├── azure └── .keep ├── README.md ├── aws ├── 001 │ ├── v2 │ │ ├── environments │ │ │ ├── prod │ │ │ │ ├── vpc │ │ │ │ │ └── .keep │ │ │ │ └── subnet │ │ │ │ │ └── .keep │ │ │ └── dev │ │ │ │ ├── vpc │ │ │ │ ├── variables.tf │ │ │ │ ├── output.tf │ │ │ │ └── main.tf │ │ │ │ └── subnet │ │ │ │ ├── variables.tf │ │ │ │ ├── output.tf │ │ │ │ └── main.tf │ │ └── modules │ │ │ ├── vpc │ │ │ ├── variables.tf │ │ │ ├── outputs.tf │ │ │ ├── versions.tf │ │ │ └── main.tf │ │ │ ├── vpc-v2 │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── versions.tf │ │ │ └── main.tf │ │ │ ├── vpc-v3 │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── versions.tf │ │ │ └── main.tf │ │ │ └── subnet │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── main.tf │ │ │ └── versions.tf │ ├── v3 │ │ └── environments │ │ │ ├── prod │ │ │ ├── vpc │ │ │ │ └── .keep │ │ │ └── subnet │ │ │ │ └── .keep │ │ │ └── dev │ │ │ └── vpc │ │ │ ├── variables.tf │ │ │ ├── output.tf │ │ │ └── main.tf │ ├── v1 │ │ └── environments │ │ │ ├── dev │ │ │ ├── vpc │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ ├── main.tf │ │ │ │ └── providers.tf │ │ │ └── subnet │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ ├── providers.tf │ │ │ │ └── main.tf │ │ │ └── prod │ │ │ ├── vpc │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── main.tf │ │ │ └── providers.tf │ │ │ └── subnet │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── providers.tf │ │ │ └── main.tf │ └── README.md ├── 002 │ ├── v2 │ │ ├── environments │ │ │ ├── prod │ │ │ │ ├── vpc │ │ │ │ │ └── .keep │ │ │ │ └── subnet │ │ │ │ │ └── .keep │ │ │ └── dev │ │ │ │ ├── vpc │ │ │ │ ├── variables.tf │ │ │ │ ├── output.tf │ │ │ │ └── main.tf │ │ │ │ └── subnet │ │ │ │ ├── variables.tf │ │ │ │ ├── output.tf │ │ │ │ └── main.tf │ │ └── modules │ │ │ ├── vpc │ │ │ ├── variables.tf │ │ │ ├── outputs.tf │ │ │ ├── versions.tf │ │ │ └── main.tf │ │ │ ├── vpc-v2 │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── versions.tf │ │ │ └── main.tf │ │ │ └── subnet │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── main.tf │ │ │ └── versions.tf │ ├── v3 │ │ └── environments │ │ │ ├── prod │ │ │ ├── vpc │ │ │ │ └── .keep │ │ │ └── subnet │ │ │ │ └── .keep │ │ │ └── dev │ │ │ └── vpc │ │ │ ├── variables.tf │ │ │ ├── output.tf │ │ │ └── main.tf │ └── v1 │ │ └── environments │ │ ├── global │ │ ├── s3 │ │ │ ├── variables.tf │ │ │ ├── outputs.tf │ │ │ ├── main.tf │ │ │ └── providers.tf │ │ └── README.md │ │ ├── dev │ │ ├── vpc │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── main.tf │ │ │ └── providers.tf │ │ └── subnet │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ ├── providers.tf │ │ │ └── main.tf │ │ └── prod │ │ ├── vpc │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── main.tf │ │ └── providers.tf │ │ └── subnet │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── providers.tf │ │ └── main.tf └── 003 │ ├── private-003 │ ├── envs │ │ ├── prod │ │ │ └── .keep │ │ ├── staging │ │ │ └── .keep │ │ └── dev │ │ │ └── myapp │ │ │ └── application.yaml │ ├── README.md │ └── charts │ │ └── myapp │ │ ├── templates │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── tests │ │ │ └── test-connection.yaml │ │ ├── hpa.yaml │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── ingress.yaml │ │ └── deployment.yaml │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ └── values.yaml │ ├── terraform │ ├── values │ │ ├── argocd.yaml │ │ └── image-updater.yaml │ ├── 3-igw.tf │ ├── 0-locals.tf │ ├── 10-pod-Identity-addon.tf │ ├── 2-vpc.tf │ ├── 1-providers.tf │ ├── 5-nat.tf │ ├── 11-argocd.tf │ ├── 9-helm-provider.tf │ ├── 7-eks.tf │ ├── 6-routes.tf │ ├── 12-image-updater.tf │ ├── 4-subnets.tf │ └── 8-nodes.tf │ ├── myapp │ ├── requirements.txt │ ├── Dockerfile │ └── app.py │ ├── README.md │ ├── build.sh │ ├── example │ ├── git-repo-secret.yaml │ └── application.yaml │ └── default-update-values.yaml ├── gcp ├── 003 │ ├── functions │ │ └── gcp-analytics │ │ │ ├── requirements.txt │ │ │ └── main.py │ ├── gcp-logo.png │ └── terraform │ │ ├── 2-project.tf │ │ ├── 1-providers.tf │ │ ├── 0-locals.tf │ │ ├── 4-gcp-buckets.tf │ │ ├── 3-apis.tf │ │ └── 5-cloud-function.tf ├── 002 │ ├── .DS_Store │ ├── 3-myapp │ │ ├── 0-myapp-namespace.yaml │ │ ├── 2-myapp-pod-monitor.yaml │ │ ├── 3-whitelist-metrics.yaml │ │ ├── 4-drop-metrics.yaml │ │ └── 1-myapp-deployment.yaml │ ├── k8s │ │ ├── monitoring-ns.yaml │ │ ├── operator-config.yaml │ │ ├── gmp-pod-monitor.yaml │ │ ├── prom-operator-pod-monitor.yaml │ │ └── cadvisor │ │ │ └── daemonset.yaml │ ├── 1-prometheus-operator │ │ ├── 0-namespace.yaml │ │ ├── 2-service-account.yaml │ │ ├── 4-cluster-role-binding.yaml │ │ ├── 1-crds-cluster-roles.yaml │ │ ├── 5-deployment.yaml │ │ └── 3-cluster-role.yaml │ ├── terraform │ │ ├── 6-router.tf │ │ ├── 2-project.tf │ │ ├── 1-provider.tf │ │ ├── 4-network.tf │ │ ├── 0-locals.tf │ │ ├── 3-apis.tf │ │ ├── 5-subnets.tf │ │ ├── 10-gmp-prometheus-sa.tf │ │ ├── 9-nodes.tf │ │ ├── 7-nat.tf │ │ └── 8-gke.tf │ ├── 2-prometheus │ │ ├── 0-service-account.yaml │ │ ├── 2-cluster-role-binding.yaml │ │ ├── 1-cluster-role.yaml │ │ └── 3-prometheus.yaml │ ├── myapp │ │ ├── Dockerfile │ │ ├── .dockerignore │ │ ├── go.mod │ │ ├── metrics.go │ │ ├── main.go │ │ └── go.sum │ ├── build.sh │ ├── README.md │ └── 0-prometheus-operator-crd │ │ ├── prometheusrules.yaml │ │ └── probes.yaml └── 001 │ ├── k8s │ ├── monitoring-ns.yaml │ ├── operator-config.yaml │ ├── gmp-pod-monitor.yaml │ ├── prom-operator-pod-monitor.yaml │ └── cadvisor │ │ └── daemonset.yaml │ ├── 1-example │ ├── 1-myapp-namespace.yaml │ ├── 4-gmp-monitoring-namespace.yaml │ ├── 0-operator-config.yaml │ ├── 7-prometheus-svc.yaml │ ├── 5-prometheus-sa.yaml │ ├── 3-myapp-pod-monitoring.yaml │ ├── 2-myapp-deployment.yaml │ ├── 9-apiserver-pod-monitoring.yaml │ ├── 6-prometheus-ui.yaml │ └── 8-grafana.yaml │ ├── terraform │ ├── 6-router.tf │ ├── 2-project.tf │ ├── 1-provider.tf │ ├── 4-network.tf │ ├── 0-locals.tf │ ├── 3-apis.tf │ ├── 5-subnets.tf │ ├── 11-alert.tf.disable │ ├── 7-nat.tf │ ├── 10-prom.tf │ ├── 9-nodes.tf │ ├── 8-gke.tf │ └── .terraform.lock.hcl │ ├── myapp │ ├── Dockerfile │ ├── .dockerignore │ ├── metrics.go │ ├── go.mod │ ├── main.go │ └── go.sum │ ├── build.sh │ ├── README.md │ └── dashboard.json ├── docs └── contents.md └── .gitignore /azure/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # consulting -------------------------------------------------------------------------------- /aws/001/v2/environments/prod/vpc/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/001/v3/environments/prod/vpc/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/002/v2/environments/prod/vpc/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/002/v3/environments/prod/vpc/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/003/private-003/envs/prod/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/003/private-003/envs/staging/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/001/v2/environments/prod/subnet/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/001/v3/environments/prod/subnet/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/002/v2/environments/prod/subnet/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/002/v3/environments/prod/subnet/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/003/private-003/README.md: -------------------------------------------------------------------------------- 1 | # private-003 -------------------------------------------------------------------------------- /gcp/003/functions/gcp-analytics/requirements.txt: -------------------------------------------------------------------------------- 1 | functions-framework==3.* -------------------------------------------------------------------------------- /gcp/002/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/parussimov/consulting/HEAD/gcp/002/.DS_Store -------------------------------------------------------------------------------- /gcp/003/gcp-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/parussimov/consulting/HEAD/gcp/003/gcp-logo.png -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" {} 2 | 3 | variable "cidr_block" {} 4 | -------------------------------------------------------------------------------- /aws/001/v3/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" {} 2 | 3 | variable "cidr_block" {} 4 | -------------------------------------------------------------------------------- /aws/002/v3/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/002/v1/environments/global/s3/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "us-east-2" 3 | } 4 | -------------------------------------------------------------------------------- /gcp/001/k8s/monitoring-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | -------------------------------------------------------------------------------- /gcp/002/3-myapp/0-myapp-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: myapp 6 | -------------------------------------------------------------------------------- /gcp/002/k8s/monitoring-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = aws_vpc.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = aws_vpc.this.id 4 | } 5 | -------------------------------------------------------------------------------- /gcp/001/1-example/1-myapp-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: myapp 6 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = aws_vpc.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v3/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = aws_vpc.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc-v2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = aws_vpc.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.vpc.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v2/modules/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "Subnet id." 3 | value = aws_subnet.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v3/environments/dev/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.vpc.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.vpc.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v2/modules/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "Subnet id." 3 | value = aws_subnet.this.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v3/environments/dev/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.vpc.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "VPC id." 3 | value = aws_vpc.main.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "VPC id." 3 | value = aws_vpc.main.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/subnet/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.subnet.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "VPC id." 3 | value = aws_vpc.main.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "VPC id." 3 | value = aws_vpc.main.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/subnet/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "VPC id." 3 | value = module.subnet.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/003/terraform/values/argocd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | configs: 3 | params: 4 | # Run server without TLS 5 | server.insecure: true 6 | -------------------------------------------------------------------------------- /gcp/001/1-example/4-gmp-monitoring-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: gmp-monitoring 6 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | description = "Subnet id." 3 | value = aws_subnet.private.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | description = "Subnet id." 3 | value = aws_subnet.private.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | description = "Subnet id." 3 | value = aws_subnet.private.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | description = "Subnet id." 3 | value = aws_subnet.private.id 4 | } 5 | -------------------------------------------------------------------------------- /aws/002/v1/environments/global/s3/outputs.tf: -------------------------------------------------------------------------------- 1 | output "s3_bucket_arn" { 2 | description = "S3 bucket ARN" 3 | value = aws_s3_bucket.artifacts.arn 4 | } 5 | -------------------------------------------------------------------------------- /aws/003/terraform/3-igw.tf: -------------------------------------------------------------------------------- 1 | resource "aws_internet_gateway" "igw" { 2 | vpc_id = aws_vpc.main.id 3 | 4 | tags = { 5 | Name = "${local.env}-igw" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /aws/002/v1/environments/global/s3/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "artifacts" { 2 | bucket = "antonputra-artifacts" 3 | 4 | tags = { 5 | Name = "Artifacts" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /gcp/002/1-prometheus-operator/0-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: gmp-monitoring 6 | labels: 7 | monitoring: gmp-prometheus 8 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" {} 2 | 3 | variable "cidr_block" {} 4 | 5 | variable "enable_dns_support" {} 6 | 7 | variable "enable_dns_hostnames" {} 8 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v3/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" {} 2 | 3 | variable "cidr_block" {} 4 | 5 | variable "enable_dns_support" {} 6 | 7 | variable "enable_dns_hostnames" {} 8 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc-v2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" {} 2 | 3 | variable "cidr_block" {} 4 | 5 | variable "enable_dns_support" {} 6 | 7 | variable "enable_dns_hostnames" {} 8 | -------------------------------------------------------------------------------- /aws/001/v2/modules/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "cidr_block" { 6 | default = "10.0.0.0/19" 7 | } 8 | 9 | variable "vpc_id" {} 10 | -------------------------------------------------------------------------------- /aws/002/v2/modules/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "cidr_block" { 6 | default = "10.0.0.0/19" 7 | } 8 | 9 | variable "vpc_id" {} 10 | -------------------------------------------------------------------------------- /aws/001/v2/modules/subnet/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "this" { 2 | vpc_id = var.vpc_id 3 | cidr_block = var.cidr_block 4 | 5 | tags = { 6 | "Name" = "${var.environment}-private" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /aws/002/v2/modules/subnet/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "this" { 2 | vpc_id = var.vpc_id 3 | cidr_block = var.cidr_block 4 | 5 | tags = { 6 | "Name" = "${var.environment}-private" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /aws/003/myapp/requirements.txt: -------------------------------------------------------------------------------- 1 | blinker==1.8.2 2 | click==8.1.7 3 | Flask==3.0.3 4 | gunicorn==22.0.0 5 | itsdangerous==2.2.0 6 | Jinja2==3.1.4 7 | MarkupSafe==2.1.5 8 | packaging==24.1 9 | Werkzeug==3.0.3 10 | -------------------------------------------------------------------------------- /aws/001/README.md: -------------------------------------------------------------------------------- 1 | ## Links 2 | 3 | - [Standard Module Structure](https://developer.hashicorp.com/terraform/language/modules/develop/structure) 4 | - [Blue/Green](https://github.com/antonputra/tutorials/tree/main/lessons/063) -------------------------------------------------------------------------------- /gcp/001/terraform/6-router.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_router" "this" { 2 | name = "main" 3 | region = local.region 4 | network = google_compute_network.this.id 5 | project = google_project.this.project_id 6 | } 7 | -------------------------------------------------------------------------------- /gcp/002/terraform/6-router.