├── Jenkinsfile ├── LICENSE ├── Makefile ├── README.md ├── common ├── aws-addons.jsonnet ├── config │ ├── alertmanager.jsonnet │ ├── blackbox.jsonnet │ ├── prometheus.jsonnet │ └── sre.rules ├── elasticsearch.jsonnet ├── jenkins.jsonnet ├── kube-cert-manager.jsonnet ├── kube-svc-watch.jsonnet ├── nginx-ingress.jsonnet ├── prometheus.jsonnet ├── route53-upsert.jsonnet └── squid.jsonnet ├── doc └── jenkins.md ├── generated ├── one.k8s.dev.bitnami.net │ ├── aws-addons │ │ ├── dashboard.json │ │ ├── dashboard_svc.json │ │ ├── default.json │ │ ├── elasticsearch_logging.json │ │ ├── elasticsearch_logging_svc.json │ │ ├── fast.json │ │ ├── fluentd_es.json │ │ ├── heapster.json │ │ ├── heapster_svc.json │ │ ├── kibana_logging.json │ │ ├── kibana_logging_ing.json │ │ ├── kibana_logging_svc.json │ │ └── slow.json │ ├── jenkins │ │ ├── jenkins_discovery_svc.json │ │ ├── jenkins_home.json │ │ ├── jenkins_ing.json │ │ ├── jenkins_master.json │ │ ├── jenkins_ns.json │ │ ├── jenkins_secret.json │ │ └── jenkins_svc.json │ ├── monitoring │ │ ├── alertmanager.json │ │ ├── alertmanager_config.json │ │ ├── alertmanager_data.json │ │ ├── alertmanager_ing.json │ │ ├── alertmanager_svc.json │ │ ├── alertmanager_templates.json │ │ ├── blackbox.json │ │ ├── blackbox_config.json │ │ ├── blackbox_svc.json │ │ ├── grafana.json │ │ ├── grafana_ing.json │ │ ├── grafana_svc.json │ │ ├── ksm.json │ │ ├── node_exporter.json │ │ ├── node_exporter_svc.json │ │ ├── prometheus.json │ │ ├── prometheus_config.json │ │ ├── prometheus_data.json │ │ ├── prometheus_ing.json │ │ ├── prometheus_svc.json │ │ └── svc_watch.json │ ├── nginx-ingress │ │ ├── default_http_backend.json │ │ ├── default_http_backend_svc.json │ │ ├── kcm.json │ │ ├── kcm_pvc.json │ │ ├── kcm_resource.json │ │ ├── nginx.json │ │ ├── nginx_config.json │ │ ├── nginx_ingress_ns.json │ │ └── nginx_svc.json │ └── squid │ │ ├── squid.json │ │ ├── squid_data.json │ │ ├── squid_ns.json │ │ └── squid_service.json ├── one.k8s.int.bitnami.net │ ├── aws-addons │ │ ├── dashboard.json │ │ ├── dashboard_svc.json │ │ ├── default.json │ │ ├── elasticsearch_logging.json │ │ ├── elasticsearch_logging_svc.json │ │ ├── fast.json │ │ ├── fluentd_es.json │ │ ├── heapster.json │ │ ├── heapster_svc.json │ │ ├── kibana_logging.json │ │ ├── kibana_logging_ing.json │ │ ├── kibana_logging_svc.json │ │ └── slow.json │ ├── jenkins │ │ ├── jenkins_discovery_svc.json │ │ ├── jenkins_home.json │ │ ├── jenkins_ing.json │ │ ├── jenkins_master.json │ │ ├── jenkins_ns.json │ │ ├── jenkins_secret.json │ │ └── jenkins_svc.json │ ├── monitoring │ │ ├── alertmanager.json │ │ ├── alertmanager_config.json │ │ ├── alertmanager_data.json │ │ ├── alertmanager_ing.json │ │ ├── alertmanager_svc.json │ │ ├── alertmanager_templates.json │ │ ├── blackbox.json │ │ ├── blackbox_config.json │ │ ├── blackbox_svc.json │ │ ├── grafana.json │ │ ├── grafana_data.json │ │ ├── grafana_ing.json │ │ ├── grafana_svc.json │ │ ├── ksm.json │ │ ├── node_exporter.json │ │ ├── node_exporter_svc.json │ │ ├── prometheus.json │ │ ├── prometheus_config.json │ │ ├── prometheus_data.json │ │ ├── prometheus_ing.json │ │ ├── prometheus_ns.json │ │ ├── prometheus_svc.json │ │ └── svc_watch.json │ ├── nginx-ingress │ │ ├── default_http_backend.json │ │ ├── default_http_backend_svc.json │ │ ├── kcm.json │ │ ├── kcm_pvc.json │ │ ├── kcm_resource.json │ │ ├── nginx.json │ │ ├── nginx_config.json │ │ ├── nginx_ingress_ns.json │ │ └── nginx_svc.json │ └── squid │ │ ├── squid.json │ │ ├── squid_data.json │ │ ├── squid_ns.json │ │ └── squid_service.json └── one.k8s.web.bitnami.net │ ├── aws-addons │ ├── dashboard.json │ ├── dashboard_svc.json │ ├── default.json │ ├── elasticsearch_logging.json │ ├── elasticsearch_logging_svc.json │ ├── fast.json │ ├── fluentd_es.json │ ├── heapster.json │ ├── heapster_svc.json │ ├── kibana_logging.json │ ├── kibana_logging_ing.json │ ├── kibana_logging_svc.json │ └── slow.json │ ├── monitoring │ ├── alertmanager_templates.json │ ├── blackbox.json │ ├── blackbox_config.json │ ├── blackbox_svc.json │ ├── ksm.json │ ├── node_exporter.json │ ├── node_exporter_svc.json │ ├── prometheus.json │ ├── prometheus_config.json │ ├── prometheus_data.json │ ├── prometheus_ing.json │ ├── prometheus_ns.json │ ├── prometheus_svc.json │ └── svc_watch.json │ └── nginx-ingress │ ├── default_http_backend.json │ ├── default_http_backend_svc.json │ ├── kcm.json │ ├── kcm_pvc.json │ ├── kcm_resource.json │ ├── nginx.json │ ├── nginx_config.json │ ├── nginx_ingress_ns.json │ └── nginx_svc.json ├── lib ├── bitnami.libsonnet └── kube.libsonnet ├── one.k8s.dev.bitnami.net ├── aws-addons.jsonnet ├── config │ ├── alertmanager.jsonnet │ ├── blackbox.jsonnet │ ├── gus-testing.rules │ └── prometheus.jsonnet ├── jenkins.jsonnet ├── monitoring.jsonnet ├── nginx-ingress.jsonnet └── squid.jsonnet ├── one.k8s.int.bitnami.net ├── aws-addons.jsonnet ├── config │ ├── alertmanager.jsonnet │ ├── blackbox.jsonnet │ └── prometheus.jsonnet ├── jenkins.jsonnet ├── monitoring.jsonnet ├── nginx-ingress.jsonnet └── squid.jsonnet ├── one.k8s.web.bitnami.net ├── aws-addons.jsonnet ├── config │ ├── blackbox.jsonnet │ └── prometheus.jsonnet ├── monitoring.jsonnet └── nginx-ingress.jsonnet ├── tests ├── Dockerfile ├── test_fmt.sh ├── test_generated.sh ├── test_prom_rules.sh └── test_valid.sh └── tools ├── deploy.sh ├── kubecfg.sh ├── kubesh ├── rebuild.sh └── rsync_rsh.sh /Jenkinsfile: -------------------------------------------------------------------------------- 1 | #!groovy 2 | 3 | node('docker') { 4 | def testEnv 5 | stage('Build') { 6 | checkout scm 7 | 8 | testEnv = docker.build('jsonnettest', 9 | "--build-arg=http_proxy=${env.http_proxy} tests") 10 | } 11 | 12 | stage('Test') { 13 | parallel(fmt: { 14 | testEnv.inside { 15 | sh 'tests/test_fmt.sh' 16 | } 17 | }, 18 | generated: { 19 | testEnv.inside { 20 | sh 'tests/test_generated.sh' 21 | } 22 | }, 23 | validate: { 24 | withKubeApi(testEnv) { 25 | sh 'KUBERNETES_SERVICE_PORT=443 tests/test_valid.sh' 26 | } 27 | }, 28 | prometheus: { 29 | docker.image('prom/prometheus:v1.4.1').inside { 30 | sh 'tests/test_prom_rules.sh' 31 | } 32 | }, 33 | ) 34 | } 35 | 36 | if (env.BRANCH_NAME == "master") { 37 | stage('Deploy') { 38 | withKubeApi(testEnv) { 39 | // I don't understand why KUBERNETES_SERVICE_PORT doesn't 40 | // survive withEnv, but I swear it "disappears". 41 | sh 'KUBERNETES_SERVICE_PORT=443 tools/deploy.sh one.k8s.dev.bitnami.net' 42 | } 43 | } 44 | } 45 | } 46 | 47 | def withKubeApi(img, c) { 48 | def tokenDir = '/var/run/secrets/kubernetes.io/serviceaccount' 49 | img.inside("-v ${tokenDir}:${tokenDir}") { 50 | // kubectl writes things to $HOME/.kube - more than just $KUBECONFIG :( 51 | withEnv(["HOME=${env.WORKSPACE}", 52 | 'KUBERNETES_SERVICE_HOST=kubernetes.default.svc.cluster.local', 53 | 'KUBERNETES_SERVICE_PORT=443']) { 54 | c() 55 | } 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Provides 'build' and 'test' targets. Uses docker. 2 | 3 | UID := $(shell id -u) 4 | GID := $(shell id -g) 5 | 6 | # Eg: if you need sudo, run with DOCKER_PREFIX=sudo 7 | DOCKER_PREFIX = 8 | 9 | DOCKER = $(DOCKER_PREFIX) docker 10 | DOCKER_BUILD = $(DOCKER) build --build-arg http_proxy=$(http_proxy) 11 | DOCKER_RUN = $(DOCKER) run --rm --network=host -u $(UID):$(GID) \ 12 | -v $(CURDIR):$(CURDIR) -w $(CURDIR) \ 13 | -v $(HOME)/.kube/config:/kubeconfig \ 14 | -v $(HOME)/.kube/cache:/home/user/.kube/cache \ 15 | -e TERM=$(TERM) -e KUBECONFIG=/kubeconfig 16 | 17 | TESTS = test-fmt test-generated test-valid test-prom_rules 18 | 19 | all: build 20 | 21 | docker-kube-manifests: tests/Dockerfile 22 | # --build-arg breaks docker caching, so fake it ourselves 23 | if [ -z "$(shell $(DOCKER) images -q kube-manifests)" ]; then \ 24 | $(DOCKER_BUILD) -t kube-manifests tests; \ 25 | fi 26 | 27 | build: docker-kube-manifests 28 | $(DOCKER_RUN) kube-manifests tools/rebuild.sh 29 | 30 | test-%: tests/test_%.sh docker-kube-manifests 31 | $(DOCKER_RUN) kube-manifests $< 32 | 33 | test-prom_rules: tests/test_prom_rules.sh 34 | $(DOCKER_RUN) --entrypoint /bin/sh prom/prometheus $< 35 | 36 | test: $(TESTS) 37 | 38 | .PHONY: all build test docker-kube-manifests 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WARNING: SRE Kube Manifests is no longer actively maintained by VMware. 2 | VMware has made the difficult decision to stop driving this project and therefore we will no longer actively respond to issues or pull requests. If you would like to take over maintaining this project independently from VMware, please let us know so we can add a link to your forked project here. 3 | 4 | Thank You. 5 | 6 | # Bitnami kube-manifests 7 | 8 | A collection of misc kubernetes configs for various jobs, as used in 9 | Bitnami's production clusters. This is probably not useful directly 10 | for anyone else, but we hope it serves as a non-demo example of "real" 11 | Kubernetes configuration. 12 | 13 | Most of the code comments and instructions below are intended for 14 | Bitnami employees making changes to our production clusters. 15 | 16 | Uses [jsonnet](http://jsonnet.org/) and 17 | [kubectl](https://kubernetes.io/docs/user-guide/prereqs/) command line 18 | tools. See `Makefile` for a docker container with these installed. 19 | 20 | 21 | ## Cheat Sheet 22 | ``` 23 | # Rebuild generated json (from jsonnet). 24 | # Any modified files should be included in your git commit. 25 | make build 26 | 27 | # Run test-suite 28 | make test 29 | 30 | # Create resources 31 | ./tools/kubecfg.sh squid.jsonnet create 32 | # Update resources 33 | ./tools/kubecfg.sh squid.jsonnet update 34 | 35 | # Same thing directly for whatever reason 36 | jsonnet -J lib squid.jsonnet | kubectl replace -f - 37 | # .. or using the generated json 38 | kubectl replace -R -f generated/one.k8s.dev.bitnami.net/squid 39 | ``` 40 | 41 | ## Workflow 42 | 43 | - Usual github pull-request workflow: Fork the github repo, clone 44 | locally and make your desired change to the jsonnet files using your 45 | favourite editor. 46 | 47 | - Run `make` to regenerate the JSON. *Add the generated files to your 48 | commit*. You (and your reviewer) can use these to confirm that your 49 | jsonnet change does what you expect. 50 | 51 | - If you need to iterate interactively, you can push your change 52 | to our `dev` cluster using 53 | `./tools/kubecfg.sh one.k8s.dev.bitnami.net/foo.jsonnet update`. Try 54 | to clean up after yourself. 55 | 56 | - When ready, push to personal github fork and create a pull request 57 | in the usual github way. 58 | 59 | - Our jenkins instance will run `tests/test_*.sh` and report 60 | success/failure on the pull-request. 61 | 62 | - After jenkins success and appropriate reviewer approval, merge the 63 | pull request into the `master` branch. 64 | 65 | - Jenkins will now automatically run `./tools/deploy.sh` against each 66 | cluster. 67 | 68 | ## Tests 69 | 70 | `./tests/test_*.sh` will be run against the codebase before merge. 71 | 72 | Note that `tests/test_generated.sh` asserts that `generated/` is up to 73 | date, effectively requiring every substantive jsonnet change to run 74 | `tools/rebuild.sh`. 75 | 76 | ## Directory Layout 77 | 78 | The interesting bit is these directories: 79 | 80 | ``` 81 | ├── common 82 | │ └── config 83 | ├── one.k8s.dev.bitnami.net 84 | │ └── config 85 | ├── one.k8s.int.bitnami.net 86 | │ └── config 87 | └── one.k8s.web.bitnami.net 88 | └── config 89 | ``` 90 | 91 | Most of the configuration is in per-component files in `common/`. 92 | These files are then assembled and "specialised" in per-cluster files 93 | below each of the cluster-named directories. There is a similar 94 | `foo/config/` directory stack used in a similar way for non-Kubernetes 95 | config files (mostly prometheus at the moment). 96 | 97 | The jsonnet files rely heavily on `lib/kube.libsonnet`, which contains 98 | jsonnet black-magic to help construct objects that conform to the 99 | regular Kubernetes (JSON/YAML) API schema. 100 | -------------------------------------------------------------------------------- /common/config/alertmanager.jsonnet: -------------------------------------------------------------------------------- 1 | // alertmanager/config.yml 2 | 3 | local mapToNamedList(namefield, obj) = 4 | [{ [namefield]: n } + obj[n] for n in std.objectFields(obj)]; 5 | 6 | { 7 | global: { 8 | resolve_timeout: "5m", 9 | 10 | // Restricted Gmail SMTP server - can only send to GMail or 11 | // GSuite, and may get spam filtered. 12 | smtp_smarthost: "aspmx.l.google.com", 13 | smtp_from: "sre+alertmanager@bitnami.com", 14 | 15 | slack_api_url: "https://hooks.slack.com/services/", 16 | }, 17 | 18 | templates: ["/etc/alertmanager-templates/*.tmpl"], 19 | 20 | inhibit_rules: [ 21 | { 22 | source_match: { severity: "critical" }, 23 | target_match: { severity: "warning" }, 24 | equal: ["alertname", "cluster", "service"], 25 | }, 26 | ], 27 | 28 | route: { 29 | group_by: ["alertmanager", "cluster", "service"], 30 | group_wait: "1m", 31 | group_interval: "10m", 32 | repeat_interval: "8h", 33 | receiver: "default", 34 | 35 | routes: [], 36 | }, 37 | 38 | receivers: mapToNamedList("name", self.receivers_), 39 | receivers_:: { 40 | local slack_defaults = { 41 | title: "{{ range .Alerts }}{{ .Annotations.summary }} {{ end }}", 42 | text: "{{ range .Alerts }}{{ .Annotations.description }} {{ end }}", 43 | }, 44 | 45 | default: { 46 | slack_configs: [ 47 | slack_defaults { 48 | channel: "#alert-testing", 49 | send_resolved: true, 50 | }, 51 | ], 52 | }, 53 | 54 | sre_slack: { 55 | slack_configs: [ 56 | slack_defaults { 57 | channel: "#sre-incidents", 58 | }, 59 | ], 60 | }, 61 | 62 | sre_email: { 63 | email_configs: [ 64 | { to: "sre+alerts@bitnami.com" }, 65 | ], 66 | }, 67 | }, 68 | } 69 | -------------------------------------------------------------------------------- /common/config/blackbox.jsonnet: -------------------------------------------------------------------------------- 1 | // blackbox.yml 2 | 3 | { 4 | modules: { 5 | http_2xx: { 6 | prober: "http", 7 | timeout: "5s", 8 | http: { 9 | method: "GET", 10 | //valid_status_codes: [], // Defaults to 2xx 11 | no_follow_redirects: false, // ie: *do* follow redirects 12 | }, 13 | }, 14 | 15 | ssh: { 16 | prober: "tcp", 17 | timeout: "5s", 18 | tcp: { 19 | query_response: [ 20 | { expect: "^SSH-2.0-" }, 21 | ], 22 | }, 23 | }, 24 | }, 25 | } 26 | -------------------------------------------------------------------------------- /common/config/sre.rules: -------------------------------------------------------------------------------- 1 | # Constantly restarting containers 2 | ALERT CrashLooping 3 | IF sum(rate(kube_pod_container_status_restarts[15m])) by (namespace,container) * 3600 > 0 4 | FOR 1h 5 | LABELS { severity = "notice" } 6 | ANNOTATIONS { 7 | summary = "Frequently restarting containers", 8 | description = "{{ $labels.namespace }}/{{ $labels.container }} is restarting {{ $value }} times per hour", 9 | } 10 | 11 | # NB: Probably won't be able to alert, if the config is sufficiently broken. 12 | ALERT PrometheusBadConfig 13 | IF prometheus_config_last_reload_successful{kubernetes_namespace="monitoring"} == 0 14 | FOR 10m 15 | LABELS { severity = "critical" } 16 | ANNOTATIONS { 17 | summary = "Prometheus failed to reload config", 18 | description = "Config error with prometheus, see container logs", 19 | } 20 | 21 | # NB: Probably won't be able to alert, if the config is sufficiently broken. 22 | ALERT AlertmanagerBadConfig 23 | IF alertmanager_config_last_reload_successful{kubernetes_namespace="monitoring"} == 0 24 | FOR 10m 25 | LABELS { severity = "critical" } 26 | ANNOTATIONS { 27 | summary = "Alertmanager failed to reload config", 28 | description = "Config error with alertmanager, see container logs", 29 | } 30 | 31 | # NB: Probably won't be able to alert, if prom/am are hard down. 32 | ALERT MonitoringJobDown 33 | IF up{kubernetes_namespace="monitoring", name="prometheus"} != 1 or 34 | up{kubernetes_namespace="monitoring", name="alertmanager"} != 1 or 35 | up{kubernetes_namespace="monitoring", name="blackbox"} != 1 or 36 | up{kubernetes_namespace="monitoring", name="kube-state-metrics"} != 1 37 | FOR 10m 38 | LABELS { severity = "critical" } 39 | ANNOTATIONS { 40 | summary = "Required monitoring job is not running", 41 | description = "{{ $labels.kubernetes_namespace }}/{{ $labels.kubernetes_name }} is down", 42 | } 43 | 44 | # This "legitimately" gets out of sync during a cluster 45 | # rolling-update, and the impact isn't as great - so use a more 46 | # forgiving duration. 