SgQ4E4YR

· 4 years ago · Jan 10, 2021, 02:58 PM
1{"version": 1, "kubernetesObjects": [{"apiVersion": "rbac.authorization.k8s.io/v1beta1", "kind": "ClusterRole", "metadata": {"name": "gather-metrics", "labels": {"name": "gather-metrics", "app": "prometheus", "env": "production", "purpose": "infra"}}, "rules": [{"apiGroups": [""], "resources": ["nodes", "services", "endpoints", "pods"], "verbs": ["get", "list", "watch"]}, {"apiGroups": ["extensions"], "resources": ["ingresses"], "verbs": ["get", "list", "watch"]}]}, {"apiVersion": "rbac.authorization.k8s.io/v1beta1", "kind": "ClusterRoleBinding", "metadata": {"name": "prometheus-gather-metrics", "labels": {"name": "prometheus-gather-metrics", "app": "prometheus", "env": "production", "purpose": "infra"}}, "roleRef": {"apiGroup": "rbac.authorization.k8s.io", "kind": "ClusterRole", "name": "gather-metrics"}, "subjects": [{"kind": "ServiceAccount", "name": "prometheus", "namespace": "default"}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "prometheus", "labels": {"name": "prometheus", "app": "prometheus", "env": "production", "purpose": "infra"}}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "prometheus", "labels": {"name": "prometheus", "app": "prometheus", "env": "production", "purpose": "infra"}}, "data": {"prometheus.yml": "global:\n  scrape_interval: 15s\nscrape_configs:\n  - job_name: 'k8services'\n    kubernetes_sd_configs:\n    - role: endpoints\n    relabel_configs:\n    - source_labels:\n        - __meta_kubernetes_namespace\n        - __meta_kubernetes_service_name\n      action: drop\n      regex: default;kubernetes\n    - source_labels:\n        - __meta_kubernetes_namespace\n      regex: default\n      action: keep\n    - source_labels: [__meta_kubernetes_service_name]\n      target_label: job\n"}}, {"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "prometheus", "labels": {"name": "prometheus", "app": "prometheus", "env": "production", "purpose": "infra"}}, "spec": {"selector": {"matchLabels": {"name": "prometheus"}}, "replicas": 1, "template": {"metadata": {"labels": {"name": "prometheus", "app": "prometheus", "env": "production", "purpose": "infra"}}, "spec": {"serviceAccountName": "prometheus", "containers": [{"name": "prometheus", "image": "docker.io/prom/prometheus:v2.1.0", "ports": [{"containerPort": 9090, "name": "default"}], "volumeMounts": [{"name": "config", "mountPath": "/etc/prometheus"}, {"name": "data", "mountPath": "/prometheus"}]}], "volumes": [{"name": "config", "configMap": {"name": "prometheus"}}, {"name": "data", "persistentVolumeClaim": {"claimName": "metrics"}}], "initContainers": [{"name": "fix-persistent-volume-permissions", "image": "busybox:1.28", "command": ["sh", "-c", "chown nobody:nogroup /data"], "volumeMounts": [{"name": "data", "mountPath": "/data"}]}]}}}}, {"apiVersion": "v1", "kind": "Service", "metadata": {"name": "prometheus", "labels": {"name": "prometheus", "app": "prometheus", "env": "production", "purpose": "infra"}}, "spec": {"type": "ClusterIP", "ports": [{"port": 9090}], "selector": {"name": "prometheus"}}}, {"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "grafana", "labels": {"name": "grafana", "app": "grafana", "env": "production", "purpose": "infra", "role": "insights-ui"}}, "spec": {"replicas": 1, "selector": {"matchLabels": {"name": "grafana"}}, "template": {"metadata": {"labels": {"name": "grafana", "app": "grafana", "env": "production", "purpose": "infra", "role": "insights-ui"}}, "spec": {"containers": [{"name": "main", "image": "docker.io/grafana/grafana:7.2.1", "ports": [{"containerPort": 