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_router" "this" { 2 | name = "main" 3 | region = local.region 4 | network = google_compute_network.this.id 5 | project = google_project.this.project_id 6 | } 7 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/003/terraform/0-locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | env = "staging" 3 | region = "us-east-2" 4 | zone1 = "us-east-2a" 5 | zone2 = "us-east-2b" 6 | eks_name = "demo" 7 | eks_version = "1.30" 8 | } 9 | -------------------------------------------------------------------------------- /aws/003/terraform/10-pod-Identity-addon.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_addon" "pod_identity" { 2 | cluster_name = aws_eks_cluster.eks.name 3 | addon_name = "eks-pod-identity-agent" 4 | addon_version = "v1.3.0-eksbuild.1" 5 | } 6 | -------------------------------------------------------------------------------- /aws/001/v2/modules/subnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v2/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v3/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v2/modules/subnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc-v2/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.49" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /gcp/001/k8s/operator-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: OperatorConfig 4 | metadata: 5 | namespace: gmp-public 6 | name: config 7 | features: 8 | targetStatus: 9 | enabled: true 10 | -------------------------------------------------------------------------------- /gcp/002/k8s/operator-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: OperatorConfig 4 | metadata: 5 | namespace: gmp-public 6 | name: config 7 | features: 8 | targetStatus: 9 | enabled: true 10 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.0.0.0/19" 11 | } 12 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.0.0.0/16" 11 | } 12 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "prod" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.1.0.0/16" 11 | } 12 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.0.0.0/19" 11 | } 12 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "dev" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.0.0.0/16" 11 | } 12 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "prod" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.1.0.0/16" 11 | } 12 | -------------------------------------------------------------------------------- /aws/003/terraform/2-vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = "10.0.0.0/16" 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${local.env}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /gcp/001/1-example/0-operator-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: OperatorConfig 4 | metadata: 5 | namespace: gmp-public 6 | name: config 7 | features: 8 | targetStatus: 9 | enabled: true 10 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "prod" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.1.0.0/19" 11 | } 12 | -------------------------------------------------------------------------------- /aws/002/v1/environments/global/README.md: -------------------------------------------------------------------------------- 1 | ## Place for global resources 2 | 3 | Place for global resources such as S3 buckets, IAM users, or SNS topics. For example, you can have a common S3 bucket where you store artifacts such as jars, binaries, etc. -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/subnet/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | default = "prod" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east-2" 7 | } 8 | 9 | variable "cidr_block" { 10 | default = "10.1.0.0/19" 11 | } 12 | -------------------------------------------------------------------------------- /aws/003/myapp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.12.4-alpine3.20 2 | 3 | WORKDIR /app 4 | 5 | COPY requirements.txt . 6 | 7 | RUN pip install -r requirements.txt 8 | 9 | COPY app.py . 10 | 11 | CMD ["gunicorn", "--bind", "0.0.0.0:8080", "app:app"] -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "this" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "this" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = true 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/003/myapp/app.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | from flask import Flask 4 | 5 | app = Flask(__name__) 6 | 7 | 8 | @app.route('/about', methods=['GET']) 9 | def about(): 10 | version = os.environ.get('APP_VERSION') 11 | 12 | return {'app_version': version}, 200 13 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/vpc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | required_version = ">= 1.0" 5 | 6 | required_providers { 7 | aws = { 8 | source = "hashicorp/aws" 9 | version = "~> 5.49" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /aws/001/v3/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "vpc" { 6 | source = "git@github.com:antonputra/terraform-aws-vpc.git?ref=0.1.0" 7 | 8 | environment = "dev" 9 | cidr_block = "10.0.0.0/16" 10 | } 11 | 12 | -------------------------------------------------------------------------------- /aws/002/v3/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "vpc" { 6 | source = "git@github.com:antonputra/terraform-aws-vpc.git?ref=0.1.0" 7 | 8 | environment = "dev" 9 | cidr_block = "10.0.0.0/16" 10 | } 11 | 12 | -------------------------------------------------------------------------------- /gcp/002/2-prometheus/0-service-account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: my-gmp-prometheus 6 | annotations: 7 | iam.gke.io/gcp-service-account: gmp-prometheus-test@k8s-dev-974836.iam.gserviceaccount.com # TODO: update project id 8 | -------------------------------------------------------------------------------- /gcp/001/1-example/7-prometheus-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: frontend 6 | namespace: gmp-monitoring 7 | spec: 8 | clusterIP: None 9 | selector: 10 | app: frontend 11 | ports: 12 | - name: web 13 | port: 9090 14 | -------------------------------------------------------------------------------- /gcp/001/terraform/2-project.tf: -------------------------------------------------------------------------------- 1 | resource "google_project" "this" { 2 | name = local.project_name 3 | project_id = local.project_id 4 | billing_account = local.billing_account 5 | org_id = local.org_id 6 | auto_create_network = false 7 | } 8 | -------------------------------------------------------------------------------- /gcp/002/terraform/2-project.tf: -------------------------------------------------------------------------------- 1 | resource "google_project" "this" { 2 | name = local.project_name 3 | project_id = local.project_id 4 | billing_account = local.billing_account 5 | org_id = local.org_id 6 | auto_create_network = false 7 | } 8 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v2/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "this" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = var.enable_dns_support 5 | enable_dns_hostnames = var.enable_dns_hostnames 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/001/v2/modules/vpc-v3/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "this" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = var.enable_dns_support 5 | enable_dns_hostnames = var.enable_dns_hostnames 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/002/v2/modules/vpc-v2/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "this" { 2 | cidr_block = var.cidr_block 3 | 4 | enable_dns_support = var.enable_dns_support 5 | enable_dns_hostnames = var.enable_dns_hostnames 6 | 7 | tags = { 8 | Name = "${var.environment}-main" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /aws/003/terraform/1-providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.60" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /gcp/001/1-example/5-prometheus-sa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: prometheus-ui 6 | namespace: gmp-monitoring 7 | annotations: 8 | iam.gke.io/gcp-service-account: prometheus-ui@k8s-dev-93760.iam.gserviceaccount.com # TODO: update project id 9 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/subnet/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.49" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/vpc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.49" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/subnet/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.56" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/vpc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.56" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/vpc/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.56" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/subnet/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.49" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/subnet/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 5.56" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /docs/contents.md: -------------------------------------------------------------------------------- 1 | # GCP 2 | 3 | - [001 - Managed Service for Prometheus](../gcp/001) 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /gcp/001/k8s/gmp-pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: PodMonitoring 4 | metadata: 5 | name: cadvisor 6 | namespace: monitoring 7 | labels: 8 | prometheus: main 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: cadvisor 13 | endpoints: 14 | - port: http 15 | -------------------------------------------------------------------------------- /gcp/002/k8s/gmp-pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: PodMonitoring 4 | metadata: 5 | name: cadvisor 6 | namespace: monitoring 7 | labels: 8 | prometheus: main 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: cadvisor 13 | endpoints: 14 | - port: http 15 | -------------------------------------------------------------------------------- /gcp/003/terraform/2-project.tf: -------------------------------------------------------------------------------- 1 | resource "google_project" "this" { 2 | name = local.project_name 3 | project_id = local.project_id 4 | billing_account = local.billing_account 5 | org_id = local.org_id 6 | auto_create_network = false 7 | 8 | deletion_policy = "DELETE" 9 | } 10 | -------------------------------------------------------------------------------- /gcp/001/k8s/prom-operator-pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: cadvisor 6 | namespace: monitoring 7 | labels: 8 | prometheus: main 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: cadvisor 13 | podMetricsEndpoints: 14 | - port: http 15 | -------------------------------------------------------------------------------- /gcp/002/k8s/prom-operator-pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: cadvisor 6 | namespace: monitoring 7 | labels: 8 | prometheus: main 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: cadvisor 13 | podMetricsEndpoints: 14 | - port: http 15 | -------------------------------------------------------------------------------- /gcp/001/myapp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22.3-bookworm AS build 2 | 3 | WORKDIR /app 4 | 5 | COPY go.mod ./ 6 | COPY go.sum ./ 7 | 8 | RUN go mod download && go mod verify 9 | 10 | COPY . . 11 | 12 | RUN go build -o /myapp . 13 | 14 | FROM gcr.io/distroless/base-debian12 15 | 16 | COPY --from=build /myapp /myapp 17 | 18 | ENTRYPOINT ["/myapp"] 19 | -------------------------------------------------------------------------------- /gcp/002/myapp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22.3-bookworm AS build 2 | 3 | WORKDIR /app 4 | 5 | COPY go.mod ./ 6 | COPY go.sum ./ 7 | 8 | RUN go mod download && go mod verify 9 | 10 | COPY . . 11 | 12 | RUN go build -o /myapp . 13 | 14 | FROM gcr.io/distroless/base-debian12 15 | 16 | COPY --from=build /myapp /myapp 17 | 18 | ENTRYPOINT ["/myapp"] 19 | -------------------------------------------------------------------------------- /gcp/002/1-prometheus-operator/2-service-account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | automountServiceAccountToken: false 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: prometheus-operator 9 | app.kubernetes.io/version: 0.74.0 10 | name: gmp-prometheus-operator 11 | namespace: gmp-monitoring 12 | -------------------------------------------------------------------------------- /gcp/002/2-prometheus/2-cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: prometheus 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: gmp-prometheus 10 | subjects: 11 | - kind: ServiceAccount 12 | name: my-gmp-prometheus 13 | namespace: gmp-monitoring 14 | -------------------------------------------------------------------------------- /gcp/001/myapp/.dockerignore: -------------------------------------------------------------------------------- 1 | # The .dockerignore file excludes files from the container build process. 2 | # 3 | # https://docs.docker.com/engine/reference/builder/#dockerignore-file 4 | 5 | # Exclude locally vendored dependencies. 6 | vendor/ 7 | 8 | # Exclude "build-time" ignore files. 9 | .dockerignore 10 | .gcloudignore 11 | 12 | # Exclude git history and configuration. 13 | .gitignore 14 | -------------------------------------------------------------------------------- /gcp/001/terraform/1-provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | region = local.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | google = { 10 | source = "hashicorp/google" 11 | version = "~> 5.30" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | version = "~> 3.6" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /gcp/002/myapp/.dockerignore: -------------------------------------------------------------------------------- 1 | # The .dockerignore file excludes files from the container build process. 2 | # 3 | # https://docs.docker.com/engine/reference/builder/#dockerignore-file 4 | 5 | # Exclude locally vendored dependencies. 6 | vendor/ 7 | 8 | # Exclude "build-time" ignore files. 9 | .dockerignore 10 | .gcloudignore 11 | 12 | # Exclude git history and configuration. 13 | .gitignore 14 | -------------------------------------------------------------------------------- /gcp/002/terraform/1-provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | region = local.region 3 | } 4 | 5 | terraform { 6 | required_version = ">= 1.0" 7 | 8 | required_providers { 9 | google = { 10 | source = "hashicorp/google" 11 | version = "~> 5.30" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | version = "~> 3.6" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /gcp/001/1-example/3-myapp-pod-monitoring.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.googleapis.com/v1 3 | kind: PodMonitoring 4 | metadata: 5 | name: myapp 6 | namespace: myapp 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: myapp 11 | # https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.10.0/doc/api.md#scrapeendpoint 12 | endpoints: 13 | - port: prom-metrics 14 | -------------------------------------------------------------------------------- /aws/003/terraform/5-nat.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "nat" { 2 | domain = "vpc" 3 | 4 | tags = { 5 | Name = "${local.env}-nat" 6 | } 7 | } 8 | 9 | resource "aws_nat_gateway" "nat" { 10 | allocation_id = aws_eip.nat.id 11 | subnet_id = aws_subnet.public_zone1.id 12 | 13 | tags = { 14 | Name = "${local.env}-nat" 15 | } 16 | 17 | depends_on = [aws_internet_gateway.igw] 18 | } 19 | -------------------------------------------------------------------------------- /gcp/002/3-myapp/2-myapp-pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: myapp 6 | namespace: gmp-monitoring 7 | labels: 8 | component: main 9 | spec: 10 | namespaceSelector: 11 | matchNames: 12 | - myapp 13 | selector: 14 | matchLabels: 15 | app: myapp 16 | podMetricsEndpoints: 17 | - port: prom-metrics 18 | -------------------------------------------------------------------------------- /gcp/001/terraform/4-network.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_network" "this" { 2 | name = "main" 3 | routing_mode = "REGIONAL" 4 | auto_create_subnetworks = false 5 | project = google_project.this.project_id 6 | 7 | depends_on = [ 8 | google_project_service.compute, 9 | google_project_service.container, 10 | google_project_service.monitoring 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /gcp/002/terraform/4-network.