commit 4216a7dc096676d3bdd31f2d14a420eab6e77ab8 Author: Joerg Lehmann Date: Tue Dec 27 14:49:22 2022 +0100 Initial commit diff --git a/minibeielidev/minibeielidev.yaml b/minibeielidev/minibeielidev.yaml new file mode 100644 index 0000000..67f40ae --- /dev/null +++ b/minibeielidev/minibeielidev.yaml @@ -0,0 +1,120 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/minibeielidev/influxdb: z + bind-mount-options:/data/minibeielidev/redis: z + bind-mount-options:/data/minibeielidev/lorahandlerdata: z + bind-mount-options:/home/containers/onyx-dev_pods/minibeielidev/telegraf.conf: z + io.kubernetes.cri-o.TTY/minibeielidev: "false" + io.podman.annotations.autoremove/minibeielidev: "FALSE" + io.podman.annotations.init/minibeielidev: "FALSE" + io.podman.annotations.label/minibeielidev: type:container_runtime_t + io.podman.annotations.privileged/minibeielidev: "FALSE" + io.podman.annotations.publish-all/minibeielidev: "FALSE" + labels: + app: minibeielidev-pod + name: minibeielidev-pod +spec: + containers: + - name: mini-beieli-web + image: registry.gitlab.com/drpuur/mini-beieli-web:2022122601 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + - name: INFLUX_URL + value: http://127.0.0.1:8086/api/v2/query?org=minibeieliorg + - name: INFLUX_RO_TOKEN + value: o9V-_rvQrC1VuwR59wFCqWVWQ-FYnP18CBpEaLzVBec7AtDO65M-dU3EFD6pSNtTSIQMEQY_IqqCI2_z6JBQ7Q== + - name: STRIPE_KEY + value: sk_test_GJbXPD0IAFNvvGpNEpaeDfhl + - name: STRIPE_PK + value: pk_test_YkSGqH3Tk9WKK9HrlY63GhAg + ports: + - containerPort: 4000 + hostPort: 9050 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + - name: mini-beieli-lorahandler + image: registry.gitlab.com/drpuur/mini-beieli-lorahandler:2022122601 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + ports: + - containerPort: 8080 + hostPort: 9051 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - name: influxdb + image: docker.io/library/influxdb:2.6 + ports: + - containerPort: 8086 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/lib/influxdb2 + name: influxdb + - name: redis + image: docker.io/library/redis:7 + args: ["--save 60 1", "--loglevel warning"] + ports: + - containerPort: 5432 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: redis + - name: telegraf + image: docker.io/library/telegraf:1.25 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - mountPath: /etc/telegraf/telegraf.conf + name: telegrafconf + restartPolicy: Always + volumes: + - hostPath: + path: /data/minibeielidev/influxdb + type: Directory + name: influxdb + - hostPath: + path: /data/minibeielidev/redis + type: Directory + name: redis + - hostPath: + path: /data/minibeielidev/lorahandlerdata + type: Directory + name: lorahandlerdata + - hostPath: + path: /home/containers/onyx-dev_pods/minibeielidev/telegraf.conf + type: File + name: telegrafconf diff --git a/minibeielidev/telegraf.conf b/minibeielidev/telegraf.conf new file mode 100644 index 0000000..29ee77e --- /dev/null +++ b/minibeielidev/telegraf.conf @@ -0,0 +1,31 @@ +[global_tags] + +# Configuration for telegraf agent +[agent] + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 100000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "" + omit_hostname = false + +[[inputs.tail]] + files = ["/data/mini-beieli-lorahandler.log"] + from_beginning = false + pipe = false + tagexclude = ["path","host"] + data_format = "influx" + +# Configuration for sending metrics to InfluxDB 2.0 +[[outputs.influxdb_v2]] + urls = ["http://127.0.0.1:8086"] + token = "x_AqP_6HJ0s9_o1JA4_W0KHs-BBOuj904DWqAnmc_SzmMz6n-qA_rbPBN9OVIOifVQg0SI2d_dHx1VNUZgNngw==" + organization = "minibeieliorg" + bucket = "minibeielibucket" diff --git a/traefik/configuration/minibeielidev.yml b/traefik/configuration/minibeielidev.yml