From 9790ce03b4c45b2fb04fb4f8252ba5b8f5a22dde Mon Sep 17 00:00:00 2001 From: Joerg Lehmann Date: Tue, 27 Dec 2022 20:16:19 +0100 Subject: [PATCH] mini-beieli.ch prod is now running on onyx... --- README.md | 1 + minibeieli/minibeieli.yaml | 123 +++++++++++++++++++++++++++ minibeieli/telegraf.conf | 31 +++++++ traefik/configuration/minibeieli.yml | 35 ++++++++ 4 files changed, 190 insertions(+) create mode 100644 minibeieli/minibeieli.yaml create mode 100644 minibeieli/telegraf.conf create mode 100644 traefik/configuration/minibeieli.yml diff --git a/README.md b/README.md index 111900d..2fd56d2 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ command to check who is banned: # dnf install jq # dnf install sysstat # dnf install lftp +# dnf install binutils ``` ## Setup Mail diff --git a/minibeieli/minibeieli.yaml b/minibeieli/minibeieli.yaml new file mode 100644 index 0000000..1dc363a --- /dev/null +++ b/minibeieli/minibeieli.yaml @@ -0,0 +1,123 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + bind-mount-options:/data/minibeieli/influxdb: z + bind-mount-options:/data/minibeieli/redis: z + bind-mount-options:/data/minibeieli/lorahandlerdata: z + bind-mount-options:/home/containers/onyx_pods/minibeieli/telegraf.conf: z + io.kubernetes.cri-o.TTY/minibeieli: "false" + io.podman.annotations.autoremove/minibeieli: "FALSE" + io.podman.annotations.init/minibeieli: "FALSE" + io.podman.annotations.label/minibeieli: type:container_runtime_t + io.podman.annotations.privileged/minibeieli: "FALSE" + io.podman.annotations.publish-all/minibeieli: "FALSE" + labels: + app: minibeieli-pod + name: minibeieli-pod +spec: + containers: + - name: mini-beieli-web + image: registry.gitlab.com/drpuur/mini-beieli-web:2022122601 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + - name: INFLUX_URL + value: http://127.0.0.1:8086/api/v2/query?org=minibeieliorg + - name: INFLUX_RO_TOKEN + value: _rsxFfFIwY5zwqEFY7MOLTq89hVpIgWAbyibHjwC_5u4QUGAa2_ZBfWFNSL0PylTsH_nabo8FkKEfHrFf31Sgg== + - name: STRIPE_KEY + value: sk_live_kYXh8qhsHCpI26qEfmseU5nj + - name: STRIPE_PK + value: pk_live_G9vgPopd9opsY81AfzguwMrq + - name: MAILSERVER_HOST + value: mail.nbit.ch + ports: + - containerPort: 4000 + hostPort: 9070 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + - name: mini-beieli-lorahandler + image: registry.gitlab.com/drpuur/mini-beieli-lorahandler:2022122601 + env: + - name: REDIS_CONNECTION_STRING + value: 127.0.0.1:6379 + ports: + - containerPort: 8080 + hostPort: 9071 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - name: influxdb + image: docker.io/library/influxdb:2.6 + ports: + - containerPort: 8086 + hostPort: 8086 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /var/lib/influxdb2 + name: influxdb + - name: redis + image: docker.io/library/redis:7 + args: ["--save 60 1", "--loglevel warning"] + ports: + - containerPort: 5432 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_NET_RAW + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: redis + - name: telegraf + image: docker.io/library/telegraf:1.25 + resources: {} + securityContext: + capabilities: + drop: + - CAP_MKNOD + - CAP_AUDIT_WRITE + volumeMounts: + - mountPath: /data + name: lorahandlerdata + - mountPath: /etc/telegraf/telegraf.conf + name: telegrafconf + restartPolicy: Always + volumes: + - hostPath: + path: /data/minibeieli/influxdb + type: Directory + name: influxdb + - hostPath: + path: /data/minibeieli/redis + type: Directory + name: redis + - hostPath: + path: /data/minibeieli/lorahandlerdata + type: Directory + name: lorahandlerdata + - hostPath: + path: /home/containers/onyx_pods/minibeieli/telegraf.conf + type: File + name: telegrafconf diff --git a/minibeieli/telegraf.conf b/minibeieli/telegraf.conf new file mode 100644 index 0000000..d2f3829 --- /dev/null +++ b/minibeieli/telegraf.conf @@ -0,0 +1,31 @@ +[global_tags] + +# Configuration for telegraf agent +[agent] + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 100000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "" + omit_hostname = false + +[[inputs.tail]] + files = ["/data/mini-beieli-lorahandler.log"] + from_beginning = false + pipe = false + tagexclude = ["path","host"] + data_format = "influx" + +# Configuration for sending metrics to InfluxDB 2.0 +[[outputs.influxdb_v2]] + urls = ["http://127.0.0.1:8086"] + token = "3xt2X2djaSgIOD4mK4fHEoL6MvbdxLBiznaZTDjYF0-v-8x_0PQNSOkpzMPBoWWvas_Y3H7yMMhn6OMsU2Pk-A==" + organization = "minibeieliorg" + bucket = "minibeielibucket" diff --git a/traefik/configuration/minibeieli.yml b/traefik/configuration/minibeieli.yml new file mode 100644 index 0000000..e74f4d9 --- /dev/null +++ b/traefik/configuration/minibeieli.yml @@ -0,0 +1,35 @@ +http: + routers: + minibeieli-web: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "mini-beieli.ch" + sans: "www.mini-beieli.ch" + rule: "Host(`mini-beieli.ch`,`www.mini-beieli.ch`)" + service: minibeieli-web + + minibeieli-lorahandler: + entrypoints: + - websecure + tls: + certresolver: "myresolver" + domains: + - main: "mini-beieli.ch" + sans: "www.mini-beieli.ch" + rule: "Host(`mini-beieli.ch`,`www.mini-beieli.ch`) && PathPrefix(`/lorahandler`)" + service: minibeieli-lorahandler + + services: + minibeieli-web: + loadBalancer: + servers: + - url: http://127.0.0.1:9070/ + passHostHeader: true + minibeieli-lorahandler: + loadBalancer: + servers: + - url: http://127.0.0.1:9071/ + passHostHeader: true