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_network" "this" { 2 | name = "main" 3 | routing_mode = "REGIONAL" 4 | auto_create_subnetworks = false 5 | project = google_project.this.project_id 6 | 7 | depends_on = [ 8 | google_project_service.compute, 9 | google_project_service.container, 10 | google_project_service.monitoring 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /gcp/003/terraform/1-providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | region = local.region 3 | project = local.project_id 4 | } 5 | 6 | terraform { 7 | required_version = ">= 1.0" 8 | 9 | required_providers { 10 | google = { 11 | source = "hashicorp/google" 12 | version = "~> 6.4" 13 | } 14 | random = { 15 | source = "hashicorp/random" 16 | version = "~> 3.6" 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /gcp/003/terraform/0-locals.tf: -------------------------------------------------------------------------------- 1 | resource "random_integer" "int" { 2 | min = 100 3 | max = 1000000 4 | } 5 | 6 | locals { 7 | region = "us-central1" 8 | zone = "us-central1-a" 9 | env = "dev" 10 | 11 | project_name = "my-project-${local.env}" 12 | project_id = "${local.project_name}-${random_integer.int.result}" 13 | 14 | org_id = "206720471760" 15 | billing_account = "01FDA3-9697F3-6F05B8" 16 | } 17 | -------------------------------------------------------------------------------- /aws/001/v1/environments/dev/subnet/main.tf: -------------------------------------------------------------------------------- 1 | # Example of accessing remote state 2 | data "terraform_remote_state" "vpc" { 3 | backend = "local" 4 | config = { 5 | path = "../vpc/terraform.tfstate" 6 | } 7 | } 8 | 9 | resource "aws_subnet" "private" { 10 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id 11 | cidr_block = var.cidr_block 12 | 13 | tags = { 14 | "Name" = "${var.environment}-private" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /aws/001/v1/environments/prod/subnet/main.tf: -------------------------------------------------------------------------------- 1 | # Example of accessing remote state 2 | data "terraform_remote_state" "vpc" { 3 | backend = "local" 4 | config = { 5 | path = "../vpc/terraform.tfstate" 6 | } 7 | } 8 | 9 | resource "aws_subnet" "private" { 10 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id 11 | cidr_block = var.cidr_block 12 | 13 | tags = { 14 | "Name" = "${var.environment}-private" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /aws/002/v1/environments/prod/subnet/main.tf: -------------------------------------------------------------------------------- 1 | # Example of accessing remote state 2 | data "terraform_remote_state" "vpc" { 3 | backend = "local" 4 | config = { 5 | path = "../vpc/terraform.tfstate" 6 | } 7 | } 8 | 9 | resource "aws_subnet" "private" { 10 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id 11 | cidr_block = var.cidr_block 12 | 13 | tags = { 14 | "Name" = "${var.environment}-private" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /gcp/001/terraform/0-locals.tf: -------------------------------------------------------------------------------- 1 | resource "random_integer" "int" { 2 | min = 100 3 | max = 1000000 4 | } 5 | 6 | locals { 7 | region = "us-central1" 8 | zone = "us-central1-a" 9 | org_id = "206720471760" 10 | billing_account = "01FDA3-9697F3-6F05B8" 11 | env = "dev" 12 | project_name = "k8s-${local.env}" 13 | project_id = "${local.project_name}-${random_integer.int.result}" 14 | } 15 | -------------------------------------------------------------------------------- /gcp/002/terraform/0-locals.tf: -------------------------------------------------------------------------------- 1 | resource "random_integer" "int" { 2 | min = 100 3 | max = 1000000 4 | } 5 | 6 | locals { 7 | region = "us-central1" 8 | zone = "us-central1-a" 9 | org_id = "206720471760" 10 | billing_account = "01FDA3-9697F3-6F05B8" 11 | env = "dev" 12 | project_name = "k8s-${local.env}" 13 | project_id = "${local.project_name}-${random_integer.int.result}" 14 | } 15 | -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | # module "vpc" { 6 | # source = "../../../modules/vpc" 7 | 8 | # environment = "dev" 9 | # cidr_block = "10.0.0.0/16" 10 | # } 11 | 12 | module "vpc" { 13 | source = "../../../modules/vpc-v2" 14 | 15 | environment = "dev" 16 | cidr_block = "10.0.0.0/16" 17 | enable_dns_hostnames = true 18 | enable_dns_support = true 19 | } 20 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/vpc/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | # module "vpc" { 6 | # source = "../../../modules/vpc" 7 | 8 | # environment = "dev" 9 | # cidr_block = "10.0.0.0/16" 10 | # } 11 | 12 | module "vpc" { 13 | source = "../../../modules/vpc-v2" 14 | 15 | environment = "dev" 16 | cidr_block = "10.0.0.0/16" 17 | enable_dns_hostnames = true 18 | enable_dns_support = true 19 | } 20 | -------------------------------------------------------------------------------- /aws/003/terraform/11-argocd.tf: -------------------------------------------------------------------------------- 1 | # helm install argocd -n argocd --create-namespace argo/argo-cd --version 7.3.11 -f terraform/values/argocd.yaml 2 | resource "helm_release" "argocd" { 3 | name = "argocd" 4 | 5 | repository = "https://argoproj.github.io/argo-helm" 6 | chart = "argo-cd" 7 | namespace = "argocd" 8 | create_namespace = true 9 | version = "7.3.11" 10 | 11 | values = [file("values/argocd.yaml")] 12 | } 13 | -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "myapp.fullname" . }} 5 | labels: 6 | {{- include "myapp.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "myapp.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /aws/001/v2/environments/dev/subnet/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | # Example of accessing remote state 6 | data "terraform_remote_state" "vpc" { 7 | backend = "local" 8 | config = { 9 | path = "../vpc/terraform.tfstate" 10 | } 11 | } 12 | 13 | module "subnet" { 14 | source = "../../../modules/subnet" 15 | 16 | environment = "dev" 17 | vpc_id = data.terraform_remote_state.vpc.outputs.id 18 | cidr_block = "10.0.0.0/19" 19 | } 20 | -------------------------------------------------------------------------------- /aws/002/v2/environments/dev/subnet/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | # Example of accessing remote state 6 | data "terraform_remote_state" "vpc" { 7 | backend = "local" 8 | config = { 9 | path = "../vpc/terraform.tfstate" 10 | } 11 | } 12 | 13 | module "subnet" { 14 | source = "../../../modules/subnet" 15 | 16 | environment = "dev" 17 | vpc_id = data.terraform_remote_state.vpc.outputs.id 18 | cidr_block = "10.0.0.0/19" 19 | } 20 | -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "myapp.serviceAccountName" . }} 6 | labels: 7 | {{- include "myapp.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | automountServiceAccountToken: {{ .Values.serviceAccount.automount }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /gcp/003/functions/gcp-analytics/main.py: -------------------------------------------------------------------------------- 1 | import functions_framework 2 | 3 | @functions_framework.http 4 | def hello_http(request): 5 | request_json = request.get_json(silent=True) 6 | request_args = request.args 7 | 8 | if request_json and 'name' in request_json: 9 | name = request_json['name'] 10 | elif request_args and 'name' in request_args: 11 | name = request_args['name'] 12 | else: 13 | name = 'World' 14 | return 'Hello test v4 {}!'.format(name) -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "myapp.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "myapp.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "myapp.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /aws/003/terraform/9-helm-provider.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks" { 2 | name = aws_eks_cluster.eks.name 3 | } 4 | 5 | data "aws_eks_cluster_auth" "eks" { 6 | name = aws_eks_cluster.eks.name 7 | } 8 | 9 | provider "helm" { 10 | kubernetes { 11 | host = data.aws_eks_cluster.eks.endpoint 12 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) 13 | token = data.aws_eks_cluster_auth.eks.token 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /gcp/002/3-myapp/3-whitelist-metrics.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: myapp-keep 6 | namespace: gmp-monitoring 7 | labels: 8 | component: main 9 | spec: 10 | namespaceSelector: 11 | matchNames: 12 | - myapp 13 | selector: 14 | matchLabels: 15 | app: myapp 16 | podMetricsEndpoints: 17 | - port: prom-metrics 18 | metricRelabelings: 19 | - sourceLabels: [__name__] 20 | regex: (myapp_job_duration_seconds) 21 | action: keep 22 | -------------------------------------------------------------------------------- /gcp/002/3-myapp/4-drop-metrics.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: myapp-keep 6 | namespace: gmp-monitoring 7 | labels: 8 | component: main 9 | spec: 10 | namespaceSelector: 11 | matchNames: 12 | - myapp 13 | selector: 14 | matchLabels: 15 | app: myapp 16 | podMetricsEndpoints: 17 | - port: prom-metrics 18 | metricRelabelings: 19 | - sourceLabels: [__name__] 20 | regex: (myapp_request_duration_seconds) 21 | action: drop 22 | -------------------------------------------------------------------------------- /aws/003/README.md: -------------------------------------------------------------------------------- 1 | # ArgoCD + ECR authentication 2 | 3 | - [ArgoCD](argocd-image-updater.argoproj.io/myalias.update-strategy) 4 | - [Argo Image Updater with AWS ECR](https://medium.com/@tomas94depi/argo-image-updater-with-aws-ecr-ddb661abb332) 5 | 6 | kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d 7 | 8 | docker tag aputra/myapp-003-amd64:v1 424432388155.dkr.ecr.us-east-2.amazonaws.com/myapp-003-amd64:v1 9 | 10 | docker push 424432388155.dkr.ecr.us-east-2.amazonaws.com/myapp-003-amd64:v1 11 | 12 | 13 | -------------------------------------------------------------------------------- /gcp/002/1-prometheus-operator/4-cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: controller 7 | app.kubernetes.io/name: prometheus-operator 8 | app.kubernetes.io/version: 0.74.0 9 | name: prometheus-operator 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: gmp-prometheus-operator 14 | subjects: 15 | - kind: ServiceAccount 16 | name: gmp-prometheus-operator 17 | namespace: gmp-monitoring 18 | -------------------------------------------------------------------------------- /gcp/001/terraform/3-apis.tf: -------------------------------------------------------------------------------- 1 | resource "google_project_service" "compute" { 2 | project = google_project.this.project_id 3 | service = "compute.googleapis.com" 4 | } 5 | 6 | resource "google_project_service" "container" { 7 | project = google_project.this.project_id 8 | service = "container.googleapis.com" 9 | 10 | depends_on = [google_project_service.compute] 11 | } 12 | 13 | resource "google_project_service" "monitoring" { 14 | project = google_project.this.project_id 15 | service = "monitoring.googleapis.com" 16 | 17 | depends_on = [google_project_service.compute] 18 | } 19 | -------------------------------------------------------------------------------- /gcp/002/terraform/3-apis.tf: -------------------------------------------------------------------------------- 1 | resource "google_project_service" "compute" { 2 | project = google_project.this.project_id 3 | service = "compute.googleapis.com" 4 | } 5 | 6 | resource "google_project_service" "container" { 7 | project = google_project.this.project_id 8 | service = "container.googleapis.com" 9 | 10 | depends_on = [google_project_service.compute] 11 | } 12 | 13 | resource "google_project_service" "monitoring" { 14 | project = google_project.this.project_id 15 | service = "monitoring.googleapis.com" 16 | 17 | depends_on = [google_project_service.compute] 18 | } 19 | -------------------------------------------------------------------------------- /aws/003/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | # setup default values, use environment variables to override 6 | # export VER=v1 APP_DIR=myapp && ./build.sh 7 | USERNAMR="${USERNAMR:-aputra}" 8 | VER="${VER:-latest}" 9 | LESSON=$(basename $(pwd)) 10 | APP_DIR="${APP_DIR:-0}" 11 | DOCKERFILE="${DOCKERFILE:-Dockerfile}" 12 | 13 | # service-a 14 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/arm64 ${APP_DIR} 15 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/amd64 ${APP_DIR} 16 | -------------------------------------------------------------------------------- /gcp/001/terraform/5-subnets.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_subnetwork" "private" { 2 | name = "private" 3 | ip_cidr_range = "10.0.0.0/18" 4 | region = local.region 5 | network = google_compute_network.this.id 6 | project = google_project.this.project_id 7 | private_ip_google_access = true 8 | 9 | secondary_ip_range { 10 | range_name = "k8s-pod-range" 11 | ip_cidr_range = "10.48.0.0/14" 12 | } 13 | 14 | secondary_ip_range { 15 | range_name = "k8s-service-range" 16 | ip_cidr_range = "10.52.0.0/20" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /gcp/002/terraform/5-subnets.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_subnetwork" "private" { 2 | name = "private" 3 | ip_cidr_range = "10.0.0.0/18" 4 | region = local.region 5 | network = google_compute_network.this.id 6 | project = google_project.this.project_id 7 | private_ip_google_access = true 8 | 9 | secondary_ip_range { 10 | range_name = "k8s-pod-range" 11 | ip_cidr_range = "10.48.0.0/14" 12 | } 13 | 14 | secondary_ip_range { 15 | range_name = "k8s-service-range" 16 | ip_cidr_range = "10.52.0.0/20" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /aws/003/terraform/values/image-updater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceAccount: 3 | name: argocd-image-updater 4 | 5 | authScripts: 6 | enabled: true 7 | scripts: 8 | auth.sh: | 9 | #!/bin/sh 10 | aws ecr --region us-east-2 get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d 11 | 12 | config: 13 | registries: 14 | - name: ECR 15 | api_url: https://424432388155.dkr.ecr.us-east-2.amazonaws.com 16 | prefix: 424432388155.dkr.ecr.us-east-2.amazonaws.com 17 | ping: yes 18 | insecure: no 19 | credentials: ext:/scripts/auth.sh 20 | credsexpire: 10h 21 | -------------------------------------------------------------------------------- /gcp/002/2-prometheus/1-cluster-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gmp-prometheus 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - nodes 10 | - nodes/metrics 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: [""] 16 | resources: 17 | - configmaps 18 | verbs: ["get"] 19 | - apiGroups: 20 | - networking.k8s.io 21 | resources: 22 | - ingresses 23 | verbs: ["get", "list", "watch"] 24 | - nonResourceURLs: ["/metrics"] 25 | verbs: ["get"] 26 | -------------------------------------------------------------------------------- /gcp/001/terraform/11-alert.tf.disable: -------------------------------------------------------------------------------- 1 | resource "google_monitoring_alert_policy" "myapp_test" { 2 | project = google_project.this.project_id 3 | 4 | display_name = "My Test Alert" 5 | combiner = "OR" 6 | 7 | conditions { 8 | display_name = "myapp latency p=90 higher then 2 seconds" 9 | 10 | condition_prometheus_query_language { 11 | query = "myapp_request_duration_seconds{quantile='0.9'} > 2" 12 | duration = "30s" 13 | evaluation_interval = "30s" 14 | alert_rule = "MyappTest" 15 | rule_group = "a myapp test" 16 | } 17 | } 18 | 19 | alert_strategy { 20 | auto_close = "1800s" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /aws/002/v1/environments/dev/subnet/main.tf: -------------------------------------------------------------------------------- 1 | # Example of accessing remote state 2 | data "terraform_remote_state" "vpc" { 3 | backend = "local" 4 | config = { 5 | path = "../vpc/terraform.tfstate" 6 | } 7 | } 8 | 9 | resource "aws_subnet" "private" { 10 | # vpc_id = dependency.vpc.outputs.vpc_id 11 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id 12 | cidr_block = var.cidr_block 13 | 14 | tags = { 15 | "Name" = "${var.environment}-private" 16 | } 17 | } 18 | 19 | # dependency.vpc.outputs.vpc_id 20 | 21 | # In Terragrunt we would use dependency instead 22 | # dependency "vpc" { 23 | # config_path = "../vpc" 24 | 25 | # mock_outputs = { 26 | # vpc_id = "vpc-123424" 27 | # } 28 | # } 29 | -------------------------------------------------------------------------------- /gcp/001/1-example/2-myapp-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: myapp 6 | namespace: myapp 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: myapp 12 | template: 13 | metadata: 14 | labels: 15 | app: myapp 16 | spec: 17 | containers: 18 | - name: myapp 19 | image: aputra/myapp-001:v1 20 | ports: 21 | - name: prom-metrics 22 | containerPort: 8081 23 | - name: http 24 | containerPort: 8080 25 | resources: 26 | requests: 27 | memory: 128Mi 28 | cpu: 100m 29 | limits: 30 | memory: 128Mi 31 | cpu: 500m 32 | -------------------------------------------------------------------------------- /gcp/002/3-myapp/1-myapp-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: myapp 6 | namespace: myapp 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: myapp 12 | template: 13 | metadata: 14 | labels: 15 | app: myapp 16 | spec: 17 | containers: 18 | - name: myapp 19 | image: aputra/myapp-002:v3 20 | ports: 21 | - name: prom-metrics 22 | containerPort: 8081 23 | - name: http 24 | containerPort: 8080 25 | resources: 26 | requests: 27 | memory: 128Mi 28 | cpu: 100m 29 | limits: 30 | memory: 128Mi 31 | cpu: 500m 32 | -------------------------------------------------------------------------------- /gcp/002/terraform/10-gmp-prometheus-sa.