3000, "name": "main"}], "volumeMounts": [{"name": "config-volume", "mountPath": "/etc/grafana-custom"}, {"name": "datasources-volume", "mountPath": "/etc/grafana/provisioning/datasources"}, {"name": "admin-secrets", "mountPath": "/secrets/admin", "readOnly": true}, {"name": "database-secrets", "mountPath": "/secrets/database", "readOnly": true}, {"name": "domain-config", "mountPath": "/config/domain", "readOnly": true}], "env": [{"name": "GF_PATHS_CONFIG", "value": "/etc/grafana-custom/custom.ini"}]}], "volumes": [{"name": "config-volume", "configMap": {"name": "grafana-config"}}, {"name": "domain-config", "configMap": {"name": "ingress-domain"}}, {"name": "datasources-volume", "configMap": {"name": "grafana-datasources"}}, {"name": "admin-secrets", "secret": {"secretName": "grafana-admin"}}, {"name": "database-secrets", "secret": {"secretName": "grafana-sql-db"}}]}}}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "grafana-config", "labels": {"name": "grafana-config", "app": "grafana", "env": "production", "purpose": "infra"}}, "data": {"custom.ini": "[server]\nroot_url = $__file{/config/domain/protocol}://insights.$__file{/config/domain/domain}\n[security]\nadmin_user = $__file{/secrets/admin/username}\nadmin_password = $__file{/secrets/admin/password}\n[dashboards]\nmin_refresh_interval = 15s\n[auth]\ntoken_rotation_interval_minutes=600\n[log]\nmode = console\n[log.console]\nformat = console  # could be text or json\n[database]\ntype = postgres\nhost = $__file{/secrets/database/host}:$__file{/secrets/database/port}\nuser = $__file{/secrets/database/username}\npassword = $__file{/secrets/database/password}\nssl_mode = $__file{/secrets/database/ssl_mode}\n"}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "grafana-datasources", "labels": {"name": "grafana-datasources", "app": "grafana", "env": "production", "purpose": "infra"}}, "data": {"datasource.yaml": "apiVersion: 1\ndatasources:\n- name: Prometheus\n  type: prometheus\n  access: proxy\n  url: http://prometheus:9090\n  isDefault: true\n  editable: false\n  version: 1\n- name: Loki\n  type: loki\n  access: proxy\n  url: http://loki\n  isDefault: false\n  editable: false\n  version: 1\n"}}, {"apiVersion": "v1", "kind": "Service", "metadata": {"name": "insights-ui", "labels": {"name": "insights-ui", "env": "production", "purpose": "infra"}}, "spec": {"type": "ClusterIP", "ports": [{"port": 80, "targetPort": 3000}], "selector": {"role": "insights-ui"}}}, {"apiVersion": "networking.k8s.io/v1beta1", "kind": "Ingress", "metadata": {"name": "insights", "annotations": {"kubernetes.io/ingress.class": "traefik", "traefik.frontend.passHostHeader": "false", "traefik.frontend.priority": "1"}, "labels": {"name": "insights", "env": "production", "purpose": "infra"}}, "spec": {"rules": [{"host": "insights.olgierd.space", "http": {"paths": [{"path": "/", "pathType": "Prefix", "backend": {"serviceName": "insights-ui", "servicePort": 80}}]}}]}}, {"kind": "DaemonSet", "apiVersion": "apps/v1", "metadata": {"name": "traefik", "namespace": "kube-system", "labels": {"name": "traefik", "app": "traefik", "env": "production", "purpose": "core", "role": "ingress-controller"}}, "spec": {"selector": {"matchLabels": {"name": "traefik"}}, "template": {"metadata": {"labels": {"name": "traefik", "app": "traefik", "env": "production", "purpose": "core", "role": "ingress-controller"}}, "spec": {"serviceAccountName": "traefik", "terminationGracePeriodSeconds": 