home-ops
home-ops copied to clipboard
Published
20 hours ago •
axeII
axeII
ref(unpoller): changes configuration for 3.4.0 template
trafficstars
Description of the change
Refactors poller, migrates secrets to external secret manager also uprades the template to version 3.4.0
--- kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/cluster-apps-unifi-poller HelmRelease: monitoring/unpoller
+++ kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/cluster-apps-unifi-poller HelmRelease: monitoring/unpoller
@@ -1,75 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps-unifi-poller
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: unpoller
- namespace: monitoring
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s-charts
- namespace: flux-system
- version: 1.5.1
- install:
- createNamespace: true
- remediation:
- retries: 3
- interval: 30m
- maxHistory: 2
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- env:
- TZ: Europe/Prague
- UP_INFLUXDB_DISABLE: true
- UP_UNIFI_DEFAULT_PASS:
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_PASS
- name: unpoller-secret
- UP_UNIFI_DEFAULT_ROLE: home-ops
- UP_UNIFI_DEFAULT_URL:
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_URL
- name: unpoller-secret
- UP_UNIFI_DEFAULT_USER:
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_USER
- name: unpoller-secret
- UP_UNIFI_DEFAULT_VERIFY_SSL: false
- image:
- repository: ghcr.io/unpoller/unpoller
- tag: v2.11.2
- resources:
- limits:
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 100Mi
- service:
- main:
- ports:
- http:
- port: 9130
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 2m
- path: /metrics
- port: http
- scheme: http
- scrapeTimeout: 5s
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cluster-apps-unifi-poller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cluster-apps-unifi-poller
@@ -1,34 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cluster-apps-unifi-poller
- namespace: flux-system
-spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- healthChecks:
- - apiVersion: helm.toolkit.fluxcd.io/v2beta1
- kind: HelmRelease
- name: unpoller
- namespace: monitoring
- interval: 30m
- path: ./kubernetes/apps/monitoring/unifi-poller/app
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- timeout: 3m
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/unpoller
@@ -0,0 +1,36 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: unpoller
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: unpoller
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: external-secrets-stores
+ interval: 30m
+ path: ./kubernetes/apps/monitoring/unifi-poller/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: monitoring
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/unpoller HelmRelease: monitoring/unpoller
+++ kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/unpoller HelmRelease: monitoring/unpoller
@@ -0,0 +1,88 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: unpoller
+ kustomize.toolkit.fluxcd.io/name: unpoller
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: unpoller
+ namespace: monitoring
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s-charts
+ namespace: flux-system
+ version: 3.4.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ values:
+ controllers:
+ unpoller:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ app:
+ env:
+ TZ: Europe/Praguehome
+ UP_INFLUXDB_DISABLE: true
+ UP_UNIFI_DEFAULT_ROLE: home-ops
+ UP_UNIFI_DEFAULT_URL: https://unifi
+ UP_UNIFI_DEFAULT_VERIFY_SSL: false
+ envFrom:
+ - secretRef:
+ name: unpoller-secret
+ image:
+ repository: ghcr.io/unpoller/unpoller
+ tag: v2.11.2@sha256:73b39c0b3b8fa92aa82a7613d3486253ffbd8c057833b4621402a268159bf2a2
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ resources:
+ limits:
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ defaultPodOptions:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: '1'
+ securityContext:
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ service:
+ app:
+ controller: unpoller
+ ports:
+ http:
+ port: 9130
+ serviceMonitor:
+ app:
+ endpoints:
+ - interval: 2m
+ path: /metrics
+ port: http
+ scheme: http
+ scrapeTimeout: 1
+ serviceName: unpoller
+
--- kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/unpoller ExternalSecret: monitoring/unpoller
+++ kubernetes/apps/monitoring/unifi-poller/app Kustomization: flux-system/unpoller ExternalSecret: monitoring/unpoller
@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: unpoller
+ kustomize.toolkit.fluxcd.io/name: unpoller
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: unpoller
+ namespace: monitoring
+spec:
+ dataFrom:
+ - extract:
+ key: unifi
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ creationPolicy: Owner
+ name: unpoller-secret
+ template:
+ data:
+ UP_UNIFI_DEFAULT_PASS: '{{ .UP_UNIFI_DEFAULT_PASS }}'
+ UP_UNIFI_DEFAULT_USER: '{{ .UP_UNIFI_DEFAULT_USER }}'
+ engineVersion: v2
+
![bot-akira[bot] avatar](https://avatars.githubusercontent.com/in/825512?v=4 "Published by a pub.dev verified publisher"){kind=small}
--- HelmRelease: monitoring/unpoller Service: monitoring/unpoller
+++ HelmRelease: monitoring/unpoller Service: monitoring/unpoller
@@ -1,21 +1,22 @@
---
apiVersion: v1
kind: Service
metadata:
name: unpoller
labels:
- app.kubernetes.io/service: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: unpoller
+ app.kubernetes.io/service: unpoller
spec:
type: ClusterIP
ports:
- port: 9130
- targetPort: http
+ targetPort: 9130
protocol: TCP
name: http
selector:
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/name: unpoller
--- HelmRelease: monitoring/unpoller Deployment: monitoring/unpoller
+++ HelmRelease: monitoring/unpoller Deployment: monitoring/unpoller
@@ -1,88 +1,87 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: unpoller
labels:
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: unpoller
+ annotations:
+ reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/name: unpoller
app.kubernetes.io/instance: unpoller
template:
metadata:
labels:
+ app.kubernetes.io/component: unpoller
+ app.kubernetes.io/instance: unpoller
app.kubernetes.io/name: unpoller
- app.kubernetes.io/instance: unpoller
spec:
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
+ securityContext:
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
dnsPolicy: ClusterFirst
- enableServiceLinks: true
+ dnsConfig:
+ options:
+ - name: ndots
+ value: '1'
containers:
- - name: unpoller
- image: ghcr.io/unpoller/unpoller:v2.11.2
- imagePullPolicy: null
- env:
+ - env:
- name: TZ
- value: Europe/Prague
+ value: Europe/Praguehome
- name: UP_INFLUXDB_DISABLE
value: 'true'
- - name: UP_UNIFI_DEFAULT_PASS
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_PASS
- name: unpoller-secret
- name: UP_UNIFI_DEFAULT_ROLE
value: home-ops
- name: UP_UNIFI_DEFAULT_URL
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_URL
- name: unpoller-secret
- - name: UP_UNIFI_DEFAULT_USER
- valueFrom:
- secretKeyRef:
- key: UP_UNIFI_DEFAULT_USER
- name: unpoller-secret
+ value: https://unifi
- name: UP_UNIFI_DEFAULT_VERIFY_SSL
value: 'false'
- ports:
- - name: http
- containerPort: 9130
- protocol: TCP
+ envFrom:
+ - secretRef:
+ name: unpoller-secret
+ image: ghcr.io/unpoller/unpoller:v2.11.2@sha256:73b39c0b3b8fa92aa82a7613d3486253ffbd8c057833b4621402a268159bf2a2
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 9130
timeoutSeconds: 1
+ name: app
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 9130
timeoutSeconds: 1
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 9130
- timeoutSeconds: 1
resources:
limits:
- memory: 500Mi
+ memory: 128Mi
requests:
cpu: 10m
- memory: 100Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
--- HelmRelease: monitoring/unpoller ServiceMonitor: monitoring/unpoller
+++ HelmRelease: monitoring/unpoller ServiceMonitor: monitoring/unpoller
@@ -5,18 +5,22 @@
name: unpoller
labels:
app.kubernetes.io/instance: unpoller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: unpoller
spec:
+ jobLabel: unpoller
+ namespaceSelector:
+ matchNames:
+ - monitoring
selector:
matchLabels:
app.kubernetes.io/service: unpoller
app.kubernetes.io/name: unpoller
app.kubernetes.io/instance: unpoller
endpoints:
- interval: 2m
path: /metrics
port: http
scheme: http
- scrapeTimeout: 5s
+ scrapeTimeout: 1
🦙 MegaLinter status: ✅ SUCCESS
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|
See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
MegaLinter is graciously provided by 