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "gmp_prometheus" { 2 | account_id = "gmp-prometheus-test" 3 | project = google_project.this.project_id 4 | } 5 | 6 | resource "google_project_iam_member" "gmp_prometheus" { 7 | project = local.project_id 8 | role = "roles/monitoring.metricWriter" 9 | member = "serviceAccount:${google_service_account.gmp_prometheus.email}" 10 | } 11 | 12 | resource "google_service_account_iam_member" "gmp_prometheus" { 13 | service_account_id = google_service_account.gmp_prometheus.name 14 | role = "roles/iam.workloadIdentityUser" 15 | member = "serviceAccount:${local.project_id}.svc.id.goog[gmp-monitoring/my-gmp-prometheus]" 16 | 17 | depends_on = [google_container_cluster.this] 18 | } 19 | -------------------------------------------------------------------------------- /gcp/002/terraform/9-nodes.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "kubernetes" { 2 | account_id = "kubernetes" 3 | project = google_project.this.project_id 4 | } 5 | 6 | resource "google_container_node_pool" "general" { 7 | name = "general" 8 | cluster = google_container_cluster.this.id 9 | project = google_project.this.project_id 10 | node_count = 1 11 | 12 | management { 13 | auto_repair = true 14 | auto_upgrade = true 15 | } 16 | 17 | node_config { 18 | spot = true 19 | machine_type = "e2-medium" 20 | 21 | labels = { 22 | role = "general" 23 | } 24 | 25 | service_account = google_service_account.kubernetes.email 26 | oauth_scopes = [ 27 | "https://www.googleapis.com/auth/cloud-platform" 28 | ] 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /aws/003/example/git-repo-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: private-003 6 | namespace: argocd 7 | labels: 8 | argocd.argoproj.io/secret-type: repository 9 | stringData: 10 | url: git@github.com:antonputra/private-003.git 11 | sshPrivateKey: | 12 | -----BEGIN OPENSSH PRIVATE KEY----- 13 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 14 | QyNTUxOQAAACA9X6rTtenCIYr7k8y+Hby/dbtBuThM1sQ1pRzENhJ8pgAAAJhTtVbPU7VW 15 | zwAAAAtzc2gtZWQyNTUxOQAAACA9X6rTtenCIYr7k8y+Hby/dbtBuThM1sQ1pRzENhJ8pg 16 | AAAECpp9XWkMktJY02Jtg1aATcH8XlRgWu4HVXMxjDXODfUj1fqtO16cIhivuTzL4dvL91 17 | u0G5OEzWxDWlHMQ2EnymAAAAFWFyZ29jZEBhbnRvbnB1dHJhLmNvbQ== 18 | -----END OPENSSH PRIVATE KEY----- 19 | insecure: "false" 20 | enableLfs: "true" 21 | -------------------------------------------------------------------------------- /gcp/001/terraform/7-nat.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_address" "nat" { 2 | name = "nat" 3 | address_type = "EXTERNAL" 4 | network_tier = "PREMIUM" 5 | project = google_project.this.project_id 6 | 7 | depends_on = [google_project_service.compute] 8 | } 9 | 10 | resource "google_compute_router_nat" "this" { 11 | name = "main" 12 | router = google_compute_router.this.name 13 | project = google_project.this.project_id 14 | region = local.region 15 | 16 | source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" 17 | nat_ip_allocate_option = "MANUAL_ONLY" 18 | 19 | subnetwork { 20 | name = google_compute_subnetwork.private.id 21 | source_ip_ranges_to_nat = ["ALL_IP_RANGES"] 22 | } 23 | 24 | nat_ips = [google_compute_address.nat.self_link] 25 | } 26 | -------------------------------------------------------------------------------- /gcp/002/terraform/7-nat.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_address" "nat" { 2 | name = "nat" 3 | address_type = "EXTERNAL" 4 | network_tier = "PREMIUM" 5 | project = google_project.this.project_id 6 | 7 | depends_on = [google_project_service.compute] 8 | } 9 | 10 | resource "google_compute_router_nat" "this" { 11 | name = "main" 12 | router = google_compute_router.this.name 13 | project = google_project.this.project_id 14 | region = local.region 15 | 16 | source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" 17 | nat_ip_allocate_option = "MANUAL_ONLY" 18 | 19 | subnetwork { 20 | name = google_compute_subnetwork.private.id 21 | source_ip_ranges_to_nat = ["ALL_IP_RANGES"] 22 | } 23 | 24 | nat_ips = [google_compute_address.nat.self_link] 25 | } 26 | -------------------------------------------------------------------------------- /gcp/001/terraform/10-prom.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "prometheus_ui" { 2 | project = google_project.this.project_id 3 | account_id = "prometheus-ui" 4 | } 5 | 6 | resource "google_service_account_iam_member" "prometheus_ui" { 7 | service_account_id = google_service_account.prometheus_ui.name 8 | role = "roles/iam.workloadIdentityUser" 9 | member = "serviceAccount:${local.project_id}.svc.id.goog[gmp-monitoring/prometheus-ui]" 10 | 11 | depends_on = [google_container_cluster.this] 12 | } 13 | 14 | resource "google_project_iam_member" "prometheus_ui" { 15 | project = google_project.this.project_id 16 | role = "roles/monitoring.viewer" 17 | member = "serviceAccount:${google_service_account.prometheus_ui.email}" 18 | 19 | depends_on = [google_service_account.prometheus_ui] 20 | } 21 | -------------------------------------------------------------------------------- /aws/003/example/application.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | metadata: 5 | name: myapp 6 | namespace: argocd 7 | annotations: 8 | argocd-image-updater.argoproj.io/image-list: 424432388155.dkr.ecr.us-east-2.amazonaws.com/myapp-003-amd64:0.x 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | project: default 13 | source: 14 | repoURL: git@github.com:antonputra/private-003.git 15 | targetRevision: main 16 | path: envs/dev/myapp 17 | destination: 18 | server: https://kubernetes.default.svc 19 | syncPolicy: 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | allowEmpty: false 24 | syncOptions: 25 | - Validate=true 26 | - CreateNamespace=false 27 | - PrunePropagationPolicy=foreground 28 | - PruneLast=true 29 | -------------------------------------------------------------------------------- /gcp/003/terraform/4-gcp-buckets.tf: -------------------------------------------------------------------------------- 1 | # Create GS bucket to store google functions source code (zip archives) 2 | resource "google_storage_bucket" "functions" { 3 | name = "functions-${random_integer.int.result}" 4 | location = local.region 5 | force_destroy = true 6 | uniform_bucket_level_access = true 7 | } 8 | 9 | # Create GS bucket to store images for benchmark test. 10 | resource "google_storage_bucket" "images" { 11 | name = "images-${random_integer.int.result}" 12 | location = local.region 13 | force_destroy = true 14 | uniform_bucket_level_access = true 15 | } 16 | 17 | # Upload test image to GS bucket. 18 | resource "google_storage_bucket_object" "image" { 19 | bucket = google_storage_bucket.images.name 20 | name = "gcp-logo.png" 21 | source = "../gcp-logo.png" 22 | } 23 | -------------------------------------------------------------------------------- /gcp/001/myapp/metrics.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "github.com/prometheus/client_golang/prometheus" 4 | 5 | // metrics represents Prometheus metrics. 6 | type metrics struct { 7 | // A metric to record the duration of requests, 8 | // such as database queries or requests to the S3 object store. 9 | duration *prometheus.SummaryVec 10 | } 11 | 12 | // Create new metrics and register them with the Prometheus registry. 13 | func NewMetrics(reg prometheus.Registerer) *metrics { 14 | // Create Prometheus metrics. 15 | m := &metrics{ 16 | duration: prometheus.NewSummaryVec(prometheus.SummaryOpts{ 17 | Namespace: "myapp", 18 | Name: "request_duration_seconds", 19 | Help: "Duration of the request.", 20 | Objectives: map[float64]float64{0.9: 0.01, 0.99: 0.001}, 21 | }, []string{"path"}), 22 | } 23 | // Register metrics with Prometheus registry. 24 | reg.MustRegister(m.duration) 25 | 26 | return m 27 | } 28 | -------------------------------------------------------------------------------- /gcp/003/terraform/3-apis.tf: -------------------------------------------------------------------------------- 1 | resource "google_project_service" "cloudfunctions" { 2 | project = google_project.this.project_id 3 | service = "cloudfunctions.googleapis.com" 4 | } 5 | 6 | resource "google_project_service" "artifactregistry" { 7 | project = google_project.this.project_id 8 | service = "artifactregistry.googleapis.com" 9 | } 10 | 11 | resource "google_project_service" "cloudbuild" { 12 | project = google_project.this.project_id 13 | service = "cloudbuild.googleapis.com" 14 | } 15 | 16 | resource "google_project_service" "run" { 17 | project = google_project.this.project_id 18 | service = "run.googleapis.com" 19 | } 20 | 21 | resource "google_project_service" "logging" { 22 | project = google_project.this.project_id 23 | service = "logging.googleapis.com" 24 | } 25 | 26 | resource "google_project_service" "pubsub" { 27 | project = google_project.this.project_id 28 | service = "pubsub.googleapis.com" 29 | } 30 | -------------------------------------------------------------------------------- /gcp/001/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | # setup default values, use environment variables to override 6 | # export VER=v1 APP_DIR=myapp && ./build.sh 7 | USERNAMR="${USERNAMR:-aputra}" 8 | VER="${VER:-latest}" 9 | LESSON=$(basename $(pwd)) 10 | APP_DIR="${APP_DIR:-0}" 11 | DOCKERFILE="${DOCKERFILE:-Dockerfile}" 12 | 13 | # service-a 14 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/arm64 ${APP_DIR} 15 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/amd64 ${APP_DIR} 16 | 17 | docker push ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} 18 | docker push ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} 19 | 20 | docker manifest create ${USERNAMR}/${APP_DIR}-${LESSON}:${VER} \ 21 | ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} \ 22 | ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} 23 | 24 | docker manifest push ${USERNAMR}/${APP_DIR}-${LESSON}:${VER} 25 | -------------------------------------------------------------------------------- /gcp/002/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | # setup default values, use environment variables to override 6 | # export VER=v1 APP_DIR=myapp && ./build.sh 7 | USERNAMR="${USERNAMR:-aputra}" 8 | VER="${VER:-latest}" 9 | LESSON=$(basename $(pwd)) 10 | APP_DIR="${APP_DIR:-0}" 11 | DOCKERFILE="${DOCKERFILE:-Dockerfile}" 12 | 13 | # service-a 14 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/arm64 ${APP_DIR} 15 | docker build -t ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} -f ${APP_DIR}/${DOCKERFILE} --platform linux/amd64 ${APP_DIR} 16 | 17 | docker push ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} 18 | docker push ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} 19 | 20 | docker manifest create ${USERNAMR}/${APP_DIR}-${LESSON}:${VER} \ 21 | ${USERNAMR}/${APP_DIR}-${LESSON}-arm64:${VER} \ 22 | ${USERNAMR}/${APP_DIR}-${LESSON}-amd64:${VER} 23 | 24 | docker manifest push ${USERNAMR}/${APP_DIR}-${LESSON}:${VER} 25 | -------------------------------------------------------------------------------- /gcp/001/terraform/9-nodes.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "kubernetes" { 2 | account_id = "kubernetes" 3 | project = google_project.this.project_id 4 | } 5 | 6 | resource "google_project_iam_member" "collector" { 7 | project = local.project_id 8 | role = "roles/monitoring.metricWriter" 9 | member = "serviceAccount:${google_service_account.kubernetes.email}" 10 | } 11 | 12 | resource "google_container_node_pool" "general" { 13 | name = "general" 14 | cluster = google_container_cluster.this.id 15 | project = google_project.this.project_id 16 | node_count = 1 17 | 18 | management { 19 | auto_repair = true 20 | auto_upgrade = true 21 | } 22 | 23 | node_config { 24 | spot = false 25 | machine_type = "e2-medium" 26 | 27 | labels = { 28 | role = "general" 29 | } 30 | 31 | service_account = google_service_account.kubernetes.email 32 | oauth_scopes = [ 33 | "https://www.googleapis.com/auth/cloud-platform" 34 | ] 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /aws/003/private-003/envs/dev/myapp/application.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | metadata: 5 | name: myapp 6 | namespace: argocd 7 | annotations: 8 | argocd-image-updater.argoproj.io/image-list: 424432388155.dkr.ecr.us-east-2.amazonaws.com/myapp-003-amd64:0.x 9 | finalizers: 10 | - resources-finalizer.argocd.argoproj.io 11 | spec: 12 | project: default 13 | source: 14 | repoURL: git@github.com:antonputra/private-003.git 15 | targetRevision: main 16 | # location of the helm chart 17 | path: charts/myapp 18 | helm: 19 | parameters: 20 | - name: "replicaCount" 21 | value: "2" 22 | destination: 23 | server: https://kubernetes.default.svc 24 | # namespace to deploy helm chart 25 | namespace: default 26 | syncPolicy: 27 | automated: 28 | prune: true 29 | selfHeal: true 30 | allowEmpty: false 31 | syncOptions: 32 | - Validate=true 33 | - CreateNamespace=false 34 | - PrunePropagationPolicy=foreground 35 | - PruneLast=true 36 | -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "myapp.fullname" . }} 6 | labels: 7 | {{- include "myapp.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "myapp.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 23 | {{- end }} 24 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 25 | - type: Resource 26 | resource: 27 | name: memory 28 | target: 29 | type: Utilization 30 | averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /gcp/002/2-prometheus/3-prometheus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: Prometheus 4 | metadata: 5 | name: gmp-main 6 | namespace: gmp-monitoring 7 | spec: 8 | version: v2.43.1 # Still necessary based on doc 9 | image: gke.gcr.io/prometheus-engine/prometheus:v2.43.1-gmp.0-gke.0 10 | serviceAccountName: my-gmp-prometheus 11 | serviceMonitorSelector: 12 | matchLabels: 13 | component: main 14 | podMonitorSelector: 15 | matchLabels: 16 | component: main 17 | serviceMonitorNamespaceSelector: 18 | matchLabels: 19 | monitoring: gmp-prometheus 20 | podMonitorNamespaceSelector: 21 | matchLabels: 22 | monitoring: gmp-prometheus 23 | # resources: 24 | # requests: 25 | # cpu: 500m 26 | # memory: 2Gi 27 | # limits: 28 | # cpu: 500m 29 | # memory: 2Gi 30 | replicas: 1 31 | logLevel: info 32 | logFormat: logfmt 33 | scrapeInterval: 15s 34 | securityContext: 35 | fsGroup: 0 36 | runAsNonRoot: false 37 | runAsUser: 0 38 | # storage: 39 | # volumeClaimTemplate: 40 | # spec: 41 | # resources: 42 | # requests: 43 | # storage: 20Gi 44 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | *.tfvars 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Include override files you do wish to add to version control using negated pattern 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | 32 | # Ignore CLI configuration files 33 | .terraformrc 34 | terraform.rc 35 | 36 | terraform.tfstate 37 | 38 | # Exeption, example don't need this 39 | .terraform.lock.hcl 40 | 41 | # Python virtual env 42 | .venv 43 | 44 | *.zip -------------------------------------------------------------------------------- /aws/003/terraform/7-eks.