47 | ALERT MonitoringJobDownNode 48 | IF sum(up{kubernetes_namespace="monitoring",name="node-exporter"}) != 49 | sum(kube_node_status_ready{condition="true"}) 50 | FOR 60m 51 | LABELS { severity = "warning" } 52 | ANNOTATIONS { 53 | summary = "Node-level monitoring job is not running", 54 | description = "node-exporter is down", 55 | } 56 | 57 | ALERT UnderservedAZ 58 | IF sum(up{job="kubernetes_nodes"}) by (failure_domain_beta_kubernetes_io_zone) < 2 59 | FOR 1h 60 | TODO: LABELS { severity = "notice" } 61 | ANNOTATIONS { 62 | summary = "Not enough nodes in AZ", 63 | description = "Only {{ $value }} nodes are up in AZ {{ $labels.failure_domain_beta_kubernetes_io_zone }}", 64 | } 65 | 66 | # This is alerting on a cause rather than a symptom, so is likely to be 67 | # noisy. May want to revisit/remove. 68 | ALERT NodeNotReady 69 | IF max(kube_node_status_ready{condition="false"} == 1) by (node) 70 | FOR 1d 71 | TODO: LABELS { severity = "notice" } 72 | ANNOTATIONS { 73 | summary = "Node not ready for a long time", 74 | description = "{{ $labels.node }} has been unready for more than a day", 75 | } 76 | 77 | ALERT K8sApiUnavailable 78 | IF max(up{job="kubernetes_apiservers"}) != 1 79 | FOR 10m 80 | TODO: LABELS { severity = "critical" } 81 | ANNOTATIONS { 82 | summary = "Kubernetes API is unavailable", 83 | description = "Kubernetes API is not responding", 84 | } 85 | -------------------------------------------------------------------------------- /common/jenkins.jsonnet: -------------------------------------------------------------------------------- 1 | // Jenkins master (and slaves) on Kubernetes. 2 | // 3 | // Vaguely inspired by 4 | // https://cloud.google.com/solutions/jenkins-on-container-engine 5 | // 6 | // See doc/jenkins.md for post-install setup instructions. 7 | 8 | local kube = import "kube.libsonnet"; 9 | local bitnami = import "bitnami.libsonnet"; 10 | 11 | local jenkins = { 12 | namespace:: null, 13 | 14 | jenkins_svc: kube.Service("jenkins") + bitnami.PromScrape(8080) { 15 | target_pod: $.jenkins_master.spec.template, 16 | spec+: { 17 | ports: [{ port: 80, targetPort: "ui" }], 18 | }, 19 | metadata+: { 20 | namespace: $.namespace, 21 | }, 22 | prom_path: "/prometheus", 23 | }, 24 | 25 | jenkins_discovery_svc: kube.Service("jenkins-discovery") { 26 | metadata+: { namespace: $.namespace }, 27 | target_pod: $.jenkins_master.spec.template, 28 | spec+: { 29 | ports: [{ port: 50000, targetPort: "slaves" }], 30 | }, 31 | }, 32 | 33 | jenkins_ing: bitnami.Ingress("jenkins") { 34 | metadata+: { namespace: $.namespace }, 35 | target_svc: $.jenkins_svc, 36 | }, 37 | 38 | jenkins_home: kube.PersistentVolumeClaim("jenkins-home") { 39 | metadata+: { namespace: $.namespace }, 40 | storage: "15Gi", 41 | }, 42 | 43 | jenkins_secret: kube.Secret("jenkins") { 44 | metadata+: { namespace: $.namespace }, 45 | data_+: { 46 | // "--argumentsRealm.passwd.jenkins=CHANGE_ME --argumentsRealm.roles.jenkins=admin", 47 | options: "", 48 | }, 49 | }, 50 | 51 | jenkins_chown:: kube.Container("chown-jenkins") { 52 | image: "busybox", 53 | command: ["chown", "1000:1000", "/jenkins_home"], 54 | volumeMounts_+: { 55 | jenkinshome: { mountPath: "/jenkins_home" }, 56 | }, 57 | }, 58 | 59 | jenkins_master: kube.Deployment("jenkins") { 60 | metadata+: { namespace: $.namespace }, 61 | spec+: { 62 | template+: { 63 | spec+: { 64 | containers_+: { 65 | master: kube.Container("master") { 66 | local c = self, 67 | image: "jenkins:2.32.3", 68 | ports_+: { 69 | ui: { containerPort: 8080 }, 70 | slaves: { containerPort: 50000 }, 71 | }, 72 | env_+: { 73 | JENKINS_OPTS: kube.SecretKeyRef($.jenkins_secret, "options"), 74 | JAVA_OPTS: "-Xmx%dm -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85" % [ 75 | kube.siToNum(c.resources.requests.memory) / kube.siToNum("1Mi"), 76 | ], 77 | }, 78 | volumeMounts_+: { 79 | jenkinshome: { mountPath: "/var/jenkins_home" }, 80 | }, 81 | resources: { 82 | limits: { 83 | cpu: "1", 84 | memory: "1000Mi", 85 | }, 86 | requests: { 87 | cpu: "0.5", 88 | memory: "500Mi", 89 | }, 90 | }, 91 | livenessProbe: { 92 | httpGet: { 93 | path: "/login", 94 | port: "ui", 95 | }, 96 | // Jenkins can legitimately take a long time to start up 97 | initialDelaySeconds: 120, 98 | // Jenkins can legitimately fail health checks while restarting 99 | timeoutSeconds: 20, 100 | failureThreshold: 6, // ie: 6 * periodSeconds (default=10) is ok 101 | }, 102 | readinessProbe: c.livenessProbe { 103 | successThreshold: 2, 104 | }, 105 | lifecycle: { 106 | preStop: { 107 | httpGet: { path: "/quietDown", port: "ui" }, 108 | }, 109 | }, 110 | }, 111 | }, 112 | terminationGracePeriodSeconds: 5 * 60, 113 | securityContext: { 114 | // make pvc owned by this gid 115 | fsGroup: 1000, 116 | }, 117 | volumes_+: { 118 | jenkinshome: kube.PersistentVolumeClaimVolume($.jenkins_home), 119 | }, 120 | }, 121 | }, 122 | }, 123 | }, 124 | }; 125 | 126 | kube.List() { items_+: jenkins } 127 | -------------------------------------------------------------------------------- /common/kube-cert-manager.jsonnet: -------------------------------------------------------------------------------- 1 | // LetsEncrypt client using DNS challenges 2 | // 3 | // # Setup notes 4 | // 5 | // ``` 6 | // aws route53 list-hosted-zones (find Id for $name.bitnami.net.) 7 | // zid=... 8 | // ``` 9 | // 10 | // ## Wildcard DNS setup: 11 | // ``` 12 | // elb=$(kubectl get svc -n nginx-ingress nginx-ingress -o jsonpath="{.status.loadBalancer.ingress[*].hostname}") 13 | // jsonnet -V cname='*.k.dev.bitnami.net' -V value=$elb common/route53-upsert.jsonnet >/tmp/change.json 14 | // aws route53 change-resource-record-sets --hosted-zone-id $zid --change-batch file:///tmp/change.json 15 | // ``` 16 | // 17 | // ## Service account setup: 18 | // ``` 19 | // n=one-k8s-dev-kube-cert-manager 20 | // aws iam create-user --user-name $n 21 | // aws iam create-access-key --user-name $n 22 | // kubectl create secret generic kube-cert-manager-aws -n nginx-ingress \ 23 | // --from-literal=access_key_id=... --from-literal=secret_access_key=... 24 | // aws route53 list-hosted-zones 25 | // aws iam attach-user-policy --user-name $n \ 26 | // --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess 27 | // ``` 28 | 29 | local kube = import "kube.libsonnet"; 30 | 31 | local all = { 32 | namespace:: null, 33 | 34 | kcm_resource: kube.ThirdPartyResource("certificate.stable.k8s.psg.io") { 35 | description: "A specification of a Let's Encrypt Certificate to manage.", 36 | versions_: ["v1"], 37 | }, 38 | 39 | kcm_pvc: kube.PersistentVolumeClaim("kube-cert-manager") { 40 | metadata+: { namespace: $.namespace }, 41 | storage: "8G", 42 | }, 43 | 44 | kcm_secret:: kube.Secret("kube-cert-manager-aws") { 45 | metadata+: { namespace: $.namespace }, 46 | data_+: { 47 | access_key_id: error "provided externally", 48 | secret_access_key: error "provided externally", 49 | }, 50 | }, 51 | 52 | kcm: kube.Deployment("kube-cert-manager") { 53 | metadata+: { namespace: $.namespace }, 54 | spec+: { 55 | template+: { 56 | spec+: { 57 | default_container: "kcm", 58 | containers_+: { 59 | kcm: kube.Container("kube-cert-manager") { 60 | image: "palmstonegames/kube-cert-manager:0.3.1", 61 | args_+: { 62 | "data-dir": "/var/lib/cert-manager", 63 | // staging: "https://acme-staging.api.letsencrypt.org/directory" 64 | "acme-url": "https://acme-v01.api.letsencrypt.org/directory", 65 | }, 66 | env_+: { 67 | // See https://github.com/PalmStoneGames/kube-cert-manager/blob/master/docs/providers.md 68 | AWS_ACCESS_KEY_ID: kube.SecretKeyRef($.kcm_secret, "access_key_id"), 69 | AWS_SECRET_ACCESS_KEY: kube.SecretKeyRef($.kcm_secret, "secret_access_key"), 70 | }, 71 | ports_+: { 72 | http: { containerPort: 8080 }, 73 | tls_sni: { containerPort: 8081 }, 74 | }, 75 | volumeMounts_+: { 76 | data: { mountPath: "/var/lib/cert-manager" }, 77 | }, 78 | }, 79 | kubectl_proxy: kube.Container("kubectl-proxy") { 80 | image: "palmstonegames/kubectl-proxy:1.4.0", 81 | }, 82 | }, 83 | volumes_+: { 84 | data: kube.PersistentVolumeClaimVolume($.kcm_pvc), 85 | }, 86 | }, 87 | }, 88 | }, 89 | }, 90 | }; 91 | 92 | kube.List() { items_+: all } 93 | -------------------------------------------------------------------------------- /common/kube-svc-watch.jsonnet: -------------------------------------------------------------------------------- 1 | // Report on count of internal/external Services, and optionally kill 2 | // external services when found. 3 | 4 | local kube = import "kube.libsonnet"; 5 | 6 | local all = { 7 | namespace:: null, 8 | 9 | svc_watch: kube.Deployment("kube-svc-watch") { 10 | metadata+: { namespace: $.namespace }, 11 | 12 | spec+: { 13 | template+: { 14 | local tmpl = self, 15 | metadata+: { 16 | annotations+: { 17 | "prometheus.io/scrape": "true", 18 | "prometheus.io/port": std.toString(tmpl.spec.containers_.ksw.ports_.metrics.containerPort), 19 | }, 20 | }, 21 | spec+: { 22 | containers_+: { 23 | ksw: kube.Container("kube-svc-watch") { 24 | // This is https://github.com/anguslees/kube-svc-watch 25 | image: "gcr.io/bitnami-images/kube-svc-watch:jenkins-sre-k8s-kube-svc-watch-22", 26 | command: ["kube-svc-watch"], 27 | args_+: { 28 | logtostderr: true, 29 | }, 30 | ports_+: { 31 | metrics: { containerPort: 8080 }, 32 | }, 33 | resources: { 34 | limits: { cpu: "10m", memory: "32Mi" }, 35 | }, 36 | }, 37 | }, 38 | }, 39 | }, 40 | }, 41 | }, 42 | }; 43 | 44 | kube.List() { items_+: all } 45 | -------------------------------------------------------------------------------- /common/route53-upsert.jsonnet: -------------------------------------------------------------------------------- 1 | // Helper for creating AWS CNAME records for kube-cert-manager. See 2 | // comments in `kube-cert-manager.jsonnet`. 3 | 4 | local cname = std.extVar("cname"); 5 | local value = std.extVar("value"); 6 | 7 | { 8 | Changes: [ 9 | { 10 | Action: "UPSERT", 11 | ResourceRecordSet: { 12 | Name: cname, 13 | Type: "CNAME", 14 | TTL: 300, 15 | ResourceRecords: [ 16 | { Value: if std.endsWith(value, ".") then value else value + "." }, 17 | ], 18 | }, 19 | }, 20 | ], 21 | } 22 | -------------------------------------------------------------------------------- /common/squid.jsonnet: -------------------------------------------------------------------------------- 1 | // Basic squid web cache 2 | // 3 | // Good for accelerating in-cluster docker builds, jenkins jobs, etc. 4 | // Also serves as a simple example. 5 | 6 | local kube = import "kube.libsonnet"; 7 | 8 | local squid = { 9 | namespace:: null, 10 | 11 | // eg: http_proxy=http://proxy.$namespace:80/ 12 | url:: $.squid_service.http_url, 13 | 14 | squid_service: kube.Service("proxy") { 15 | metadata+: { namespace: $.namespace }, 16 | target_pod: $.squid.spec.template, 17 | port: 80, 18 | }, 19 | 20 | squid_data: kube.PersistentVolumeClaim("proxy") { 21 | metadata+: { namespace: $.namespace }, 22 | storage: "10G", 23 | }, 24 | 25 | squid: kube.Deployment("proxy") { 26 | metadata+: { namespace: $.namespace }, 27 | spec+: { 28 | template+: { 29 | spec+: { 30 | containers_+: { 31 | squid: kube.Container("squid") { 32 | local container = self, 33 | image: "jpetazzo/squid-in-a-can", 34 | env_+: { 35 | // Allow access from everything that k8s might use 36 | // (RFC1918 is already in the list) 37 | SQUID_DIRECTIVES: "acl localnet src 100.64.0.0/10", 38 | 39 | // As the squid docs say: "Do NOT put the size of your 40 | // disk drive here. Instead, if you want Squid to use 41 | // the entire disk drive, subtract 20% and use that 42 | // value." (in MB) 43 | DISK_CACHE_SIZE: "%d" % (kube.siToNum($.squid_data.storage) * 0.8 / 1e6), 44 | }, 45 | ports_+: { 46 | proxy: { containerPort: 3128 }, 47 | }, 48 | volumeMounts_+: { 49 | cache: { mountPath: "/var/cache/squid3" }, 50 | }, 51 | livenessProbe: { 52 | tcpSocket: { port: "proxy" }, 53 | }, 54 | readinessProbe: self.livenessProbe, 55 | }, 56 | }, 57 | volumes_+: { 58 | cache: kube.PersistentVolumeClaimVolume($.squid_data), 59 | }, 60 | }, 61 | }, 62 | }, 63 | }, 64 | }; 65 | 66 | kube.List() { items_+: squid } 67 | -------------------------------------------------------------------------------- /doc/jenkins.md: -------------------------------------------------------------------------------- 1 | Jenkins Post-Setup Notes 2 | ------------------------ 3 | 4 | (These notes are poorly formatted and brief. Good luck! :) 5 | 6 | Start container jobs. 7 | 8 | Have to enable "crumb proxy compatibility" before we can submit 9 | jenkins forms via the service endpoint: 10 | ``` 11 | pod=$(kubectl -n jenkins get pod -o name -l name=jenkins | cut -d/ -f2) 12 | kubectl port-forward -n jenkins $pod 0:8080 13 | ``` 14 | Point browser at the forwarded port. 15 | 16 | The "admin" user (aka "Unlock Jenkins") password is: 17 | ``` 18 | kubectl -n jenkins exec $pod -- cat /var/jenkins_home/secrets/initialAdminPassword 19 | ``` 20 | 21 | Install suggested plugins. 22 | 23 | "Continue as admin" (ie: *don't* create an admin user) 24 | 25 | Manage Jenkins -> Configure Global Security 26 | - Enable: Check Crumbs -> Enable proxy compatibility 27 | 28 | Kill the port foward, go to the real k8s jenkins service endpoint. 29 | 30 | Manage Jenkins -> Manage plugins -> Available. Install: 31 | - CloudBees Docker Build and Publish plugin 32 | - CloudBees Docker Custom Build Environment Plugin 33 | - Google Container Registry Auth Plugin 34 | - Google Login Plugin 35 | - Kubernetes plugin 36 | - Prometheus metrics plugin 37 | - Phabricator Differential Plugin 38 | - Blue Ocean beta (optional / nice-to-have) 39 | 40 | Install and restart when finished. Will take a minute or so to come back. 41 | 42 | Manage Jenkins -> Configure Global Security 43 | - Access Control -> Login with Google: 44 | - Go to https://console.developers.google.com/ 45 | - project: jenkins-k8s (or create a new project) 46 | - API Manager -> Credentials -> Create credentials 47 | -> OAuth Client ID -> Web application 48 | - Authorised origins: $elb_url (with no trailing /) 49 | - Authorised redirect URIs: $elb_url/securityRealm/finishLogin 50 | - Client Id: 51 | - Client Secret: 52 | - Google Apps Domain: bitnami.com <- Important! 53 | 54 | Logout as admin, verify you can log in with your @bitnami.com Google 55 | account. 56 | 57 | Manage Jenkins -> Configure System 58 | (Deep breath) 59 | - Top: 60 | - # of executors: 0 61 | - Labels: master 62 | - Usage: Only build jobs with label matching this node 63 | - Phabricator: 64 | - Default Phabricator Credentials: Add 65 | - Kind: Phabricator Conduit Key 66 | - Phab URL: http://phabricator.bitnami.com:8080/ 67 | - Description: 68 | - Conduit token: (phab: Settings -> Conduit API Tokens -> Generate API Token) 69 | - Jenkins Location: 70 | - System admin email address: sre@bitnami.com 71 | - Pipeline Model Definition: 72 | - Docker label: docker 73 | - Cloud -> Add Kubernetes: 74 | - name: something 75 | - K8s URL: https://kubernetes.default.svc.cluster.local/ 76 | - Kubernetes namespace: jenkins 77 | - Jenkins URL: http://jenkins/ 78 | - Jenkins tunnel: jenkins-discovery:50000 79 | - Add pod template: 80 | - name: jnlp-slave 81 | - labels: jnlp debian 82 | - containers: 83 | - name: jnlp <- Important! 84 | - image: gcr.io/bitnami-images/jenkins-jnlp-debian:latest 85 | - always pull 86 | - Command: 87 | - Arguments: ${computer.jnlpmac} ${computer.name} 88 | - no tty 89 | - env vars: DOCKER_HOST=tcp://localhost:2375 90 | - Add pod template: 91 | - name: jnlp-docker 92 | - labels: docker 93 | - template-to-inherit-from: jnlp 94 | - containers: 95 | - name: docker-in-docker 96 | - image: docker:1.12-dind 97 | - command: /usr/local/bin/dockerd-entrypoint.sh 98 | - args: --storage-driver=overlay 99 | - no tty 100 | - env vars: http_proxy=http://proxy.webcache:80/ (or whatever) 101 | - Advanced: Run in privileged mode <- Important! 