60, "containers": [{"image": "docker.io/library/traefik:1.7.26", "name": "traefik", "ports": [{"name": "app-services", "containerPort": 80}, {"name": "dashboard", "containerPort": 8080}], "args": ["--api", "--kubernetes", "--logLevel=INFO", "--metrics.prometheus=true", "--accesslog=true"]}]}}}}, {"kind": "Service", "apiVersion": "v1", "metadata": {"name": "traefik-dashboard", "namespace": "kube-system", "labels": {"name": "traefik-dashboard", "app": "traefik", "env": "production", "purpose": "infra"}}, "spec": {"selector": {"name": "traefik"}, "type": "ClusterIP", "ports": [{"name": "dashboard", "port": 80, "targetPort": 8080}]}}, {"kind": "ClusterRole", "apiVersion": "rbac.authorization.k8s.io/v1beta1", "metadata": {"name": "ingress-controller", "labels": {"name": "ingress-controller", "app": "traefik", "env": "production", "purpose": "core"}}, "rules": [{"apiGroups": [""], "resources": ["services", "endpoints"], "verbs": ["get", "list", "watch"]}, {"apiGroups": ["extensions"], "resources": ["ingresses"], "verbs": ["get", "list", "watch"]}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "traefik", "namespace": "kube-system", "labels": {"name": "traefik", "app": "traefik", "env": "production", "purpose": "core"}}}, {"kind": "ClusterRoleBinding", "apiVersion": "rbac.authorization.k8s.io/v1beta1", "metadata": {"name": "traefik-ingress-controller", "labels": {"name": "traefik-ingress-controller", "app": "traefik", "env": "production", "purpose": "core"}}, "roleRef": {"apiGroup": "rbac.authorization.k8s.io", "kind": "ClusterRole", "name": "ingress-controller"}, "subjects": [{"kind": "ServiceAccount", "name": "traefik", "namespace": "kube-system"}]}, {"apiVersion": "v1", "kind": "Service", "metadata": {"name": "ci-ui", "labels": {"name": "ci-ui", "env": "production", "purpose": "infra"}}, "spec": {"type": "ClusterIP", "ports": [{"port": 80}], "selector": {"role": "ci-ui"}}}, {"apiVersion": "networking.k8s.io/v1beta1", "kind": "Ingress", "metadata": {"name": "ci", "annotations": {"kubernetes.io/ingress.class": "traefik", "traefik.frontend.passHostHeader": "false", "traefik.frontend.priority": "1"}, "labels": {"name": "ci-ui", "env": "production", "purpose": "infra"}}, "spec": {"rules": [{"host": "ci.olgierd.space", "http": {"paths": [{"path": "/", "pathType": "Prefix", "backend": {"serviceName": "ci-ui", "servicePort": 80}}]}}]}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "promtail", "labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}}, "data": {"promtail.yaml": "client:\n  backoff_config:\n    max_period: 5m\n    max_retries: 10\n    min_period: 500ms\n  batchsize: 1048576\n  batchwait: 1s\n  external_labels: {}\n  timeout: 10s\npositions:\n  filename: /run/promtail/positions.yaml\nserver:\n  http_listen_port: 3101\ntarget_config:\n  sync_period: 10s\nscrape_configs:\n- job_name: kubernetes-pods-name\n  pipeline_stages:\n    - docker: {}\n  kubernetes_sd_configs:\n  - role: pod\n  relabel_configs:\n  - source_labels:\n    - __meta_kubernetes_pod_label_name\n    target_label: __service__\n  - source_labels:\n    - __meta_kubernetes_pod_node_name\n    target_label: __host__\n  - action: drop\n    regex: ''\n    source_labels:\n    - __service__\n  - action: labelmap\n    regex: __meta_kubernetes_pod_label_(.