homelab/operator
1
0
Fork 0
mirror of https://github.com/morten-olsen/homelab-operator.git synced 2026-02-08 01:36:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Morten Olsen
2025-09-05 11:22:58 +02:00
parent 9fe279b1b5
commit ff06613e99
10 changed files with 277 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
TODO.md Normal file
View File

@@ -0,0 +1,3 @@
TODO:
* Set location provisioner path permissions
* Limit postgres connections in reconciler

3
charts/monitoring/Chart.yaml Normal file
View File

@@ -0,0 +1,3 @@
apiVersion: v2
version: 1.0.0
name: monitoring

25
charts/monitoring/templates/falco.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: '{{ .Release.Name }}-falco'
spec:
interval: 1h
url: https://falcosecurity.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: '{{ .Release.Name }}-falco'
spec:
chart:
spec:
chart: falco
reconcileStrategy: ChartVersion
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
name: '{{ .Release.Name }}-falco'
namespace: '{{ .Release.Namespace }}'
interval: 1h
values: {}

51
charts/monitoring/templates/kube-prometheus-stack.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: '{{ .Release.Name }}-prometheus-community'
spec:
interval: 1h
url: https://prometheus-community.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: '{{ .Release.Name }}-prometheus-community'
spec:
chart:
spec:
chart: kube-prometheus-stack
reconcileStrategy: ChartVersion
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
name: '{{ .Release.Name }}-prometheus-community'
namespace: '{{ .Release.Namespace }}'
interval: 1h
values: {}
---
apiVersion: homelab.mortenolsen.pro/v1
kind: HttpService
metadata:
name: '{{ .Release.Name }}-prometheus-community'
spec:
environment: '{{ .Values.globals.environment }}'
subdomain: '{{ .Values.graphana.subdomain }}'
destination:
host: '{{ .Release.Name }}-prometheus-community-grafana.{{ .Release.Namespace }}.svc.cluster.local'
port:
number: 80
---
apiVersion: homelab.mortenolsen.pro/v1
kind: HttpService
metadata:
name: '{{ .Release.Name }}-prometheus-community-alertmanager'
spec:
environment: '{{ .Values.globals.environment }}'
subdomain: '{{ .Values.graphana.subdomain }}'
destination:
host: '{{ .Release.Name }}-prometheus-community-alertmanager.{{ .Release.Namespace }}.svc.cluster.local'
port:
number: 9093

25
charts/monitoring/templates/kyverno.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: '{{ .Release.Name }}-kyverno'
spec:
interval: 1h
url: https://kyverno.github.io/kyverno/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: '{{ .Release.Name }}-kyverno'
spec:
chart:
spec:
chart: kyverno
reconcileStrategy: ChartVersion
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
name: '{{ .Release.Name }}-kyverno'
namespace: '{{ .Release.Namespace }}'
interval: 1h
values: {}

121
charts/monitoring/templates/loki.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: '{{ .Release.Name }}-loki'
spec:
interval: 1h
url: https://grafana.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: '{{ .Release.Name }}-loki'
spec:
chart:
spec:
chart: loki
reconcileStrategy: ChartVersion
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
name: '{{ .Release.Name }}-loki'
namespace: '{{ .Release.Namespace }}'
interval: 1h
values:
deploymentMode: SingleBinary
loki:
auth_enabled: false
server:
http_listen_port: 3100
memberlist:
join_members:
- loki-memberlist
schemaConfig:
configs:
- from: 2020-05-15
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
storage:
type: filesystem
storage_config:
filesystem:
directory: /loki/chunks
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
max_cache_freshness_per_query: 10m
split_queries_by_interval: 15m
volume_enabled: true
common:
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
instance_addr: 127.0.0.1
kvstore:
store: inmemory
# Enable persistent storage
singleBinary:
persistence:
enabled: true
size: 10Gi
storageClass: '{{ .Values.globals.environment }}' # Uses default storage class
extraVolumeMounts:
- name: storage
mountPath: /loki
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
promtail:
enabled: true
config:
snippets:
extraScrapeConfigs: |
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: ["__meta_kubernetes_pod_container_name"]
target_label: "container"
- source_labels: ["__meta_kubernetes_pod_name"]
target_label: "pod"
- source_labels: ["__meta_kubernetes_pod_namespace"]
target_label: "namespace"

25
charts/monitoring/templates/trivy.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: '{{ .Release.Name }}-aqua'
spec:
interval: 1h
url: https://aquasecurity.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: '{{ .Release.Name }}-aqua'
spec:
chart:
spec:
chart: trivy-operator
reconcileStrategy: ChartVersion
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
name: '{{ .Release.Name }}-aqua'
namespace: '{{ .Release.Namespace }}'
interval: 1h
values: {}

4
charts/monitoring/values.yaml Normal file
View File

@@ -0,0 +1,4 @@
globals:
environment: prod
graphana:
subdomain: grafana

28
src/resources/homelab/postgres-database/postgres-database.ts
View File

@@ -124,19 +124,23 @@ class PostgresDatabase extends CustomResource<typeof specSchema> {
user: clusterSecret.user, user: clusterSecret.user,
password: clusterSecret.password, password: clusterSecret.password,
}); });
const connectionError = await database.ping(); try {
if (connectionError) { const connectionError = await database.ping();
console.error('Failed to connect', connectionError); if (connectionError) {
throw new NotReadyError('FailedToConnectToDatabase'); console.error('Failed to connect', connectionError);
throw new NotReadyError('FailedToConnectToDatabase');
}
await database.upsertRole({
name: secret.user,
password: secret.password,
});
await database.upsertDatabase({
name: secret.database,
owner: secret.user,
});
} finally {
await database.close();
} }
await database.upsertRole({
name: secret.user,
password: secret.password,
});
await database.upsertDatabase({
name: secret.database,
owner: secret.user,
});
}; };
} }

4
src/services/postgres/postgres.instance.ts
View File

@@ -60,6 +60,10 @@ class PostgresInstance {
await this.#db.raw(`ALTER DATABASE "${name}" OWNER TO "${owner}"`); await this.#db.raw(`ALTER DATABASE "${name}" OWNER TO "${owner}"`);
} }
}; };
public close = async () => {
await this.#db.destroy();
};
} }
export { PostgresInstance, type PostgresInstanceOptions }; export { PostgresInstance, type PostgresInstanceOptions };