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "eks" { 2 | name = "${local.env}-${local.eks_name}-eks-cluster" 3 | 4 | assume_role_policy = <=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | labels: 20 | {{- include "myapp.labels" . | nindent 4 }} 21 | {{- with .Values.ingress.annotations }} 22 | annotations: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | spec: 26 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 27 | ingressClassName: {{ .Values.ingress.className }} 28 | {{- end }} 29 | {{- if .Values.ingress.tls }} 30 | tls: 31 | {{- range .Values.ingress.tls }} 32 | - hosts: 33 | {{- range .hosts }} 34 | - {{ . | quote }} 35 | {{- end }} 36 | secretName: {{ .secretName }} 37 | {{- end }} 38 | {{- end }} 39 | rules: 40 | {{- range .Values.ingress.hosts }} 41 | - host: {{ .host | quote }} 42 | http: 43 | paths: 44 | {{- range .paths }} 45 | - path: {{ .path }} 46 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 47 | pathType: {{ .pathType }} 48 | {{- end }} 49 | backend: 50 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 51 | service: 52 | name: {{ $fullName }} 53 | port: 54 | number: {{ $svcPort }} 55 | {{- else }} 56 | serviceName: {{ $fullName }} 57 | servicePort: {{ $svcPort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /gcp/001/terraform/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/google" { 5 | version = "5.30.0" 6 | constraints = "~> 5.30" 7 | hashes = [ 8 | "h1:ORa+Wddyk7HrYt1qjHh3trONb72kqxeAc/JXfKeX9Kk=", 9 | "zh:13169e55958e932aefa03551b63a3c951f18942be048205dc463c33089db232f", 10 | "zh:5093845d3150ccc3d99c4f4958679aa1a2cc53e5871620b1ac3dc59c6f72e1d8", 11 | "zh:8098f3253d72b5e591d55685234584861738b20fe57ab3124156b2233a71ee48", 12 | "zh:816fdb667d6dca429270e09531895c5c912ac5071c7a315ba011488cbf32a38e", 13 | "zh:880c38683c0b5f6c9d5314e55c29ddbacede4f1b7e18bebd2bed563756362c42", 14 | "zh:881ae2de266958118745a51331ca5308b4f47648e318d679dddf35c6422b292d", 15 | "zh:8d1f46aa7cf70fd0de222874ecdbef8587a10c9231aab0e319bf8095863b58d0", 16 | "zh:a4c9280a6126ea7a5350a7e3d46d7dcdff440d1bcf401f72c6392b7976400d73", 17 | "zh:bcae1f498b2c6d43aba5f6a755969d6e1108c82a77648550b5080d25ea56aabe", 18 | "zh:ce4e0f905fe19249ad7cb01123de9a3be82b0310937f8e872e85ba4d70aef031", 19 | "zh:d528cdd349ed7142d2288a4b9e03a5d3c1d1b18c9213bc21eb4cc03eca5c7ab2", 20 | "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", 21 | ] 22 | } 23 | 24 | provider "registry.terraform.io/hashicorp/random" { 25 | version = "3.6.2" 26 | constraints = "~> 3.6" 27 | hashes = [ 28 | "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", 29 | "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", 30 | "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", 31 | "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", 32 | "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", 33 | "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", 34 | "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", 35 | "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", 36 | "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", 37 | "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", 38 | "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", 39 | "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", 40 | "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", 41 | ] 42 | } 43 | -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "myapp.fullname" . }} 5 | labels: 6 | {{- include "myapp.labels" . | nindent 4 }} 7 | spec: 8 | {{- if not .Values.autoscaling.enabled }} 9 | replicas: {{ .Values.replicaCount }} 10 | {{- end }} 11 | selector: 12 | matchLabels: 13 | {{- include "myapp.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | {{- with .Values.podAnnotations }} 17 | annotations: 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | labels: 21 | {{- include "myapp.labels" . | nindent 8 }} 22 | {{- with .Values.podLabels }} 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | spec: 26 | {{- with .Values.imagePullSecrets }} 27 | imagePullSecrets: 28 | {{- toYaml . | nindent 8 }} 29 | {{- end }} 30 | serviceAccountName: {{ include "myapp.serviceAccountName" . }} 31 | securityContext: 32 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 33 | containers: 34 | - name: {{ .Chart.Name }} 35 | securityContext: 36 | {{- toYaml .Values.securityContext | nindent 12 }} 37 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 38 | imagePullPolicy: {{ .Values.image.pullPolicy }} 39 | ports: 40 | - name: http 41 | containerPort: {{ .Values.service.port }} 42 | protocol: TCP 43 | livenessProbe: 44 | {{- toYaml .Values.livenessProbe | nindent 12 }} 45 | readinessProbe: 46 | {{- toYaml .Values.readinessProbe | nindent 12 }} 47 | resources: 48 | {{- toYaml .Values.resources | nindent 12 }} 49 | {{- with .Values.volumeMounts }} 50 | volumeMounts: 51 | {{- toYaml . | nindent 12 }} 52 | {{- end }} 53 | {{- with .Values.volumes }} 54 | volumes: 55 | {{- toYaml . | nindent 8 }} 56 | {{- end }} 57 | {{- with .Values.nodeSelector }} 58 | nodeSelector: 59 | {{- toYaml . | nindent 8 }} 60 | {{- end }} 61 | {{- with .Values.affinity }} 62 | affinity: 63 | {{- toYaml . | nindent 8 }} 64 | {{- end }} 65 | {{- with .Values.tolerations }} 66 | tolerations: 67 | {{- toYaml . | nindent 8 }} 68 | {{- end }} 69 | -------------------------------------------------------------------------------- /gcp/003/terraform/5-cloud-function.tf: -------------------------------------------------------------------------------- 1 | data "archive_file" "analytics" { 2 | type = "zip" 3 | 4 | source_dir = "../${path.module}/functions/gcp-analytics/" 5 | output_path = "../${path.module}/functions/gcp-analytics.zip" 6 | } 7 | 8 | resource "google_storage_bucket_object" "analytics" { 9 | name = "gcp-analytics.zip" 10 | bucket = google_storage_bucket.functions.name 11 | source = data.archive_file.analytics.output_path 12 | detect_md5hash = filemd5(data.archive_file.analytics.output_path) 13 | } 14 | 15 | resource "google_service_account" "analytics" { 16 | account_id = "analytics" 17 | } 18 | 19 | resource "google_cloudfunctions2_function" "analytics" { 20 | name = "analytics" 21 | location = local.region 22 | 23 | build_config { 24 | runtime = "python312" 25 | entry_point = "hello_http" 26 | source { 27 | storage_source { 28 | bucket = google_storage_bucket.functions.name 29 | object = google_storage_bucket_object.analytics.name 30 | generation = google_storage_bucket_object.analytics.generation 31 | } 32 | } 33 | } 34 | 35 | service_config { 36 | available_memory = "512Mi" 37 | timeout_seconds = 30 38 | max_instance_count = 10 39 | service_account_email = google_service_account.analytics.email 40 | environment_variables = { 41 | BUCKET_NAME = google_storage_bucket.images.id 42 | } 43 | } 44 | 45 | depends_on = [ 46 | google_project_service.cloudfunctions, 47 | google_project_service.run, 48 | google_project_service.artifactregistry, 49 | google_project_service.cloudbuild, 50 | ] 51 | } 52 | 53 | # Who can invoke the function? 54 | # Allow public access or use a specific service account/user as a member. 55 | resource "google_cloud_run_service_iam_member" "analytics" { 56 | project = google_cloudfunctions2_function.analytics.project 57 | location = google_cloudfunctions2_function.analytics.location 58 | service = google_cloudfunctions2_function.analytics.name 59 | role = "roles/run.invoker" 60 | member = "allUsers" 61 | } 62 | 63 | # Permissions that the cloud function has. 64 | resource "google_project_iam_member" "storage" { 65 | project = google_cloudfunctions2_function.analytics.project 66 | role = "roles/storage.admin" 67 | member = "serviceAccount:${google_service_account.analytics.email}" 68 | } 69 | 70 | # Another method to grant permissions to a GS bucket. 71 | # resource "google_storage_bucket_iam_member" "storage" { 72 | # bucket = google_storage_bucket.images.name 73 | # role = "roles/storage.admin" 74 | # member = "serviceAccount:${google_service_account.analytics.email}" 75 | # } 76 | 77 | output "gcp_analytics_url" { 78 | value = google_cloudfunctions2_function.analytics.service_config[0].uri 79 | } 80 | -------------------------------------------------------------------------------- /gcp/001/README.md: -------------------------------------------------------------------------------- 1 | ## Links 2 | 3 | - [Managed Collection](https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed) 4 | - [How to Create GKE Cluster Using TERRAFORM?](https://github.com/antonputra/tutorials/tree/main/lessons/108) 5 | - [Custom-Metrics](https://github.com/antonputra/tutorials/tree/d51910561a1ec1d5a377a41167edb89fc28faa83/lessons/181/1-hpa/custom-metrics) 6 | - [Managed collection recommended approach](https://cloud.google.com/stackdriver/docs/managed-prometheus#gmp-data-collection) 7 | - [IAM permissions - Monitoring Metric Writer](https://cloud.google.com/monitoring/access-control#mon_roles_desc) 8 | - [Managed Service for Prometheus CRs](https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.10.0/doc/api.md) 9 | - [Dashboards](https://github.com/antonputra/tutorials/tree/main/lessons/135) 10 | - [Query using Grafana]() 11 | - [Main Tutorial](https://github.com/antonputra/tutorials/tree/d51910561a1ec1d5a377a41167edb89fc28faa83/lessons/132) 12 | - [Standalone Prometheus frontend UI](https://cloud.google.com/stackdriver/docs/managed-prometheus/query-api-ui) 13 | - [Drop metrics](https://www.robustperception.io/dropping-metrics-at-scrape-time-with-prometheus/) 14 | - [Example Usage - Monitoring Alert Policy Promql Condition](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_alert_policy#example-usage---monitoring-alert-policy-promql-condition) 15 | 16 | - [Enabling the target status feature](https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#target-status) 17 | 18 | ## Commands 19 | 20 | ```bash 21 | gcloud auth application-default login 22 | gcloud services list --enabled --project k8s-dev-716099 23 | gcloud container clusters get-credentials main --zone us-central1-a --project k8s-dev-716099 24 | kubectl get pods -n gmp-system 25 | kubectl get crds 26 | kubectl get crds | grep monitoring.googleapis.com 27 | kubectl logs -f collector-k2xxn -n gmp-system 28 | kubectl port-forward cadvisor-v8t2d 8080 -n monitoring 29 | curl localhost:8080/metrics 30 | curl localhost:8080/metrics | grep container_cpu_usage_seconds_total 31 | check container_cpu_usage_seconds_total metric in monitoring tab 32 | ``` 33 | 34 | Check collector logs for permission errors 35 | 36 | ```bash 37 | kubectl logs -f collector-k2xxn -n gmp-system 38 | ``` 39 | 40 | Check status of the target 41 | 42 | ```bash 43 | kubectl -n monitoring describe podmonitoring cadvisor 44 | ``` 45 | 46 | 47 | ```bash 48 | kubectl port-forward myapp-8bcff6cc5-64cqr 8081 -n myapp 49 | curl localhost:8081/metrics 50 | kubectl describe PodMonitoring -n myapp 51 | up 52 | myapp_request_duration_seconds{quantile="0.9"} 53 | kubectl port-forward svc/frontend 9090 -n gmp-monitoring 54 | kubectl port-forward svc/grafana 3000 -n gmp-monitoring 55 | Data source: http://frontend:9090 56 | 57 | myapp_request_duration_seconds{quantile="0.9"} > 2 58 | ``` -------------------------------------------------------------------------------- /aws/003/private-003/charts/myapp/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for myapp. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: 424432388155.dkr.ecr.us-east-2.amazonaws.com/myapp-003-amd64 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: 0.1.0 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Automatically mount a ServiceAccount's API credentials? 21 | automount: true 22 | # Annotations to add to the service account 23 | annotations: {} 24 | # The name of the service account to use. 25 | # If not set and create is true, a name is generated using the fullname template 26 | name: "" 27 | 28 | podAnnotations: {} 29 | podLabels: {} 30 | 31 | podSecurityContext: 32 | {} 33 | # fsGroup: 2000 34 | 35 | securityContext: 36 | {} 37 | # capabilities: 38 | # drop: 39 | # - ALL 40 | # readOnlyRootFilesystem: true 41 | # runAsNonRoot: true 42 | # runAsUser: 1000 43 | 44 | service: 45 | type: ClusterIP 46 | port: 8080 47 | 48 | ingress: 49 | enabled: false 50 | className: "" 51 | annotations: 52 | {} 53 | # kubernetes.io/ingress.class: nginx 54 | # kubernetes.io/tls-acme: "true" 55 | hosts: 56 | - host: chart-example.local 57 | paths: 58 | - path: / 59 | pathType: ImplementationSpecific 60 | tls: [] 61 | # - secretName: chart-example-tls 62 | # hosts: 63 | # - chart-example.local 64 | 65 | resources: 66 | {} 67 | # We usually recommend not to specify default resources and to leave this as a conscious 68 | # choice for the user. This also increases chances charts run on environments with little 69 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 70 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 71 | # limits: 72 | # cpu: 100m 73 | # memory: 128Mi 74 | # requests: 75 | # cpu: 100m 76 | # memory: 128Mi 77 | 78 | livenessProbe: 79 | httpGet: 80 | path: /about 81 | port: http 82 | readinessProbe: 83 | httpGet: 84 | path: /about 85 | port: http 86 | 87 | autoscaling: 88 | enabled: false 89 | minReplicas: 1 90 | maxReplicas: 100 91 | targetCPUUtilizationPercentage: 80 92 | # targetMemoryUtilizationPercentage: 80 93 | 94 | # Additional volumes on the output Deployment definition. 95 | volumes: [] 96 | # - name: foo 97 | # secret: 98 | # secretName: mysecret 99 | # optional: false 100 | 101 | # Additional volumeMounts on the output Deployment definition. 102 | volumeMounts: [] 103 | # - name: foo 104 | # mountPath: "/etc/foo" 105 | # readOnly: true 106 | 107 | nodeSelector: {} 108 | 109 | tolerations: [] 110 | 111 | affinity: {} 112 | -------------------------------------------------------------------------------- /gcp/001/myapp/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= 2 | github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= 3 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 4 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 5 | github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= 6 | github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 7 | github.com/gofiber/fiber/v2 v2.50.0 h1:ia0JaB+uw3GpNSCR5nvC5dsaxXjRU5OEu36aytx+zGw= 8 | github.com/gofiber/fiber/v2 v2.50.0/go.mod h1:21eytvay9Is7S6z+OgPi7c7n4++tnClWmhpimVHMimw= 9 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 10 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 11 | github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= 12 | github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= 13 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 14 | github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= 15 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 16 | github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= 17 | github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 18 | github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= 19 | github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= 20 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 21 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 22 | github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= 23 | github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= 24 | github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 25 | github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= 26 | github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= 27 | github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= 28 | github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= 29 | github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= 30 | github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= 31 | github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= 32 | github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= 33 | github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= 34 | github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= 35 | github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= 36 | github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= 37 | github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= 38 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 39 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 40 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 41 | github.com/valyala/fasthttp v1.50.0 h1:H7fweIlBm0rXLs2q0XbalvJ6r0CUPFWK3/bB4N13e9M= 42 | github.com/valyala/fasthttp v1.50.