hashbang / gitops Goto Github PK
View Code? Open in Web Editor NEWgitops repo for our kubernetes cluster
gitops repo for our kubernetes cluster
There's an official DigitalOcean operator that can create and manage DO's hosted databases as normal k8s resources.
I think it would be useful to pivot to a userdb instance managed this way, and replace the manually-managed credentials and secrets with automatically provisioned ones.
tcp ingress to the container on port 22, http[s] ingress goes to a static html file
Can be migrated from https://github.com/hashbang/infra/tree/master/charts/site
affected applications:
Will be able to at least validate yaml.
Not sure if we'll be able to do a client side dry-run without exposing secrets to the CI server?
Many of our resources only select a particular image tag; rather than an exact hash.
kubectl get pods --all-namespaces -o json | jq '.items[].spec.containers[].image' | grep -v sha256 | sort -u
As mentioned in #4
We should have a sidecar that watches for configmap changes and sends a SIGHUP or rehash command to the irc server.
Requires kubectl version 1.18.8+ (about, I didn't do thorough testing, but definitely not 1.18.3).
v1beta1 is now dropped. I updated the ingress-nginx Kustomization. It looks like a maintenance script updated the live cluster already, but this needs to be done at some point to avoid overwriting the fixes.
Currently we use inotifyd
to watch for changes in /ircd/
We do want to fire on e.g. /ircd/ircd.yaml
and /ircd/tls/tls.crt
We dont want to fire on e.g. /ircd/db/foo
changes
At the moment I think its either not crossing device boundaries or not descending into sub directories.
We may need to move around our mount points to resolve this correctly.
I noticed that this repo uses Argo CD, and I thought I’d let you know that I recently released a Github app called Infro that several companies use internally that allows Argo CD users to preview Kubernetes changes in Github pull requests before they merge. I’m providing it for free to open source projects (here’s an example in the wild). Here’s a setup guide with links to documentation. It’s in early stages, so I’m sure there will be warts. All feedback is welcome!
this should be a token of some sort that makes it so only some things can post to /signup
Or an S3 compatible API, if|when we move out of DigitalOcean.
This is useful for us due to free ingress into the system. $5/250GB per month. This is actually cheaper than the current solution using a PVC as those are dynamically generated and are $10/100GB. This also means that we can store more logs over time, and - if we want - we can apply lifecycle rules with DigitalOcean Spaces Block Storage.
https://github.com/coreos/kube-prometheus includes prometheus-operator as well as grafana, alertmanager, kube-state-metrics and more.
Consider replacing our prometheus-operator application with it.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
argocd/kustomization.yaml
argoproj/argo-cd 6b9cd828c6e9807398869ad5ac44efd2c28422d6
quay.io/argoproj/argocd v2.12.3@sha256:68894064bc381c19ea951029510aa614bd26bf46c2ec65ea445c7d8d095a9417
ghcr.io/dexidp/dex v2.38.0@sha256:b1d793440a98d7ecde7fa5dbc8cee1204ef0e8918d9e51ef6201f50d12d55925
redis 7.2.0-alpine@sha256:fd5de2340bc46cbc2241975ab027797c350dec6fd86349e3ac384e3a41be6fee
viaductoss/ksops v4.3.2@sha256:21cb93a5a8bc8f6a9e21991fde99653728585563a879fc2f7939d96de524747c
book/kustomization.yaml
hashbang/book latest@sha256:95eea06a0186245aa329da9185c963bf66e9ed447ae2c54fc6973aa2a2dab68e
cert-manager/kustomization.yaml
cert-manager v1.15.2
external-dns/kustomization.yaml
registry.k8s.io/external-dns/external-dns v0.14.2@sha256:3fcad62c4a9a8a72cb2db5ce7adeb121be66cac5f7f5ddad43684c2b20c72aa5