new file mode 100644 index 0000000..2b2d67d --- /dev/null +++ b/traefik/configuration/minibeielidev.yml @@ -0,0 +1,33 @@ +http: + routers: + minibeielidev-web: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "dev.mini-beieli.ch" + rule: "Host(`dev.mini-beieli.ch`)" + service: minibeielidev-web + + minibeielidev-lorahandler: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "dev.mini-beieli.ch" + rule: "Host(`dev.mini-beieli.ch`) && PathPrefix(`/lorahandler`)" + service: minibeielidev-lorahandler + + services: + minibeielidev-web: + loadBalancer: + servers: + - url: http://127.0.0.1:9050/ + passHostHeader: true + minibeielidev-lorahandler: + loadBalancer: + servers: + - url: http://127.0.0.1:9051/ + passHostHeader: true diff --git a/traefik/configuration/tls-config.yml b/traefik/configuration/tls-config.yml new file mode 100644 index 0000000..2791179 --- /dev/null +++ b/traefik/configuration/tls-config.yml @@ -0,0 +1,20 @@ +tls: + options: + default: + sniStrict: true + minVersion: VersionTLS12 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + tlsv13only: + minVersion: VersionTLS13 + stores: + default: + defaultGeneratedCert: + resolver: myresolver + domain: + main: onyx-dev.nbit.ch diff --git a/traefik/configuration/wobischdev.yml b/traefik/configuration/wobischdev.yml new file mode 100644 index 0000000..b04a182 --- /dev/null +++ b/traefik/configuration/wobischdev.yml @@ -0,0 +1,33 @@ +http: + routers: + wobischdev-web: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "dev.wo-bisch.ch" + rule: "Host(`dev.wo-bisch.ch`)" + service: wobischdev-web + + wobischdev-lorahandler: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "dev.wo-bisch.ch" + rule: "Host(`dev.wo-bisch.ch`) && PathPrefix(`/lorahandler`)" + service: wobischdev-lorahandler + + services: + wobischdev-web: + loadBalancer: + servers: + - url: http://127.0.0.1:9040/ + passHostHeader: true + wobischdev-lorahandler: + loadBalancer: + servers: + - url: http://127.0.0.1:9041/ + passHostHeader: true diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml new file mode 100644 index 0000000..e1f7f83 --- /dev/null +++ b/traefik/traefik.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/home/containers/onyx-dev_pods/traefik/configuration: z + bind-mount-options:/data/traefik/acme.json: z + io.kubernetes.cri-o.TTY/traefik: "false" + io.podman.annotations.autoremove/traefik: "FALSE" + io.podman.annotations.init/traefik: "FALSE" + io.podman.annotations.label/traefik: type:container_runtime_t + io.podman.annotations.privileged/traefik: "FALSE" + io.podman.annotations.publish-all/traefik: "FALSE" + creationTimestamp: "2022-12-03T15:45:41Z" + labels: + app: traefik-pod + name: traefik-pod +spec: + hostNetwork: true + containers: + - args: + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entryPoint.to=websecure + - --entrypoints.web.http.redirections.entryPoint.scheme=https + - --entrypoints.websecure.address=:443 + - --certificatesresolvers.myresolver.acme.email=postmaster@nbit.ch + - --certificatesresolvers.myresolver.acme.storage=/acme.json + - --certificatesresolvers.myresolver.acme.tlschallenge=true + - --certificatesresolvers.myresolver.acme.httpChallenge.entrypoint=web + - --providers.file.directory=/configuration/ + - --providers.file.watch=true + - --accesslog=true + #- --log.level=DEBUG + #- --api.dashboard=true + #- --api.insecure=true + image: docker.io/library/traefik:latest + name: traefik + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /configuration/ + name: home-containers-onyx-dev_pods-traefik-configuration-host-0 + - mountPath: /acme.json + name: data-traefik-acme.json-host-2 + volumes: + - hostPath: + path: /home/containers/onyx-dev_pods/traefik/configuration + type: Directory + name: home-containers-onyx-dev_pods-traefik-configuration-host-0 + - hostPath: + path: /data/traefik/acme.json + type: File + name: data-traefik-acme.json-host-2 diff --git a/wobischdev/telegraf.conf b/wobischdev/telegraf.conf new file mode 100644 index 0000000..7093eeb --- /dev/null +++ b/wobischdev/telegraf.conf @@ -0,0 +1,31 @@ +[global_tags] + +# Configuration for telegraf agent +[agent] + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 100000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "" + omit_hostname = false + +[[inputs.tail]] + files = ["/data/wo-bisch-lorahandler.log"] + from_beginning = false + pipe = false + tagexclude = ["path","host"] + data_format = "influx" + +# Configuration for sending metrics to InfluxDB 2.0 +[[outputs.influxdb_v2]] + urls = ["http://127.0.0.1:8086"] + token = "PWuleFEPB2YSduUkzkcW94V_-KFDK5Fi3MAeaA999Qe51OsGlJJSrcZ41pUAppCwF-z3rUNnyFQQJs8fCSTFzg==" + organization = "wobischorg" + bucket = "wobischbucket" diff --git a/wobischdev/wobischdev.yaml b/wobischdev/wobischdev.yaml new file mode 100644 index 0000000..ced70b4 --- /dev/null +++ b/wobischdev/wobischdev.yaml @@ -0,0 +1,120 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/wobischdev/influxdb: z + bind-mount-options:/data/wobischdev/redis: z + bind-mount-options:/data/wobischdev/lorahandlerdata: z + bind-mount-options:/home/containers/onyx-dev_pods/wobischdev/telegraf.conf: z + io.kubernetes.cri-o.TTY/wobischdev: "false" + io.podman.annotations.autoremove/wobischdev: "FALSE" + io.podman.annotations.init/wobischdev: "FALSE" + io.podman.annotations.label/wobischdev: type:container_runtime_t + io.podman.annotations.privileged/wobischdev: "FALSE" + io.podman.annotations.publish-all/wobischdev: "FALSE" + labels: + app: wobischdev-pod + name: wobischdev-pod +spec: + containers: + - name: wo-bisch-web + image: registry.gitlab.com/drpuur/wo-bisch-web:2022122101 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + - name: INFLUX_URL + value: http://127.0.0.1:8086/api/v2/query?org=wobischorg + - name: INFLUX_RO_TOKEN + value: TQvQxxLLAj1kTKWuEqcx7BA-KfE6WtJUeDlPa_Dnvms6Zqf6uh6lMbpXtzcsCjKO_x3PrpxxGDR5E6YnDB5PFg== + - name: STRIPE_KEY + value: sk_test_51Icq29K2XyHQRTs20aEeyUHH3WgE6nBkAKUFuXsQtbnZNIP5fap5zTLTaA0XvhIcRHkqt3vJ2nui6df8R9VDuDDh00nhzmWdHr + - name: STRIPE_PK + value: pk_test_51Icq29K2XyHQRTs2DeltUIWrbFb5evfJVGaQzMv4r50g8Q7HAUkSFr7BBGv0aP1damXIhM6fZ4Yf9Wz0qW6TpTVi00dWcW7J1O + ports: + - containerPort: 4000 + hostPort: 9040 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + - name: wo-bisch-lorahandler + image: registry.gitlab.com/drpuur/wo-bisch-lorahandler:2022122101 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + ports: + - containerPort: 8080 + hostPort: 9041 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - name: influxdb + image: docker.io/library/influxdb:2.6 + ports: + - containerPort: 8086 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/lib/influxdb2 + name: influxdb + - name: redis + image: docker.io/library/redis:7 + args: ["--save 60 1", "--loglevel warning"] + ports: + - containerPort: 5432 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: redis + - name: telegraf + image: docker.io/library/telegraf:1.25 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - mountPath: /etc/telegraf/telegraf.conf + name: telegrafconf + restartPolicy: Always + volumes: + - hostPath: + path: /data/wobischdev/influxdb + type: Directory + name: influxdb + - hostPath: + path: /data/wobischdev/redis + type: Directory + name: redis + - hostPath: + path: /data/wobischdev/lorahandlerdata + type: Directory + name: lorahandlerdata + - hostPath: + path: /home/containers/onyx-dev_pods/wobischdev/telegraf.conf + type: File + name: telegrafconf