From b0303297da1df40264bd1fabf536f659008c9f7d Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Thu, 26 Mar 2026 23:33:41 +0000 Subject: [PATCH] Automated Manifest Update (#5168) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `24e1b82` (on `24e1b82791cfeb9e2f16454d72adaa4ffd166e21`) - **Charts Updated**: `directus,elastic-operator,element-web` Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5168 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../directus/Deployment-directus.yaml | 4 +- ...ExternalSecret-directus-bucket-garage.yaml | 9 ---- .../ExternalSecret-directus-config.yaml | 12 ----- .../ExternalSecret-directus-metric-token.yaml | 3 -- .../ExternalSecret-directus-oidc-secret.yaml | 6 --- ...ExternalSecret-directus-valkey-config.yaml | 9 ---- .../directus/HTTPRoute-directus.yaml | 2 +- .../directus/PodMonitor-directus-valkey.yaml | 23 +++++++++ .../PrometheusRule-directus-valkey.yaml | 47 +++++++++++++++++++ .../Service-directus-valkey-metrics.yaml | 23 +++++++++ .../ServiceMonitor-directus-valkey.yaml | 24 ++++++++++ .../directus/StatefulSet-directus-valkey.yaml | 23 +++++++++ .../StatefulSet-elastic-operator.yaml | 8 ++-- .../element-web/Deployment-element-web.yaml | 6 +-- 14 files changed, 149 insertions(+), 50 deletions(-) create mode 100644 clusters/cl01tl/manifests/directus/PodMonitor-directus-valkey.yaml create mode 100644 clusters/cl01tl/manifests/directus/PrometheusRule-directus-valkey.yaml create mode 100644 clusters/cl01tl/manifests/directus/Service-directus-valkey-metrics.yaml create mode 100644 clusters/cl01tl/manifests/directus/ServiceMonitor-directus-valkey.yaml diff --git a/clusters/cl01tl/manifests/directus/Deployment-directus.yaml b/clusters/cl01tl/manifests/directus/Deployment-directus.yaml index 15f846d90..ee26dedc1 100644 --- a/clusters/cl01tl/manifests/directus/Deployment-directus.yaml +++ b/clusters/cl01tl/manifests/directus/Deployment-directus.yaml @@ -164,10 +164,10 @@ spec: secretKeyRef: key: metric-token name: directus-metric-token - image: directus/directus:11.17.0 + image: ghcr.io/directus/directus:11.17.0@sha256:076269ccbe7d4a0c44ce5f5b7f11e2ea5f7b3e4c4f704c0f88a52805e069c1c6 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 1Gi diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-bucket-garage.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-bucket-garage.yaml index 1518756dd..5b0c4692e 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-bucket-garage.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-bucket-garage.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/directus-assets - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_SECRET_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/directus-assets - metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/directus-assets - metadataPolicy: None property: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-config.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-config.yaml index 9553d8473..7d4882764 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-config.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-config.yaml @@ -14,29 +14,17 @@ spec: data: - secretKey: admin-email remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/config - metadataPolicy: None property: admin-email - secretKey: admin-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/config - metadataPolicy: None property: admin-password - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/config - metadataPolicy: None property: secret - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/config - metadataPolicy: None property: key diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-metric-token.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-metric-token.yaml index 50147c476..44d7264a8 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-metric-token.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-metric-token.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: metric-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/metrics - metadataPolicy: None property: metric-token diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-oidc-secret.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-oidc-secret.yaml index 1c745a97f..107c1171c 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-oidc-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: OIDC_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/directus - metadataPolicy: None property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/directus - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-valkey-config.yaml b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-valkey-config.yaml index c7299f486..5d7f2f03a 100644 --- a/clusters/cl01tl/manifests/directus/ExternalSecret-directus-valkey-config.yaml +++ b/clusters/cl01tl/manifests/directus/ExternalSecret-directus-valkey-config.