admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:de48ba220677f4024fc92b2b8ba66f3980a550f6
Branches Tags
admin:main
..
compare: admin:ee54f116414693405d0d9b6694f467ff5b1731c2
Branches Tags
admin:main

10 Commits
de48ba2206 ... ee54f11641

Author SHA1 Message Date
Gonçalo Rodrigues
ee54f11641 fix(gitignore): catch compiled Go binaries in all subdirectories
Some checks failed
deploy / test (push) Failing after 1m56s
Details
deploy / deploy-finance (push) Has been skipped
Details
2026-06-26 23:29:40 +01:00
Gonçalo Rodrigues
2e0163e2b2 feat(cicd): move deploy pipeline to Gitea Actions 
- .gitea/workflows/deploy.yaml: test → build ARM64 → push to Gitea
  registry → kubectl set image on push to main
- Remove .github/workflows/deploy.yml (GitHub kept as test-only backup)

Requires Gitea Actions secrets: GITEA_REGISTRY_PASSWORD, KUBECONFIG_B64.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 23:09:34 +01:00
Gonçalo Rodrigues
3b294e2e82 feat(cicd): add GitHub Actions deploy workflow for finance-api 
- deploy.yml: on push to main, builds linux/arm64 image, pushes to
  Gitea registry, deploys via SSH kubectl set image
- ci.yml: gate to PRs targeting main only
- finance-api deployment: imagePullPolicy Always so SHA-tagged images
  are always pulled on rollout

Requires GitHub Actions secrets: GITEA_REGISTRY_PASSWORD, VPS_HOST,
VPS_USER, VPS_SSH_KEY.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 23:05:38 +01:00
Gonçalo Rodrigues
f5f2251e24 fix(k8s): move ServiceMonitor manifests to k8s/monitoring/ subdirectory 
The k8s/*.yaml glob in each skaffold.yaml picks up servicemonitor.yaml
and fails when monitoring is disabled (CRD not installed). Moving them
to k8s/monitoring/ keeps the config but excludes them from the default
deploy. Apply manually when enable_monitoring=true.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:43:04 +01:00
Gonçalo Rodrigues
3621df170a fix(skaffold): pass defaultRepo as --default-repo flag, add deploy targets 
defaultRepo is not valid inside a profile build block in v4beta13.
Pass it as a CLI flag instead and expose make deploy / make deploy-<module>
targets for convenience.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:39:58 +01:00
Gonçalo Rodrigues
d00dcb9d3c fix(skaffold): move defaultRepo inside build block (v4beta13 schema) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:38:34 +01:00
Gonçalo Rodrigues
39460474a6 fix(skaffold): build linux/arm64 in CI profile for Hetzner CAX11 VPS 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:36:38 +01:00
Gonçalo Rodrigues
ba3fa6e46d fix(infra): switch MongoDB to 7 LTS (jemalloc, ARM64 stable) 
MongoDB 8.x (both 8.0 and 8.2) uses tcmalloc-google which segfaults
(exit 139) on Hetzner ARM64 kernels with transparent hugepages disabled.
MongoDB 7 LTS uses jemalloc and runs cleanly on the same hardware.
PVC was already wiped so there is no FCV incompatibility.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:28:33 +01:00
Gonçalo Rodrigues
8d824b3e19 fix(infra): pin MongoDB to 8.0 LTS to avoid ARM64 segfault 
mongo:8 resolves to 8.2 which uses tcmalloc-google. That allocator
segfaults (exit 139) when transparent hugepages are disabled, which is
the default on Hetzner kernels. MongoDB 8.0 LTS uses jemalloc and does
not have this issue.

PVC must be deleted before applying since FCV 8.2 data files can't be
opened by 8.0. Finance API seeds admin on startup so no data is lost.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:25:25 +01:00
Gonçalo Rodrigues
81e804206d fix(infra): revert to mongo:8, keep cache-size arg removed 
mongo:7 can't open data files written by mongo:8 (exit code 62 =
NeedsDowngrade). Stay on mongo:8 — the SIGSEGV was caused by the
--wiredTigerCacheSizeGB=0.25 flag, not the version. Removing the flag
is the actual fix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-26 22:21:11 +01:00
13 changed files with 1457 additions and 1817 deletions
Show Stats Expand all files Collapse all files

