From 2af3e6b5a50f0c5405c6d4899a90b6bf1a97359d Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 15 Nov 2024 18:52:21 +0100 Subject: [PATCH] feat(keephq): configure database Signed-off-by: Nicolas Lamirault --- gitops/argocd/charts/alerting/keep/Chart.yaml | 2 +- .../alerting/keep/templates/credentials.yaml | 39 +++++ .../alerting/keep/templates/database.yaml | 137 ++++++++++++++++++ ...homelab.yaml => values-talos-homelab.yaml} | 43 +++--- .../argocd/charts/alerting/keep/values.yaml | 53 ++----- 5 files changed, 218 insertions(+), 56 deletions(-) create mode 100644 gitops/argocd/charts/alerting/keep/templates/credentials.yaml create mode 100644 gitops/argocd/charts/alerting/keep/templates/database.yaml rename gitops/argocd/charts/alerting/keep/{values-k3s-homelab.yaml => values-talos-homelab.yaml} (70%) diff --git a/gitops/argocd/charts/alerting/keep/Chart.yaml b/gitops/argocd/charts/alerting/keep/Chart.yaml index 2a62ac629f..2ad015e55b 100644 --- a/gitops/argocd/charts/alerting/keep/Chart.yaml +++ b/gitops/argocd/charts/alerting/keep/Chart.yaml @@ -23,4 +23,4 @@ appVersion: 1.0.0 dependencies: - name: keep repository: https://keephq.github.io/helm-charts - version: 0.1.12 \ No newline at end of file + version: 0.1.39 diff --git a/gitops/argocd/charts/alerting/keep/templates/credentials.yaml b/gitops/argocd/charts/alerting/keep/templates/credentials.yaml new file mode 100644 index 0000000000..230a4fac16 --- /dev/null +++ b/gitops/argocd/charts/alerting/keep/templates/credentials.yaml @@ -0,0 +1,39 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + labels: + app: keep + name: keep-database-credentials + namespace: {{ .Release.Namespace }} +spec: + refreshInterval: "1h" + secretStoreRef: + kind: ClusterSecretStore + name: akeyless + target: + name: keep-database-credentials + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: keep_MARIADB_PASSWORD + # - secretKey: rootPassword + # remoteRef: + # key: keep_MARIADB_ROOT_PASSWORD diff --git a/gitops/argocd/charts/alerting/keep/templates/database.yaml b/gitops/argocd/charts/alerting/keep/templates/database.yaml new file mode 100644 index 0000000000..f10db42096 --- /dev/null +++ b/gitops/argocd/charts/alerting/keep/templates/database.yaml @@ -0,0 +1,137 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: moco.cybozu.com/v1beta2 +kind: MySQLCluster +metadata: + labels: + app: keep + name: keep-db + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + # backupPolicyName: keep-db + # collectors is a list of collector flag names. + # See https://github.com/prometheus/mysqld_exporter/blob/master/README.md#collector-flags for all available collectors. + collectors: + - binlog_size + - engine_innodb_status + - info_schema.innodb_metrics + podTemplate: + spec: + # Make the data directory writable. If moco-init fails with "Permission denied", uncomment the following settings. + # securityContext: + # fsGroup: 10000 + # fsGroupChangePolicy: "OnRootMismatch" # available since k8s 1.20 + containers: + - name: mysqld + image: {{ .Values.database.image }} + resources: + {{- toYaml .Values.database.resources | nindent 10 }} + volumeClaimTemplates: + - metadata: + name: mysql-data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.database.pvc.storageClassName }} + resources: + requests: + storage: {{ .Values.database.pvc.size }} +# --- +# apiVersion: v1 +# kind: PersistentVolumeClaim +# metadata: +# labels: +# app: keep +# name: keep-db-daily-backup +# namespace: {{ .Release.Namespace }} +# spec: +# accessModes: +# - ReadWriteOnce +# storageClassName: local-path +# resources: +# requests: +# storage: 5Gi +# --- +# apiVersion: moco.cybozu.com/v1beta2 +# kind: BackupPolicy +# metadata: +# labels: +# app: keep +# name: keep-db-daily +# namespace: {{ .Release.Namespace }} +# spec: +# schedule: "@daily" +# jobConfig: +# serviceAccountName: default +# bucketConfig: +# bucketName: "moco" +# endpointURL: https://s3.cleeb.net +# usePathStyle: true +# region: us-east-1 +# envFrom: +# - secretRef: +# name: keep-db-backup +# workVolume: +# persistentVolumeClaim: +# claimName: keep-db-daily-backup +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: keep + name: keep-db + namespace: {{ .Release.Namespace }} +spec: + template: + spec: + containers: + - name: keep-db + image: mysql + env: + - name: DB_ADMIN_USERNAME + value: moco-writable + - name: DB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: moco-keep-db + key: ADMIN_PASSWORD + - name: DB_NAME + value: "{{ .Values.keep.database.database }}" + - name: DB_USERNAME + value: "{{ .Values.keep.database.username }}" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: keep-database-credentials + key: password + - name: DB_HOST + value: moco-keep-db-primary + # command: ["/bin/bash", "-c"] + # args: + # - mysql -h"$DB_HOST" -u"$DB_USERNAME" -p"$DB_PASSWORD" -e "CREATE DATABASE IF NOT EXISTS $DB_DATABASE;" + command: + - /usr/bin/bash + - "-c" + - | + NAME=sandbox + mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "CREATE USER IF NOT EXISTS '${DB_USERNAME}'@'%' IDENTIFIED BY '${DB_PASSWORD}'" && + mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "CREATE DATABASE IF NOT EXISTS ${DB_NAME}" && + mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_USERNAME}'@'%'" + restartPolicy: Never + # backoffLimit: 1 diff --git a/gitops/argocd/charts/alerting/keep/values-k3s-homelab.yaml b/gitops/argocd/charts/alerting/keep/values-talos-homelab.yaml similarity index 70% rename from gitops/argocd/charts/alerting/keep/values-k3s-homelab.yaml rename to gitops/argocd/charts/alerting/keep/values-talos-homelab.yaml index 52d9470df0..7f4d754022 100644 --- a/gitops/argocd/charts/alerting/keep/values-k3s-homelab.yaml +++ b/gitops/argocd/charts/alerting/keep/values-talos-homelab.yaml @@ -16,22 +16,31 @@ # SPDX-License-Identifier: Apache-2.0 keep: + global: + ingress: + enabled: true + className: traefik + host: + - host: 192.168.0.61.nip.io + backend: databaseConnectionStringFromSecret: enabled: false secretName: keep-database secretKey: "" - env: - - name: DATABASE_CONNECTION_STRING - value: mysql+pymysql://keep:kepp@keep-database:3306/keep + # env: + # - name: DATABASE_CONNECTION_STRING + # value: mysql+pymysql://keep:kepp@keep-database:3306/keep + replicaCount: 1 resources: limits: memory: 256Mi requests: cpu: 5m memory: 64Mi - + frontend: + replicaCount: 1 resources: limits: memory: 256Mi @@ -40,22 +49,22 @@ keep: memory: 64Mi websocket: + replicaCount: 1 resources: limits: memory: 256Mi requests: cpu: 5m memory: 64Mi - - database: - pvc: - enabled: true - size: 5Gi - storageClass: local-path - env: - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: yes - - name: MYSQL_DATABASE - value: keep - - name: MYSQL_PASSWORD - value: null \ No newline at end of file + +database: + image: ghcr.io/cybozu-go/moco/mysql:8.4.2 + resources: + limits: + memory: "600Mi" + requests: + cpu: 50m + memory: "100Mi" + pvc: + storageClassName: local-path + size: 5Gi diff --git a/gitops/argocd/charts/alerting/keep/values.yaml b/gitops/argocd/charts/alerting/keep/values.yaml index 2020cd843a..be0def58f0 100644 --- a/gitops/argocd/charts/alerting/keep/values.yaml +++ b/gitops/argocd/charts/alerting/keep/values.yaml @@ -15,45 +15,22 @@ # # SPDX-License-Identifier: Apache-2.0 -ai: - providers: - noopai: - enabled: true - localai: - enabled: false - openai: - enabled: false - azure_openai: +keep: + global: + ingress: enabled: false - aws_bedrock: - enabled: false - google_gemini: - enabled: false - cache: - enabled: false -k8sgpt: - name: core + backend: + healthCheck: + enabled: true -grafanaOperator: - enabled: true - matchLabels: - grafana.com/dashboards: portefaix - folder: ai - dashboards: - - name: k8sgpt-overview - key: k8sgpt-overview.json + frontend: + healthCheck: + enabled: true -k8sgpt-operator: - serviceMonitor: - enabled: true - additionalLabels: - prometheus.io/operator: portefaix - grafanaDashboard: - enabled: true - folder: - annotation: grafana.com/folder - name: ai - label: - key: grafana.com/dashboard - value: "k8sgpt-overview" + websocket: + healthCheck: + enabled: true + + database: + enabled: false