Copy all files from kubernetes repo into this one

This commit is a like-for-like copy of the [kubernetes repo](https://github.com/python-discord/kubernetes) check that repo for comit history prioir to this commit. Co-authored-by: Amrou Bellalouna <[email protected]> Co-authored-by: Bradley Reynolds <[email protected]> Co-authored-by: Chris <[email protected]> Co-authored-by: Chris Lovering <[email protected]> Co-authored-by: ChrisJL <[email protected]> Co-authored-by: Den4200 <[email protected]> Co-authored-by: GDWR <[email protected]> Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: jchristgit <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Johannes Christ <[email protected]> Co-authored-by: Kieran Siek <[email protected]> Co-authored-by: kosayoda <[email protected]> Co-authored-by: ks129 <[email protected]> Co-authored-by: Leon Sand├©y <[email protected]> Co-authored-by: Leon Sand├©y <[email protected]> Co-authored-by: MarkKoz <[email protected]> Co-authored-by: Matteo Bertucci <[email protected]> Co-authored-by: Sebastiaan Zeeff <[email protected]> Co-authored-by: Sebastiaan Zeeff <[email protected]> Co-authored-by: vcokltfre <[email protected]>
author: Chris Lovering <[email protected]> 2023-08-13 20:01:42 +0100
committer: Chris Lovering <[email protected]> 2023-08-14 11:44:03 +0100
commit: 661f49409e69f5cfafbef4cd41411a72ebc5418d (patch)
tree: 9ddd7f2a2ab09cadc5b716be00628e19d839ad4d /kubernetes/namespaces/default/grafana
parent: Allow multiple documents within yaml files (diff)
8 files changed, 185 insertions, 0 deletions
diff --git a/kubernetes/namespaces/default/grafana/README.md b/kubernetes/namespaces/default/grafana/README.md
new file mode 100644
index 0000000..03a9682
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/README.md
@@ -0,0 +1,11 @@
+# Grafana
+
+This folder contains the manifests for deploying our Grafana instance, the service we use to query our data.
+
+This deployment expects a number of secrets and environment variables to exist in a secret called `grafana-secret-env`.
+
+| Environment                  | Description                                         |
+|------------------------------|-----------------------------------------------------|
+| GF_AUTH_GITHUB_CLIENT_ID     | The client ID of the Github app to use for auth     |
+| GF_AUTH_GITHUB_CLIENT_SECRET | The client secret of the Github app to use for auth |
+| GF_SECURITY_ADMIN_PASSWORD   | The admin password the the grafana admin console    |
diff --git a/kubernetes/namespaces/default/grafana/configmap.yaml b/kubernetes/namespaces/default/grafana/configmap.yaml
new file mode 100644
index 0000000..87eeba9
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/configmap.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-default
+data:
+  # Root settings
+  GF_INSTANCE_NAME: "pythondiscord"
+  GF_SERVER_DOMAIN: "grafana.pythondiscord.com"
+  GF_SERVER_ROOT_URL: "https://grafana.pythondiscord.com"
+  GF_SECURITY_COOKIE_SECURE: "true"
+
+  # GitHub Auth
+  GF_AUTH_GITHUB_ENABLED: "true"
+  GF_AUTH_GITHUB_SCOPES: "user:email,read:org"
+  # IDs can be retrieved via `gh api orgs/python-discord/teams`.