52
.gitea/workflows/deploy.yaml Normal file
View File

@ -0,0 +1,52 @@
name: deploy
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run tests
run: go test ./...
deploy-finance:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Gitea registry
run: |
echo "${{ secrets.GITEA_REGISTRY_PASSWORD }}" \
| docker login git.gugagr.xyz -u admin --password-stdin
- name: Build and push finance-api
run: |
docker build \
-t git.gugagr.xyz/admin/homelab_finance-api:${{ gitea.sha }} \
-f apps/finance/services/api/Dockerfile \
.
docker push git.gugagr.xyz/admin/homelab_finance-api:${{ gitea.sha }}
- name: Install kubectl
run: |
curl -sSLo kubectl \
https://dl.k8s.io/release/v1.30.0/bin/linux/arm64/kubectl
install -m 0755 kubectl /usr/local/bin/kubectl
- name: Deploy
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBECONFIG_B64 }}" | base64 -d > ~/.kube/config
kubectl set image deployment/api \
api=git.gugagr.xyz/admin/homelab_finance-api:${{ gitea.sha }} \
-n finance
kubectl rollout status deployment/api -n finance --timeout=120s

1
.github/workflows/ci.yml vendored
View File

@ -4,6 +4,7 @@ on:
push: push:
branches: [main] branches: [main]
pull_request: pull_request:
branches: [main]
jobs: jobs:
test: test:

5
.gitignore vendored
View File

@ -5,6 +5,7 @@
# node # node
node_modules node_modules
# go build artifacts # go build artifacts — ignore compiled binaries (files named main, no extension)
/main **/main
!**/main/
*.test *.test

13
Makefile
View File

@ -2,8 +2,9 @@ SHELL := /bin/zsh
.DEFAULT_GOAL := help .DEFAULT_GOAL := help
K3D_SCRIPT := infrastructure/k3d/k3d.sh K3D_SCRIPT := infrastructure/k3d/k3d.sh
TERRAFORM := terraform TERRAFORM := terraform
REGISTRY := git.gugagr.xyz/admin
# ── Cluster ─────────────────────────────────────────────────────────────────── # ── Cluster ───────────────────────────────────────────────────────────────────
@ -28,9 +29,17 @@ dev: ## Watch all services — rebuild and redeploy on file change
skaffold dev skaffold dev
.PHONY: run .PHONY: run
run: ## Build and deploy all services once run: ## Build and deploy all services once (local)
skaffold run skaffold run
.PHONY: deploy
deploy: ## Build for ARM64, push to Gitea, and deploy all services to VPS
skaffold run -p ci --default-repo $(REGISTRY)
.PHONY: deploy-%
deploy-%: ## Build and deploy a single service to VPS (e.g. make deploy-finance-api)
skaffold run -p ci -m $* --default-repo $(REGISTRY)
.PHONY: dev-finance .PHONY: dev-finance
dev-finance: ## Watch finance API only dev-finance: ## Watch finance API only
skaffold dev -f apps/finance/services/api/skaffold.yaml -p local skaffold dev -f apps/finance/services/api/skaffold.yaml -p local

0
apps/auth/services/gateway/k8s/servicemonitor.yaml → apps/auth/services/gateway/k8s/monitoring/servicemonitor.yaml
View File

0
apps/auth/services/users/k8s/servicemonitor.yaml → apps/auth/services/users/k8s/monitoring/servicemonitor.yaml
View File

2
apps/finance/services/api/k8s/deployment.yaml
View File

@ -20,7 +20,7 @@ spec:
containers: containers:
- name: api - name: api
image: homelab/finance-api image: homelab/finance-api
imagePullPolicy: IfNotPresent imagePullPolicy: Always
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8080

0
apps/finance/services/api/k8s/servicemonitor.yaml → apps/finance/services/api/k8s/monitoring/servicemonitor.yaml
View File

0
apps/test/services/example-service/k8s/servicemonitor.yaml → apps/test/services/example-service/k8s/monitoring/servicemonitor.yaml
View File