102 | - Volume: Add emptydir volume 103 | - path: /var/lib/docker 104 | - time to retain idle: 7 (optional) 105 | 106 | Credentials -> Global credentials 107 | - Add: Kubernetes Service Account 108 | - description: Jenkins Service Account 109 | 110 | Github bitnami org 111 | - Github user: bitnami-bot 112 | - Generate a new "repo" scoped personal access token 113 | - Credentials -> Global credentials 114 | - Add: Username with password 115 | - username: bitnami-bot 116 | - password: 117 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "name": "kubernetes-dashboard" 9 | }, 10 | "name": "kubernetes-dashboard", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "kubernetes.io/cluster-service": "true", 29 | "name": "kubernetes-dashboard" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ ], 37 | "image": "gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": 9090 42 | }, 43 | "initialDelaySeconds": 30, 44 | "timeoutSeconds": 30 45 | }, 46 | "name": "kubernetes-dashboard", 47 | "ports": [ 48 | { 49 | "containerPort": 9090, 50 | "name": "web" 51 | } 52 | ], 53 | "resources": { 54 | "limits": { 55 | "cpu": "100m", 56 | "memory": "50Mi" 57 | }, 58 | "requests": { 59 | "cpu": "100m", 60 | "memory": "50Mi" 61 | } 62 | }, 63 | "stdin": false, 64 | "tty": false, 65 | "volumeMounts": [ ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ ] 71 | } 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/dashboard_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Dashboard", 9 | "name": "kubernetes-dashboard" 10 | }, 11 | "name": "kubernetes-dashboard", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "kubernetes.io/cluster-service": "true", 23 | "name": "kubernetes-dashboard" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { 6 | "storageclass.beta.kubernetes.io/is-default-class": "true" 7 | }, 8 | "labels": { 9 | "name": "fast" 10 | }, 11 | "name": "default" 12 | }, 13 | "parameters": { 14 | "type": "gp2" 15 | }, 16 | "provisioner": "kubernetes.io/aws-ebs" 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/elasticsearch_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "elasticsearch-logging", 8 | "kubernetes.io/name": "Elasticsearch", 9 | "name": "elasticsearch-logging" 10 | }, 11 | "name": "elasticsearch-logging", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9200, 18 | "targetPort": "http" 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "elasticsearch-logging", 23 | "name": "elasticsearch-logging" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/fast.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "fast" 8 | }, 9 | "name": "fast" 10 | }, 11 | "parameters": { 12 | "type": "gp2" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/fluentd_es.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "fluentd-es", 8 | "name": "fluentd-es" 9 | }, 10 | "name": "fluentd-es", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "template": { 15 | "metadata": { 16 | "annotations": { }, 17 | "labels": { 18 | "k8s-app": "fluentd-es", 19 | "name": "fluentd-es" 20 | } 21 | }, 22 | "spec": { 23 | "containers": [ 24 | { 25 | "args": [ ], 26 | "command": [ 27 | "/bin/sh", 28 | "-c", 29 | "/usr/sbin/td-agent 2>&1 >> /var/log/fluentd.log" 30 | ], 31 | "env": [ ], 32 | "image": "gcr.io/google_containers/fluentd-elasticsearch:1.20", 33 | "name": "fluentd-es", 34 | "ports": [ ], 35 | "resources": { 36 | "limits": { 37 | "memory": "200Mi" 38 | }, 39 | "requests": { 40 | "cpu": "100m", 41 | "memory": "200Mi" 42 | } 43 | }, 44 | "stdin": false, 45 | "tty": false, 46 | "volumeMounts": [ 47 | { 48 | "mountPath": "/var/lib/docker/containers", 49 | "name": "varlibdockercontainers", 50 | "readOnly": true 51 | }, 52 | { 53 | "mountPath": "/var/log", 54 | "name": "varlog" 55 | } 56 | ] 57 | } 58 | ], 59 | "imagePullSecrets": [ ], 60 | "terminationGracePeriodSeconds": 30, 61 | "volumes": [ 62 | { 63 | "hostPath": { 64 | "path": "/var/lib/docker/containers" 65 | }, 66 | "name": "varlibdockercontainers" 67 | }, 68 | { 69 | "hostPath": { 70 | "path": "/var/log" 71 | }, 72 | "name": "varlog" 73 | } 74 | ] 75 | } 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/heapster_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Heapster", 9 | "name": "heapster" 10 | }, 11 | "name": "heapster", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": 8082 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "heapster" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/kibana_logging.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "name": "kibana-logging" 9 | }, 10 | "name": "kibana-logging", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "k8s-app": "kibana-logging", 29 | "name": "kibana-logging" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ 37 | { 38 | "name": "ELASTICSEARCH_URL", 39 | "value": "http://elasticsearch-logging:9200" 40 | }, 41 | { 42 | "name": "KIBANA_BASE_URL", 43 | "value": "" 44 | } 45 | ], 46 | "image": "gcr.io/google_containers/kibana:v4.6.1", 47 | "name": "kibana-logging", 48 | "ports": [ 49 | { 50 | "containerPort": 5601, 51 | "name": "ui" 52 | } 53 | ], 54 | "resources": { 55 | "limits": { 56 | "cpu": "100m" 57 | }, 58 | "requests": { 59 | "cpu": "100m" 60 | } 61 | }, 62 | "stdin": false, 63 | "tty": false, 64 | "volumeMounts": [ ] 65 | } 66 | ], 67 | "imagePullSecrets": [ ], 68 | "terminationGracePeriodSeconds": 30, 69 | "volumes": [ ] 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/kibana_logging_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "kibana-logging" 12 | }, 13 | "name": "kibana-logging", 14 | "namespace": "kube-system" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "kibana.k.dev.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "kibana-logging", 25 | "servicePort": 5601 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "kibana.k.dev.bitnami.net" 37 | ], 38 | "secretName": "kibana-logging-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/kibana_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "kubernetes.io/cluster-service": "true", 9 | "kubernetes.io/name": "Kibana", 10 | "name": "kibana-logging" 11 | }, 12 | "name": "kibana-logging", 13 | "namespace": "kube-system" 14 | }, 15 | "spec": { 16 | "ports": [ 17 | { 18 | "port": 5601, 19 | "targetPort": "ui" 20 | } 21 | ], 22 | "selector": { 23 | "k8s-app": "kibana-logging", 24 | "name": "kibana-logging" 25 | }, 26 | "type": "ClusterIP" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/aws-addons/slow.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "slow" 8 | }, 9 | "name": "slow" 10 | }, 11 | "parameters": { 12 | "type": "sc1" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_discovery_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins-discovery" 8 | }, 9 | "name": "jenkins-discovery", 10 | "namespace": "jenkins" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 50000, 16 | "targetPort": "slaves" 17 | } 18 | ], 19 | "selector": { 20 | "name": "jenkins" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_home.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins-home" 8 | }, 9 | "name": "jenkins-home", 10 | "namespace": "jenkins" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "15Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "jenkins" 12 | }, 13 | "name": "jenkins", 14 | "namespace": "jenkins" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "jenkins.k.dev.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "jenkins", 25 | "servicePort": 80 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "jenkins.k.dev.bitnami.net" 37 | ], 38 | "secretName": "jenkins-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_master.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins" 8 | }, 9 | "name": "jenkins", 10 | "namespace": "jenkins" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "jenkins" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ 35 | { 36 | "name": "JAVA_OPTS", 37 | "value": "-Xmx500m -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85" 38 | }, 39 | { 40 | "name": "JENKINS_OPTS", 41 | "valueFrom": { 42 | "secretKeyRef": { 43 | "key": "options", 44 | "name": "jenkins" 45 | } 46 | } 47 | }, 48 | { 49 | "name": "http_proxy", 50 | "value": "http://proxy.webcache:80/" 51 | } 52 | ], 53 | "image": "jenkins:2.32.3", 54 | "lifecycle": { 55 | "preStop": { 56 | "httpGet": { 57 | "path": "/quietDown", 58 | "port": "ui" 59 | } 60 | } 61 | }, 62 | "livenessProbe": { 63 | "failureThreshold": 6, 64 | "httpGet": { 65 | "path": "/login", 66 | "port": "ui" 67 | }, 68 | "initialDelaySeconds": 120, 69 | "timeoutSeconds": 20 70 | }, 71 | "name": "master", 72 | "ports": [ 73 | { 74 | "containerPort": 50000, 75 | "name": "slaves" 76 | }, 77 | { 78 | "containerPort": 8080, 79 | "name": "ui" 80 | } 81 | ], 82 | "readinessProbe": { 83 | "failureThreshold": 6, 84 | "httpGet": { 85 | "path": "/login", 86 | "port": "ui" 87 | }, 88 | "initialDelaySeconds": 120, 89 | "successThreshold": 2, 90 | "timeoutSeconds": 20 91 | }, 92 | "resources": { 93 | "limits": { 94 | "cpu": "1", 95 | "memory": "1000Mi" 96 | }, 97 | "requests": { 98 | "cpu": "0.5", 99 | "memory": "500Mi" 100 | } 101 | }, 102 | "stdin": false, 103 | "tty": false, 104 | "volumeMounts": [ 105 | { 106 | "mountPath": "/var/jenkins_home", 107 | "name": "jenkinshome" 108 | } 109 | ] 110 | } 111 | ], 112 | "imagePullSecrets": [ ], 113 | "securityContext": { 114 | "fsGroup": 1000 115 | }, 116 | "terminationGracePeriodSeconds": 300, 117 | "volumes": [ 118 | { 119 | "name": "jenkinshome", 120 | "persistentVolumeClaim": { 121 | "claimName": "jenkins-home" 122 | } 123 | } 124 | ] 125 | } 126 | } 127 | } 128 | } 129 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins" 8 | }, 9 | "name": "jenkins" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "options": "" 5 | }, 6 | "kind": "Secret", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "jenkins" 11 | }, 12 | "name": "jenkins", 13 | "namespace": "jenkins" 14 | }, 15 | "type": "Opaque" 16 | } 17 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/jenkins/jenkins_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/path": "/prometheus", 7 | "prometheus.io/port": "8080", 8 | "prometheus.io/scrape": "true" 9 | }, 10 | "labels": { 11 | "name": "jenkins" 12 | }, 13 | "name": "jenkins", 14 | "namespace": "jenkins" 15 | }, 16 | "spec": { 17 | "ports": [ 18 | { 19 | "port": 80, 20 | "targetPort": "ui" 21 | } 22 | ], 23 | "selector": { 24 | "name": "jenkins" 25 | }, 26 | "type": "ClusterIP" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "alertmanager" 8 | }, 9 | "name": "alertmanager", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "alertmanager" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--config.file=/etc/alertmanager/config.yml", 35 | "--storage.path=/alertmanager", 36 | "--web.external-url=https://alertmanager.k.dev.bitnami.net/" 37 | ], 38 | "env": [ ], 39 | "image": "prom/alertmanager:v0.5.1", 40 | "name": "alertmanager", 41 | "ports": [ 42 | { 43 | "containerPort": 9093, 44 | "name": "alertmanager" 45 | } 46 | ], 47 | "stdin": false, 48 | "tty": false, 49 | "volumeMounts": [ 50 | { 51 | "mountPath": "/etc/alertmanager", 52 | "name": "config", 53 | "readOnly": true 54 | }, 55 | { 56 | "mountPath": "/alertmanager", 57 | "name": "storage" 58 | }, 59 | { 60 | "mountPath": "/etc/alertmanager-templates", 61 | "name": "templates", 62 | "readOnly": true 63 | } 64 | ] 65 | }, 66 | { 67 | "args": [ 68 | "--volume-dir=/etc/config", 69 | "--webhook-url=http://localhost:9093/-/reload" 70 | ], 71 | "env": [ ], 72 | "image": "jimmidyson/configmap-reload:v0.1", 73 | "name": "configmap-reload", 74 | "ports": [ ], 75 | "stdin": false, 76 | "tty": false, 77 | "volumeMounts": [ 78 | { 79 | "mountPath": "/etc/config", 80 | "name": "config", 81 | "readOnly": true 82 | } 83 | ] 84 | } 85 | ], 86 | "imagePullSecrets": [ ], 87 | "terminationGracePeriodSeconds": 30, 88 | "volumes": [ 89 | { 90 | "configMap": { 91 | "name": "alertmanager-config" 92 | }, 93 | "name": "config" 94 | }, 95 | { 96 | "name": "storage", 97 | "persistentVolumeClaim": { 98 | "claimName": "alertmanager-data" 99 | } 100 | }, 101 | { 102 | "configMap": { 103 | "name": "alertmanager-templates" 104 | }, 105 | "name": "templates" 106 | } 107 | ] 108 | } 109 | } 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "config.yml": "{\"global\": {\"resolve_timeout\": \"5m\", \"slack_api_url\": \"https://hooks.slack.com/services/\", \"smtp_from\": \"sre+alertmanager@bitnami.com\", \"smtp_smarthost\": \"aspmx.l.google.com\"}, \"inhibit_rules\": [{\"equal\": [\"alertname\", \"cluster\", \"service\"], \"source_match\": {\"severity\": \"critical\"}, \"target_match\": {\"severity\": \"warning\"}}], \"receivers\": [{\"name\": \"default\", \"slack_configs\": [{\"channel\": \"#alert-testing\", \"send_resolved\": true, \"text\": \"{{ range .Alerts }}{{ .Annotations.description }} {{ end }}\", \"title\": \"{{ range .Alerts }}{{ .Annotations.summary }} {{ end }}\"}]}, {\"email_configs\": [{\"to\": \"sre+alerts@bitnami.com\"}], \"name\": \"sre_email\"}, {\"name\": \"sre_slack\", \"slack_configs\": [{\"channel\": \"#sre-incidents\", \"text\": \"{{ range .Alerts }}{{ .Annotations.description }} {{ end }}\", \"title\": \"{{ range .Alerts }}{{ .Annotations.summary }} {{ end }}\"}]}], \"route\": {\"group_by\": [\"alertmanager\", \"cluster\", \"service\"], \"group_interval\": \"10m\", \"group_wait\": \"1m\", \"receiver\": \"default\", \"repeat_interval\": \"8h\", \"routes\": [ ]}, \"templates\": [\"/etc/alertmanager-templates/*.tmpl\"]}" 5 | }, 6 | "kind": "ConfigMap", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "alertmanager-config" 11 | }, 12 | "name": "alertmanager-config", 13 | "namespace": "monitoring" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "alertmanager-data" 8 | }, 9 | "name": "alertmanager-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "5Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "alertmanager" 12 | }, 13 | "name": "alertmanager", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "alertmanager.k.dev.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "alertmanager", 25 | "servicePort": 9093 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "alertmanager.k.dev.bitnami.net" 37 | ], 38 | "secretName": "alertmanager-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "alertmanager" 10 | }, 11 | "name": "alertmanager", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9093, 18 | "targetPort": "alertmanager" 19 | } 20 | ], 21 | "selector": { 22 | "name": "alertmanager" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/alertmanager_templates.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { }, 4 | "kind": "ConfigMap", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "alertmanager-templates" 9 | }, 10 | "name": "alertmanager-templates", 11 | "namespace": "monitoring" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/blackbox.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "blackbox-exporter" 8 | }, 9 | "name": "blackbox-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "blackbox-exporter" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--config.file=/config/blackbox.yml" 35 | ], 36 | "env": [ ], 37 | "image": "prom/blackbox-exporter", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": "metrics" 42 | } 43 | }, 44 | "name": "exporter", 45 | "ports": [ 46 | { 47 | "containerPort": 9115, 48 | "name": "metrics" 49 | } 50 | ], 51 | "resources": { 52 | "requests": { 53 | "cpu": "10m", 54 | "memory": "32Mi" 55 | } 56 | }, 57 | "stdin": false, 58 | "tty": false, 59 | "volumeMounts": [ 60 | { 61 | "mountPath": "/config", 62 | "name": "config", 63 | "readOnly": true 64 | } 65 | ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ 71 | { 72 | "configMap": { 73 | "name": "blackbox-exporter" 74 | }, 75 | "name": "config" 76 | } 77 | ] 78 | } 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/blackbox_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "blackbox.yml": "{\"modules\": {\"http_2xx\": {\"http\": {\"method\": \"GET\", \"no_follow_redirects\": false}, \"prober\": \"http\", \"timeout\": \"5s\"}, \"ssh\": {\"prober\": \"tcp\", \"tcp\": {\"query_response\": [{\"expect\": \"^SSH-2.0-\"}]}, \"timeout\": \"5s\"}}}" 5 | }, 6 | "kind": "ConfigMap", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "blackbox-exporter" 11 | }, 12 | "name": "blackbox-exporter", 13 | "namespace": "monitoring" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/blackbox_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "blackbox" 10 | }, 11 | "name": "blackbox", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9115, 18 | "targetPort": "metrics" 19 | } 20 | ], 21 | "selector": { 22 | "name": "blackbox-exporter" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/grafana.