+  GF_AUTH_GITHUB_TEAM_IDS: "2638565,3854739,3114246"
+  GF_AUTH_GITHUB_AUTH_URL: "https://github.com/login/oauth/authorize"
+  GF_AUTH_GITHUB_TOKEN_URL: "https://github.com/login/oauth/access_token"
+  GF_AUTH_GITHUB_API_URL: "https://api.github.com/user"
+  GF_AUTH_ALLOW_SIGN_UP: "true"
+
+  # Image renderer
+  GF_RENDERING_SERVER_URL: "http://grafana-image-renderer.default.svc.cluster.local:8081/render"
+  GF_RENDERING_CALLBACK_URL: "http://grafana.default.svc.cluster.local:3000/"
+  GF_RENDERING_CONCURRENT_RENDER_REQUEST_LIMIT: "3"
+
+  # Image storage
+  GF_EXTERNAL_IMAGE_STORAGE_PROVIDED: "local"
+
+  # Metrics
+  GF_METRICS_ENABLED: "false"
+
+  # User sign up
+  GF_USERS_AUTO_ASSIGN_ORG: "true"
+  GF_USERS_AUTO_ASSIGN_ORG_ID: "2"
+
+  # Feature toggles
+  GF_FEATURE_TOGGLES_ENABLE: ""
diff --git a/kubernetes/namespaces/default/grafana/deployment-grafana.yaml b/kubernetes/namespaces/default/grafana/deployment-grafana.yaml
new file mode 100644
index 0000000..3acef14
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/deployment-grafana.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: grafana
+  template:
+    metadata:
+      labels:
+        app: grafana
+    spec:
+      containers:
+        - name: grafana
+          image: grafana/grafana:9.1.7
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          resources:
+            requests:
+             cpu: 200m
+             memory: 100Mi
+            limits:
+              cpu: 300m
+              memory: 250Mi
+          envFrom:
+            - configMapRef:
+                name: grafana-default
+            - secretRef:
+                name: grafana-secret-env
+          volumeMounts:
+            - mountPath: /var/lib/grafana
+              name: grafana-volume
+          securityContext:
+            readOnlyRootFilesystem: true
+      volumes:
+        - name: grafana-volume
+          persistentVolumeClaim:
+            claimName: grafana-storage
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
diff --git a/kubernetes/namespaces/default/grafana/deployment-image-renderer.yaml b/kubernetes/namespaces/default/grafana/deployment-image-renderer.yaml
new file mode 100644
index 0000000..ea3e297
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/deployment-image-renderer.yaml
@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana-image-renderer
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: grafana-image-renderer
+  template:
+    metadata:
+      labels:
+        app: grafana-image-renderer
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+        - name: grafana-image-renderer
+          image: grafana/grafana-image-renderer:latest
+          resources:
+            requests:
+              cpu: 500m
+              memory: 300Mi
+            limits:
+              cpu: 1000m
+              memory: 500Mi
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8081
+          securityContext:
+            readOnlyRootFilesystem: true
diff --git a/kubernetes/namespaces/default/grafana/ingress.yaml b/kubernetes/namespaces/default/grafana/ingress.yaml
new file mode 100644
index 0000000..60138af
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+  name: grafana
+spec:
+  tls:
+  - hosts:
+      - "*.pythondiscord.com"
+    secretName: pythondiscord.com-tls
+  rules:
+  - host: grafana.pythondiscord.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: grafana
+            port:
+              number: 3000
diff --git a/kubernetes/namespaces/default/grafana/secrets.yaml b/kubernetes/namespaces/default/grafana/secrets.yaml
new file mode 100644
index 0000000..bb492d1
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/secrets.yaml
diff --git a/kubernetes/namespaces/default/grafana/services.yaml b/kubernetes/namespaces/default/grafana/services.yaml
new file mode 100644
index 0000000..e5430a2
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/services.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+spec:
+  ports:
+    - port: 3000
+  selector:
+    app: grafana
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana-image-renderer
+spec:
+  ports:
+    - port: 8081
+  selector:
+    app: grafana-image-renderer
diff --git a/kubernetes/namespaces/default/grafana/volume.yaml b/kubernetes/namespaces/default/grafana/volume.yaml
new file mode 100644
index 0000000..6283a7c
--- /dev/null
+++ b/kubernetes/namespaces/default/grafana/volume.yaml
@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: grafana-storage
+  labels:
+    app: grafana
+spec:
+  storageClassName: linode-block-storage-retain
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
author	Chris Lovering <[email protected]>	2023-08-13 20:01:42 +0100
committer	Chris Lovering <[email protected]>	2023-08-14 11:44:03 +0100
commit	661f49409e69f5cfafbef4cd41411a72ebc5418d (patch)
tree	9ddd7f2a2ab09cadc5b716be00628e19d839ad4d /kubernetes/namespaces/default/grafana
parent	Allow multiple documents within yaml files (diff)