1006
infrastructure/terraform/terraform.tfstate.1780784875.backup
View File

File diff suppressed because it is too large Load Diff

614
infrastructure/terraform/terraform.tfstate.1780844254.backup
View File

@ -1,614 +0,0 @@
{
"version": 4,
"terraform_version": "1.15.5",
"serial": 235,
"lineage": "28673c1d-998f-000c-38f5-de7c9e848250",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "helm_release",
"name": "fluent_bit",
"provider": "provider[\"registry.terraform.io/hashicorp/helm\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"atomic": true,
"chart": "fluent-bit",
"cleanup_on_fail": false,
"create_namespace": true,
"dependency_update": false,
"description": null,
"devel": null,
"disable_crd_hooks": false,
"disable_openapi_validation": false,
"disable_webhooks": false,
"force_update": false,
"id": "fluent-bit",
"keyring": null,
"lint": false,
"manifest": null,
"max_history": 0,
"metadata": [
{
"app_version": "3.2.10",
"chart": "fluent-bit",
"first_deployed": 1780842519,
"last_deployed": 1780844089,
"name": "fluent-bit",
"namespace": "monitoring",
"notes": "Get Fluent Bit build information by running these commands:\n\nexport POD_NAME=$(kubectl get pods --namespace monitoring -l \"app.kubernetes.io/name=fluent-bit,app.kubernetes.io/instance=fluent-bit\" -o jsonpath=\"{.items[0].metadata.name}\")\nkubectl --namespace monitoring port-forward $POD_NAME 2020:2020\ncurl http://127.0.0.1:2020 \n\n",
"revision": 3,
"values": "{\"config\":{\"filters\":\"[FILTER]\\n Name kubernetes\\n Match kube.*\\n Annotations Off\\n Labels On\\n\",\"inputs\":\"[INPUT]\\n Name tail\\n Path /var/log/containers/*.log\\n Exclude_Path /var/log/containers/fluent-bit-*.log\\n multiline.parser docker,cri\\n Tag kube.*\\n Mem_Buf_Limit 50MB\\n Skip_Long_Lines On\\n\",\"outputs\":\"[OUTPUT]\\n Name loki\\n Match *\\n Host loki-gateway.monitoring.svc\\n Port 80\\n Labels job=fluent-bit\\n\",\"service\":\"[SERVICE]\\n Daemon Off\\n Log_Level info\\n Parsers_File /fluent-bit/etc/parsers.conf\\n HTTP_Server On\\n HTTP_Listen 0.0.0.0\\n HTTP_Port 2020\\n Health_Check On\\n\"},\"daemonSetVolumeMounts\":[{\"mountPath\":\"/var/log\",\"name\":\"varlog\"},{\"mountPath\":\"/var/lib/docker/containers\",\"name\":\"varlibdockercontainers\",\"readOnly\":true}],\"daemonSetVolumes\":[{\"hostPath\":{\"path\":\"/var/log\"},\"name\":\"varlog\"},{\"hostPath\":{\"path\":\"/var/lib/docker/containers\"},\"name\":\"varlibdockercontainers\"}],\"image\":{\"repository\":\"docker.io/fluent/fluent-bit\",\"tag\":\"3.2\"},\"tolerations\":[{\"operator\":\"Exists\"}]}",
"version": "0.48.10"
}
],
"name": "fluent-bit",
"namespace": "monitoring",
"pass_credentials": false,
"postrender": [],
"recreate_pods": false,
"render_subchart_notes": true,
"replace": false,
"repository": "https://fluent.github.io/helm-charts",
"repository_ca_file": null,
"repository_cert_file": null,
"repository_key_file": null,
"repository_password": null,
"repository_username": null,
"reset_values": false,
"reuse_values": false,
"set": [],
"set_list": [],
"set_sensitive": [],
"skip_crds": false,
"status": "deployed",
"timeout": 300,
"upgrade_install": null,
"values": [
"\"config\":\n \"filters\": |\n [FILTER]\n Name kubernetes\n Match kube.*\n Annotations Off\n Labels On\n \"inputs\": |\n [INPUT]\n Name tail\n Path /var/log/containers/*.log\n Exclude_Path /var/log/containers/fluent-bit-*.log\n multiline.parser docker,cri\n Tag kube.*\n Mem_Buf_Limit 50MB\n Skip_Long_Lines On\n \"outputs\": |\n [OUTPUT]\n Name loki\n Match *\n Host loki-gateway.monitoring.svc\n Port 80\n Labels job=fluent-bit\n \"service\": |\n [SERVICE]\n Daemon Off\n Log_Level info\n Parsers_File /fluent-bit/etc/parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n Health_Check On\n\"daemonSetVolumeMounts\":\n- \"mountPath\": \"/var/log\"\n \"name\": \"varlog\"\n- \"mountPath\": \"/var/lib/docker/containers\"\n \"name\": \"varlibdockercontainers\"\n \"readOnly\": true\n\"daemonSetVolumes\":\n- \"hostPath\":\n \"path\": \"/var/log\"\n \"name\": \"varlog\"\n- \"hostPath\":\n \"path\": \"/var/lib/docker/containers\"\n \"name\": \"varlibdockercontainers\"\n\"image\":\n \"repository\": \"docker.io/fluent/fluent-bit\"\n \"tag\": \"3.2\"\n\"tolerations\":\n- \"operator\": \"Exists\"\n"