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "grafana" 8 | }, 9 | "name": "grafana", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "grafana" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ 35 | { 36 | "name": "GF_AUTH_ANONYMOUS_ENABLED", 37 | "value": "true" 38 | }, 39 | { 40 | "name": "GF_AUTH_ANONYMOUS_ORG_ROLE", 41 | "value": "Viewer" 42 | }, 43 | { 44 | "name": "GF_AUTH_BASIC_ENABLED", 45 | "value": "true" 46 | }, 47 | { 48 | "name": "GF_LOG_LEVEL", 49 | "value": "warn" 50 | }, 51 | { 52 | "name": "GF_LOG_MODE", 53 | "value": "console" 54 | }, 55 | { 56 | "name": "GF_METRICS_ENABLED", 57 | "value": "true" 58 | }, 59 | { 60 | "name": "GF_SERVER_DOMAIN", 61 | "value": "grafana.k.dev.bitnami.net" 62 | } 63 | ], 64 | "image": "grafana/grafana:4.1.1", 65 | "livenessProbe": { 66 | "httpGet": { 67 | "path": "/login", 68 | "port": "dashboard" 69 | } 70 | }, 71 | "name": "grafana", 72 | "ports": [ 73 | { 74 | "containerPort": 3000, 75 | "name": "dashboard" 76 | } 77 | ], 78 | "readinessProbe": { 79 | "httpGet": { 80 | "path": "/login", 81 | "port": "dashboard" 82 | }, 83 | "successThreshold": 2 84 | }, 85 | "resources": { 86 | "limits": { 87 | "cpu": "100m", 88 | "memory": "100Mi" 89 | }, 90 | "requests": { 91 | "cpu": "100m", 92 | "memory": "100Mi" 93 | } 94 | }, 95 | "stdin": false, 96 | "tty": false, 97 | "volumeMounts": [ 98 | { 99 | "mountPath": "/var/lib/grafana", 100 | "name": "storage" 101 | } 102 | ] 103 | } 104 | ], 105 | "imagePullSecrets": [ ], 106 | "terminationGracePeriodSeconds": 30, 107 | "volumes": [ 108 | { 109 | "emptyDir": { }, 110 | "name": "storage" 111 | } 112 | ] 113 | } 114 | } 115 | } 116 | } 117 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/grafana_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "grafana" 12 | }, 13 | "name": "grafana", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "grafana.k.dev.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "grafana", 25 | "servicePort": 3000 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "grafana.k.dev.bitnami.net" 37 | ], 38 | "secretName": "grafana-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/grafana_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "grafana" 8 | }, 9 | "name": "grafana", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 3000, 16 | "targetPort": "dashboard" 17 | } 18 | ], 19 | "selector": { 20 | "name": "grafana" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/ksm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-state-metrics" 8 | }, 9 | "name": "kube-state-metrics", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-state-metrics" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ ], 37 | "env": [ ], 38 | "image": "gcr.io/google_containers/kube-state-metrics:v0.3.0", 39 | "name": "kube-state-metrics", 40 | "ports": [ 41 | { 42 | "containerPort": 8080, 43 | "name": "metrics" 44 | } 45 | ], 46 | "resources": { 47 | "limits": { 48 | "cpu": "10m", 49 | "memory": "32Mi" 50 | }, 51 | "requests": { 52 | "cpu": "10m", 53 | "memory": "32Mi" 54 | } 55 | }, 56 | "stdin": false, 57 | "tty": false, 58 | "volumeMounts": [ ] 59 | } 60 | ], 61 | "imagePullSecrets": [ ], 62 | "terminationGracePeriodSeconds": 30, 63 | "volumes": [ ] 64 | } 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/node_exporter.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "node-exporter" 8 | }, 9 | "name": "node-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "template": { 14 | "metadata": { 15 | "annotations": { }, 16 | "labels": { 17 | "name": "node-exporter" 18 | } 19 | }, 20 | "spec": { 21 | "containers": [ 22 | { 23 | "args": [ 24 | "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($|/)", 25 | "--collector.procfs=/host/proc", 26 | "--collector.sysfs=/host/sys" 27 | ], 28 | "env": [ ], 29 | "image": "prom/node-exporter:v0.13.0", 30 | "livenessProbe": { 31 | "httpGet": { 32 | "path": "/", 33 | "port": "scrape" 34 | } 35 | }, 36 | "name": "node-exporter", 37 | "ports": [ 38 | { 39 | "containerPort": 9100, 40 | "name": "scrape" 41 | } 42 | ], 43 | "readinessProbe": { 44 | "httpGet": { 45 | "path": "/", 46 | "port": "scrape" 47 | }, 48 | "successThreshold": 2 49 | }, 50 | "stdin": false, 51 | "tty": false, 52 | "volumeMounts": [ 53 | { 54 | "mountPath": "/host/proc", 55 | "name": "procfs", 56 | "readOnly": true 57 | }, 58 | { 59 | "mountPath": "/rootfs", 60 | "name": "root", 61 | "readOnly": true 62 | }, 63 | { 64 | "mountPath": "/host/sys", 65 | "name": "sysfs", 66 | "readOnly": true 67 | } 68 | ] 69 | } 70 | ], 71 | "hostNetwork": true, 72 | "hostPID": true, 73 | "imagePullSecrets": [ ], 74 | "terminationGracePeriodSeconds": 30, 75 | "volumes": [ 76 | { 77 | "hostPath": { 78 | "path": "/proc" 79 | }, 80 | "name": "procfs" 81 | }, 82 | { 83 | "hostPath": { 84 | "path": "/" 85 | }, 86 | "name": "root" 87 | }, 88 | { 89 | "hostPath": { 90 | "path": "/sys" 91 | }, 92 | "name": "sysfs" 93 | } 94 | ] 95 | } 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/node_exporter_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "node-exporter" 10 | }, 11 | "name": "node-exporter", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "clusterIP": "None", 16 | "ports": [ 17 | { 18 | "port": 9100, 19 | "targetPort": "scrape" 20 | } 21 | ], 22 | "selector": { 23 | "name": "node-exporter" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/prometheus_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "prometheus-data" 8 | }, 9 | "name": "prometheus-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "100Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/prometheus_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "prometheus" 12 | }, 13 | "name": "prometheus", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "prometheus.k.dev.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "prometheus", 25 | "servicePort": 9090 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "prometheus.k.dev.bitnami.net" 37 | ], 38 | "secretName": "prometheus-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/prometheus_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "prometheus" 10 | }, 11 | "name": "prometheus", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9090, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "name": "prometheus" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/monitoring/svc_watch.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-svc-watch" 8 | }, 9 | "name": "kube-svc-watch", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-svc-watch" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ 37 | "--logtostderr=true", 38 | "--slack-channel=#sre-alerts", 39 | "--slack-token=", 40 | "--terminate=true" 41 | ], 42 | "command": [ 43 | "kube-svc-watch" 44 | ], 45 | "env": [ ], 46 | "image": "gcr.io/bitnami-images/kube-svc-watch:jenkins-sre-k8s-kube-svc-watch-22", 47 | "name": "kube-svc-watch", 48 | "ports": [ 49 | { 50 | "containerPort": 8080, 51 | "name": "metrics" 52 | } 53 | ], 54 | "resources": { 55 | "limits": { 56 | "cpu": "10m", 57 | "memory": "32Mi" 58 | } 59 | }, 60 | "stdin": false, 61 | "tty": false, 62 | "volumeMounts": [ ] 63 | } 64 | ], 65 | "imagePullSecrets": [ ], 66 | "terminationGracePeriodSeconds": 30, 67 | "volumes": [ ] 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/default_http_backend.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "default-http-backend" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ ], 35 | "image": "gcr.io/google_containers/defaultbackend:1.2", 36 | "livenessProbe": { 37 | "httpGet": { 38 | "path": "/healthz", 39 | "port": "http" 40 | }, 41 | "initialDelaySeconds": 30, 42 | "timeoutSeconds": 5 43 | }, 44 | "name": "default-http-backend", 45 | "ports": [ 46 | { 47 | "containerPort": 8080, 48 | "name": "http" 49 | } 50 | ], 51 | "resources": { 52 | "limits": { 53 | "cpu": "10m", 54 | "memory": "20Mi" 55 | }, 56 | "requests": { 57 | "cpu": "10m", 58 | "memory": "20Mi" 59 | } 60 | }, 61 | "stdin": false, 62 | "tty": false, 63 | "volumeMounts": [ ] 64 | } 65 | ], 66 | "imagePullSecrets": [ ], 67 | "terminationGracePeriodSeconds": 60, 68 | "volumes": [ ] 69 | } 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/default_http_backend_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 80, 16 | "targetPort": "http" 17 | } 18 | ], 19 | "selector": { 20 | "name": "default-http-backend" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/kcm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "kube-cert-manager" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--acme-url=https://acme-v01.api.letsencrypt.org/directory", 35 | "--data-dir=/var/lib/cert-manager" 36 | ], 37 | "env": [ 38 | { 39 | "name": "AWS_ACCESS_KEY_ID", 40 | "valueFrom": { 41 | "secretKeyRef": { 42 | "key": "access_key_id", 43 | "name": "kube-cert-manager-aws" 44 | } 45 | } 46 | }, 47 | { 48 | "name": "AWS_SECRET_ACCESS_KEY", 49 | "valueFrom": { 50 | "secretKeyRef": { 51 | "key": "secret_access_key", 52 | "name": "kube-cert-manager-aws" 53 | } 54 | } 55 | } 56 | ], 57 | "image": "palmstonegames/kube-cert-manager:0.3.1", 58 | "name": "kube-cert-manager", 59 | "ports": [ 60 | { 61 | "containerPort": 8080, 62 | "name": "http" 63 | }, 64 | { 65 | "containerPort": 8081, 66 | "name": "tls-sni" 67 | } 68 | ], 69 | "stdin": false, 70 | "tty": false, 71 | "volumeMounts": [ 72 | { 73 | "mountPath": "/var/lib/cert-manager", 74 | "name": "data" 75 | } 76 | ] 77 | }, 78 | { 79 | "args": [ ], 80 | "env": [ ], 81 | "image": "palmstonegames/kubectl-proxy:1.4.0", 82 | "name": "kubectl-proxy", 83 | "ports": [ ], 84 | "stdin": false, 85 | "tty": false, 86 | "volumeMounts": [ ] 87 | } 88 | ], 89 | "imagePullSecrets": [ ], 90 | "terminationGracePeriodSeconds": 30, 91 | "volumes": [ 92 | { 93 | "name": "data", 94 | "persistentVolumeClaim": { 95 | "claimName": "kube-cert-manager" 96 | } 97 | } 98 | ] 99 | } 100 | } 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/kcm_pvc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "8G" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/kcm_resource.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "description": "A specification of a Let's Encrypt Certificate to manage.", 4 | "kind": "ThirdPartyResource", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "certificate.stable.k8s.psg.io" 9 | }, 10 | "name": "certificate.stable.k8s.psg.io" 11 | }, 12 | "versions": [ 13 | { 14 | "name": "v1" 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/nginx_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "body-size": "800m", 5 | "enable-vts-status": "true", 6 | "hosts-include-subdomains": "false", 7 | "proxy-connect-timeout": "15", 8 | "proxy-read-timeout": "3600", 9 | "proxy-real-ip-cidr": "0.0.0.0/0", 10 | "proxy-send-timeout": "3600", 11 | "server-name-hash-bucket-size": "256", 12 | "ssl-protocols": "TLSv1.1 TLSv1.2", 13 | "use-proxy-protocol": "true" 14 | }, 15 | "kind": "ConfigMap", 16 | "metadata": { 17 | "annotations": { }, 18 | "labels": { 19 | "name": "nginx" 20 | }, 21 | "name": "nginx", 22 | "namespace": "nginx-ingress" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/nginx_ingress_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "nginx-ingress" 8 | }, 9 | "name": "nginx-ingress" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/nginx-ingress/nginx_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled": "true", 7 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout": "60", 8 | "service.beta.kubernetes.io/aws-load-balancer-internal": "0.0.0.0/0", 9 | "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*" 10 | }, 11 | "labels": { 12 | "name": "nginx-ingress" 13 | }, 14 | "name": "nginx-ingress", 15 | "namespace": "nginx-ingress" 16 | }, 17 | "spec": { 18 | "ports": [ 19 | { 20 | "name": "http", 21 | "port": 80 22 | }, 23 | { 24 | "name": "https", 25 | "port": 443 26 | } 27 | ], 28 | "selector": { 29 | "name": "nginx-ingress" 30 | }, 31 | "type": "LoadBalancer" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/squid/squid.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "proxy" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ 35 | { 36 | "name": "DISK_CACHE_SIZE", 37 | "value": "8000" 38 | }, 39 | { 40 | "name": "SQUID_DIRECTIVES", 41 | "value": "acl localnet src 100.64.0.0/10" 42 | } 43 | ], 44 | "image": "jpetazzo/squid-in-a-can", 45 | "livenessProbe": { 46 | "tcpSocket": { 47 | "port": "proxy" 48 | } 49 | }, 50 | "name": "squid", 51 | "ports": [ 52 | { 53 | "containerPort": 3128, 54 | "name": "proxy" 55 | } 56 | ], 57 | "readinessProbe": { 58 | "tcpSocket": { 59 | "port": "proxy" 60 | } 61 | }, 62 | "stdin": false, 63 | "tty": false, 64 | "volumeMounts": [ 65 | { 66 | "mountPath": "/var/cache/squid3", 67 | "name": "cache" 68 | } 69 | ] 70 | } 71 | ], 72 | "imagePullSecrets": [ ], 73 | "terminationGracePeriodSeconds": 30, 74 | "volumes": [ 75 | { 76 | "name": "cache", 77 | "persistentVolumeClaim": { 78 | "claimName": "proxy" 79 | } 80 | } 81 | ] 82 | } 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/squid/squid_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "10G" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/squid/squid_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "webcache" 8 | }, 9 | "name": "webcache" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.dev.bitnami.net/squid/squid_service.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 80, 16 | "targetPort": "proxy" 17 | } 18 | ], 19 | "selector": { 20 | "name": "proxy" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "name": "kubernetes-dashboard" 9 | }, 10 | "name": "kubernetes-dashboard", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "kubernetes.io/cluster-service": "true", 29 | "name": "kubernetes-dashboard" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ ], 37 | "image": "gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": 9090 42 | }, 43 | "initialDelaySeconds": 30, 44 | "timeoutSeconds": 30 45 | }, 46 | "name": "kubernetes-dashboard", 47 | "ports": [ 48 | { 49 | "containerPort": 9090, 50 | "name": "web" 51 | } 52 | ], 53 | "resources": { 54 | "limits": { 55 | "cpu": "100m", 56 | "memory": "50Mi" 57 | }, 58 | "requests": { 59 | "cpu": "100m", 60 | "memory": "50Mi" 61 | } 62 | }, 63 | "stdin": false, 64 | "tty": false, 65 | "volumeMounts": [ ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ ] 71 | } 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/dashboard_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Dashboard", 9 | "name": "kubernetes-dashboard" 10 | }, 11 | "name": "kubernetes-dashboard", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "kubernetes.io/cluster-service": "true", 23 | "name": "kubernetes-dashboard" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { 6 | "storageclass.beta.kubernetes.io/is-default-class": "true" 7 | }, 8 | "labels": { 9 | "name": "fast" 10 | }, 11 | "name": "default" 12 | }, 13 | "parameters": { 14 | "type": "gp2" 15 | }, 16 | "provisioner": "kubernetes.io/aws-ebs" 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/elasticsearch_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "elasticsearch-logging", 8 | "kubernetes.io/name": "Elasticsearch", 9 | "name": "elasticsearch-logging" 10 | }, 11 | "name": "elasticsearch-logging", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9200, 18 | "targetPort": "http" 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "elasticsearch-logging", 23 | "name": "elasticsearch-logging" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/fast.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "fast" 8 | }, 9 | "name": "fast" 10 | }, 11 | "parameters": { 12 | "type": "gp2" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/fluentd_es.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "fluentd-es", 8 | "name": "fluentd-es" 9 | }, 10 | "name": "fluentd-es", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "template": { 15 | "metadata": { 16 | "annotations": { }, 17 | "labels": { 18 | "k8s-app": "fluentd-es", 19 | "name": "fluentd-es" 20 | } 21 | }, 22 | "spec": { 23 | "containers": [ 24 | { 25 | "args": [ ], 26 | "command": [ 27 | "/bin/sh", 28 | "-c", 29 | "/usr/sbin/td-agent 2>&1 >> /var/log/fluentd.log" 30 | ], 31 | "env": [ ], 32 | "image": "gcr.io/google_containers/fluentd-elasticsearch:1.20", 33 | "name": "fluentd-es", 34 | "ports": [ ], 35 | "resources": { 36 | "limits": { 37 | "memory": "200Mi" 38 | }, 39 | "requests": { 40 | "cpu": "100m", 41 | "memory": "200Mi" 42 | } 43 | }, 44 | "stdin": false, 45 | "tty": false, 46 | "volumeMounts": [ 47 | { 48 | "mountPath": "/var/lib/docker/containers", 49 | "name": "varlibdockercontainers", 50 | "readOnly": true 51 | }, 52 | { 53 | "mountPath": "/var/log", 54 | "name": "varlog" 55 | } 56 | ] 57 | } 58 | ], 59 | "imagePullSecrets": [ ], 60 | "terminationGracePeriodSeconds": 30, 61 | "volumes": [ 62 | { 63 | "hostPath": { 64 | "path": "/var/lib/docker/containers" 65 | }, 66 | "name": "varlibdockercontainers" 67 | }, 68 | { 69 | "hostPath": { 70 | "path": "/var/log" 71 | }, 72 | "name": "varlog" 73 | } 74 | ] 75 | } 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/heapster_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Heapster", 9 | "name": "heapster" 10 | }, 11 | "name": "heapster", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": 8082 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "heapster" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/kibana_logging.