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA= 43 | github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8= 44 | github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= 45 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 46 | golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 47 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 48 | golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= 49 | golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 50 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 51 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 52 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= 53 | google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= 54 | google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 55 | -------------------------------------------------------------------------------- /gcp/002/myapp/go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= 2 | github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= 3 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 4 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 5 | github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= 6 | github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 7 | github.com/gofiber/fiber/v2 v2.50.0 h1:ia0JaB+uw3GpNSCR5nvC5dsaxXjRU5OEu36aytx+zGw= 8 | github.com/gofiber/fiber/v2 v2.50.0/go.mod h1:21eytvay9Is7S6z+OgPi7c7n4++tnClWmhpimVHMimw= 9 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 10 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 11 | github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= 12 | github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= 13 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 14 | github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= 15 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 16 | github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= 17 | github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 18 | github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= 19 | github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= 20 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 21 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 22 | github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= 23 | github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= 24 | github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 25 | github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= 26 | github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= 27 | github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= 28 | github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= 29 | github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= 30 | github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= 31 | github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= 32 | github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= 33 | github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= 34 | github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= 35 | github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= 36 | github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= 37 | github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= 38 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 39 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 40 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 41 | github.com/valyala/fasthttp v1.50.0 h1:H7fweIlBm0rXLs2q0XbalvJ6r0CUPFWK3/bB4N13e9M= 42 | github.com/valyala/fasthttp v1.50.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA= 43 | github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8= 44 | github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= 45 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 46 | golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 47 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 48 | golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= 49 | golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 50 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 51 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 52 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= 53 | google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= 54 | google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 55 | -------------------------------------------------------------------------------- /gcp/001/dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "annotations": { 3 | "list": [ 4 | { 5 | "builtIn": 1, 6 | "datasource": { 7 | "type": "grafana", 8 | "uid": "-- Grafana --" 9 | }, 10 | "enable": true, 11 | "hide": true, 12 | "iconColor": "rgba(0, 211, 255, 1)", 13 | "name": "Annotations & Alerts", 14 | "type": "dashboard" 15 | } 16 | ] 17 | }, 18 | "editable": true, 19 | "fiscalYearStartMonth": 0, 20 | "graphTooltip": 0, 21 | "id": 1, 22 | "links": [], 23 | "panels": [ 24 | { 25 | "datasource": { 26 | "type": "prometheus", 27 | "uid": "fdmo7p5j5fsowb" 28 | }, 29 | "fieldConfig": { 30 | "defaults": { 31 | "color": { 32 | "mode": "palette-classic" 33 | }, 34 | "custom": { 35 | "axisBorderShow": false, 36 | "axisCenteredZero": false, 37 | "axisColorMode": "text", 38 | "axisLabel": "", 39 | "axisPlacement": "auto", 40 | "barAlignment": 0, 41 | "drawStyle": "line", 42 | "fillOpacity": 50, 43 | "gradientMode": "opacity", 44 | "hideFrom": { 45 | "legend": false, 46 | "tooltip": false, 47 | "viz": false 48 | }, 49 | "insertNulls": false, 50 | "lineInterpolation": "smooth", 51 | "lineWidth": 2, 52 | "pointSize": 5, 53 | "scaleDistribution": { 54 | "type": "linear" 55 | }, 56 | "showPoints": "auto", 57 | "spanNulls": false, 58 | "stacking": { 59 | "group": "A", 60 | "mode": "none" 61 | }, 62 | "thresholdsStyle": { 63 | "mode": "off" 64 | } 65 | }, 66 | "mappings": [], 67 | "thresholds": { 68 | "mode": "absolute", 69 | "steps": [ 70 | { 71 | "color": "green", 72 | "value": null 73 | }, 74 | { 75 | "color": "red", 76 | "value": 80 77 | } 78 | ] 79 | }, 80 | "unit": "s" 81 | }, 82 | "overrides": [] 83 | }, 84 | "gridPos": { 85 | "h": 11, 86 | "w": 24, 87 | "x": 0, 88 | "y": 0 89 | }, 90 | "id": 1, 91 | "options": { 92 | "legend": { 93 | "calcs": [ 94 | "lastNotNull" 95 | ], 96 | "displayMode": "table", 97 | "placement": "right", 98 | "showLegend": true 99 | }, 100 | "tooltip": { 101 | "maxHeight": 600, 102 | "mode": "single", 103 | "sort": "none" 104 | } 105 | }, 106 | "targets": [ 107 | { 108 | "datasource": { 109 | "type": "prometheus", 110 | "uid": "fdmo7p5j5fsowb" 111 | }, 112 | "editorMode": "code", 113 | "expr": "myapp_request_duration_seconds{quantile=\"0.99\"}", 114 | "instant": false, 115 | "legendFormat": "{{pod}}", 116 | "range": true, 117 | "refId": "A" 118 | } 119 | ], 120 | "title": "Latency - p99", 121 | "type": "timeseries" 122 | } 123 | ], 124 | "schemaVersion": 39, 125 | "tags": [], 126 | "templating": { 127 | "list": [] 128 | }, 129 | "time": { 130 | "from": "now-30m", 131 | "to": "now" 132 | }, 133 | "timeRangeUpdatedDuringEditOrView": false, 134 | "timepicker": {}, 135 | "timezone": "browser", 136 | "title": "myapp", 137 | "uid": "bdmo7wh4apkw0d", 138 | "version": 2, 139 | "weekStart": "" 140 | } -------------------------------------------------------------------------------- /gcp/002/0-prometheus-operator-crd/prometheusrules.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.14.0 7 | name: prometheusrules.monitoring.coreos.com 8 | spec: 9 | group: monitoring.coreos.com 10 | names: 11 | categories: 12 | - prometheus-operator 13 | kind: PrometheusRule 14 | listKind: PrometheusRuleList 15 | plural: prometheusrules 16 | shortNames: 17 | - promrule 18 | singular: prometheusrule 19 | scope: Namespaced 20 | versions: 21 | - name: v1 22 | schema: 23 | openAPIV3Schema: 24 | description: 25 | PrometheusRule defines recording and alerting rules for a Prometheus 26 | instance 27 | properties: 28 | apiVersion: 29 | description: |- 30 | APIVersion defines the versioned schema of this representation of an object. 31 | Servers should convert recognized schemas to the latest internal value, and 32 | may reject unrecognized values. 33 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 34 | type: string 35 | kind: 36 | description: |- 37 | Kind is a string value representing the REST resource this object represents. 38 | Servers may infer this from the endpoint the client submits requests to. 39 | Cannot be updated. 40 | In CamelCase. 41 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 42 | type: string 43 | metadata: 44 | type: object 45 | spec: 46 | description: Specification of desired alerting rule definitions for Prometheus. 47 | properties: 48 | groups: 49 | description: Content of Prometheus rule file 50 | items: 51 | description: 52 | RuleGroup is a list of sequentially evaluated recording 53 | and alerting rules. 54 | properties: 55 | interval: 56 | description: 57 | Interval determines how often rules in the group 58 | are evaluated. 59 | pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 60 | type: string 61 | limit: 62 | description: |- 63 | Limit the number of alerts an alerting rule and series a recording 64 | rule can produce. 65 | Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24. 66 | type: integer 67 | name: 68 | description: Name of the rule group. 69 | minLength: 1 70 | type: string 71 | partial_response_strategy: 72 | description: |- 73 | PartialResponseStrategy is only used by ThanosRuler and will 74 | be ignored by Prometheus instances. 75 | More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response 76 | pattern: ^(?i)(abort|warn)?$ 77 | type: string 78 | rules: 79 | description: List of alerting and recording rules. 80 | items: 81 | description: |- 82 | Rule describes an alerting or recording rule 83 | See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule 84 | properties: 85 | alert: 86 | description: |- 87 | Name of the alert. Must be a valid label value. 88 | Only one of `record` and `alert` must be set. 89 | type: string 90 | annotations: 91 | additionalProperties: 92 | type: string 93 | description: |- 94 | Annotations to add to each alert. 95 | Only valid for alerting rules. 96 | type: object 97 | expr: 98 | anyOf: 99 | - type: integer 100 | - type: string 101 | description: PromQL expression to evaluate. 102 | x-kubernetes-int-or-string: true 103 | for: 104 | description: 105 | Alerts are considered firing once they have 106 | been returned for this long. 107 | pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 108 | type: string 109 | keep_firing_for: 110 | description: 111 | KeepFiringFor defines how long an alert will 112 | continue firing after the condition that triggered it 113 | has cleared. 114 | minLength: 1 115 | pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 116 | type: string 117 | labels: 118 | additionalProperties: 119 | type: string 120 | description: Labels to add or overwrite. 121 | type: object 122 | record: 123 | description: |- 124 | Name of the time series to output to. Must be a valid metric name. 125 | Only one of `record` and `alert` must be set. 126 | type: string 127 | required: 128 | - expr 129 | type: object 130 | type: array 131 | required: 132 | - name 133 | type: object 134 | type: array 135 | x-kubernetes-list-map-keys: 136 | - name 137 | x-kubernetes-list-type: map 138 | type: object 139 | required: 140 | - spec 141 | type: object 142 | served: true 143 | storage: true 144 | -------------------------------------------------------------------------------- /aws/003/default-update-values.yaml: -------------------------------------------------------------------------------- 1 | # -- Replica count for the deployment. It is not advised to run more than one replica. 2 | replicaCount: 1 3 | image: 4 | # -- Default image repository 5 | repository: quay.io/argoprojlabs/argocd-image-updater 6 | # -- Default image pull policy 7 | pullPolicy: Always 8 | # -- Overrides the image tag whose default is the chart appVersion 9 | tag: "" 10 | 11 | # -- The deployment strategy to use to replace existing pods with new ones 12 | updateStrategy: 13 | type: Recreate 14 | # -- ImagePullSecrets for the image updater deployment 15 | imagePullSecrets: [] 16 | # -- Global name (argocd-image-updater.name in _helpers.tpl) override 17 | nameOverride: "" 18 | # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override 19 | fullnameOverride: "" 20 | # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override 21 | namespaceOverride: "" 22 | 23 | # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. 24 | # If a flag contains both key and value, they need to be split to a new entry 25 | extraArgs: 26 | [] 27 | # - --disable-kubernetes 28 | # - --dry-run 29 | # - --health-port 30 | # - 8080 31 | # - --interval 32 | # - 2m 33 | # - --kubeconfig 34 | # - ~/.kube/config 35 | # - --match-application-name 36 | # - staging-* 37 | # - --max-concurrency 38 | # - 5 39 | # - --once 40 | # - --registries-conf-path 41 | # - /app/config/registries.conf 42 | 43 | # -- Extra environment variables for argocd-image-updater 44 | extraEnv: 45 | [] 46 | # - name: AWS_REGION 47 | # value: "us-west-1" 48 | 49 | # -- Extra envFrom to pass to argocd-image-updater 50 | extraEnvFrom: 51 | [] 52 | # - configMapRef: 53 | # name: config-map-name 54 | # - secretRef: 55 | # name: secret-name 56 | 57 | # -- Extra K8s manifests to deploy for argocd-image-updater 58 | ## Note: Supports use of custom Helm templates 59 | extraObjects: 60 | [] 61 | # - apiVersion: secrets-store.csi.x-k8s.io/v1 62 | # kind: SecretProviderClass 63 | # metadata: 64 | # name: argocd-image-updater-secrets-store 65 | # spec: 66 | # provider: aws 67 | # parameters: 68 | # objects: | 69 | # - objectName: "argocd-image-updater" 70 | # objectType: "secretsmanager" 71 | # jmesPath: 72 | # - path: "client_id" 73 | # objectAlias: "client_id" 74 | # - path: "client_secret" 75 | # objectAlias: "client_secret" 76 | # secretObjects: 77 | # - data: 78 | # - key: client_id 79 | # objectName: client_id 80 | # - key: client_secret 81 | # objectName: client_secret 82 | # secretName: argocd-image-updater-secrets-store 83 | # type: Opaque 84 | # labels: 85 | # app.kubernetes.io/part-of: argocd 86 | 87 | # -- Init containers to add to the image updater pod 88 | initContainers: 89 | [] 90 | # - name: download-tools 91 | # image: alpine:3.8 92 | # command: [sh, -c] 93 | # args: 94 | # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && 95 | # mv linux-amd64/helm /custom-tools/ 96 | # volumeMounts: 97 | # - mountPath: /custom-tools 98 | # name: custom-tools 99 | 100 | # -- Additional volumeMounts to the image updater main container 101 | volumeMounts: [] 102 | 103 | # -- Additional volumes to the image updater pod 104 | volumes: 105 | [] 106 | ## Use init containers to configure custom tooling 107 | ## https://argo-cd.readthedocs.io/en/stable/operator-manual/custom_tools/ 108 | ## When using the volumes & volumeMounts section bellow, please comment out those above. 