],
"verify": false,
"version": "0.48.10",
"wait": true,
"wait_for_jobs": false
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "repository_password"
}
]
],
"identity_schema_version": 0,
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"terraform_data.monitoring_ns"
]
}
]
},
{
"mode": "managed",
"type": "helm_release",
"name": "jaeger",
"provider": "provider[\"registry.terraform.io/hashicorp/helm\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"atomic": true,
"chart": "jaeger",
"cleanup_on_fail": false,
"create_namespace": true,
"dependency_update": false,
"description": null,
"devel": null,
"disable_crd_hooks": false,
"disable_openapi_validation": false,
"disable_webhooks": false,
"force_update": false,
"id": "jaeger",
"keyring": null,
"lint": false,
"manifest": null,
"max_history": 0,
"metadata": [
{
"app_version": "2.18.0",
"chart": "jaeger",
"first_deployed": 1780842519,
"last_deployed": 1780844089,
"name": "jaeger",
"namespace": "monitoring",
"notes": "###################################################################\n### ⚠️ EXPERIMENTAL - NO STABILITY GUARANTEES ###\n### ###\n### This chart is under active development. ###\n### Breaking changes may occur in minor versions. ###\n### ###\n### See README.md for configuration details. ###\n###################################################################\n\n🚀 Congratulations on successfully installing Jaeger v2.18.0 (Chart v4.8.0)!\n\nTo access the query UI:\n http://jaeger.homelab.local\n",
"revision": 3,
"values": "{\"jaeger\":{\"ingress\":{\"annotations\":{\"traefik.ingress.kubernetes.io/router.middlewares\":\"auth-forward-auth@kubernetescrd\"},\"enabled\":true,\"hosts\":[\"jaeger.homelab.local\"]}}}",
"version": "4.8.0"
}
],
"name": "jaeger",
"namespace": "monitoring",
"pass_credentials": false,
"postrender": [],
"recreate_pods": false,
"render_subchart_notes": true,
"replace": false,
"repository": "https://jaegertracing.github.io/helm-charts",
"repository_ca_file": null,
"repository_cert_file": null,
"repository_key_file": null,
"repository_password": null,
"repository_username": null,
"reset_values": false,
"reuse_values": false,
"set": [],
"set_list": [],
"set_sensitive": [],
"skip_crds": false,
"status": "deployed",
"timeout": 300,
"upgrade_install": null,
"values": [
"\"jaeger\":\n \"ingress\":\n \"annotations\":\n \"traefik.ingress.kubernetes.io/router.middlewares\": \"auth-forward-auth@kubernetescrd\"\n \"enabled\": true\n \"hosts\":\n - \"jaeger.homelab.local\"\n"
],
"verify": false,
"version": "4.8.0",
"wait": true,
"wait_for_jobs": false
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "repository_password"
}
]
],
"identity_schema_version": 0,
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"terraform_data.monitoring_ns"
]
}
]
},
{
"mode": "managed",
"type": "helm_release",
"name": "kube_prometheus_stack",
"provider": "provider[\"registry.terraform.io/hashicorp/helm\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"atomic": true,
"chart": "kube-prometheus-stack",
"cleanup_on_fail": false,
"create_namespace": true,
"dependency_update": false,
"description": null,
"devel": null,
"disable_crd_hooks": false,
"disable_openapi_validation": false,
"disable_webhooks": false,
"force_update": false,
"id": "kps",
"keyring": null,
"lint": false,
"manifest": null,
"max_history": 0,
"metadata": [
{
"app_version": "v0.91.0",
"chart": "kube-prometheus-stack",
"first_deployed": 1780842522,
"last_deployed": 1780844034,
"name": "kps",
"namespace": "monitoring",
