18-backup-garage-local-secret + key: ACCESS_SECRET_KEY + region: + name: sparkyfitness-postgresql-18-backup-garage-local-secret + key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-recovery.yaml new file mode 100644 index 000000000..d7a3d29a0 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ObjectStore-sparkyfitness-postgresql-18-recovery.yaml @@ -0,0 +1,32 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: "sparkyfitness-postgresql-18-recovery" + namespace: sparkyfitness + labels: + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: "sparkyfitness-postgresql-18-recovery" +spec: + configuration: + destinationPath: s3://postgres-backups/cl01tl/sparkyfitness/sparkyfitness-postgresql-18-cluster + endpointURL: http://garage-main.garage:3900 + wal: + compression: snappy + maxParallel: 1 + data: + compression: snappy + jobs: 1 + s3Credentials: + accessKeyId: + name: sparkyfitness-postgresql-18-recovery-secret + key: ACCESS_KEY_ID + secretAccessKey: + name: sparkyfitness-postgresql-18-recovery-secret + key: ACCESS_SECRET_KEY + region: + name: sparkyfitness-postgresql-18-recovery-secret + key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-backup.yaml b/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-backup.yaml new file mode 100644 index 000000000..17d80012a --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-backup.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sparkyfitness-server-backup + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-uploads.yaml b/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-uploads.yaml new file mode 100644 index 000000000..ef064e43e --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/PersistentVolumeClaim-sparkyfitness-server-uploads.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sparkyfitness-server-uploads + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/sparkyfitness/PrometheusRule-sparkyfitness-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/sparkyfitness/PrometheusRule-sparkyfitness-postgresql-18-alert-rules.yaml new file mode 100644 index 000000000..58277bfbd --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/PrometheusRule-sparkyfitness-postgresql-18-alert-rules.yaml @@ -0,0 +1,270 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: sparkyfitness-postgresql-18-alert-rules + namespace: sparkyfitness + labels: + app.kubernetes.io/name: sparkyfitness-postgresql-18-alert-rules + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + groups: + - name: cloudnative-pg/sparkyfitness-postgresql-18 + rules: + - alert: CNPGClusterBackendsWaitingWarning + annotations: + summary: CNPG Cluster a backend is waiting for longer than 5 minutes. + description: |- + Pod {{ $labels.pod }} + has been waiting for longer than 5 minutes + expr: | + cnpg_backends_waiting_total{namespace="sparkyfitness"} > 300 + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterDatabaseDeadlockConflictsWarning + annotations: + summary: CNPG Cluster has over 10 deadlock conflicts. + description: |- + There are over 10 deadlock conflicts in + {{ $labels.pod }} + expr: | + cnpg_pg_stat_database_deadlocks{namespace="sparkyfitness"} > 10 + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterHACritical + annotations: + summary: CNPG Cluster has no standby replicas! + description: |- + CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has no ready standby replicas. Your cluster at a severe + risk of data loss and downtime if the primary instance fails. + + The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint + will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main. + + This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less + instances. The replaced instance may need some time to catch-up with the cluster primary instance. + + This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this + case you may want to silence it. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md + expr: | + max by (job) (cnpg_pg_replication_streaming_replicas{namespace="sparkyfitness"} - cnpg_pg_replication_is_wal_receiver_up{namespace="sparkyfitness"}) < 1 + for: 5m + labels: + severity: critical + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterHAWarning + annotations: + summary: CNPG Cluster less than 2 standby replicas. + description: |- + CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has only {{`{{`}} $value {{`}}`}} standby replicas, putting + your cluster at risk if another instance fails. The cluster is still able to operate normally, although + the `-ro` and `-r` endpoints operate at reduced capacity. + + This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may + need some time to catch-up with the cluster primary instance. + + This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances. + In this case you may want to silence it. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md + expr: | + max by (job) (cnpg_pg_replication_streaming_replicas{namespace="sparkyfitness"} - cnpg_pg_replication_is_wal_receiver_up{namespace="sparkyfitness"}) < 2 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterHighConnectionsCritical + annotations: + summary: CNPG Instance maximum number of connections critical! + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of + the maximum number of connections. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md + expr: | + sum by (pod) (cnpg_backends_total{namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95 + for: 5m + labels: + severity: critical + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterHighConnectionsWarning + annotations: + summary: CNPG Instance is approaching the maximum number of connections. + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of + the maximum number of connections. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md + expr: | + sum by (pod) (cnpg_backends_total{namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterHighReplicationLag + annotations: + summary: CNPG Cluster high replication lag + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" is experiencing a high replication lag of + {{`{{`}} $value {{`}}`}}ms. + + High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md + expr: | + max(cnpg_pg_replication_lag{namespace="sparkyfitness",pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterInstancesOnSameNode + annotations: + summary: CNPG Cluster instances are located on the same node. + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}} + instances on the same node {{`{{`}} $labels.node {{`}}`}}. + + A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md + expr: | + count by (node) (kube_pod_info{namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterLongRunningTransactionWarning + annotations: + summary: CNPG Cluster query is taking longer than 5 minutes. + description: |- + CloudNativePG Cluster Pod {{ $labels.pod }} + is taking more than 5 minutes (300 seconds) for a query. + expr: |- + cnpg_backends_max_tx_duration_seconds{namespace="sparkyfitness"} > 300 + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterLowDiskSpaceCritical + annotations: + summary: CNPG Instance is running out of disk space! + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs! + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md + expr: | + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR + max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + / + sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + * + on(namespace, persistentvolumeclaim) group_left(volume) + kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"} + ) > 0.9 + for: 5m + labels: + severity: critical + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterLowDiskSpaceWarning + annotations: + summary: CNPG Instance is running out of disk space. + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" is running low on disk space. Check attached PVCs. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md + expr: | + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR + max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR + max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + / + sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="sparkyfitness", persistentvolumeclaim=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) + * + on(namespace, persistentvolumeclaim) group_left(volume) + kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"} + ) > 0.7 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterOffline + annotations: + summary: CNPG Cluster has no running instances! + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" has no ready instances. + + Having an offline cluster means your applications will not be able to access the database, leading to + potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md + expr: | + (count(cnpg_collector_up{namespace="sparkyfitness",pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0 + for: 5m + labels: + severity: critical + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterPGDatabaseXidAgeWarning + annotations: + summary: CNPG Cluster has a number of transactions from the frozen XID to the current one. + description: |- + Over 300,000,000 transactions from frozen xid + on pod {{ $labels.pod }} + expr: | + cnpg_pg_database_xid_age{namespace="sparkyfitness"} > 300000000 + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterPGReplicationWarning + annotations: + summary: CNPG Cluster standby is lagging behind the primary. + description: |- + Standby is lagging behind by over 300 seconds (5 minutes) + expr: | + cnpg_pg_replication_lag{namespace="sparkyfitness"} > 300 + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterReplicaFailingReplicationWarning + annotations: + summary: CNPG Cluster has a replica is failing to replicate. + description: |- + Replica {{ $labels.pod }} + is failing to replicate + expr: | + cnpg_pg_replication_in_recovery{namespace="sparkyfitness"} > cnpg_pg_replication_is_wal_receiver_up{namespace="sparkyfitness"} + for: 1m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster + - alert: CNPGClusterZoneSpreadWarning + annotations: + summary: CNPG Cluster instances in the same zone. + description: |- + CloudNativePG Cluster "sparkyfitness/sparkyfitness-postgresql-18-cluster" has instances in the same availability zone. + + A disaster in one availability zone will lead to a potential service disruption and/or data loss. + runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md + expr: | + 3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="sparkyfitness", pod=~"sparkyfitness-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3 + for: 5m + labels: + severity: warning + namespace: sparkyfitness + cnpg_cluster: sparkyfitness-postgresql-18-cluster diff --git a/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-external.yaml b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-external.yaml new file mode 100644 index 000000000..fbb6eb1b0 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sparkyfitness-server-backup-backup-source-external + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup +spec: + sourcePVC: sparkyfitness-server-backup + trigger: + schedule: 26 13 * * * + restic: + pruneIntervalDays: 7 + repository: sparkyfitness-server-backup-backup-secret-external + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-local.yaml b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-local.yaml new file mode 100644 index 000000000..9e68e3660 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sparkyfitness-server-backup-backup-source-local + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup +spec: + sourcePVC: sparkyfitness-server-backup + trigger: + schedule: 26 11 * * * + restic: + pruneIntervalDays: 7 + repository: sparkyfitness-server-backup-backup-secret-local + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-remote.yaml b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-remote.yaml new file mode 100644 index 000000000..e29c8e126 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ReplicationSource-sparkyfitness-server-backup-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sparkyfitness-server-backup-backup-source-remote + namespace: sparkyfitness + labels: + helm.sh/chart: volsync-target-backup-0.8.0 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sparkyfitness-server-backup-backup +spec: + sourcePVC: sparkyfitness-server-backup + trigger: + schedule: 26 12 * * * + restic: + pruneIntervalDays: 7 + repository: sparkyfitness-server-backup-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sparkyfitness/ScheduledBackup-sparkyfitness-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/sparkyfitness/ScheduledBackup-sparkyfitness-postgresql-18-scheduled-backup-live-backup.yaml new file mode 100644 index 000000000..3034f1b6b --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ScheduledBackup-sparkyfitness-postgresql-18-scheduled-backup-live-backup.yaml @@ -0,0 +1,24 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: "sparkyfitness-postgresql-18-scheduled-backup-live-backup" + namespace: sparkyfitness + labels: + app.kubernetes.io/name: "sparkyfitness-postgresql-18-scheduled-backup-live-backup" + helm.sh/chart: postgres-18-cluster-7.11.2 + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/part-of: sparkyfitness + app.kubernetes.io/version: "7.11.2" + app.kubernetes.io/managed-by: Helm +spec: + immediate: true + suspend: false + schedule: "0 0 16 * * *" + backupOwnerReference: self + cluster: + name: sparkyfitness-postgresql-18-cluster + method: plugin + pluginConfiguration: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: "sparkyfitness-postgresql-18-backup-garage-local" diff --git a/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-frontend.yaml b/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-frontend.yaml new file mode 100644 index 000000000..cdd57d545 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-frontend.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: sparkyfitness-frontend + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: frontend +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: frontend diff --git a/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-server.yaml b/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-server.yaml new file mode 100644 index 000000000..e687a9a3c --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/Service-sparkyfitness-server.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: sparkyfitness-server + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +spec: + type: ClusterIP + ports: + - port: 3010 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/component: server diff --git a/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-frontend.yaml b/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-frontend.yaml new file mode 100644 index 000000000..b7ed118b6 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-frontend.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sparkyfitness-frontend + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: frontend +automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-server.yaml b/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-server.yaml new file mode 100644 index 000000000..c3f83c7d0 --- /dev/null +++ b/clusters/cl01tl/manifests/sparkyfitness/ServiceAccount-sparkyfitness-server.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sparkyfitness-server + labels: + app.kubernetes.io/name: sparkyfitness + app.kubernetes.io/instance: sparkyfitness + app.kubernetes.io/managed-by: Helm + helm.sh/chart: sparkyfitness-0.16.5-7 + app.kubernetes.io/component: server +automountServiceAccountToken: false