+)\n  - action: replace\n    replacement: $1\n    separator: /\n    source_labels:\n    - __meta_kubernetes_namespace\n    - __service__\n    target_label: job\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_namespace\n    target_label: namespace\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_name\n    target_label: pod\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_container_name\n    target_label: container\n  - replacement: /var/log/pods/*$1/*.log\n    separator: /\n    source_labels:\n    - __meta_kubernetes_pod_uid\n    - __meta_kubernetes_pod_container_name\n    target_label: __path__\n- job_name: kubernetes-pods-app\n  pipeline_stages:\n    - docker: {}\n  kubernetes_sd_configs:\n  - role: pod\n  relabel_configs:\n  - action: drop\n    regex: .+\n    source_labels:\n    - __meta_kubernetes_pod_label_name\n  - source_labels:\n    - __meta_kubernetes_pod_label_app\n    target_label: __service__\n  - source_labels:\n    - __meta_kubernetes_pod_node_name\n    target_label: __host__\n  - action: drop\n    regex: ''\n    source_labels:\n    - __service__\n  - action: labelmap\n    regex: __meta_kubernetes_pod_label_(.+)\n  - action: replace\n    replacement: $1\n    separator: /\n    source_labels:\n    - __meta_kubernetes_namespace\n    - __service__\n    target_label: job\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_namespace\n    target_label: namespace\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_name\n    target_label: pod\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_container_name\n    target_label: container\n  - replacement: /var/log/pods/*$1/*.log\n    separator: /\n    source_labels:\n    - __meta_kubernetes_pod_uid\n    - __meta_kubernetes_pod_container_name\n    target_label: __path__\n- job_name: kubernetes-pods-direct-controllers\n  pipeline_stages:\n    - docker: {}\n  kubernetes_sd_configs:\n  - role: pod\n  relabel_configs:\n  - action: drop\n    regex: .+\n    separator: ''\n    source_labels:\n    - __meta_kubernetes_pod_label_name\n    - __meta_kubernetes_pod_label_app\n  - action: drop\n    regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'\n    source_labels:\n    - __meta_kubernetes_pod_controller_name\n  - source_labels:\n    - __meta_kubernetes_pod_controller_name\n    target_label: __service__\n  - source_labels:\n    - __meta_kubernetes_pod_node_name\n    target_label: __host__\n  - action: drop\n    regex: ''\n    source_labels:\n    - __service__\n  - action: labelmap\n    regex: __meta_kubernetes_pod_label_(.+)\n  - action: replace\n    replacement: $1\n    separator: /\n    source_labels:\n    - __meta_kubernetes_namespace\n    - __service__\n    target_label: job\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_namespace\n    target_label: namespace\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_name\n    target_label: pod\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_container_name\n    target_label: container\n  - replacement: /var/log/pods/*$1/*.log\n    separator: /\n    source_labels:\n    - __meta_kubernetes_pod_uid\n    - __meta_kubernetes_pod_container_name\n    target_label: __path__\n- job_name: kubernetes-pods-indirect-controller\n  pipeline_stages:\n    - docker: {}\n  kubernetes_sd_configs:\n  - role: pod\n  relabel_configs:\n  - action: drop\n    regex: .+\n    separator: ''\n    source_labels:\n    - __meta_kubernetes_pod_label_name\n    - __meta_kubernetes_pod_label_app\n  - action: keep\n    regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'\n    source_labels:\n    - __meta_kubernetes_pod_controller_name\n  - action: replace\n    regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}'\n    source_labels:\n    - __meta_kubernetes_pod_controller_name\n    target_label: __service__\n  - source_labels:\n    - __meta_kubernetes_pod_node_name\n    target_label: __host__\n  - action: drop\n    regex: ''\n    source_labels:\n    - __service__\n  - action: labelmap\n    regex: __meta_kubernetes_pod_label_(.