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "name": "kibana-logging" 9 | }, 10 | "name": "kibana-logging", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "k8s-app": "kibana-logging", 29 | "name": "kibana-logging" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ 37 | { 38 | "name": "ELASTICSEARCH_URL", 39 | "value": "http://elasticsearch-logging:9200" 40 | }, 41 | { 42 | "name": "KIBANA_BASE_URL", 43 | "value": "" 44 | } 45 | ], 46 | "image": "gcr.io/google_containers/kibana:v4.6.1", 47 | "name": "kibana-logging", 48 | "ports": [ 49 | { 50 | "containerPort": 5601, 51 | "name": "ui" 52 | } 53 | ], 54 | "resources": { 55 | "limits": { 56 | "cpu": "100m" 57 | }, 58 | "requests": { 59 | "cpu": "100m" 60 | } 61 | }, 62 | "stdin": false, 63 | "tty": false, 64 | "volumeMounts": [ ] 65 | } 66 | ], 67 | "imagePullSecrets": [ ], 68 | "terminationGracePeriodSeconds": 30, 69 | "volumes": [ ] 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/kibana_logging_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "kibana-logging" 12 | }, 13 | "name": "kibana-logging", 14 | "namespace": "kube-system" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "kibana.k.int.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "kibana-logging", 25 | "servicePort": 5601 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "kibana.k.int.bitnami.net" 37 | ], 38 | "secretName": "kibana-logging-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/kibana_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "kubernetes.io/cluster-service": "true", 9 | "kubernetes.io/name": "Kibana", 10 | "name": "kibana-logging" 11 | }, 12 | "name": "kibana-logging", 13 | "namespace": "kube-system" 14 | }, 15 | "spec": { 16 | "ports": [ 17 | { 18 | "port": 5601, 19 | "targetPort": "ui" 20 | } 21 | ], 22 | "selector": { 23 | "k8s-app": "kibana-logging", 24 | "name": "kibana-logging" 25 | }, 26 | "type": "ClusterIP" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/aws-addons/slow.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "slow" 8 | }, 9 | "name": "slow" 10 | }, 11 | "parameters": { 12 | "type": "sc1" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_discovery_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins-discovery" 8 | }, 9 | "name": "jenkins-discovery", 10 | "namespace": "jenkins" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 50000, 16 | "targetPort": "slaves" 17 | } 18 | ], 19 | "selector": { 20 | "name": "jenkins" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_home.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins-home" 8 | }, 9 | "name": "jenkins-home", 10 | "namespace": "jenkins" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "15Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "jenkins" 12 | }, 13 | "name": "jenkins", 14 | "namespace": "jenkins" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "jenkins.k.int.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "jenkins", 25 | "servicePort": 80 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "jenkins.k.int.bitnami.net" 37 | ], 38 | "secretName": "jenkins-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "jenkins" 8 | }, 9 | "name": "jenkins" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "options": "" 5 | }, 6 | "kind": "Secret", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "jenkins" 11 | }, 12 | "name": "jenkins", 13 | "namespace": "jenkins" 14 | }, 15 | "type": "Opaque" 16 | } 17 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/jenkins/jenkins_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/path": "/prometheus", 7 | "prometheus.io/port": "8080", 8 | "prometheus.io/scrape": "true" 9 | }, 10 | "labels": { 11 | "name": "jenkins" 12 | }, 13 | "name": "jenkins", 14 | "namespace": "jenkins" 15 | }, 16 | "spec": { 17 | "ports": [ 18 | { 19 | "port": 80, 20 | "targetPort": "ui" 21 | } 22 | ], 23 | "selector": { 24 | "name": "jenkins" 25 | }, 26 | "type": "ClusterIP" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "alertmanager" 8 | }, 9 | "name": "alertmanager", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "alertmanager" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--config.file=/etc/alertmanager/config.yml", 35 | "--storage.path=/alertmanager", 36 | "--web.external-url=https://alertmanager.k.int.bitnami.net/" 37 | ], 38 | "env": [ ], 39 | "image": "prom/alertmanager:v0.5.1", 40 | "name": "alertmanager", 41 | "ports": [ 42 | { 43 | "containerPort": 9093, 44 | "name": "alertmanager" 45 | } 46 | ], 47 | "stdin": false, 48 | "tty": false, 49 | "volumeMounts": [ 50 | { 51 | "mountPath": "/etc/alertmanager", 52 | "name": "config", 53 | "readOnly": true 54 | }, 55 | { 56 | "mountPath": "/alertmanager", 57 | "name": "storage" 58 | }, 59 | { 60 | "mountPath": "/etc/alertmanager-templates", 61 | "name": "templates", 62 | "readOnly": true 63 | } 64 | ] 65 | }, 66 | { 67 | "args": [ 68 | "--volume-dir=/etc/config", 69 | "--webhook-url=http://localhost:9093/-/reload" 70 | ], 71 | "env": [ ], 72 | "image": "jimmidyson/configmap-reload:v0.1", 73 | "name": "configmap-reload", 74 | "ports": [ ], 75 | "stdin": false, 76 | "tty": false, 77 | "volumeMounts": [ 78 | { 79 | "mountPath": "/etc/config", 80 | "name": "config", 81 | "readOnly": true 82 | } 83 | ] 84 | } 85 | ], 86 | "imagePullSecrets": [ ], 87 | "terminationGracePeriodSeconds": 30, 88 | "volumes": [ 89 | { 90 | "configMap": { 91 | "name": "alertmanager-config" 92 | }, 93 | "name": "config" 94 | }, 95 | { 96 | "name": "storage", 97 | "persistentVolumeClaim": { 98 | "claimName": "alertmanager-data" 99 | } 100 | }, 101 | { 102 | "configMap": { 103 | "name": "alertmanager-templates" 104 | }, 105 | "name": "templates" 106 | } 107 | ] 108 | } 109 | } 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "config.yml": "{\"global\": {\"resolve_timeout\": \"5m\", \"slack_api_url\": \"https://hooks.slack.com/services/\", \"smtp_from\": \"sre+alertmanager@bitnami.com\", \"smtp_smarthost\": \"aspmx.l.google.com\"}, \"inhibit_rules\": [{\"equal\": [\"alertname\", \"cluster\", \"service\"], \"source_match\": {\"severity\": \"critical\"}, \"target_match\": {\"severity\": \"warning\"}}], \"receivers\": [{\"name\": \"default\", \"slack_configs\": [{\"channel\": \"#alert-testing\", \"send_resolved\": true, \"text\": \"{{ range .Alerts }}{{ .Annotations.description }} {{ end }}\", \"title\": \"{{ range .Alerts }}{{ .Annotations.summary }} {{ end }}\"}]}, {\"email_configs\": [{\"to\": \"sre+alerts@bitnami.com\"}], \"name\": \"sre_email\"}, {\"name\": \"sre_slack\", \"slack_configs\": [{\"channel\": \"#sre-incidents\", \"text\": \"{{ range .Alerts }}{{ .Annotations.description }} {{ end }}\", \"title\": \"{{ range .Alerts }}{{ .Annotations.summary }} {{ end }}\"}]}], \"route\": {\"group_by\": [\"alertmanager\", \"cluster\", \"service\"], \"group_interval\": \"10m\", \"group_wait\": \"1m\", \"receiver\": \"default\", \"repeat_interval\": \"8h\", \"routes\": [{\"match\": {\"severity\": \"critical\"}, \"receiver\": \"sre_slack\", \"repeat_interval\": \"15m\"}, {\"match\": {\"severity\": \"warning\"}, \"receiver\": \"sre_slack\"}, {\"match\": {\"severity\": \"notice\"}, \"receiver\": \"sre_email\"}]}, \"templates\": [\"/etc/alertmanager-templates/*.tmpl\"]}" 5 | }, 6 | "kind": "ConfigMap", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "alertmanager-config" 11 | }, 12 | "name": "alertmanager-config", 13 | "namespace": "monitoring" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "alertmanager-data" 8 | }, 9 | "name": "alertmanager-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "5Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "alertmanager" 12 | }, 13 | "name": "alertmanager", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "alertmanager.k.int.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "alertmanager", 25 | "servicePort": 9093 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "alertmanager.k.int.bitnami.net" 37 | ], 38 | "secretName": "alertmanager-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "alertmanager" 10 | }, 11 | "name": "alertmanager", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9093, 18 | "targetPort": "alertmanager" 19 | } 20 | ], 21 | "selector": { 22 | "name": "alertmanager" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/alertmanager_templates.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { }, 4 | "kind": "ConfigMap", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "alertmanager-templates" 9 | }, 10 | "name": "alertmanager-templates", 11 | "namespace": "monitoring" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/blackbox.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "blackbox-exporter" 8 | }, 9 | "name": "blackbox-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "blackbox-exporter" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--config.file=/config/blackbox.yml" 35 | ], 36 | "env": [ ], 37 | "image": "prom/blackbox-exporter", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": "metrics" 42 | } 43 | }, 44 | "name": "exporter", 45 | "ports": [ 46 | { 47 | "containerPort": 9115, 48 | "name": "metrics" 49 | } 50 | ], 51 | "resources": { 52 | "requests": { 53 | "cpu": "10m", 54 | "memory": "32Mi" 55 | } 56 | }, 57 | "stdin": false, 58 | "tty": false, 59 | "volumeMounts": [ 60 | { 61 | "mountPath": "/config", 62 | "name": "config", 63 | "readOnly": true 64 | } 65 | ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ 71 | { 72 | "configMap": { 73 | "name": "blackbox-exporter" 74 | }, 75 | "name": "config" 76 | } 77 | ] 78 | } 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/blackbox_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "blackbox.yml": "{\"modules\": {\"http_2xx\": {\"http\": {\"method\": \"GET\", \"no_follow_redirects\": false}, \"prober\": \"http\", \"timeout\": \"5s\"}, \"ssh\": {\"prober\": \"tcp\", \"tcp\": {\"query_response\": [{\"expect\": \"^SSH-2.0-\"}]}, \"timeout\": \"5s\"}}}" 5 | }, 6 | "kind": "ConfigMap", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "blackbox-exporter" 11 | }, 12 | "name": "blackbox-exporter", 13 | "namespace": "monitoring" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/blackbox_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "blackbox" 10 | }, 11 | "name": "blackbox", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9115, 18 | "targetPort": "metrics" 19 | } 20 | ], 21 | "selector": { 22 | "name": "blackbox-exporter" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/grafana_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "grafana-data" 8 | }, 9 | "name": "grafana-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "20Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/grafana_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "grafana" 12 | }, 13 | "name": "grafana", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "grafana.k.int.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "grafana", 25 | "servicePort": 3000 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "grafana.k.int.bitnami.net" 37 | ], 38 | "secretName": "grafana-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/grafana_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "grafana" 8 | }, 9 | "name": "grafana", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 3000, 16 | "targetPort": "dashboard" 17 | } 18 | ], 19 | "selector": { 20 | "name": "grafana" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/ksm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-state-metrics" 8 | }, 9 | "name": "kube-state-metrics", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-state-metrics" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ ], 37 | "env": [ ], 38 | "image": "gcr.io/google_containers/kube-state-metrics:v0.3.0", 39 | "name": "kube-state-metrics", 40 | "ports": [ 41 | { 42 | "containerPort": 8080, 43 | "name": "metrics" 44 | } 45 | ], 46 | "resources": { 47 | "limits": { 48 | "cpu": "10m", 49 | "memory": "32Mi" 50 | }, 51 | "requests": { 52 | "cpu": "10m", 53 | "memory": "32Mi" 54 | } 55 | }, 56 | "stdin": false, 57 | "tty": false, 58 | "volumeMounts": [ ] 59 | } 60 | ], 61 | "imagePullSecrets": [ ], 62 | "terminationGracePeriodSeconds": 30, 63 | "volumes": [ ] 64 | } 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/node_exporter.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "node-exporter" 8 | }, 9 | "name": "node-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "template": { 14 | "metadata": { 15 | "annotations": { }, 16 | "labels": { 17 | "name": "node-exporter" 18 | } 19 | }, 20 | "spec": { 21 | "containers": [ 22 | { 23 | "args": [ 24 | "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($|/)", 25 | "--collector.procfs=/host/proc", 26 | "--collector.sysfs=/host/sys" 27 | ], 28 | "env": [ ], 29 | "image": "prom/node-exporter:v0.13.0", 30 | "livenessProbe": { 31 | "httpGet": { 32 | "path": "/", 33 | "port": "scrape" 34 | } 35 | }, 36 | "name": "node-exporter", 37 | "ports": [ 38 | { 39 | "containerPort": 9100, 40 | "name": "scrape" 41 | } 42 | ], 43 | "readinessProbe": { 44 | "httpGet": { 45 | "path": "/", 46 | "port": "scrape" 47 | }, 48 | "successThreshold": 2 49 | }, 50 | "stdin": false, 51 | "tty": false, 52 | "volumeMounts": [ 53 | { 54 | "mountPath": "/host/proc", 55 | "name": "procfs", 56 | "readOnly": true 57 | }, 58 | { 59 | "mountPath": "/rootfs", 60 | "name": "root", 61 | "readOnly": true 62 | }, 63 | { 64 | "mountPath": "/host/sys", 65 | "name": "sysfs", 66 | "readOnly": true 67 | } 68 | ] 69 | } 70 | ], 71 | "hostNetwork": true, 72 | "hostPID": true, 73 | "imagePullSecrets": [ ], 74 | "terminationGracePeriodSeconds": 30, 75 | "volumes": [ 76 | { 77 | "hostPath": { 78 | "path": "/proc" 79 | }, 80 | "name": "procfs" 81 | }, 82 | { 83 | "hostPath": { 84 | "path": "/" 85 | }, 86 | "name": "root" 87 | }, 88 | { 89 | "hostPath": { 90 | "path": "/sys" 91 | }, 92 | "name": "sysfs" 93 | } 94 | ] 95 | } 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/node_exporter_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "node-exporter" 10 | }, 11 | "name": "node-exporter", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "clusterIP": "None", 16 | "ports": [ 17 | { 18 | "port": 9100, 19 | "targetPort": "scrape" 20 | } 21 | ], 22 | "selector": { 23 | "name": "node-exporter" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/prometheus_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "prometheus-data" 8 | }, 9 | "name": "prometheus-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "100Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/prometheus_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "prometheus" 12 | }, 13 | "name": "prometheus", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "prometheus.k.int.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "prometheus", 25 | "servicePort": 9090 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "prometheus.k.int.bitnami.net" 37 | ], 38 | "secretName": "prometheus-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/prometheus_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "monitoring" 8 | }, 9 | "name": "monitoring" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/prometheus_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "prometheus" 10 | }, 11 | "name": "prometheus", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9090, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "name": "prometheus" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/monitoring/svc_watch.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-svc-watch" 8 | }, 9 | "name": "kube-svc-watch", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-svc-watch" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ 37 | "--logtostderr=true", 38 | "--slack-channel=#sre-alerts", 39 | "--slack-token=$(SLACK_TOKEN)", 40 | "--terminate=true" 41 | ], 42 | "command": [ 43 | "kube-svc-watch" 44 | ], 45 | "env": [ 46 | { 47 | "name": "SLACK_TOKEN", 48 | "valueFrom": { 49 | "secretKeyRef": { 50 | "key": "slack-token", 51 | "name": "kube-svc-watch" 52 | } 53 | } 54 | } 55 | ], 56 | "image": "gcr.io/bitnami-images/kube-svc-watch:jenkins-sre-k8s-kube-svc-watch-22", 57 | "name": "kube-svc-watch", 58 | "ports": [ 59 | { 60 | "containerPort": 8080, 61 | "name": "metrics" 62 | } 63 | ], 64 | "resources": { 65 | "limits": { 66 | "cpu": "10m", 67 | "memory": "32Mi" 68 | } 69 | }, 70 | "stdin": false, 71 | "tty": false, 72 | "volumeMounts": [ ] 73 | } 74 | ], 75 | "imagePullSecrets": [ ], 76 | "terminationGracePeriodSeconds": 30, 77 | "volumes": [ ] 78 | } 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/default_http_backend.