ingress-nginx/controller/kustomization.yaml
registry.k8s.io/ingress-nginx/controller v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
ircd/kustomization.yaml
ghcr.io/ergochat/ergo v2.14.0@sha256:ef4040d18044a53c8c995defb3159018cf2e83030e5db068c3976d9343c826a5
keycloak/kustomization.yaml
quay.io/keycloak/keycloak 25.0.4@sha256:bf788a3b7fd737143f98d4cb514cb9599c896acee01a26b2117a10bd99e23e11
matterbridge/kustomization.yaml
42wim/matterbridge 1.26.0@sha256:ba9ae3b54776d4e4a1317cd7929d62326f7d3dd75e37eb038e01e33e18e41164
mtls/kustomization.yaml
drGrove/mtls-server 124865fadd23dca58f74064c681fd3830aac5b59
drgrove/mtls-server v0.20.0@sha256:78a5fd3f56ca9034a4a326d598c7a3a43414b57b7f0b4f8d4a579d0df4b2b0ea
site/kustomization.yaml
hashbang/hashbang.sh latest@sha256:2d4e1d56586732715a2dd07cc5c4349fec6de13148ded0535e6d8ffeb884a14d
userdb-api/kustomization.yaml
postgrest/postgrest v12.2.3@sha256:729bf65c733b73f5b52777f0e4b853f22ed73aa67a22d38269d289779b0a8401
webirc/kustomization.yaml
hashbang/webirc latest@sha256:5b5d8a7b0e84fa4c5e03643c2feff0ef45a209b5e3613fd98a65a80b30007470
wkd/kustomization.yaml
drGrove/docker-wkd c47ec975fa0a46f5e7671750254380dfa39c6fc2
drgrove/wkd v2.2.2@sha256:b00e9e42486efa6e8601f4aff3d61c9417dcaba993411905a4b63cd2dee72f42
kiwigrid/k8s-sidecar 1.27.5@sha256:1fc88232e223a6977c626510372a74ca1f73af073e3c361719ccf02f223c8a12
argocd/kustomization.yaml
argoproj/argo-cd v2.12.3@6b9cd828c6e9807398869ad5ac44efd2c28422d6
mtls/kustomization.yaml
drGrove/mtls-server v0.20.0@124865fadd23dca58f74064c681fd3830aac5b59
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Location: renovate.json
Error type: Invalid JSON (parsing failed)
Message: Syntax error near ],
Thoughts for consideration:
hashbang.sh
for this or irc.hashbang.sh
?
irc.hashbang.sh
for this, how can we set up hashbang.sh
in a way where IRC won't lose out on messages created on a potential hashbang.sh
matrix serverirc.hashbang.sh
, we need a good way to set up either SRV records or well-known, with the former being defined in admin-tools and the latter probably being done via an Ingress. I believe we can have separate Ingress on the same domain name defined across namespaces, so this should be a valid optionI just merged ergochat/ergo#1111, which adds support for authentication plugins via subprocess invocation. The goal in this issue is to start managing IRC authentication credentials in userdb, then get everyone using SASL. Here's a tentative plan:
accounts.auth-script
config block), with autocreate
enabled~/.weechat/irc.conf
to use SASL PLAIN with the autogenerated password. We could write a script like enable-irc-sasl
that does this for existing users.https://www.digitalocean.com/docs/kubernetes/how-to/monitor-advanced/
The digital ocean agents are failing to connect to kube-state-metrics; I think kube-rbac-proxy is the gatekeeper.
I've been playing with the kube-system
daemonset.apps/do-node-agent
argument --k8s-metrics-path=https://kube-state-metrics.monitoring.svc.cluster.local:8443/metrics
to try and fix it.
Use https://github.com/hashbang/docker-postfix ?
@benharri where does our config currently come from?
Message templates are here: https://github.com/hashbang/gitops/blob/master/argocd/argocd-notifications/cm-patch.yaml#L22-L29
I have a bit of a pet hate for kibana and to a less degree, elastic-search. Lets set up loki (to be used from grafana).
TODO list:
logcli
usagehttps://github.com/argoproj-labs/argocd-notifications/releases/tag/v1.0.0
the "oncePer" feature looks like it could be useful for us
https://github.com/google/alertmanager-irc-relay
Probably have alerts go to a channel for that purpose (e.g. #!infra
? )
At the project level we can enforce signed gpg commits.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.