"notes": "1. Get your 'admin' user password by running:\n\n kubectl get secret --namespace monitoring kps-grafana -o jsonpath=\"{.data.admin-password}\" | base64 --decode ; echo\n\n\n2. The Grafana server can be accessed via port 80 on the following DNS name from within your cluster:\n\n kps-grafana.monitoring.svc.cluster.local\n\n If you bind grafana to 80, please update values in values.yaml and reinstall:\n ```\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n fsGroup: 0\n\n command:\n - \"setcap\"\n - \"'cap_net_bind_service=+ep'\"\n - \"/usr/sbin/grafana-server \u0026\u0026\"\n - \"sh\"\n - \"/run.sh\"\n ```\n Details refer to https://grafana.com/docs/installation/configuration/#http-port.\n Or grafana would always crash.\n\n From outside the cluster, the server URL(s) are:\n http://grafana.homelab.local\n\n3. Login with the password from step 1 and the username: admin\n#################################################################################\n###### WARNING: Persistence is disabled!!! You will lose your data when #####\n###### the Grafana pod is terminated. #####\n#################################################################################\n\nkube-prometheus-stack has been installed. Check its status by running:\n kubectl --namespace monitoring get pods -l \"release=kps\"\n\nGet Grafana 'admin' user password by running:\n\n kubectl --namespace monitoring get secrets kps-grafana -o jsonpath=\"{.data.admin-password}\" | base64 -d ; echo\n\nAccess Grafana local instance:\n\n export POD_NAME=$(kubectl --namespace monitoring get pod -l \"app.kubernetes.io/name=grafana,app.kubernetes.io/instance=kps\" -oname)\n kubectl --namespace monitoring port-forward $POD_NAME 3000\n\nGet your grafana admin user password by running:\n\n kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-password}\" | base64 --decode ; echo\n\n\nVisit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create \u0026 configure Alertmanager and Prometheus instances using the Operator.\n\n1. Get the application URL by running these commands:\n export POD_NAME=$(kubectl get pods --namespace monitoring -l \"app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=kps\" -o jsonpath=\"{.items[0].metadata.name}\")\n echo \"Visit http://127.0.0.1:9100 to use your application\"\n kubectl port-forward --namespace monitoring $POD_NAME 9100\nkube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.\nThe exposed metrics can be found here:\nhttps://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics\n\nThe metrics are exported on the HTTP endpoint /metrics on the listening port.\nIn your case, kps-kube-state-metrics.monitoring.svc.cluster.local:8080/metrics\n\nThey are served either as plaintext or protobuf depending on the Accept header.\nThey are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.\n",
"revision": 5,
"values": "{\"alertmanager\":{\"enabled\":false},\"grafana\":{\"additionalDataSources\":[{\"access\":\"proxy\",\"isDefault\":false,\"name\":\"Jaeger\",\"type\":\"jaeger\",\"uid\":\"jaeger\",\"url\":\"http://jaeger.monitoring.svc:16686\"},{\"access\":\"proxy\",\"isDefault\":false,\"name\":\"Loki\",\"type\":\"loki\",\"uid\":\"loki\",\"url\":\"http://loki-gateway.monitoring.svc\"}],\"adminPassword\":\"jXWfhChbpD6QEDK2wLXbLHy7\",\"ingress\":{\"annotations\":{\"traefik.ingress.kubernetes.io/router.middlewares\":\"auth-forward-auth@kubernetescrd\"},\"enabled\":true,\"hosts\":[\"grafana.homelab.local\"],\"ingressClassName\":\"traefik\"}},\"kube-state-metrics\":{\"resources\":{\"requests\":{\"cpu\":\"50m\",\"memory\":\"128Mi\"}}},\"node-exporter\":{\"resources\":{\"requests\":{\"cpu\":\"25m\",\"memory\":\"64Mi\"}}},\"prometheus\":{\"prometheusSpec\":{\"resources\":{\"limits\":{\"cpu\":\"1\",\"memory\":\"1Gi\"},\"requests\":{\"cpu\":\"200m\",\"memory\":\"512Mi\"}}}}}",
"version": "86.0.2"
}
],
"name": "kps",
"namespace": "monitoring",
"pass_credentials": false,
"postrender": [],
"recreate_pods": false,
"render_subchart_notes": true,
"replace": false,
"repository": "https://prometheus-community.github.io/helm-charts",
"repository_ca_file": null,
"repository_cert_file": null,
"repository_key_file": null,