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "default-http-backend" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ ], 35 | "image": "gcr.io/google_containers/defaultbackend:1.2", 36 | "livenessProbe": { 37 | "httpGet": { 38 | "path": "/healthz", 39 | "port": "http" 40 | }, 41 | "initialDelaySeconds": 30, 42 | "timeoutSeconds": 5 43 | }, 44 | "name": "default-http-backend", 45 | "ports": [ 46 | { 47 | "containerPort": 8080, 48 | "name": "http" 49 | } 50 | ], 51 | "resources": { 52 | "limits": { 53 | "cpu": "10m", 54 | "memory": "20Mi" 55 | }, 56 | "requests": { 57 | "cpu": "10m", 58 | "memory": "20Mi" 59 | } 60 | }, 61 | "stdin": false, 62 | "tty": false, 63 | "volumeMounts": [ ] 64 | } 65 | ], 66 | "imagePullSecrets": [ ], 67 | "terminationGracePeriodSeconds": 60, 68 | "volumes": [ ] 69 | } 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/default_http_backend_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 80, 16 | "targetPort": "http" 17 | } 18 | ], 19 | "selector": { 20 | "name": "default-http-backend" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/kcm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "kube-cert-manager" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--acme-url=https://acme-v01.api.letsencrypt.org/directory", 35 | "--data-dir=/var/lib/cert-manager" 36 | ], 37 | "env": [ 38 | { 39 | "name": "AWS_ACCESS_KEY_ID", 40 | "valueFrom": { 41 | "secretKeyRef": { 42 | "key": "access_key_id", 43 | "name": "kube-cert-manager-aws" 44 | } 45 | } 46 | }, 47 | { 48 | "name": "AWS_SECRET_ACCESS_KEY", 49 | "valueFrom": { 50 | "secretKeyRef": { 51 | "key": "secret_access_key", 52 | "name": "kube-cert-manager-aws" 53 | } 54 | } 55 | } 56 | ], 57 | "image": "palmstonegames/kube-cert-manager:0.3.1", 58 | "name": "kube-cert-manager", 59 | "ports": [ 60 | { 61 | "containerPort": 8080, 62 | "name": "http" 63 | }, 64 | { 65 | "containerPort": 8081, 66 | "name": "tls-sni" 67 | } 68 | ], 69 | "stdin": false, 70 | "tty": false, 71 | "volumeMounts": [ 72 | { 73 | "mountPath": "/var/lib/cert-manager", 74 | "name": "data" 75 | } 76 | ] 77 | }, 78 | { 79 | "args": [ ], 80 | "env": [ ], 81 | "image": "palmstonegames/kubectl-proxy:1.4.0", 82 | "name": "kubectl-proxy", 83 | "ports": [ ], 84 | "stdin": false, 85 | "tty": false, 86 | "volumeMounts": [ ] 87 | } 88 | ], 89 | "imagePullSecrets": [ ], 90 | "terminationGracePeriodSeconds": 30, 91 | "volumes": [ 92 | { 93 | "name": "data", 94 | "persistentVolumeClaim": { 95 | "claimName": "kube-cert-manager" 96 | } 97 | } 98 | ] 99 | } 100 | } 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/kcm_pvc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "8G" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/kcm_resource.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "description": "A specification of a Let's Encrypt Certificate to manage.", 4 | "kind": "ThirdPartyResource", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "certificate.stable.k8s.psg.io" 9 | }, 10 | "name": "certificate.stable.k8s.psg.io" 11 | }, 12 | "versions": [ 13 | { 14 | "name": "v1" 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/nginx_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "body-size": "800m", 5 | "enable-vts-status": "true", 6 | "hosts-include-subdomains": "false", 7 | "proxy-connect-timeout": "15", 8 | "proxy-read-timeout": "3600", 9 | "proxy-real-ip-cidr": "0.0.0.0/0", 10 | "proxy-send-timeout": "3600", 11 | "server-name-hash-bucket-size": "256", 12 | "ssl-protocols": "TLSv1.1 TLSv1.2", 13 | "use-proxy-protocol": "true" 14 | }, 15 | "kind": "ConfigMap", 16 | "metadata": { 17 | "annotations": { }, 18 | "labels": { 19 | "name": "nginx" 20 | }, 21 | "name": "nginx", 22 | "namespace": "nginx-ingress" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/nginx_ingress_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "nginx-ingress" 8 | }, 9 | "name": "nginx-ingress" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/nginx-ingress/nginx_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled": "true", 7 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout": "60", 8 | "service.beta.kubernetes.io/aws-load-balancer-internal": "0.0.0.0/0", 9 | "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*" 10 | }, 11 | "labels": { 12 | "name": "nginx-ingress" 13 | }, 14 | "name": "nginx-ingress", 15 | "namespace": "nginx-ingress" 16 | }, 17 | "spec": { 18 | "ports": [ 19 | { 20 | "name": "http", 21 | "port": 80 22 | }, 23 | { 24 | "name": "https", 25 | "port": 443 26 | } 27 | ], 28 | "selector": { 29 | "name": "nginx-ingress" 30 | }, 31 | "type": "LoadBalancer" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/squid/squid.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "proxy" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ 35 | { 36 | "name": "DISK_CACHE_SIZE", 37 | "value": "8000" 38 | }, 39 | { 40 | "name": "SQUID_DIRECTIVES", 41 | "value": "acl localnet src 100.64.0.0/10" 42 | } 43 | ], 44 | "image": "jpetazzo/squid-in-a-can", 45 | "livenessProbe": { 46 | "tcpSocket": { 47 | "port": "proxy" 48 | } 49 | }, 50 | "name": "squid", 51 | "ports": [ 52 | { 53 | "containerPort": 3128, 54 | "name": "proxy" 55 | } 56 | ], 57 | "readinessProbe": { 58 | "tcpSocket": { 59 | "port": "proxy" 60 | } 61 | }, 62 | "stdin": false, 63 | "tty": false, 64 | "volumeMounts": [ 65 | { 66 | "mountPath": "/var/cache/squid3", 67 | "name": "cache" 68 | } 69 | ] 70 | } 71 | ], 72 | "imagePullSecrets": [ ], 73 | "terminationGracePeriodSeconds": 30, 74 | "volumes": [ 75 | { 76 | "name": "cache", 77 | "persistentVolumeClaim": { 78 | "claimName": "proxy" 79 | } 80 | } 81 | ] 82 | } 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/squid/squid_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "10G" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/squid/squid_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "webcache" 8 | }, 9 | "name": "webcache" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.int.bitnami.net/squid/squid_service.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "proxy" 8 | }, 9 | "name": "proxy", 10 | "namespace": "webcache" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 80, 16 | "targetPort": "proxy" 17 | } 18 | ], 19 | "selector": { 20 | "name": "proxy" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/dashboard.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "name": "kubernetes-dashboard" 9 | }, 10 | "name": "kubernetes-dashboard", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "kubernetes.io/cluster-service": "true", 29 | "name": "kubernetes-dashboard" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ ], 37 | "image": "gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": 9090 42 | }, 43 | "initialDelaySeconds": 30, 44 | "timeoutSeconds": 30 45 | }, 46 | "name": "kubernetes-dashboard", 47 | "ports": [ 48 | { 49 | "containerPort": 9090, 50 | "name": "web" 51 | } 52 | ], 53 | "resources": { 54 | "limits": { 55 | "cpu": "100m", 56 | "memory": "50Mi" 57 | }, 58 | "requests": { 59 | "cpu": "100m", 60 | "memory": "50Mi" 61 | } 62 | }, 63 | "stdin": false, 64 | "tty": false, 65 | "volumeMounts": [ ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ ] 71 | } 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/dashboard_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Dashboard", 9 | "name": "kubernetes-dashboard" 10 | }, 11 | "name": "kubernetes-dashboard", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "kubernetes.io/cluster-service": "true", 23 | "name": "kubernetes-dashboard" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { 6 | "storageclass.beta.kubernetes.io/is-default-class": "true" 7 | }, 8 | "labels": { 9 | "name": "fast" 10 | }, 11 | "name": "default" 12 | }, 13 | "parameters": { 14 | "type": "gp2" 15 | }, 16 | "provisioner": "kubernetes.io/aws-ebs" 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/elasticsearch_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "elasticsearch-logging", 8 | "kubernetes.io/name": "Elasticsearch", 9 | "name": "elasticsearch-logging" 10 | }, 11 | "name": "elasticsearch-logging", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9200, 18 | "targetPort": "http" 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "elasticsearch-logging", 23 | "name": "elasticsearch-logging" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/fast.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "fast" 8 | }, 9 | "name": "fast" 10 | }, 11 | "parameters": { 12 | "type": "gp2" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/fluentd_es.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "fluentd-es", 8 | "name": "fluentd-es" 9 | }, 10 | "name": "fluentd-es", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "template": { 15 | "metadata": { 16 | "annotations": { }, 17 | "labels": { 18 | "k8s-app": "fluentd-es", 19 | "name": "fluentd-es" 20 | } 21 | }, 22 | "spec": { 23 | "containers": [ 24 | { 25 | "args": [ ], 26 | "command": [ 27 | "/bin/sh", 28 | "-c", 29 | "/usr/sbin/td-agent 2>&1 >> /var/log/fluentd.log" 30 | ], 31 | "env": [ ], 32 | "image": "gcr.io/google_containers/fluentd-elasticsearch:1.20", 33 | "name": "fluentd-es", 34 | "ports": [ ], 35 | "resources": { 36 | "limits": { 37 | "memory": "200Mi" 38 | }, 39 | "requests": { 40 | "cpu": "100m", 41 | "memory": "200Mi" 42 | } 43 | }, 44 | "stdin": false, 45 | "tty": false, 46 | "volumeMounts": [ 47 | { 48 | "mountPath": "/var/lib/docker/containers", 49 | "name": "varlibdockercontainers", 50 | "readOnly": true 51 | }, 52 | { 53 | "mountPath": "/var/log", 54 | "name": "varlog" 55 | } 56 | ] 57 | } 58 | ], 59 | "imagePullSecrets": [ ], 60 | "terminationGracePeriodSeconds": 30, 61 | "volumes": [ 62 | { 63 | "hostPath": { 64 | "path": "/var/lib/docker/containers" 65 | }, 66 | "name": "varlibdockercontainers" 67 | }, 68 | { 69 | "hostPath": { 70 | "path": "/var/log" 71 | }, 72 | "name": "varlog" 73 | } 74 | ] 75 | } 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/heapster_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "kubernetes.io/cluster-service": "true", 8 | "kubernetes.io/name": "Heapster", 9 | "name": "heapster" 10 | }, 11 | "name": "heapster", 12 | "namespace": "kube-system" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 80, 18 | "targetPort": 8082 19 | } 20 | ], 21 | "selector": { 22 | "k8s-app": "heapster" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/kibana_logging.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "name": "kibana-logging" 9 | }, 10 | "name": "kibana-logging", 11 | "namespace": "kube-system" 12 | }, 13 | "spec": { 14 | "minReadySeconds": 30, 15 | "replicas": 1, 16 | "revisionHistoryLimit": 10, 17 | "strategy": { 18 | "rollingUpdate": { 19 | "maxSurge": "25%", 20 | "maxUnavailable": "25%" 21 | }, 22 | "type": "RollingUpdate" 23 | }, 24 | "template": { 25 | "metadata": { 26 | "annotations": { }, 27 | "labels": { 28 | "k8s-app": "kibana-logging", 29 | "name": "kibana-logging" 30 | } 31 | }, 32 | "spec": { 33 | "containers": [ 34 | { 35 | "args": [ ], 36 | "env": [ 37 | { 38 | "name": "ELASTICSEARCH_URL", 39 | "value": "http://elasticsearch-logging:9200" 40 | }, 41 | { 42 | "name": "KIBANA_BASE_URL", 43 | "value": "" 44 | } 45 | ], 46 | "image": "gcr.io/google_containers/kibana:v4.6.1", 47 | "name": "kibana-logging", 48 | "ports": [ 49 | { 50 | "containerPort": 5601, 51 | "name": "ui" 52 | } 53 | ], 54 | "resources": { 55 | "limits": { 56 | "cpu": "100m" 57 | }, 58 | "requests": { 59 | "cpu": "100m" 60 | } 61 | }, 62 | "stdin": false, 63 | "tty": false, 64 | "volumeMounts": [ ] 65 | } 66 | ], 67 | "imagePullSecrets": [ ], 68 | "terminationGracePeriodSeconds": 30, 69 | "volumes": [ ] 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/kibana_logging_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "kibana-logging" 12 | }, 13 | "name": "kibana-logging", 14 | "namespace": "kube-system" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "kibana.k.web.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "kibana-logging", 25 | "servicePort": 5601 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "kibana.k.web.bitnami.net" 37 | ], 38 | "secretName": "kibana-logging-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/kibana_logging_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "k8s-app": "kibana-logging", 8 | "kubernetes.io/cluster-service": "true", 9 | "kubernetes.io/name": "Kibana", 10 | "name": "kibana-logging" 11 | }, 12 | "name": "kibana-logging", 13 | "namespace": "kube-system" 14 | }, 15 | "spec": { 16 | "ports": [ 17 | { 18 | "port": 5601, 19 | "targetPort": "ui" 20 | } 21 | ], 22 | "selector": { 23 | "k8s-app": "kibana-logging", 24 | "name": "kibana-logging" 25 | }, 26 | "type": "ClusterIP" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/aws-addons/slow.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "storage.k8s.io/v1beta1", 3 | "kind": "StorageClass", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "slow" 8 | }, 9 | "name": "slow" 10 | }, 11 | "parameters": { 12 | "type": "sc1" 13 | }, 14 | "provisioner": "kubernetes.io/aws-ebs" 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/alertmanager_templates.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { }, 4 | "kind": "ConfigMap", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "alertmanager-templates" 9 | }, 10 | "name": "alertmanager-templates", 11 | "namespace": "monitoring" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/blackbox.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "blackbox-exporter" 8 | }, 9 | "name": "blackbox-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "blackbox-exporter" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--config.file=/config/blackbox.yml" 35 | ], 36 | "env": [ ], 37 | "image": "prom/blackbox-exporter", 38 | "livenessProbe": { 39 | "httpGet": { 40 | "path": "/", 41 | "port": "metrics" 42 | } 43 | }, 44 | "name": "exporter", 45 | "ports": [ 46 | { 47 | "containerPort": 9115, 48 | "name": "metrics" 49 | } 50 | ], 51 | "resources": { 52 | "requests": { 53 | "cpu": "10m", 54 | "memory": "32Mi" 55 | } 56 | }, 57 | "stdin": false, 58 | "tty": false, 59 | "volumeMounts": [ 60 | { 61 | "mountPath": "/config", 62 | "name": "config", 63 | "readOnly": true 64 | } 65 | ] 66 | } 67 | ], 68 | "imagePullSecrets": [ ], 69 | "terminationGracePeriodSeconds": 30, 70 | "volumes": [ 71 | { 72 | "configMap": { 73 | "name": "blackbox-exporter" 74 | }, 75 | "name": "config" 76 | } 77 | ] 78 | } 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/blackbox_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "blackbox.yml": "{\"modules\": {\"http_2xx\": {\"http\": {\"method\": \"GET\", \"no_follow_redirects\": false}, \"prober\": \"http\", \"timeout\": \"5s\"}, \"ssh\": {\"prober\": \"tcp\", \"tcp\": {\"query_response\": [{\"expect\": \"^SSH-2.0-\"}]}, \"timeout\": \"5s\"}}}" 5 | }, 6 | "kind": "ConfigMap", 7 | "metadata": { 8 | "annotations": { }, 9 | "labels": { 10 | "name": "blackbox-exporter" 11 | }, 12 | "name": "blackbox-exporter", 13 | "namespace": "monitoring" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/blackbox_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "blackbox" 10 | }, 11 | "name": "blackbox", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9115, 18 | "targetPort": "metrics" 19 | } 20 | ], 21 | "selector": { 22 | "name": "blackbox-exporter" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/ksm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-state-metrics" 8 | }, 9 | "name": "kube-state-metrics", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-state-metrics" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ ], 37 | "env": [ ], 38 | "image": "gcr.io/google_containers/kube-state-metrics:v0.3.0", 39 | "name": "kube-state-metrics", 40 | "ports": [ 41 | { 42 | "containerPort": 8080, 43 | "name": "metrics" 44 | } 45 | ], 46 | "resources": { 47 | "limits": { 48 | "cpu": "10m", 49 | "memory": "32Mi" 50 | }, 51 | "requests": { 52 | "cpu": "10m", 53 | "memory": "32Mi" 54 | } 55 | }, 56 | "stdin": false, 57 | "tty": false, 58 | "volumeMounts": [ ] 59 | } 60 | ], 61 | "imagePullSecrets": [ ], 62 | "terminationGracePeriodSeconds": 30, 63 | "volumes": [ ] 64 | } 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/node_exporter.