+)\n  - action: replace\n    replacement: $1\n    separator: /\n    source_labels:\n    - __meta_kubernetes_namespace\n    - __service__\n    target_label: job\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_namespace\n    target_label: namespace\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_name\n    target_label: pod\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_container_name\n    target_label: container\n  - replacement: /var/log/pods/*$1/*.log\n    separator: /\n    source_labels:\n    - __meta_kubernetes_pod_uid\n    - __meta_kubernetes_pod_container_name\n    target_label: __path__\n- job_name: kubernetes-pods-static\n  pipeline_stages:\n    - docker: {}\n  kubernetes_sd_configs:\n  - role: pod\n  relabel_configs:\n  - action: drop\n    regex: ''\n    source_labels:\n    - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_label_component\n    target_label: __service__\n  - source_labels:\n    - __meta_kubernetes_pod_node_name\n    target_label: __host__\n  - action: drop\n    regex: ''\n    source_labels:\n    - __service__\n  - action: labelmap\n    regex: __meta_kubernetes_pod_label_(.+)\n  - action: replace\n    replacement: $1\n    separator: /\n    source_labels:\n    - __meta_kubernetes_namespace\n    - __service__\n    target_label: job\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_namespace\n    target_label: namespace\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_name\n    target_label: pod\n  - action: replace\n    source_labels:\n    - __meta_kubernetes_pod_container_name\n    target_label: container\n  - replacement: /var/log/pods/*$1/*.log\n    separator: /\n    source_labels:\n    - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror\n    - __meta_kubernetes_pod_container_name\n    target_label: __path__\n"}}, {"kind": "ClusterRole", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"name": "promtail", "labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}}, "rules": [{"apiGroups": [""], "resources": ["nodes", "nodes/proxy", "services", "endpoints", "pods"], "verbs": ["get", "watch", "list"]}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "promtail", "labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}}}, {"kind": "ClusterRoleBinding", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"name": "promtail", "labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}}, "subjects": [{"kind": "ServiceAccount", "name": "promtail", "namespace": "default"}], "roleRef": {"kind": "ClusterRole", "name": "promtail", "apiGroup": "rbac.authorization.k8s.io"}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "loki", "labels": {"name": "loki", "app": "loki", "env": "production", "purpose": "infra"}}, "data": {"local-config.yaml": "auth_enabled: false\nserver:\n  http_listen_port: 3100\nchunk_store_config:\n  max_look_back_period: 0s\ningester:\n  chunk_block_size: 262144\n  chunk_idle_period: 3m\n  chunk_retain_period: 1m\n  lifecycler:\n    ring:\n      kvstore:\n        store: inmemory\n      replication_factor: 1\n  max_transfer_retries: 0\nlimits_config:\n  enforce_metric_name: false\n  reject_old_samples: true\n  reject_old_samples_max_age: 168h\nschema_config:\n  configs:\n  - from: \"2018-04-15\"\n    index:\n      period: 168h\n      prefix: index_\n    object_store: filesystem\n    schema: v9\n    store: boltdb\nstorage_config:\n  boltdb:\n    directory: /data/loki/index\n  filesystem:\n    