109 | # - name: custom-tools 110 | # emptyDir: {} 111 | 112 | config: 113 | # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) 114 | applicationsAPIKind: "" 115 | 116 | # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags 117 | # Note: this is only relevant if config.applicationsAPIKind == 'argocd' 118 | argocd: 119 | # -- Use the gRPC-web protocol to connect to the Argo CD API 120 | grpcWeb: true 121 | # -- Connect to the Argo CD API server at server address 122 | serverAddress: "" 123 | # -- If specified, the certificate of the Argo CD API server is not verified. 124 | insecure: false 125 | # -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. 126 | plaintext: false 127 | # -- If specified, the secret with Argo CD API key will be created. 128 | token: "" 129 | 130 | # -- Disable kubernetes events 131 | disableKubeEvents: false 132 | 133 | # -- Username to use for Git commits 134 | gitCommitUser: "" 135 | 136 | # -- E-Mail address to use for Git commits 137 | gitCommitMail: "" 138 | 139 | # -- Changing the Git commit message 140 | gitCommitTemplate: "" 141 | 142 | # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits 143 | gitCommitSigningKey: "" 144 | 145 | # -- Enables sign off on commits 146 | gitCommitSignOff: false 147 | 148 | # -- Method used to sign Git commits. `openpgp` or `ssh` 149 | gitCommitSigningMethod: "" 150 | 151 | # -- Argo CD Image Update log level 152 | logLevel: "info" 153 | 154 | # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) 155 | registries: 156 | [] 157 | # - name: Docker Hub 158 | # api_url: https://registry-1.docker.io 159 | # ping: yes 160 | # credentials: secret:foo/bar#creds 161 | # defaultns: library 162 | # - name: Google Container Registry 163 | # api_url: https://gcr.io 164 | # prefix: gcr.io 165 | # ping: no 166 | # credentials: pullsecret:foo/bar 167 | # - name: RedHat Quay 168 | # api_url: https://quay.io 169 | # ping: no 170 | # prefix: quay.io 171 | # credentials: env:REGISTRY_SECRET 172 | # - name: ECR 173 | # api_url: https://123456789.dkr.ecr.eu-west-1.amazonaws.com 174 | # prefix: 123456789.dkr.ecr.eu-west-1.amazonaws.com 175 | # ping: yes 176 | # insecure: no 177 | # credentials: ext:/scripts/auth1.sh 178 | # credsexpire: 10h 179 | 180 | # -- Argo CD Image Updater ssh client parameter configuration. 181 | sshConfig: 182 | {} 183 | # config: | 184 | # Host * 185 | # PubkeyAcceptedAlgorithms +ssh-rsa 186 | # HostkeyAlgorithms +ssh-rsa 187 | 188 | # whether to mount authentication scripts, if enabled, the authentication scripts will be mounted on /scripts that can be used to authenticate with registries (ECR) 189 | # refer to https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#specifying-credentials-for-accessing-container-registries for more info 190 | authScripts: 191 | # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` 192 | enabled: false 193 | # -- Map of key-value pairs where the key consists of the name of the script and the value the contents 194 | scripts: 195 | {} 196 | # auth1.sh: | 197 | # #!/bin/sh 198 | # echo "auth script 1 here" 199 | # auth2.sh: | 200 | # #!/bin/sh 201 | # echo "auth script 2 here" 202 | 203 | serviceAccount: 204 | # -- Specifies whether a service account should be created 205 | create: true 206 | # -- Annotations to add to the service account 207 | annotations: {} 208 | # -- Labels to add to the service account 209 | labels: {} 210 | # -- The name of the service account to use. 211 | # If not set and create is true, a name is generated using the fullname template 212 | name: "" 213 | 214 | # -- Pod Annotations for the deployment 215 | podAnnotations: {} 216 | 217 | # -- Pod Labels for the deployment 218 | podLabels: {} 219 | 220 | # -- Pod security context settings for the deployment 221 | podSecurityContext: 222 | {} 223 | # fsGroup: 2000 224 | 225 | # -- Security context settings for the deployment 226 | # @default -- See [values.yaml] 227 | securityContext: 228 | allowPrivilegeEscalation: false 229 | capabilities: 230 | drop: 231 | - ALL 232 | readOnlyRootFilesystem: true 233 | runAsNonRoot: true 234 | seccompProfile: 235 | type: RuntimeDefault 236 | 237 | rbac: 238 | # -- Enable RBAC creation 239 | enabled: true 240 | 241 | # -- Pod memory and cpu resource settings for the deployment 242 | resources: {} 243 | 244 | # -- Kubernetes nodeSelector settings for the deployment 245 | nodeSelector: {} 246 | 247 | # -- Kubernetes toleration settings for the deployment 248 | tolerations: [] 249 | 250 | # -- Kubernetes affinity settings for the deployment 251 | affinity: {} 252 | 253 | # Metrics configuration 254 | metrics: 255 | # -- Deploy metrics service 256 | enabled: false 257 | service: 258 | # -- Metrics service annotations 259 | annotations: {} 260 | # -- Metrics service labels 261 | labels: {} 262 | # -- Metrics service port 263 | servicePort: 8081 264 | serviceMonitor: 265 | # -- Enable a prometheus ServiceMonitor 266 | enabled: false 267 | # -- Prometheus ServiceMonitor interval 268 | interval: 30s 269 | # -- Prometheus [RelabelConfigs] to apply to samples before scraping 270 | relabelings: [] 271 | # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion 272 | metricRelabelings: [] 273 | # -- Prometheus ServiceMonitor selector 274 | selector: 275 | {} 276 | # promtheus: kube-prometheus 277 | 278 | # -- Prometheus ServiceMonitor namespace 279 | namespace: "" 280 | # -- Prometheus ServiceMonitor labels 281 | additionalLabels: {} 282 | -------------------------------------------------------------------------------- /gcp/002/0-prometheus-operator-crd/probes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.14.0 7 | name: probes.monitoring.coreos.com 8 | spec: 9 | group: monitoring.coreos.com 10 | names: 11 | categories: 12 | - prometheus-operator 13 | kind: Probe 14 | listKind: ProbeList 15 | plural: probes 16 | shortNames: 17 | - prb 18 | singular: probe 19 | scope: Namespaced 20 | versions: 21 | - name: v1 22 | schema: 23 | openAPIV3Schema: 24 | description: Probe defines monitoring for a set of static targets or ingresses. 25 | properties: 26 | apiVersion: 27 | description: |- 28 | APIVersion defines the versioned schema of this representation of an object. 29 | Servers should convert recognized schemas to the latest internal value, and 30 | may reject unrecognized values. 31 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 32 | type: string 33 | kind: 34 | description: |- 35 | Kind is a string value representing the REST resource this object represents. 36 | Servers may infer this from the endpoint the client submits requests to. 37 | Cannot be updated. 38 | In CamelCase. 39 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 40 | type: string 41 | metadata: 42 | type: object 43 | spec: 44 | description: 45 | Specification of desired Ingress selection for target discovery 46 | by Prometheus. 47 | properties: 48 | authorization: 49 | description: Authorization section for this endpoint 50 | properties: 51 | credentials: 52 | description: 53 | Selects a key of a Secret in the namespace that contains 54 | the credentials for authentication. 55 | properties: 56 | key: 57 | description: 58 | The key of the secret to select from. Must be 59 | a valid secret key. 60 | type: string 61 | name: 62 | description: |- 63 | Name of the referent. 64 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 65 | TODO: Add other useful fields. apiVersion, kind, uid? 66 | type: string 67 | optional: 68 | description: 69 | Specify whether the Secret or its key must be 70 | defined 71 | type: boolean 72 | required: 73 | - key 74 | type: object 75 | x-kubernetes-map-type: atomic 76 | type: 77 | description: |- 78 | Defines the authentication type. The value is case-insensitive. 79 | 80 | 81 | "Basic" is not a supported value. 82 | 83 | 84 | Default: "Bearer" 85 | type: string 86 | type: object 87 | basicAuth: 88 | description: |- 89 | BasicAuth allow an endpoint to authenticate over basic authentication. 90 | More info: https://prometheus.io/docs/operating/configuration/#endpoint 91 | properties: 92 | password: 93 | description: |- 94 | `password` specifies a key of a Secret containing the password for 95 | authentication. 96 | properties: 97 | key: 98 | description: 99 | The key of the secret to select from. Must be 100 | a valid secret key. 101 | type: string 102 | name: 103 | description: |- 104 | Name of the referent. 105 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 106 | TODO: Add other useful fields. apiVersion, kind, uid? 107 | type: string 108 | optional: 109 | description: 110 | Specify whether the Secret or its key must be 111 | defined 112 | type: boolean 113 | required: 114 | - key 115 | type: object 116 | x-kubernetes-map-type: atomic 117 | username: 118 | description: |- 119 | `username` specifies a key of a Secret containing the username for 120 | authentication. 121 | properties: 122 | key: 123 | description: 124 | The key of the secret to select from. Must be 125 | a valid secret key. 126 | type: string 127 | name: 128 | description: |- 129 | Name of the referent. 130 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 131 | TODO: Add other useful fields. apiVersion, kind, uid? 132 | type: string 133 | optional: 134 | description: 135 | Specify whether the Secret or its key must be 136 | defined 137 | type: boolean 138 | required: 139 | - key 140 | type: object 141 | x-kubernetes-map-type: atomic 142 | type: object 143 | bearerTokenSecret: 144 | description: |- 145 | Secret to mount to read bearer token for scraping targets. The secret 146 | needs to be in the same namespace as the probe and accessible by 147 | the Prometheus Operator. 148 | properties: 149 | key: 150 | description: 151 | The key of the secret to select from. Must be a 152 | valid secret key. 153 | type: string 154 | name: 155 | description: |- 156 | Name of the referent. 157 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 158 | TODO: Add other useful fields. apiVersion, kind, uid? 159 | type: string 160 | optional: 161 | description: Specify whether the Secret or its key must be defined 162 | type: boolean 163 | required: 164 | - key 165 | type: object 166 | x-kubernetes-map-type: atomic 167 | interval: 168 | description: |- 169 | Interval at which targets are probed using the configured prober. 170 | If not specified Prometheus' global scrape interval is used. 171 | pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 172 | type: string 173 | jobName: 174 | description: The job name assigned to scraped metrics by default. 175 | type: string 176 | keepDroppedTargets: 177 | description: |- 178 | Per-scrape limit on the number of targets dropped by relabeling 179 | that will be kept in memory. 0 means no limit. 180 | 181 | 182 | It requires Prometheus >= v2.47.0. 183 | format: int64 184 | type: integer 185 | labelLimit: 186 | description: |- 187 | Per-scrape limit on number of labels that will be accepted for a sample. 188 | Only valid in Prometheus versions 2.27.0 and newer. 189 | format: int64 190 | type: integer 191 | labelNameLengthLimit: 192 | description: |- 193 | Per-scrape limit on length of labels name that will be accepted for a sample. 194 | Only valid in Prometheus versions 2.27.0 and newer. 195 | format: int64 196 | type: integer 197 | labelValueLengthLimit: 198 | description: |- 199 | Per-scrape limit on length of labels value that will be accepted for a sample. 200 | Only valid in Prometheus versions 2.27.0 and newer. 201 | format: int64 202 | type: integer 203 | metricRelabelings: 204 | description: MetricRelabelConfigs to apply to samples before ingestion. 205 | items: 206 | description: |- 207 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts, 208 | scraped samples and remote write samples. 209 | 210 | 211 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config 212 | properties: 213 | action: 214 | default: replace 215 | description: |- 216 | Action to perform based on the regex matching. 217 | 218 | 219 | `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. 220 | `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 221 | 222 | 223 | Default: "Replace" 224 | enum: 225 | - replace 226 | - Replace 227 | - keep 228 | - Keep 229 | - drop 230 | - Drop 231 | - hashmod 232 | - HashMod 233 | - labelmap 234 | - LabelMap 235 | - labeldrop 236 | - LabelDrop 237 | - labelkeep 238 | - LabelKeep 239 | - lowercase 240 | - Lowercase 241 | - uppercase 242 | - Uppercase 243 | - keepequal 244 | - KeepEqual 245 | - dropequal 246 | - DropEqual 247 | type: string 248 | modulus: 249 | description: |- 250 | Modulus to take of the hash of the source label values. 251 | 252 | 253 | Only applicable when the action is `HashMod`. 254 | format: int64 255 | type: integer 256 | regex: 257 | description: 258 | Regular expression against which the extracted 259 | value is matched. 260 | type: string 261 | replacement: 262 | description: |- 263 | Replacement value against which a Replace action is performed if the 264 | regular expression matches. 265 | 266 | 267 | Regex capture groups are available. 268 | type: string 269 | separator: 270 | description: Separator is the string between concatenated SourceLabels. 271 | type: string 272 | sourceLabels: 273 | description: |- 274 | The source labels select values from existing labels. Their content is 275 | concatenated using the configured Separator and matched against the 276 | configured regular expression. 277 | items: 278 | description: |- 279 | LabelName is a valid Prometheus label name which may only contain ASCII 280 | letters, numbers, as well as underscores. 281 | pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ 282 | type: string 283 | type: array 284 | targetLabel: 285 | description: |- 286 | Label to which the resulting string is written in a replacement. 287 | 288 | 289 | It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, 290 | `KeepEqual` and `DropEqual` actions. 291 | 292 | 293 | Regex capture groups are available. 294 | type: string 295 | type: object 296 | type: array 297 | module: 298 | description: |- 299 | The module to use for probing specifying how to probe the target. 300 | Example module configuring in the blackbox exporter: 301 | https://github.com/prometheus/blackbox_exporter/blob/master/example.yml 302 | type: string 303 | oauth2: 304 | description: 305 | OAuth2 for the URL. Only valid in Prometheus versions 306 | 2.27.0 and newer. 307 | properties: 308 | clientId: 309 | description: |- 310 | `clientId` specifies a key of a Secret or ConfigMap containing the 311 | OAuth2 client's ID. 312 | properties: 313 | configMap: 314 | description: ConfigMap containing data to use for the targets. 315 | properties: 316 | key: 317 | description: The key to select. 318 | type: string 319 | name: 320 | description: |- 321 | Name of the referent. 322 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 323 | TODO: Add other useful fields. apiVersion, kind, uid? 324 | type: string 325 | optional: 326 | description: 327 | Specify whether the ConfigMap or its key 328 | must be defined 329 | type: boolean 330 | required: 331 | - key 332 | type: object 333 | x-kubernetes-map-type: atomic 334 | secret: 335 | description: Secret containing data to use for the targets. 336 | properties: 337 | key: 338 | description: 339 | The key of the secret to select from. Must 340 | be a valid secret key. 341 | type: string 342 | name: 343 | description: |- 344 | Name of the referent. 