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "DaemonSet", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "node-exporter" 8 | }, 9 | "name": "node-exporter", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "template": { 14 | "metadata": { 15 | "annotations": { }, 16 | "labels": { 17 | "name": "node-exporter" 18 | } 19 | }, 20 | "spec": { 21 | "containers": [ 22 | { 23 | "args": [ 24 | "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($|/)", 25 | "--collector.procfs=/host/proc", 26 | "--collector.sysfs=/host/sys" 27 | ], 28 | "env": [ ], 29 | "image": "prom/node-exporter:v0.13.0", 30 | "livenessProbe": { 31 | "httpGet": { 32 | "path": "/", 33 | "port": "scrape" 34 | } 35 | }, 36 | "name": "node-exporter", 37 | "ports": [ 38 | { 39 | "containerPort": 9100, 40 | "name": "scrape" 41 | } 42 | ], 43 | "readinessProbe": { 44 | "httpGet": { 45 | "path": "/", 46 | "port": "scrape" 47 | }, 48 | "successThreshold": 2 49 | }, 50 | "stdin": false, 51 | "tty": false, 52 | "volumeMounts": [ 53 | { 54 | "mountPath": "/host/proc", 55 | "name": "procfs", 56 | "readOnly": true 57 | }, 58 | { 59 | "mountPath": "/rootfs", 60 | "name": "root", 61 | "readOnly": true 62 | }, 63 | { 64 | "mountPath": "/host/sys", 65 | "name": "sysfs", 66 | "readOnly": true 67 | } 68 | ] 69 | } 70 | ], 71 | "hostNetwork": true, 72 | "hostPID": true, 73 | "imagePullSecrets": [ ], 74 | "terminationGracePeriodSeconds": 30, 75 | "volumes": [ 76 | { 77 | "hostPath": { 78 | "path": "/proc" 79 | }, 80 | "name": "procfs" 81 | }, 82 | { 83 | "hostPath": { 84 | "path": "/" 85 | }, 86 | "name": "root" 87 | }, 88 | { 89 | "hostPath": { 90 | "path": "/sys" 91 | }, 92 | "name": "sysfs" 93 | } 94 | ] 95 | } 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/node_exporter_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "node-exporter" 10 | }, 11 | "name": "node-exporter", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "clusterIP": "None", 16 | "ports": [ 17 | { 18 | "port": 9100, 19 | "targetPort": "scrape" 20 | } 21 | ], 22 | "selector": { 23 | "name": "node-exporter" 24 | }, 25 | "type": "ClusterIP" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/prometheus_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "prometheus-data" 8 | }, 9 | "name": "prometheus-data", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "100Gi" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/prometheus_ing.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Ingress", 4 | "metadata": { 5 | "annotations": { 6 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 7 | "stable.k8s.psg.io/kcm.enabled": "true", 8 | "stable.k8s.psg.io/kcm.provider": "route53" 9 | }, 10 | "labels": { 11 | "name": "prometheus" 12 | }, 13 | "name": "prometheus", 14 | "namespace": "monitoring" 15 | }, 16 | "spec": { 17 | "rules": [ 18 | { 19 | "host": "prometheus.k.web.bitnami.net", 20 | "http": { 21 | "paths": [ 22 | { 23 | "backend": { 24 | "serviceName": "prometheus", 25 | "servicePort": 9090 26 | }, 27 | "path": "/" 28 | } 29 | ] 30 | } 31 | } 32 | ], 33 | "tls": [ 34 | { 35 | "hosts": [ 36 | "prometheus.k.web.bitnami.net" 37 | ], 38 | "secretName": "prometheus-cert" 39 | } 40 | ] 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/prometheus_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "monitoring" 8 | }, 9 | "name": "monitoring" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/prometheus_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "prometheus.io/scrape": "true" 7 | }, 8 | "labels": { 9 | "name": "prometheus" 10 | }, 11 | "name": "prometheus", 12 | "namespace": "monitoring" 13 | }, 14 | "spec": { 15 | "ports": [ 16 | { 17 | "port": 9090, 18 | "targetPort": "web" 19 | } 20 | ], 21 | "selector": { 22 | "name": "prometheus" 23 | }, 24 | "type": "ClusterIP" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/monitoring/svc_watch.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-svc-watch" 8 | }, 9 | "name": "kube-svc-watch", 10 | "namespace": "monitoring" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { 26 | "prometheus.io/port": "8080", 27 | "prometheus.io/scrape": "true" 28 | }, 29 | "labels": { 30 | "name": "kube-svc-watch" 31 | } 32 | }, 33 | "spec": { 34 | "containers": [ 35 | { 36 | "args": [ 37 | "--logtostderr=true", 38 | "--terminate=false" 39 | ], 40 | "command": [ 41 | "kube-svc-watch" 42 | ], 43 | "env": [ ], 44 | "image": "gcr.io/bitnami-images/kube-svc-watch:jenkins-sre-k8s-kube-svc-watch-22", 45 | "name": "kube-svc-watch", 46 | "ports": [ 47 | { 48 | "containerPort": 8080, 49 | "name": "metrics" 50 | } 51 | ], 52 | "resources": { 53 | "limits": { 54 | "cpu": "10m", 55 | "memory": "32Mi" 56 | } 57 | }, 58 | "stdin": false, 59 | "tty": false, 60 | "volumeMounts": [ ] 61 | } 62 | ], 63 | "imagePullSecrets": [ ], 64 | "terminationGracePeriodSeconds": 30, 65 | "volumes": [ ] 66 | } 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/default_http_backend.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": "25%", 19 | "maxUnavailable": "25%" 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "default-http-backend" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ ], 34 | "env": [ ], 35 | "image": "gcr.io/google_containers/defaultbackend:1.2", 36 | "livenessProbe": { 37 | "httpGet": { 38 | "path": "/healthz", 39 | "port": "http" 40 | }, 41 | "initialDelaySeconds": 30, 42 | "timeoutSeconds": 5 43 | }, 44 | "name": "default-http-backend", 45 | "ports": [ 46 | { 47 | "containerPort": 8080, 48 | "name": "http" 49 | } 50 | ], 51 | "resources": { 52 | "limits": { 53 | "cpu": "10m", 54 | "memory": "20Mi" 55 | }, 56 | "requests": { 57 | "cpu": "10m", 58 | "memory": "20Mi" 59 | } 60 | }, 61 | "stdin": false, 62 | "tty": false, 63 | "volumeMounts": [ ] 64 | } 65 | ], 66 | "imagePullSecrets": [ ], 67 | "terminationGracePeriodSeconds": 60, 68 | "volumes": [ ] 69 | } 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/default_http_backend_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "default-http-backend" 8 | }, 9 | "name": "default-http-backend", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "ports": [ 14 | { 15 | "port": 80, 16 | "targetPort": "http" 17 | } 18 | ], 19 | "selector": { 20 | "name": "default-http-backend" 21 | }, 22 | "type": "ClusterIP" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/kcm.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "kind": "Deployment", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "minReadySeconds": 30, 14 | "replicas": 1, 15 | "revisionHistoryLimit": 10, 16 | "strategy": { 17 | "rollingUpdate": { 18 | "maxSurge": 0, 19 | "maxUnavailable": 1 20 | }, 21 | "type": "RollingUpdate" 22 | }, 23 | "template": { 24 | "metadata": { 25 | "annotations": { }, 26 | "labels": { 27 | "name": "kube-cert-manager" 28 | } 29 | }, 30 | "spec": { 31 | "containers": [ 32 | { 33 | "args": [ 34 | "--acme-url=https://acme-v01.api.letsencrypt.org/directory", 35 | "--data-dir=/var/lib/cert-manager" 36 | ], 37 | "env": [ 38 | { 39 | "name": "AWS_ACCESS_KEY_ID", 40 | "valueFrom": { 41 | "secretKeyRef": { 42 | "key": "access_key_id", 43 | "name": "kube-cert-manager-aws" 44 | } 45 | } 46 | }, 47 | { 48 | "name": "AWS_SECRET_ACCESS_KEY", 49 | "valueFrom": { 50 | "secretKeyRef": { 51 | "key": "secret_access_key", 52 | "name": "kube-cert-manager-aws" 53 | } 54 | } 55 | } 56 | ], 57 | "image": "palmstonegames/kube-cert-manager:0.3.1", 58 | "name": "kube-cert-manager", 59 | "ports": [ 60 | { 61 | "containerPort": 8080, 62 | "name": "http" 63 | }, 64 | { 65 | "containerPort": 8081, 66 | "name": "tls-sni" 67 | } 68 | ], 69 | "stdin": false, 70 | "tty": false, 71 | "volumeMounts": [ 72 | { 73 | "mountPath": "/var/lib/cert-manager", 74 | "name": "data" 75 | } 76 | ] 77 | }, 78 | { 79 | "args": [ ], 80 | "env": [ ], 81 | "image": "palmstonegames/kubectl-proxy:1.4.0", 82 | "name": "kubectl-proxy", 83 | "ports": [ ], 84 | "stdin": false, 85 | "tty": false, 86 | "volumeMounts": [ ] 87 | } 88 | ], 89 | "imagePullSecrets": [ ], 90 | "terminationGracePeriodSeconds": 30, 91 | "volumes": [ 92 | { 93 | "name": "data", 94 | "persistentVolumeClaim": { 95 | "claimName": "kube-cert-manager" 96 | } 97 | } 98 | ] 99 | } 100 | } 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/kcm_pvc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "PersistentVolumeClaim", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "kube-cert-manager" 8 | }, 9 | "name": "kube-cert-manager", 10 | "namespace": "nginx-ingress" 11 | }, 12 | "spec": { 13 | "accessModes": [ 14 | "ReadWriteOnce" 15 | ], 16 | "resources": { 17 | "requests": { 18 | "storage": "8G" 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/kcm_resource.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "extensions/v1beta1", 3 | "description": "A specification of a Let's Encrypt Certificate to manage.", 4 | "kind": "ThirdPartyResource", 5 | "metadata": { 6 | "annotations": { }, 7 | "labels": { 8 | "name": "certificate.stable.k8s.psg.io" 9 | }, 10 | "name": "certificate.stable.k8s.psg.io" 11 | }, 12 | "versions": [ 13 | { 14 | "name": "v1" 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/nginx_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "data": { 4 | "body-size": "800m", 5 | "enable-vts-status": "true", 6 | "hosts-include-subdomains": "false", 7 | "proxy-connect-timeout": "15", 8 | "proxy-read-timeout": "3600", 9 | "proxy-real-ip-cidr": "0.0.0.0/0", 10 | "proxy-send-timeout": "3600", 11 | "server-name-hash-bucket-size": "256", 12 | "ssl-protocols": "TLSv1.1 TLSv1.2", 13 | "use-proxy-protocol": "true" 14 | }, 15 | "kind": "ConfigMap", 16 | "metadata": { 17 | "annotations": { }, 18 | "labels": { 19 | "name": "nginx" 20 | }, 21 | "name": "nginx", 22 | "namespace": "nginx-ingress" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/nginx_ingress_ns.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Namespace", 4 | "metadata": { 5 | "annotations": { }, 6 | "labels": { 7 | "name": "nginx-ingress" 8 | }, 9 | "name": "nginx-ingress" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /generated/one.k8s.web.bitnami.net/nginx-ingress/nginx_svc.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Service", 4 | "metadata": { 5 | "annotations": { 6 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled": "true", 7 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout": "60", 8 | "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*" 9 | }, 10 | "labels": { 11 | "name": "nginx-ingress" 12 | }, 13 | "name": "nginx-ingress", 14 | "namespace": "nginx-ingress" 15 | }, 16 | "spec": { 17 | "ports": [ 18 | { 19 | "name": "http", 20 | "port": 80 21 | }, 22 | { 23 | "name": "https", 24 | "port": 443 25 | } 26 | ], 27 | "selector": { 28 | "name": "nginx-ingress" 29 | }, 30 | "type": "LoadBalancer" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /lib/bitnami.libsonnet: -------------------------------------------------------------------------------- 1 | // Generic stuff is in kube.libsonnet - this file contains 2 | // additional AWS or Bitnami -specific conventions. 3 | 4 | local kube = import "kube.libsonnet"; 5 | 6 | { 7 | ElbService(name): kube.Service(name) { 8 | local service = self, 9 | 10 | metadata+: { 11 | annotations+: { 12 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled": "true", 13 | "service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout": std.toString(service.target_pod.spec.terminationGracePeriodSeconds), 14 | }, 15 | }, 16 | spec+: { type: "LoadBalancer" }, 17 | }, 18 | 19 | InternalElbService(name): $.ElbService(name) { 20 | metadata+: { 21 | annotations+: { 22 | "service.beta.kubernetes.io/aws-load-balancer-internal": "0.0.0.0/0", 23 | }, 24 | }, 25 | }, 26 | 27 | Ingress(name): kube.Ingress(name) { 28 | local ing = self, 29 | 30 | host:: error "host required", 31 | target_svc:: error "target_svc required", 32 | 33 | metadata+: { 34 | annotations+: { 35 | "stable.k8s.psg.io/kcm.enabled": "true", 36 | "stable.k8s.psg.io/kcm.provider": "route53", 37 | "stable.k8s.psg.io/kcm.email": "sre@bitnami.com", 38 | }, 39 | }, 40 | 41 | spec+: { 42 | tls: [ 43 | { 44 | hosts: std.uniq([r.host for r in ing.spec.rules]), 45 | secretName: "%s-cert" % [ing.metadata.name], 46 | 47 | assert std.length(self.hosts) <= 1 : "kube-cert-manager only supports one host per secret - make a separate Ingress resource", 48 | }, 49 | ], 50 | 51 | // Default to single-service - override if you want something else. 52 | rules: [ 53 | { 54 | host: ing.host, 55 | http: { 56 | paths: [ 57 | { path: "/", backend: ing.target_svc.name_port }, 58 | ], 59 | }, 60 | }, 61 | ], 62 | }, 63 | }, 64 | 65 | PromScrape(port): { 66 | local scrape = self, 67 | prom_path:: "/metrics", 68 | 69 | metadata+: { 70 | annotations+: { 71 | "prometheus.io/scrape": "true", 72 | "prometheus.io/port": std.toString(port), 73 | "prometheus.io/path": scrape.prom_path, 74 | }, 75 | }, 76 | }, 77 | 78 | PodZoneAntiAffinityAnnotation(pod): { 79 | affinity:: { 80 | podAntiAffinity: { 81 | preferredDuringSchedulingIgnoredDuringExecution: [ 82 | { 83 | weight: 50, 84 | podAffinityTerm: { 85 | labelSelector: { matchLabels: pod.metadata.labels }, 86 | topologyKey: "failure-domain.beta.kubernetes.io/zone", 87 | }, 88 | }, 89 | { 90 | weight: 100, 91 | podAffinityTerm: { 92 | labelSelector: { matchLabels: pod.metadata.labels }, 93 | topologyKey: "kubernetes.io/hostname", 94 | }, 95 | }, 96 | ], 97 | }, 98 | }, 99 | "scheduler.alpha.kubernetes.io/affinity": std.toString(self.affinity), 100 | }, 101 | } 102 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/aws-addons.jsonnet: -------------------------------------------------------------------------------- 1 | local addons = import "../common/aws-addons.jsonnet"; 2 | 3 | addons { 4 | items_+: { 5 | num_nodes: 10, // approximate 6 | 7 | kibana_logging_ing+: { 8 | host: "kibana.k.dev.bitnami.net", 9 | }, 10 | }, 11 | } 12 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/config/alertmanager.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/alertmanager.jsonnet"; 2 | 3 | config { 4 | route+: { 5 | // dev cluster -> just let everything fall through to 'default'. 6 | // TODO: We still care about *some* level of service-availability. 7 | routes: [], 8 | }, 9 | } 10 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/config/blackbox.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/blackbox.jsonnet"; 2 | 3 | config { 4 | // No changes 5 | } 6 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/config/gus-testing.rules: -------------------------------------------------------------------------------- 1 | # This is mostly because-I-can, and probably a bad idea for an alert 2 | ALERT JenkinsWantsUpdate 3 | IF jenkins_plugins_withUpdate > 0 4 | FOR 24h 5 | LABELS { severity = "notice" } 6 | ANNOTATIONS { 7 | summary = "Jenkins has updated plugins available", 8 | description = "{{ $value }} plugins want an update", 9 | } 10 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/config/prometheus.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/prometheus.jsonnet"; 2 | 3 | config { 4 | global+: { 5 | external_labels+: { 6 | cluster: "one.k8s.dev.bitnami.net", 7 | }, 8 | }, 9 | } 10 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/jenkins.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local jenkins = import "../common/jenkins.jsonnet"; 3 | 4 | local proxy = import "squid.jsonnet"; 5 | local http_proxy = proxy.items_.url; 6 | 7 | jenkins { 8 | items_+: { 9 | namespace: "jenkins", 10 | jenkins_ns: kube.Namespace(self.namespace), 11 | 12 | jenkins_ing+: { 13 | host: "jenkins.k.dev.bitnami.net", 14 | }, 15 | 16 | jenkins_master+: { 17 | spec+: { 18 | template+: { 19 | spec+: { 20 | containers_+: { 21 | master+: { 22 | env_+: { 23 | http_proxy: http_proxy, 24 | }, 25 | }, 26 | }, 27 | }, 28 | }, 29 | }, 30 | }, 31 | }, 32 | } 33 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/monitoring.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local prometheus = import "../common/prometheus.jsonnet"; 3 | local ksw = import "../common/kube-svc-watch.jsonnet"; 4 | 5 | local all = prometheus.items_ + ksw.items_ { 6 | namespace: "monitoring", 7 | 8 | prom_config: import "config/prometheus.jsonnet", 9 | am_config: import "config/alertmanager.jsonnet", 10 | bb_config: import "config/blackbox.jsonnet", 11 | 12 | prometheus_config+: { 13 | data+: { 14 | "sre.rules": importstr "../common/config/sre.rules", 15 | "gus-testing.rules": importstr "config/gus-testing.rules", 16 | }, 17 | }, 18 | 19 | prometheus_ing+: { 20 | host: "prometheus.k.dev.bitnami.net", 21 | }, 22 | 23 | alertmanager_ing+: { 24 | host: "alertmanager.k.dev.bitnami.net", 25 | }, 26 | 27 | grafana_ing+: { 28 | host: "grafana.k.dev.bitnami.net", 29 | }, 30 | 31 | svc_watch+: { 32 | spec+: { 33 | template+: { 34 | spec+: { 35 | containers_+: { 36 | ksw+: { 37 | args_+: { 38 | terminate: true, 39 | "slack-token": "", 40 | "slack-channel": "#sre-alerts", 41 | }, 42 | }, 43 | }, 44 | }, 45 | }, 46 | }, 47 | }, 48 | }; 49 | 50 | kube.List() { items_+: all } 51 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/nginx-ingress.