directory: /data/loki/chunks\ntable_manager:\n  retention_deletes_enabled: false\n  retention_period: 0s\n"}}, {"apiVersion": "apps/v1", "kind": "DaemonSet", "metadata": {"name": "promtail", "namespace": "default", "labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}}, "spec": {"selector": {"matchLabels": {"name": "promtail"}}, "template": {"metadata": {"labels": {"name": "promtail", "app": "loki", "env": "production", "purpose": "infra"}, "annotations": {"prometheus.io/port": "http-metrics", "prometheus.io/scrape": "true"}}, "spec": {"serviceAccountName": "promtail", "containers": [{"name": "promtail", "image": "docker.io/grafana/promtail:1.6.0", "args": ["-config.file=/etc/promtail/promtail.yaml", "-client.url=http://loki/loki/api/v1/push"], "volumeMounts": [{"name": "config", "mountPath": "/etc/promtail"}, {"name": "run", "mountPath": "/run/promtail"}, {"mountPath": "/var/lib/docker/containers", "name": "docker", "readOnly": true}, {"mountPath": "/var/log/pods", "name": "pods", "readOnly": true}], "env": [{"name": "HOSTNAME", "valueFrom": {"fieldRef": {"fieldPath": "spec.nodeName"}}}], "ports": [{"containerPort": 3101, "name": "http-metrics"}]}], "tolerations": [{"effect": "NoSchedule", "key": "node-role.kubernetes.io/master", "operator": "Exists"}], "volumes": [{"name": "config", "configMap": {"name": "promtail"}}, {"name": "run", "hostPath": {"path": "/run/promtail"}}, {"hostPath": {"path": "/var/lib/docker/containers"}, "name": "docker"}, {"hostPath": {"path": "/var/log/pods"}, "name": "pods"}]}}}}, {"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "loki", "labels": {"name": "loki", "app": "loki", "env": "production", "purpose": "infra"}}, "spec": {"replicas": 1, "selector": {"matchLabels": {"name": "loki"}}, "template": {"metadata": {"labels": {"name": "loki", "app": "loki", "env": "production", "purpose": "infra"}}, "spec": {"containers": [{"name": "main", "image": "docker.io/grafana/loki:master-69f2eb2-amd64", "ports": [{"containerPort": 3100, "name": "main"}], "volumeMounts": [{"name": "config", "mountPath": "/etc/loki"}, {"name": "data", "mountPath": "/data"}]}], "volumes": [{"name": "config", "configMap": {"name": "loki"}}, {"name": "data", "persistentVolumeClaim": {"claimName": "logs"}}], "initContainers": [{"name": "fix-persistent-volume-permissions", "image": "busybox:1.28", "command": ["sh", "-c", "chown 10001:10001 /data"], "volumeMounts": [{"name": "data", "mountPath": "/data"}]}]}}}}, {"apiVersion": "v1", "kind": "Service", "metadata": {"name": "loki", "labels": {"name": "loki", "app": "loki", "env": "production", "purpose": "infra"}}, "spec": {"type": "ClusterIP", "ports": [{"port": 80, "targetPort": 3100}], "selector": {"name": "loki"}}}, {"apiVersion": "batch/v1beta1", "kind": "CronJob", "metadata": {"name": "persistent-volume-backup-creator", "labels": {"name": "persistent-volume-backup-creator", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}, "spec": {"schedule": "30 2-22 * * *", "jobTemplate": {"spec": {"template": {"metadata": {"labels": {"name": "persistent-volume-backup-creator", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}, "spec": {"serviceAccountName": "persistent-volume-backuper", "containers": [{"image": "docker.io/roffe/kubectl:v1.13.2", "name": "main", "command": ["/bin/sh"], "args": ["-c", "for VOLUME_NAME in $VOLUME_NAMES; do VOLUME_NAME=$VOLUME_NAME DATE_SUFFIX=$(date $DATE_SUFFIX_FORMAT) sh /data/payload.yaml.sh.tpl > payload.yaml; cat payload.yaml; kubectl apply -f