345 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 346 | TODO: Add other useful fields. apiVersion, kind, uid? 347 | type: string 348 | optional: 349 | description: 350 | Specify whether the Secret or its key must 351 | be defined 352 | type: boolean 353 | required: 354 | - key 355 | type: object 356 | x-kubernetes-map-type: atomic 357 | type: object 358 | clientSecret: 359 | description: |- 360 | `clientSecret` specifies a key of a Secret containing the OAuth2 361 | client's secret. 362 | properties: 363 | key: 364 | description: 365 | The key of the secret to select from. Must be 366 | a valid secret key. 367 | type: string 368 | name: 369 | description: |- 370 | Name of the referent. 371 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 372 | TODO: Add other useful fields. apiVersion, kind, uid? 373 | type: string 374 | optional: 375 | description: 376 | Specify whether the Secret or its key must be 377 | defined 378 | type: boolean 379 | required: 380 | - key 381 | type: object 382 | x-kubernetes-map-type: atomic 383 | endpointParams: 384 | additionalProperties: 385 | type: string 386 | description: |- 387 | `endpointParams` configures the HTTP parameters to append to the token 388 | URL. 389 | type: object 390 | scopes: 391 | description: 392 | "`scopes` defines the OAuth2 scopes used for the 393 | token request." 394 | items: 395 | type: string 396 | type: array 397 | tokenUrl: 398 | description: 399 | "`tokenURL` configures the URL to fetch the token 400 | from." 401 | minLength: 1 402 | type: string 403 | required: 404 | - clientId 405 | - clientSecret 406 | - tokenUrl 407 | type: object 408 | prober: 409 | description: |- 410 | Specification for the prober to use for probing targets. 411 | The prober.URL parameter is required. Targets cannot be probed if left empty. 412 | properties: 413 | path: 414 | default: /probe 415 | description: |- 416 | Path to collect metrics from. 417 | Defaults to `/probe`. 418 | type: string 419 | proxyUrl: 420 | description: Optional ProxyURL. 421 | type: string 422 | scheme: 423 | description: |- 424 | HTTP scheme to use for scraping. 425 | `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. 426 | If empty, Prometheus uses the default value `http`. 427 | enum: 428 | - http 429 | - https 430 | type: string 431 | url: 432 | description: Mandatory URL of the prober. 433 | type: string 434 | required: 435 | - url 436 | type: object 437 | sampleLimit: 438 | description: 439 | SampleLimit defines per-scrape limit on number of scraped 440 | samples that will be accepted. 441 | format: int64 442 | type: integer 443 | scrapeClass: 444 | description: The scrape class to apply. 445 | minLength: 1 446 | type: string 447 | scrapeProtocols: 448 | description: |- 449 | `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the 450 | protocols supported by Prometheus in order of preference (from most to least preferred). 451 | 452 | 453 | If unset, Prometheus uses its default value. 454 | 455 | 456 | It requires Prometheus >= v2.49.0. 457 | items: 458 | description: |- 459 | ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. 460 | Supported values are: 461 | * `OpenMetricsText0.0.1` 462 | * `OpenMetricsText1.0.0` 463 | * `PrometheusProto` 464 | * `PrometheusText0.0.4` 465 | enum: 466 | - PrometheusProto 467 | - OpenMetricsText0.0.1 468 | - OpenMetricsText1.0.0 469 | - PrometheusText0.0.4 470 | type: string 471 | type: array 472 | x-kubernetes-list-type: set 473 | scrapeTimeout: 474 | description: |- 475 | Timeout for scraping metrics from the Prometheus exporter. 476 | If not specified, the Prometheus global scrape timeout is used. 477 | pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 478 | type: string 479 | targetLimit: 480 | description: 481 | TargetLimit defines a limit on the number of scraped 482 | targets that will be accepted. 483 | format: int64 484 | type: integer 485 | targets: 486 | description: 487 | Targets defines a set of static or dynamically discovered 488 | targets to probe. 489 | properties: 490 | ingress: 491 | description: |- 492 | ingress defines the Ingress objects to probe and the relabeling 493 | configuration. 494 | If `staticConfig` is also defined, `staticConfig` takes precedence. 495 | properties: 496 | namespaceSelector: 497 | description: From which namespaces to select Ingress objects. 498 | properties: 499 | any: 500 | description: |- 501 | Boolean describing whether all namespaces are selected in contrast to a 502 | list restricting them. 503 | type: boolean 504 | matchNames: 505 | description: List of namespace names to select from. 506 | items: 507 | type: string 508 | type: array 509 | type: object 510 | relabelingConfigs: 511 | description: |- 512 | RelabelConfigs to apply to the label set of the target before it gets 513 | scraped. 514 | The original ingress address is available via the 515 | `__tmp_prometheus_ingress_address` label. It can be used to customize the 516 | probed URL. 517 | The original scrape job's name is available via the `__tmp_prometheus_job_name` label. 518 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config 519 | items: 520 | description: |- 521 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts, 522 | scraped samples and remote write samples. 523 | 524 | 525 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config 526 | properties: 527 | action: 528 | default: replace 529 | description: |- 530 | Action to perform based on the regex matching. 531 | 532 | 533 | `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. 534 | `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 535 | 536 | 537 | Default: "Replace" 538 | enum: 539 | - replace 540 | - Replace 541 | - keep 542 | - Keep 543 | - drop 544 | - Drop 545 | - hashmod 546 | - HashMod 547 | - labelmap 548 | - LabelMap 549 | - labeldrop 550 | - LabelDrop 551 | - labelkeep 552 | - LabelKeep 553 | - lowercase 554 | - Lowercase 555 | - uppercase 556 | - Uppercase 557 | - keepequal 558 | - KeepEqual 559 | - dropequal 560 | - DropEqual 561 | type: string 562 | modulus: 563 | description: |- 564 | Modulus to take of the hash of the source label values. 565 | 566 | 567 | Only applicable when the action is `HashMod`. 568 | format: int64 569 | type: integer 570 | regex: 571 | description: 572 | Regular expression against which the extracted 573 | value is matched. 574 | type: string 575 | replacement: 576 | description: |- 577 | Replacement value against which a Replace action is performed if the 578 | regular expression matches. 579 | 580 | 581 | Regex capture groups are available. 582 | type: string 583 | separator: 584 | description: 585 | Separator is the string between concatenated 586 | SourceLabels. 587 | type: string 588 | sourceLabels: 589 | description: |- 590 | The source labels select values from existing labels. Their content is 591 | concatenated using the configured Separator and matched against the 592 | configured regular expression. 593 | items: 594 | description: |- 595 | LabelName is a valid Prometheus label name which may only contain ASCII 596 | letters, numbers, as well as underscores. 597 | pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ 598 | type: string 599 | type: array 600 | targetLabel: 601 | description: |- 602 | Label to which the resulting string is written in a replacement. 603 | 604 | 605 | It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, 606 | `KeepEqual` and `DropEqual` actions. 607 | 608 | 609 | Regex capture groups are available. 610 | type: string 611 | type: object 612 | type: array 613 | selector: 614 | description: Selector to select the Ingress objects. 615 | properties: 616 | matchExpressions: 617 | description: 618 | matchExpressions is a list of label selector 619 | requirements. The requirements are ANDed. 620 | items: 621 | description: |- 622 | A label selector requirement is a selector that contains values, a key, and an operator that 623 | relates the key and values. 624 | properties: 625 | key: 626 | description: 627 | key is the label key that the selector 628 | applies to. 629 | type: string 630 | operator: 631 | description: |- 632 | operator represents a key's relationship to a set of values. 633 | Valid operators are In, NotIn, Exists and DoesNotExist. 634 | type: string 635 | values: 636 | description: |- 637 | values is an array of string values. If the operator is In or NotIn, 638 | the values array must be non-empty. If the operator is Exists or DoesNotExist, 639 | the values array must be empty. This array is replaced during a strategic 640 | merge patch. 641 | items: 642 | type: string 643 | type: array 644 | required: 645 | - key 646 | - operator 647 | type: object 648 | type: array 649 | matchLabels: 650 | additionalProperties: 651 | type: string 652 | description: |- 653 | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 654 | map is equivalent to an element of matchExpressions, whose key field is "key", the 655 | operator is "In", and the values array contains only "value". The requirements are ANDed. 656 | type: object 657 | type: object 658 | x-kubernetes-map-type: atomic 659 | type: object 660 | staticConfig: 661 | description: |- 662 | staticConfig defines the static list of targets to probe and the 663 | relabeling configuration. 664 | If `ingress` is also defined, `staticConfig` takes precedence. 665 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. 666 | properties: 667 | labels: 668 | additionalProperties: 669 | type: string 670 | description: 671 | Labels assigned to all metrics scraped from the 672 | targets. 673 | type: object 674 | relabelingConfigs: 675 | description: |- 676 | RelabelConfigs to apply to the label set of the targets before it gets 677 | scraped. 678 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config 679 | items: 680 | description: |- 681 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts, 682 | scraped samples and remote write samples. 683 | 684 | 685 | More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config 686 | properties: 687 | action: 688 | default: replace 689 | description: |- 690 | Action to perform based on the regex matching. 691 | 692 | 693 | `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. 694 | `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 695 | 696 | 697 | Default: "Replace" 698 | enum: 699 | - replace 700 | - Replace 701 | - keep 702 | - Keep 703 | - drop 704 | - Drop 705 | - hashmod 706 | - HashMod 707 | - labelmap 708 | - LabelMap 709 | - labeldrop 710 | - LabelDrop 711 | - labelkeep 712 | - LabelKeep 713 | - lowercase 714 | - Lowercase 715 | - uppercase 716 | - Uppercase 717 | - keepequal 718 | - KeepEqual 719 | - dropequal 720 | - DropEqual 721 | type: string 722 | modulus: 723 | description: |- 724 | Modulus to take of the hash of the source label values. 725 | 726 | 727 | Only applicable when the action is `HashMod`. 728 | format: int64 729 | type: integer 730 | regex: 731 | description: 732 | Regular expression against which the extracted 733 | value is matched. 734 | type: string 735 | replacement: 736 | description: |- 737 | Replacement value against which a Replace action is performed if the 738 | regular expression matches. 739 | 740 | 741 | Regex capture groups are available. 742 | type: string 743 | separator: 744 | description: 745 | Separator is the string between concatenated 746 | SourceLabels. 747 | type: string 748 | sourceLabels: 749 | description: |- 750 | The source labels select values from existing labels. Their content is 751 | concatenated using the configured Separator and matched against the 752 | configured regular expression. 753 | items: 754 | description: |- 755 | LabelName is a valid Prometheus label name which may only contain ASCII 756 | letters, numbers, as well as underscores. 757 | pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ 758 | type: string 759 | type: array 760 | targetLabel: 761 | description: |- 762 | Label to which the resulting string is written in a replacement. 763 | 764 | 765 | It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, 766 | `KeepEqual` and `DropEqual` actions. 767 | 768 | 769 | Regex capture groups are available. 770 | type: string 771 | type: object 772 | type: array 773 | static: 774 | description: The list of hosts to probe. 775 | items: 776 | type: string 777 | type: array 778 | type: object 779 | type: object 780 | tlsConfig: 781 | description: TLS configuration to use when scraping the endpoint. 782 | properties: 783 | ca: 784 | description: 785 | Certificate authority used when verifying server 786 | certificates. 787 | properties: 788 | configMap: 789 | description: ConfigMap containing data to use for the targets. 790 | properties: 791 | key: 792 | description: The key to select. 793 | type: string 794 | name: 795 | description: |- 796 | Name of the referent. 797 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 798 | TODO: Add other useful fields. apiVersion, kind, uid? 799 | type: string 800 | optional: 801 | description: 802 | Specify whether the ConfigMap or its key 803 | must be defined 804 | type: boolean 805 | required: 806 | - key 807 | type: object 808 | x-kubernetes-map-type: atomic 809 | secret: 810 | description: Secret containing data to use for the targets. 811 | properties: 812 | key: 813 | description: 814 | The key of the secret to select from. Must 815 | be a valid secret key. 816 | type: string 817 | name: 818 | description: |- 819 | Name of the referent. 820 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 821 | TODO: Add other useful fields. apiVersion, kind, uid? 822 | type: string 823 | optional: 824 | description: 825 | Specify whether the Secret or its key must 826 | be defined 827 | type: boolean 828 | required: 829 | - key 830 | type: object 831 | x-kubernetes-map-type: atomic 832 | type: object 833 | cert: 834 | description: Client certificate to present when doing client-authentication. 835 | properties: 836 | configMap: 837 | description: ConfigMap containing data to use for the targets. 838 | properties: 839 | key: 840 | description: The key to select. 841 | type: string 842 | name: 843 | description: |- 844 | Name of the referent. 845 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 846 | TODO: Add other useful fields. apiVersion, kind, uid? 847 | type: string 848 | optional: 849 | description: 850 | Specify whether the ConfigMap or its key 851 | must be defined 852 | type: boolean 853 | required: 854 | - key 855 | type: object 856 | x-kubernetes-map-type: atomic 857 | secret: 858 | description: Secret containing data to use for the targets. 859 | properties: 860 | key: 861 | description: 862 | The key of the secret to select from. Must 863 | be a valid secret key. 864 | type: string 865 | name: 866 | description: |- 867 | Name of the referent. 868 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 869 | TODO: Add other useful fields. apiVersion, kind, uid? 870 | type: string 871 | optional: 872 | description: 873 | Specify whether the Secret or its key must 874 | be defined 875 | type: boolean 876 | required: 877 | - key 878 | type: object 879 | x-kubernetes-map-type: atomic 880 | type: object 881 | insecureSkipVerify: 882 | description: Disable target certificate validation. 883 | type: boolean 884 | keySecret: 885 | description: Secret containing the client key file for the targets. 886 | properties: 887 | key: 888 | description: 889 | The key of the secret to select from. Must be 890 | a valid secret key. 891 | type: string 892 | name: 893 | description: |- 894 | Name of the referent. 895 | More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 896 | TODO: Add other useful fields. apiVersion, kind, uid? 897 | type: string 898 | optional: 899 | description: 900 | Specify whether the Secret or its key must be 901 | defined 902 | type: boolean 903 | required: 904 | - key 905 | type: object 906 | x-kubernetes-map-type: atomic 907 | serverName: 908 | description: Used to verify the hostname for the targets. 909 | type: string 910 | type: object 911 | type: object 912 | required: 913 | - spec 914 | type: object 915 | served: true 916 | storage: true 917 | --------------------------------------------------------------------------------