"repository_password": null,
"repository_username": null,
"reset_values": false,
"reuse_values": false,
"set": [],
"set_list": [],
"set_sensitive": [],
"skip_crds": false,
"status": "deployed",
"timeout": 300,
"upgrade_install": null,
"values": [
"\"alertmanager\":\n \"enabled\": false\n\"grafana\":\n \"additionalDataSources\":\n - \"access\": \"proxy\"\n \"isDefault\": false\n \"name\": \"Jaeger\"\n \"type\": \"jaeger\"\n \"uid\": \"jaeger\"\n \"url\": \"http://jaeger.monitoring.svc:16686\"\n - \"access\": \"proxy\"\n \"isDefault\": false\n \"name\": \"Loki\"\n \"type\": \"loki\"\n \"uid\": \"loki\"\n \"url\": \"http://loki-gateway.monitoring.svc\"\n \"adminPassword\": \"jXWfhChbpD6QEDK2wLXbLHy7\"\n \"ingress\":\n \"annotations\":\n \"traefik.ingress.kubernetes.io/router.middlewares\": \"auth-forward-auth@kubernetescrd\"\n \"enabled\": true\n \"hosts\":\n - \"grafana.homelab.local\"\n \"ingressClassName\": \"traefik\"\n\"kube-state-metrics\":\n \"resources\":\n \"requests\":\n \"cpu\": \"50m\"\n \"memory\": \"128Mi\"\n\"node-exporter\":\n \"resources\":\n \"requests\":\n \"cpu\": \"25m\"\n \"memory\": \"64Mi\"\n\"prometheus\":\n \"prometheusSpec\":\n \"resources\":\n \"limits\":\n \"cpu\": \"1\"\n \"memory\": \"1Gi\"\n \"requests\":\n \"cpu\": \"200m\"\n \"memory\": \"512Mi\"\n"
],
"verify": false,
"version": "86.0.2",
"wait": true,
"wait_for_jobs": false
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "repository_password"
}
],
[
{
"type": "get_attr",
"value": "values"
},
{
"type": "index",
"value": {
"value": 0,
"type": "number"
}
}
]
],
"identity_schema_version": 0,
"dependencies": [
"random_password.grafana",
"terraform_data.monitoring_ns"
]
}
]
},
{
"mode": "managed",
"type": "helm_release",
"name": "loki",
"provider": "provider[\"registry.terraform.io/hashicorp/helm\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"atomic": false,
"chart": "loki",
"cleanup_on_fail": false,
"create_namespace": true,
"dependency_update": false,
"description": null,
"devel": null,
"disable_crd_hooks": false,
"disable_openapi_validation": false,
"disable_webhooks": false,
"force_update": false,
"id": "loki",
"keyring": null,
"lint": false,
"manifest": null,
"max_history": 0,
"metadata": [
{
"app_version": "3.4.2",
"chart": "loki",
"first_deployed": 1780842520,
"last_deployed": 1780844090,
"name": "loki",
"namespace": "monitoring",
"notes": "***********************************************************************\n Welcome to Grafana Loki\n Chart version: 6.28.0\n Chart Name: loki\n Loki version: 3.4.2\n***********************************************************************\n\n** Please be patient while the chart is being deployed **\n\nTip:\n\n Watch the deployment status using the command: kubectl get pods -w --namespace monitoring\n\nIf pods are taking too long to schedule make sure pod affinity can be fulfilled in the current cluster.\n\n***********************************************************************\nInstalled components:\n***********************************************************************\n* loki\n\nLoki has been deployed as a single binary.\nThis means a single pod is handling reads and writes. You can scale that pod vertically by adding more CPU and memory resources.\n\n\n***********************************************************************\nSending logs to Loki\n***********************************************************************\n\nLoki has been configured with a gateway (nginx) to support reads and writes from a single component.