payload.yaml; done"], "volumeMounts": [{"name": "data", "mountPath": "/data", "readOnly": true}], "env": [{"name": "VOLUME_NAMES", "valueFrom": {"configMapKeyRef": {"name": "volume-backup", "key": "volumes-to-back-up"}}}, {"name": "DATE_SUFFIX_FORMAT", "value": "+%Y-%m-%d"}]}], "volumes": [{"name": "data", "configMap": {"name": "backup-payload-template"}}], "restartPolicy": "Never"}}, "backoffLimit": 1}}}}, {"apiVersion": "v1", "kind": "ConfigMap", "metadata": {"name": "backup-payload-template", "labels": {"name": "backup-payload-template", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}, "data": {"payload.yaml.sh.tpl": "PVC_NAME=$(echo -n \"$VOLUME_NAME\" | rev | cut -d- -f 1 | rev)\ncat <<EOF\nkind: VolumeSnapshot\napiVersion: snapshot.storage.k8s.io/v1beta1\nmetadata:\n  name: $VOLUME_NAME-$DATE_SUFFIX\nspec:\n  source:\n    persistentVolumeClaimName: $PVC_NAME\nEOF\n"}}, {"kind": "ClusterRole", "apiVersion": "rbac.authorization.k8s.io/v1beta1", "metadata": {"name": "persistent-volume-backuper", "labels": {"name": "persistent-volume-backuper", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}, "rules": [{"apiGroups": ["snapshot.storage.k8s.io"], "resources": ["volumesnapshots"], "verbs": ["get", "create"]}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "persistent-volume-backuper", "labels": {"name": "persistent-volume-backuper", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}}, {"kind": "ClusterRoleBinding", "apiVersion": "rbac.authorization.k8s.io/v1beta1", "metadata": {"name": "persistent-volume-backuper-to-ns-default", "labels": {"name": "persistent-volume-backuper-to-ns-default", "app": "persistent-volume-backuper", "env": "production", "purpose": "infra"}}, "subjects": [{"kind": "ServiceAccount", "name": "persistent-volume-backuper", "namespace": "default"}], "roleRef": {"kind": "ClusterRole", "name": "persistent-volume-backuper", "apiGroup": "rbac.authorization.k8s.io"}}, {"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "drone-server", "labels": {"name": "drone-server", "app": "drone", "env": "production", "purpose": "infra", "role": "ci-ui"}}, "spec": {"replicas": 1, "selector": {"matchLabels": {"name": "drone-server"}}, "template": {"metadata": {"labels": {"name": "drone-server", "app": "drone", "env": "production", "purpose": "infra", "role": "ci-ui"}, "annotations": {"prometheus.io/scrape": "false"}}, "spec": {"containers": [{"name": "drone", "ports": [{"containerPort": 80}], "image": "docker.io/drone/drone:1.9.1", "env": [{"name": "DRONE_GITLAB_SERVER", "value": "https://gitlab.com/"}, {"name": "DRONE_USER_FILTER", "value": "insertYourOrganizationHere"}, {"name": "DRONE_USER_CREATE", "value": "username:allgreed,admin:true"}, {"name": "DRONE_SERVER_HOST", "value": "ci.olgierd.space"}, {"name": "DRONE_SERVER_PROTO", "value": "http"}, {"name": "DRONE_SERVER_PORT", "value": ":80"}, {"name": "DRONE_GITLAB_CLIENT_ID", "valueFrom": {"secretKeyRef": {"name": "git-oauth", "key": "id"}}}, {"name": "DRONE_GITLAB_CLIENT_SECRET", "valueFrom": {"secretKeyRef": {"name": "git-oauth", "key": "secret"}}}, {"name": "DRONE_DATABASE_DRIVER", "value": "postgres"}, {"name": "DRONE_DATABASE_DATASOURCE", "valueFrom": {"secretKeyRef": {"name": "drone-sql-db", "key": "connection_string"}}}, {"name": "DRONE_RPC_SECRET", "valueFrom": {"secretKeyRef": {"name": "drone-rpc-shared", "key": "secret"}}}]}]}}}}, {"apiVersion": "v1", "kind": "Service", "metadata": {"name": "drone-server", "labels": {"name": "drone-server", "app": "drone", "env": "production", "purpose": "infra"}}, "spec": {"type": "ClusterIP", "ports": [{"port": 