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local ingress = (import "../common/nginx-ingress.jsonnet").items_; 3 | local kcm = (import "../common/kube-cert-manager.jsonnet").items_; 4 | 5 | local all = ingress + kcm { 6 | namespace: "nginx-ingress", 7 | 8 | nginx_ingress_ns: kube.Namespace($.namespace), 9 | }; 10 | 11 | kube.List() { items_+: all } 12 | -------------------------------------------------------------------------------- /one.k8s.dev.bitnami.net/squid.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local squid = import "../common/squid.jsonnet"; 3 | 4 | squid { 5 | items_+: { 6 | namespace: "webcache", 7 | 8 | squid_ns: kube.Namespace(self.namespace), 9 | }, 10 | } 11 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/aws-addons.jsonnet: -------------------------------------------------------------------------------- 1 | local addons = import "../common/aws-addons.jsonnet"; 2 | 3 | addons { 4 | items_+: { 5 | num_nodes: 10, // approximate 6 | 7 | kibana_logging_ing+: { 8 | host: "kibana.k.int.bitnami.net", 9 | }, 10 | }, 11 | } 12 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/config/alertmanager.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/alertmanager.jsonnet"; 2 | 3 | config { 4 | route+: { 5 | routes: [ 6 | { 7 | match: { severity: "critical" }, 8 | repeat_interval: "15m", 9 | receiver: "sre_slack", 10 | }, 11 | { 12 | match: { severity: "warning" }, 13 | receiver: "sre_slack", 14 | }, 15 | { 16 | match: { severity: "notice" }, 17 | receiver: "sre_email", 18 | }, 19 | ], 20 | }, 21 | } 22 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/config/blackbox.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/blackbox.jsonnet"; 2 | 3 | config { 4 | // No changes 5 | } 6 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/config/prometheus.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/prometheus.jsonnet"; 2 | 3 | config { 4 | global+: { 5 | external_labels+: { 6 | cluster: "one.k8s.int.bitnami.net", 7 | }, 8 | }, 9 | } 10 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/jenkins.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local jenkins = import "../common/jenkins.jsonnet"; 3 | 4 | local proxy = import "squid.jsonnet"; 5 | local http_proxy = proxy.items_.url; 6 | 7 | jenkins { 8 | items_+: { 9 | namespace: "jenkins", 10 | 11 | jenkins_ns: kube.Namespace(self.namespace), 12 | 13 | jenkins_ing+: { 14 | host: "jenkins.k.int.bitnami.net", 15 | }, 16 | 17 | jenkins_master+: { 18 | spec+: { 19 | template+: { 20 | spec+: { 21 | containers_+: { 22 | master+: { 23 | env_+: { 24 | http_proxy: http_proxy, 25 | }, 26 | }, 27 | }, 28 | }, 29 | }, 30 | }, 31 | }, 32 | }, 33 | } 34 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/monitoring.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local prometheus = import "../common/prometheus.jsonnet"; 3 | local ksw = import "../common/kube-svc-watch.jsonnet"; 4 | 5 | local all = prometheus.items_ + ksw.items_ { 6 | namespace: "monitoring", 7 | 8 | prom_config: import "config/prometheus.jsonnet", 9 | am_config: import "config/alertmanager.jsonnet", 10 | bb_config: import "config/blackbox.jsonnet", 11 | 12 | prometheus_ns: kube.Namespace($.namespace), 13 | 14 | prometheus_config+: { 15 | data+: { 16 | "sre.rules": importstr "../common/config/sre.rules", 17 | }, 18 | }, 19 | 20 | prometheus_ing+: { 21 | host: "prometheus.k.int.bitnami.net", 22 | }, 23 | 24 | alertmanager_ing+: { 25 | host: "alertmanager.k.int.bitnami.net", 26 | }, 27 | 28 | grafana_ing+: { 29 | host: "grafana.k.int.bitnami.net", 30 | }, 31 | 32 | svc_watch_secret:: kube.Secret("kube-svc-watch") { 33 | metadata+: { namespace: $.namespace }, 34 | data_+: { 35 | "slack-token": error "provided externally", 36 | }, 37 | }, 38 | 39 | grafana_rds_secret:: kube.Secret("grafana-rds") { 40 | metadata+: { namespace: $.namespace }, 41 | data_+: { 42 | host: error "provided externally", 43 | database: error "provided externally", 44 | username: error "provided externally", 45 | password: error "provided externally", 46 | }, 47 | }, 48 | 49 | grafana_data: kube.PersistentVolumeClaim("grafana-data") { 50 | metadata+: { namespace: $.namespace }, 51 | storage: "20Gi", 52 | }, 53 | 54 | grafana+: { 55 | spec+: { 56 | template+: { 57 | spec+: { 58 | containers_+: { 59 | grafana+: { 60 | env_+: { 61 | GF_DATABASE_TYPE: "mysql", 62 | GF_DATABASE_HOST: kube.SecretKeyRef($.grafana_rds_secret, "host"), 63 | GF_DATABASE_NAME: kube.SecretKeyRef($.grafana_rds_secret, "database"), 64 | GF_DATABASE_USER: kube.SecretKeyRef($.grafana_rds_secret, "username"), 65 | GF_DATABASE_PASSWORD: kube.SecretKeyRef($.grafana_rds_secret, "password"), 66 | }, 67 | }, 68 | }, 69 | volumes_+: { 70 | storage: kube.PersistentVolumeClaimVolume($.grafana_data), 71 | }, 72 | }, 73 | }, 74 | }, 75 | }, 76 | 77 | svc_watch+: { 78 | spec+: { 79 | template+: { 80 | spec+: { 81 | containers_+: { 82 | ksw+: { 83 | env_+: { 84 | SLACK_TOKEN: kube.SecretKeyRef($.svc_watch_secret, "slack-token"), 85 | }, 86 | args_+: { 87 | terminate: true, 88 | "slack-token": "$(SLACK_TOKEN)", 89 | "slack-channel": "#sre-alerts", 90 | }, 91 | }, 92 | }, 93 | }, 94 | }, 95 | }, 96 | }, 97 | }; 98 | 99 | kube.List() { items_+: all } 100 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/nginx-ingress.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local ingress = (import "../common/nginx-ingress.jsonnet").items_; 3 | local kcm = (import "../common/kube-cert-manager.jsonnet").items_; 4 | 5 | local all = ingress + kcm { 6 | namespace: "nginx-ingress", 7 | 8 | nginx_ingress_ns: kube.Namespace($.namespace), 9 | }; 10 | 11 | kube.List() { items_+: all } 12 | -------------------------------------------------------------------------------- /one.k8s.int.bitnami.net/squid.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local squid = import "../common/squid.jsonnet"; 3 | 4 | squid { 5 | items_+: { 6 | namespace: "webcache", 7 | 8 | squid_ns: kube.Namespace(self.namespace), 9 | }, 10 | } 11 | -------------------------------------------------------------------------------- /one.k8s.web.bitnami.net/aws-addons.jsonnet: -------------------------------------------------------------------------------- 1 | local addons = import "../common/aws-addons.jsonnet"; 2 | 3 | addons { 4 | items_+: { 5 | num_nodes: 10, // approximate 6 | 7 | kibana_logging_ing+: { 8 | host: "kibana.k.web.bitnami.net", 9 | }, 10 | }, 11 | } 12 | -------------------------------------------------------------------------------- /one.k8s.web.bitnami.net/config/blackbox.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/blackbox.jsonnet"; 2 | 3 | config { 4 | // No changes 5 | } 6 | -------------------------------------------------------------------------------- /one.k8s.web.bitnami.net/config/prometheus.jsonnet: -------------------------------------------------------------------------------- 1 | local config = import "../../common/config/prometheus.jsonnet"; 2 | 3 | config { 4 | global+: { 5 | external_labels+: { 6 | cluster: "one.k8s.web.bitnami.net", 7 | }, 8 | }, 9 | } 10 | -------------------------------------------------------------------------------- /one.k8s.web.bitnami.net/monitoring.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local prometheus = import "../common/prometheus.jsonnet"; 3 | local ksw = import "../common/kube-svc-watch.jsonnet"; 4 | 5 | local all = prometheus.items_ + ksw.items_ { 6 | namespace: "monitoring", 7 | 8 | prom_config: import "config/prometheus.jsonnet", 9 | am_config: error "no alertmanager config", 10 | bb_config: import "config/blackbox.jsonnet", 11 | 12 | prometheus_ns: kube.Namespace($.namespace), 13 | 14 | prometheus_config+: { 15 | data+: { 16 | "sre.rules": importstr "../common/config/sre.rules", 17 | }, 18 | }, 19 | 20 | prometheus_ing+: { 21 | host: "prometheus.k.web.bitnami.net", 22 | }, 23 | 24 | // Disable alertmanager in web cluster (uses int cluster) 25 | alertmanager_ing:: null, 26 | alertmanager_svc:: null, 27 | alertmanager_data:: null, 28 | alertmanager_config:: null, 29 | alertmanager:: null, 30 | 31 | // Disable grafana in web cluster 32 | grafana_ing:: null, 33 | grafana_svc:: null, 34 | grafana:: null, 35 | 36 | svc_watch+: { 37 | spec+: { 38 | template+: { 39 | spec+: { 40 | containers_+: { 41 | ksw+: { 42 | args_+: { 43 | terminate: false, // Note: we don't terminate public ELBs on 'web' 44 | }, 45 | }, 46 | }, 47 | }, 48 | }, 49 | }, 50 | }, 51 | 52 | prometheus+: { 53 | spec+: { 54 | template+: { 55 | spec+: { 56 | containers_+: { 57 | prometheus+: { 58 | args_+: { 59 | // NB: this is point to the *int* cluster 60 | "alertmanager.url": "https://alertmanager.k.int.bitnami.net", 61 | }, 62 | }, 63 | }, 64 | }, 65 | }, 66 | }, 67 | }, 68 | }; 69 | 70 | kube.List() { items_+: all } 71 | -------------------------------------------------------------------------------- /one.k8s.web.bitnami.net/nginx-ingress.jsonnet: -------------------------------------------------------------------------------- 1 | local kube = import "kube.libsonnet"; 2 | local ingress = (import "../common/nginx-ingress.jsonnet").items_; 3 | local kcm = (import "../common/kube-cert-manager.jsonnet").items_; 4 | 5 | local all = ingress + kcm { 6 | namespace: "nginx-ingress", 7 | 8 | nginx_ingress_ns: kube.Namespace($.namespace), 9 | nginx_svc+: { 10 | metadata+: { 11 | annotations+: { 12 | // Actually want a regular external ELB for this cluster 13 | "service.beta.kubernetes.io/aws-load-balancer-internal":: null, 14 | }, 15 | }, 16 | }, 17 | }; 18 | 19 | kube.List() { items_+: all } 20 | -------------------------------------------------------------------------------- /tests/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:8 2 | MAINTAINER sre@bitnami.com 3 | 4 | RUN adduser --home /home/user --disabled-password --gecos User user 5 | 6 | RUN apt-get -q update && apt-get -qy install jq 7 | 8 | ADD https://storage.googleapis.com/bitnami-jenkins-tools/jsonnet-0.9.0 /usr/local/bin/jsonnet 9 | RUN chmod +x /usr/local/bin/jsonnet 10 | 11 | # NB: 1.5.x kubectl refuses to allow you to modify a different 12 | # namespace when run in-cluster. 13 | # See https://github.com/kubernetes/kubernetes/issues/38744 14 | ADD https://storage.googleapis.com/kubernetes-release/release/v1.4.7/bin/linux/amd64/kubectl /usr/local/bin/kubectl 15 | RUN chmod +x /usr/local/bin/kubectl 16 | 17 | USER user 18 | WORKDIR /home/user 19 | CMD ["/bin/bash", "-l"] 20 | -------------------------------------------------------------------------------- /tests/test_fmt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | flags="\ 6 | --indent 2\ 7 | --string-style d\ 8 | --comment-style s\ 9 | --no-pad-arrays\ 10 | --pad-objects\ 11 | --pretty-field-names\ 12 | " 13 | 14 | fail=0 15 | for f in $(find . -regex '.*\.\(jsonnet\|libsonnet\)$' -print); do 16 | if ! jsonnet fmt --test $flags -- $f; then 17 | echo "$f needs reformatting. Try:" >&2 18 | echo " jsonnet fmt -i $flags $f" >&2 19 | fail=$(( $fail + 1 )) 20 | fi 21 | done 22 | 23 | test $fail -eq 0 24 | -------------------------------------------------------------------------------- /tests/test_generated.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | mydir=${0%/*} 6 | 7 | tmpdir=$(mktemp -d) 8 | trap "rm -r $tmpdir" EXIT 9 | 10 | if ! $mydir/../tools/rebuild.sh -d "$tmpdir" >/dev/null; then 11 | echo "FAIL: $mydir/../tools/rebuild.sh exited non-zero" >&2 12 | exit 1 13 | fi 14 | 15 | if ! diff -r "$mydir/../generated" "$tmpdir"; then 16 | echo "FAIL: Differences exist. Re-run ./tools/rebuild.sh" >&2 17 | exit 1 18 | fi 19 | 20 | echo "OK: Generated files are up to date." 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /tests/test_prom_rules.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | fail=0 6 | for f in */config/*.rules; do 7 | echo "Checking $f:" 8 | if ! promtool check-rules $f; then 9 | fail=$(( $fail + 1 )) 10 | echo "FAILED $f" 11 | fi 12 | done 13 | 14 | test $fail -eq 0 15 | -------------------------------------------------------------------------------- /tests/test_valid.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | validate() { 6 | if ! jq -e '.metadata.namespace or .kind == "Namespace" or .kind == "StorageClass" or .kind == "ClusterRole" or .kind == "ClusterRoleBinding" or .kind == "ThirdPartyResource"' <$1 >/dev/null; then 7 | echo "$1 has items that don't declare a namespace" >&2 8 | exit 1 9 | fi 10 | } 11 | 12 | # NB: kubectl will do network lookups in order to fetch "new" API 13 | # schema - so this will fail if k8s API is unavailable. 14 | kubectl convert --recursive --local --validate -o name -f generated 15 | 16 | fail=0 17 | for f in $(find generated -name "*.json"); do 18 | if ! validate $f; then 19 | fail=$(( $fail + 1 )) 20 | echo "FAIL: $f failed additional JSON checks" 21 | fi 22 | done 23 | 24 | test $fail -eq 0 25 | 26 | echo "OK" 27 | -------------------------------------------------------------------------------- /tools/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ $# -ne 1 ]; then 6 | echo "Usage: $0 " >&2 7 | exit 1 8 | fi 9 | 10 | cluster=$1 11 | cd ${0%/*}/.. 12 | 13 | for f in $cluster/*.jsonnet; do 14 | echo "Pushing $f" 15 | ./tools/kubecfg.sh $f update 16 | done 17 | -------------------------------------------------------------------------------- /tools/kubecfg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | mydir=${0%/*} 6 | 7 | file="$1" 8 | verb="$2" # create/update/delete/replace 9 | shift 2 10 | 11 | case "$verb" in 12 | delete) args="" ;; 13 | update) verb=apply; args="--overwrite --record" ;; 14 | *) args="--record" ;; 15 | esac 16 | 17 | jsonnet \ 18 | --jpath $mydir/../lib \ 19 | "$file" \ 20 | | kubectl \ 21 | "$verb" \ 22 | --filename - \ 23 | $args \ 24 | "$@" 25 | -------------------------------------------------------------------------------- /tools/kubesh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Handy script to give you a temporary shell on a k8s cluster. 4 | # 5 | # Usage: 6 | # 7 | # kubesh -l 8 | # Starts a new pod called shell-$USER. The container will be 9 | # destroyed when this exits. 10 | # 11 | # kubesh [cmd] 12 | # Connects to shell-$USER and runs $cmd, or /bin/bash. The container 13 | # is not destroyed when this exits. 14 | # 15 | 16 | # Set this env var to name the pod something else 17 | : ${SHELL_POD:=shell-${LOGNAME}} 18 | # Set this env var to start a different image 19 | : ${SHELL_IMAGE:=debian:testing} 20 | # Inject http_proxy by default. Override to change, perhaps to "" 21 | # Note: there is no colon in the following ${foo=bar} construct! 22 | : ${SHELL_HTTP_PROXY=http://proxy.webcache:80/} 23 | 24 | : ${LOGNAME:=${USER}} 25 | : ${TZ:=$(cat /etc/timezone)} 26 | 27 | tty= 28 | test -t 0 && tty=--tty 29 | 30 | if [ "$1" = "-l" ]; then 31 | attach=0 32 | shift 33 | else 34 | attach=1 35 | fi 36 | 37 | if [ $attach -ne 0 ]; then 38 | if [ $# -eq 0 ]; then 39 | set -- /bin/bash -l 40 | fi 41 | exec kubectl exec $SHELL_POD --stdin $tty -- "$@" 42 | else 43 | exec kubectl run $SHELL_POD \ 44 | --image $SHELL_IMAGE \ 45 | --stdin $tty --attach \ 46 | --labels=user=$LOGNAME \ 47 | --restart=Never \ 48 | --rm \ 49 | ${SHELL_HTTP_PROXY:+--env=http_proxy=$SHELL_HTTP_PROXY} \ 50 | ${LOGNAME:+--env=LOGNAME=$LOGNAME} \ 51 | ${TERM:+--env=TERM=$TERM} \ 52 | ${TZ:+--env=TZ=$TZ} \ 53 | -- "$@" 54 | fi 55 | -------------------------------------------------------------------------------- /tools/rebuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Evaluate all the jsonnet and produce json files below generated/ 4 | # 5 | 6 | set -e 7 | 8 | mydir=${0%/*} 9 | outdir=$mydir/../generated 10 | 11 | while getopts :d: OPT; do 12 | case $OPT in 13 | d) 14 | outdir="$OPTARG" 15 | ;; 16 | *) 17 | echo "usage: `basename $0` [-d DIR]" 18 | exit 2 19 | esac 20 | done 21 | shift `expr $OPTIND - 1` 22 | OPTIND=1 23 | 24 | if [ -d "$outdir" ]; then 25 | echo "Removing $outdir" 26 | rm -r "$outdir" 27 | fi 28 | 29 | for f in *.bitnami.net/*.jsonnet; do 30 | echo "$f =>" 31 | d=$outdir/${f%.jsonnet} 32 | mkdir -p "$d" 33 | jsonnet --jpath $mydir/../lib --multi "$d" \ 34 | --exec "local o = (import \"$f\").items_; {[k + '.json']: o[k] for k in std.objectFields(o)}" 35 | done 36 | 37 | exit 0 38 | -------------------------------------------------------------------------------- /tools/rsync_rsh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Set RSYNC_RSH env var to this script, then rsync magically becomes 4 | # able to copy in/out of pods. 5 | # 6 | # (Requires `rsync` command to exist in the target pod.) 7 | # 8 | 9 | name="$1"; shift 10 | exec kubectl exec $name --stdin -- "$@" 11 | --------------------------------------------------------------------------------