\n\nYou can send logs from inside the cluster using the cluster DNS:\n\nhttp://loki-gateway.monitoring.svc.cluster.local/loki/api/v1/push\n\nYou can test to send data from outside the cluster by port-forwarding the gateway to your local machine:\n\n kubectl port-forward --namespace monitoring svc/loki-gateway 3100:80 \u0026\n\nAnd then using http://127.0.0.1:3100/loki/api/v1/push URL as shown below:\n\n```\ncurl -H \"Content-Type: application/json\" -XPOST -s \"http://127.0.0.1:3100/loki/api/v1/push\" \\\n--data-raw \"{\\\"streams\\\": [{\\\"stream\\\": {\\\"job\\\": \\\"test\\\"}, \\\"values\\\": [[\\\"$(date +%s)000000000\\\", \\\"fizzbuzz\\\"]]}]}\"\n```\n\nThen verify that Loki did receive the data using the following command:\n\n```\ncurl \"http://127.0.0.1:3100/loki/api/v1/query_range\" --data-urlencode 'query={job=\"test\"}' | jq .data.result\n```\n\n***********************************************************************\nConnecting Grafana to Loki\n***********************************************************************\n\nIf Grafana operates within the cluster, you'll set up a new Loki datasource by utilizing the following URL:\n\nhttp://loki-gateway.monitoring.svc.cluster.local/\n",
"revision": 3,
"values": "{\"backend\":{\"replicas\":0},\"chunksCache\":{\"enabled\":false},\"deploymentMode\":\"SingleBinary\",\"gateway\":{\"basicAuth\":{\"enabled\":false},\"enabled\":true,\"nginxConfig\":{\"httpSnippet\":\"proxy_set_header X-Scope-OrgID \\\"1\\\";\",\"serverSnippet\":\"\"}},\"loki\":{\"auth_enabled\":false,\"commonConfig\":{\"replication_factor\":1},\"containerSecurityContext\":{\"readOnlyRootFilesystem\":false},\"schemaConfig\":{\"configs\":[{\"from\":\"2024-01-01\",\"index\":{\"period\":\"24h\",\"prefix\":\"loki_index_\"},\"object_store\":\"filesystem\",\"schema\":\"v13\",\"store\":\"tsdb\"}]},\"storage\":{\"bucketNames\":{\"admin\":\"loki-admin\",\"chunks\":\"loki-chunks\",\"ruler\":\"loki-ruler\"},\"type\":\"filesystem\"}},\"monitoring\":{\"alerts\":{\"enabled\":false},\"dashboards\":{\"enabled\":false},\"lokiCanary\":{\"enabled\":false},\"rules\":{\"enabled\":false},\"selfMonitoring\":{\"enabled\":false},\"serviceMonitor\":{\"enabled\":false}},\"read\":{\"replicas\":0},\"resultsCache\":{\"enabled\":false},\"ruler\":{\"enabled\":false},\"singleBinary\":{\"extraVolumeMounts\":[{\"mountPath\":\"/var/loki\",\"name\":\"data\"}],\"extraVolumes\":[{\"emptyDir\":{},\"name\":\"data\"}],\"persistence\":{\"enabled\":false},\"replicas\":1},\"test\":{\"enabled\":false},\"write\":{\"replicas\":0}}",
"version": "6.28.0"
}
],
"name": "loki",
"namespace": "monitoring",
"pass_credentials": false,
"postrender": [],
"recreate_pods": false,
"render_subchart_notes": true,
"replace": false,
"repository": "https://grafana.github.io/helm-charts",
"repository_ca_file": null,
"repository_cert_file": null,
"repository_key_file": null,
"repository_password": null,
"repository_username": null,
"reset_values": false,
"reuse_values": false,
"set": [],
"set_list": [],
"set_sensitive": [],
"skip_crds": false,
"status": "deployed",
"timeout": 300,
"upgrade_install": null,
"values": [
"\"backend\":\n \"replicas\": 0\n\"chunksCache\":\n \"enabled\": false\n\"deploymentMode\": \"SingleBinary\"\n\"gateway\":\n \"basicAuth\":\n \"enabled\": false\n \"enabled\": true\n \"nginxConfig\":\n \"httpSnippet\": \"proxy_set_header X-Scope-OrgID \\\"1\\\";\"\n \"serverSnippet\": \"\"\n\"loki\":\n \"auth_enabled\": false\n \"commonConfig\":\n \"replication_factor\": 1\n \"containerSecurityContext\":\n \"readOnlyRootFilesystem\": false\n \"schemaConfig\":\n \"configs\":\n - \"from\": \"2024-01-01\"\n \"index\":\n \"period\": \"24h\"\n \"prefix\": \"loki_index_\"\n \"object_store\": \"filesystem\"\n \"schema\": \"v13\"\n \"store\": \"tsdb\"\n \"storage\":\n \"bucketNames\":\n \"admin\": \"loki-admin\"\n \"chunks\": \"loki-chunks\"\n \"ruler\": \"loki-ruler\"\n \"type\": \"filesystem\"\n\"monitoring\":\n \"alerts\":\n \"enabled\": false\n \"dashboards\":\n \"enabled\": false\n \"lokiCanary\":\n \"enabled\": false\n \"rules\":\n \"enabled\": false\n \"selfMonitoring\":\n \"enabled\": false\n \"serviceMonitor\":\n \"enabled\": false\n\"read\":\n \"replicas\": 0\n\"resultsCache\":\n \"enabled\": false\n\"ruler\":\n \"enabled\": false\n\"singleBinary\":\n \"extraVolumeMounts\":\n - \"mountPath\": \"/var/loki\"\n \"name\": \"data\"\n \"extraVolumes\":\n - \"emptyDir\": {}\n \"name\": \"data\"\n \"persistence\":\n \"enabled\": false\n \"replicas\": 1\n\"test\":\n \"enabled\": false\n\"write\":\n \"replicas\": 0\n"