80}], "selector": {"name": "drone-server"}}}, {"kind": "Role", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"namespace": "default", "name": "run-ci-workload", "labels": {"name": "run-ci-workload", "app": "drone", "env": "production", "purpose": "infra"}}, "rules": [{"apiGroups": [""], "resources": ["secrets"], "verbs": ["create", "delete", "get"]}, {"apiGroups": [""], "resources": ["pods", "pods/log"], "verbs": ["get", "create", "delete", "list", "watch", "update"]}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "drone", "labels": {"name": "drone", "app": "drone", "env": "production", "purpose": "infra"}}}, {"kind": "RoleBinding", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"name": "ci-runner-drone", "labels": {"name": "ci-runner-drone", "app": "drone", "env": "production", "purpose": "infra"}}, "subjects": [{"kind": "ServiceAccount", "name": "drone"}], "roleRef": {"kind": "Role", "name": "run-ci-workload", "apiGroup": "rbac.authorization.k8s.io"}}, {"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "drone-k8s-runner", "labels": {"name": "drone-k8s-runner", "app": "drone", "env": "production", "purpose": "infra"}}, "spec": {"replicas": 1, "selector": {"matchLabels": {"name": "drone-k8s-runner"}}, "template": {"metadata": {"labels": {"name": "drone-k8s-runner", "app": "drone", "env": "production", "purpose": "infra"}}, "spec": {"serviceAccountName": "drone", "containers": [{"name": "main", "image": "docker.io/drone/drone-runner-kube:1.0.0-beta.4", "ports": [{"containerPort": 3000}], "env": [{"name": "DRONE_RPC_HOST", "value": "drone-server"}, {"name": "DRONE_RPC_PROTO", "value": "http"}, {"name": "DRONE_RPC_SECRET", "valueFrom": {"secretKeyRef": {"name": "drone-rpc-shared", "key": "secret"}}}, {"name": "DRONE_RUNNER_CAPACITY", "value": "3"}, {"name": "DRONE_RUNNER_PRIVILEGED_IMAGES", "value": "plugins/docker"}, {"name": "DRONE_SECRET_PLUGIN_ENDPOINT", "value": "http://localhost:3000"}, {"name": "DRONE_SECRET_PLUGIN_TOKEN", "valueFrom": {"secretKeyRef": {"name": "drone-secret-shared", "key": "secret"}}}]}, {"name": "secrets-plugin", "image": "docker.io/drone/kubernetes-secrets:latest", "ports": [{"containerPort": 3000}], "env": [{"name": "SECRET_KEY", "valueFrom": {"secretKeyRef": {"name": "drone-secret-shared", "key": "secret"}}}]}]}}}}, {"apiVersion": "v1", "kind": "Secret", "metadata": {"name": "ci-deployer-drone-token", "annotations": {"kubernetes.io/service-account.name": "ci-deployer", "X-Drone-Events": "push,tag"}, "labels": {"name": "ci-deployer-drone-token", "app": "drone", "env": "production", "purpose": "infra"}}, "type": "kubernetes.io/service-account-token"}, {"kind": "Role", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"namespace": "default", "name": "update-deployments", "labels": {"name": "update-deployments", "app": "drone", "env": "production", "purpose": "infra"}}, "rules": [{"apiGroups": ["apps"], "resources": ["deployments"], "verbs": ["get", "patch"]}]}, {"apiVersion": "v1", "kind": "ServiceAccount", "metadata": {"name": "ci-deployer", "labels": {"name": "ci-deployer", "app": "drone", "env": "production", "purpose": "infra"}}}, {"kind": "RoleBinding", "apiVersion": "rbac.authorization.k8s.io/v1", "metadata": {"name": "update-deployments", "namespace": "default", "labels": {"name": "update-deployments", "app": "drone", "env": "production", "purpose": "infra"}}, "subjects": [{"kind": "ServiceAccount", "name": "ci-deployer", "namespace": "default"}], "roleRef": {"kind": "Role", "name": "update-deployments", "apiGroup": "rbac.authorization.k8s.io"}}]}
2