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: default remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/valkey - metadataPolicy: None property: password - secretKey: user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/valkey - metadataPolicy: None property: user - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/directus/valkey - metadataPolicy: None property: password diff --git a/clusters/cl01tl/manifests/directus/HTTPRoute-directus.yaml b/clusters/cl01tl/manifests/directus/HTTPRoute-directus.yaml index 78a35b747..40df60fe9 100644 --- a/clusters/cl01tl/manifests/directus/HTTPRoute-directus.yaml +++ b/clusters/cl01tl/manifests/directus/HTTPRoute-directus.yaml @@ -23,7 +23,7 @@ spec: name: directus namespace: directus port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/directus/PodMonitor-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/PodMonitor-directus-valkey.yaml new file mode 100644 index 000000000..686c7511f --- /dev/null +++ b/clusters/cl01tl/manifests/directus/PodMonitor-directus-valkey.yaml @@ -0,0 +1,23 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: directus-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: podmonitor +spec: + podMetricsEndpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - directus + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus diff --git a/clusters/cl01tl/manifests/directus/PrometheusRule-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/PrometheusRule-directus-valkey.yaml new file mode 100644 index 000000000..e418dd8b6 --- /dev/null +++ b/clusters/cl01tl/manifests/directus/PrometheusRule-directus-valkey.yaml @@ -0,0 +1,47 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: directus-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey +spec: + groups: + - name: directus-valkey + rules: + - alert: ValkeyDown + annotations: + description: Valkey instance {{ $labels.instance }} is down. + summary: Valkey instance {{ $labels.instance }} down + expr: | + redis_up{service="directus-valkey-metrics"} == 0 + for: 2m + labels: + severity: error + - alert: ValkeyMemoryHigh + annotations: + description: | + Valkey instance {{ $labels.instance }} is using {{ $value }}% of its available memory. + summary: Valkey instance {{ $labels.instance }} is using too much memory + expr: | + redis_memory_used_bytes{service="directus-valkey-metrics"} * 100 + / + redis_memory_max_bytes{service="directus-valkey-metrics"} + > 90 <= 100 + for: 2m + labels: + severity: error + - alert: ValkeyKeyEviction + annotations: + description: | + Valkey instance {{ $labels.instance }} has evicted {{ $value }} keys in the last 5 minutes. + summary: Valkey instance {{ $labels.instance }} has evicted keys + expr: | + increase(redis_evicted_keys_total{service="directus-valkey-metrics"}[5m]) > 0 + for: 1s + labels: + severity: error diff --git a/clusters/cl01tl/manifests/directus/Service-directus-valkey-metrics.yaml b/clusters/cl01tl/manifests/directus/Service-directus-valkey-metrics.yaml new file mode 100644 index 000000000..92520a6d7 --- /dev/null +++ b/clusters/cl01tl/manifests/directus/Service-directus-valkey-metrics.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: directus-valkey-metrics + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: valkey + annotations: +spec: + type: ClusterIP + ports: + - name: metrics + port: 9121 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus diff --git a/clusters/cl01tl/manifests/directus/ServiceMonitor-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/ServiceMonitor-directus-valkey.yaml new file mode 100644 index 000000000..d9aa56bc1 --- /dev/null +++ b/clusters/cl01tl/manifests/directus/ServiceMonitor-directus-valkey.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: directus-valkey + labels: + helm.sh/chart: valkey-0.9.3 + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus + app.kubernetes.io/version: "9.0.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: valkey + app.kubernetes.io/component: service-monitor +spec: + endpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - directus + selector: + matchLabels: + app.kubernetes.io/name: valkey + app.kubernetes.io/instance: directus + app.kubernetes.io/component: metrics diff --git a/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml index 33575d0a4..5c638e055 100644 --- a/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml +++ b/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml @@ -106,6 +106,29 @@ spec: mountPath: /data - name: valkey-acl mountPath: /etc/valkey + - name: metrics + image: ghcr.io/oliver006/redis_exporter:v1.82.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: metrics + containerPort: 9121 + startupProbe: + tcpSocket: + port: metrics + livenessProbe: + tcpSocket: + port: metrics + readinessProbe: + httpGet: + path: / + port: metrics + resources: + requests: + cpu: 10m + memory: 64M + env: + - name: REDIS_ALIAS + value: directus-valkey volumes: - name: scripts configMap: diff --git a/clusters/cl01tl/manifests/elastic-operator/StatefulSet-elastic-operator.yaml b/clusters/cl01tl/manifests/elastic-operator/StatefulSet-elastic-operator.yaml index b3af3034d..c067f3986 100644 --- a/clusters/cl01tl/manifests/elastic-operator/StatefulSet-elastic-operator.yaml +++ b/clusters/cl01tl/manifests/elastic-operator/StatefulSet-elastic-operator.yaml @@ -59,12 +59,10 @@ spec: - name: WEBHOOK_SECRET value: elastic-operator-webhook-cert resources: - limits: - cpu: 1 - memory: 1Gi + limits: {} requests: - cpu: 100m - memory: 150Mi + cpu: 2m + memory: 50Mi ports: - containerPort: 9000 name: metrics diff --git a/clusters/cl01tl/manifests/element-web/Deployment-element-web.yaml b/clusters/cl01tl/manifests/element-web/Deployment-element-web.yaml index 78db13941..c3dded05b 100644 --- a/clusters/cl01tl/manifests/element-web/Deployment-element-web.yaml +++ b/clusters/cl01tl/manifests/element-web/Deployment-element-web.yaml @@ -28,7 +28,7 @@ spec: containers: - name: element-web securityContext: {} - image: "vectorim/element-web:v1.12.13" + image: "ghcr.io/element-hq/element-web:v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6" imagePullPolicy: IfNotPresent env: - name: ELEMENT_WEB_PORT @@ -47,8 +47,8 @@ spec: port: http resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 10Mi volumeMounts: - mountPath: /app/config.json name: config