],
"verify": false,
"version": "6.28.0",
"wait": false,
"wait_for_jobs": false
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "repository_password"
}
]
],
"identity_schema_version": 0,
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"terraform_data.monitoring_ns"
]
}
]
},
{
"mode": "managed",
"type": "random_password",
"name": "grafana",
"provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
"instances": [
{
"schema_version": 3,
"attributes": {
"bcrypt_hash": "$2a$10$gtPbohVnFQk0/9B59snVXuDUad.55.IBqXmpGWPlvSSeUfbyINf4G",
"id": "none",
"keepers": null,
"length": 24,
"lower": true,
"min_lower": 0,
"min_numeric": 0,
"min_special": 0,
"min_upper": 0,
"number": true,
"numeric": true,
"override_special": null,
"result": "jXWfhChbpD6QEDK2wLXbLHy7",
"special": false,
"upper": true
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "bcrypt_hash"
}
],
[
{
"type": "get_attr",
"value": "result"
}
]
],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "random_password",
"name": "mongodb",
"provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
"instances": [
{
"schema_version": 3,
"attributes": {
"bcrypt_hash": "$2a$10$CNBRlYZKIyKStfctvc1feuLMLE5wV9BKUEXkB5QbP4FkbEtw0vn3y",
"id": "none",
"keepers": null,
"length": 24,
"lower": true,
"min_lower": 0,
"min_numeric": 0,
"min_special": 0,
"min_upper": 0,
"number": true,
"numeric": true,
"override_special": null,
"result": "CQeYgJN3AXl9Kpx15zmwkArd",
"special": false,
"upper": true
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "bcrypt_hash"
}
],
[
{
"type": "get_attr",
"value": "result"
}
]
],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "auth_ns",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "15077c09-2fb0-74b9-04fe-3ee696bc2f72",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "home_ns",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "765a4ef9-ee35-d9e8-e758-fad70c2ff9de",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "mongodb_ns",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "5ea8087a-1531-c96a-5120-68b1b038a928",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "mongodb_secret",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "2bc645b6-4315-96b8-d609-08d96973cd5d",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"dependencies": [
"random_password.mongodb",
"terraform_data.mongodb_ns"
]
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "mongodb_service",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "975c0b02-a20d-daf1-85ad-127921b27f9f",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"dependencies": [
"terraform_data.mongodb_ns"
]
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "mongodb_statefulset",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "147bf317-5a20-8c4f-a63a-c82f8d7581ee",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"dependencies": [
"random_password.mongodb",
"terraform_data.mongodb_ns",
"terraform_data.mongodb_secret",
"terraform_data.mongodb_service"
]
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "monitoring_ns",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "45b22986-eb94-d3c3-d92a-9ede14fc5dc7",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0
}
]
},
{
"mode": "managed",
"type": "terraform_data",
"name": "test_ns",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "8daebd1b-fe4e-1231-6bb0-df23f2ea5fbb",
"input": null,
"output": null,
"triggers_replace": null
},
"sensitive_attributes": [],
"identity_schema_version": 0
}
]
}
],
"check_results": null
}

1578
infrastructure/terraform/terraform.tfstate.backup
View File

File diff suppressed because it is too large Load Diff

3
skaffold.yaml
View File

@ -21,6 +21,7 @@ profiles:
build: build:
local: local:
push: true push: true
platforms:
- linux/arm64
tagPolicy: tagPolicy:
gitCommit: {} gitCommit: {}
defaultRepo: git.gugagr.xyz/admin