med/cluster-management
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: initial codebase

Browse Source
This commit is contained in:
Med Mouine
2024-09-03 10:22:37 -04:00
commit 412789abb2
24 changed files with 2879 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
applications/gitlab/helmfile.yaml Normal file
View File

@@ -0,0 +1,19 @@
repositories:
- name: gitlab
url: https://charts.gitlab.io/
releases:
- name: gitlab
namespace: gitlab
chart: gitlab/gitlab
version: 8.4.0
installed: true
values:
- values.yaml
- name: grafana
namespace: logging
chart: grafana/grafana
version: 6.50.7
values:
- applications/logging/values/grafana-values.yaml

600
applications/gitlab/values.yaml Normal file
View File

@@ -0,0 +1,600 @@
---
serviceAccount:
enabled: true
certificates:
customCAs: []
image:
repository: registry.gitlab.com/gitlab-org/build/cng/certificates
certmanager:
install: false
installCRDs: false
nameOverride: certmanager
rbac:
create: true
certmanager-issuer:
email: security@nationtech.io
common:
labels: {}
deployment:
annotations: {}
envVars:
- name: CI_JOB_ID
value: $CI_JOB_ID
geo:
enabled: false
gitlab:
gitlab-exporter:
enabled: true
gitlab-pages:
ingress:
tls:
secretName: gitlab-pages-tls
enabled: true
gitlab-shell:
enabled: true
kas:
enabled: true
mailroom:
enabled: true
migrations:
enabled: true
sidekiq:
enabled: true
toolbox:
antiAffinityLabels:
matchLabels:
app: gitaly
enabled: true
replicas: 1
webservice:
enabled: true
ingress:
tls:
secretName: gitlab-tls
gitlab-zoekt:
gateway:
basicAuth:
enabled: true
secretName: '{{ include "gitlab.zoekt.gateway.basicAuth.secretName" $ }}'
indexer:
internalApi:
enabled: true
gitlabUrl: '{{ include "gitlab.zoekt.indexer.internalApi.gitlabUrl" $ }}'
secretKey: '{{ include "gitlab.zoekt.indexer.internalApi.secretKey" $ }}'
secretName: '{{ include "gitlab.zoekt.indexer.internalApi.secretName" $ }}'
install: true
global:
edition: ee
affinity:
nodeAffinity:
key: topology.kubernetes.io/zone
values: []
podAntiAffinity:
topologyKey: kubernetes.io/hostname
antiAffinity: soft
gitaly:
enabled: true
replicas: 2
praefect:
enabled: false
redis:
cluster:
enabled: false
appConfig:
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
cpu: 1
memory: 1Gi
smartcard:
enabled: false
kerberos:
dedicatedPort:
enabled: false
https: true
port: 8443
enabled: false
keytab:
key: keytab
simpleLdapLinkingAllowedRealms: []
kubectl:
image:
repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
securityContext:
fsGroup: 65534
runAsUser: 65534
ldap:
preventSignin: false
servers: {}
lfs:
bucket: git-lfs
connection: {}
enabled: true
proxy_download: true
maxRequestDurationSeconds: null
microsoft_graph_mailer:
enabled: false
minio:
enabled: true
monitoring:
enabled: true
object_store:
enabled: true
proxy_download: true
omniauth:
enabled: false
packages:
enabled: true
proxy_download: true
bucket: gitlab-packages
connection: {}
pages:
enabled: true
host: pages.gitlab.nationtech.io
namespaceInPath: true
accessControl: true
artifactsServer: true
https: null
objectStore:
bucket: gitlab-pages
connection: {}
enabled: true
applicationSettingsCacheSeconds: 60
artifacts:
bucket: gitlab-artifacts
enabled: true
proxy_download: true
backups:
bucket: gitlab-backups
tmpBucket: tmp
ciSecureFiles:
bucket: gitlab-ci-secure-files
connection: {}
enabled: false
contentSecurityPolicy:
enabled: false
report_only: true
cron_jobs: {}
defaultProjectsFeatures:
builds: true
issues: true
mergeRequests: true
snippets: true
wiki: true
dependencyProxy:
bucket: gitlab-dependency-proxy
connection: {}
enabled: true
proxy_download: true
duoAuth:
enabled: false
enableImpersonation: false
enableSeatLink: true
enableUsagePing: true
externalDiffs:
bucket: gitlab-mr-diffs
connection: {}
enabled: false
proxy_download: true
extra:
bizible:
googleAnalyticsId: null
googleTagManagerNonceId: null
matomoDisableCookies: null
matomoSiteId: null
matomoUrl: null
oneTrustId: null
gitlab_docs:
enabled: false
kas:
enabled: true
service:
apiExternalPort: 8153
tls:
enabled: false
verify: true
graphQlTimeout: null
gravatar:
plainUrl: null
sslUrl: null
hosts:
domain: brizo.nationtech.io
externalIP: null
https: true
gitlab:
name: gitlab.nationtech.io
minio:
name: minio.gitlab.nationtech.io
registry:
name: registry.gitlab.nationtech.io
protocol: https
ssh: gitlab.nationtech.io
incomingEmail:
enabled: false
ingress:
annotations:
cert-manager.io/issuer: letsencrypt-prod
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
class: nginx
configureCertmanager: false
enabled: true
path: /
pathType: Prefix
provider: nginx
tls:
enabled: true
secretName: gitlab-tls
useNewIngressForCerts: false
initialDefaults: {}
initialRootPassword: {}
issueClosingPattern: null
job:
nameSuffixOverride: null
keda:
enabled: false
psql:
ci: {}
connectTimeout: null
database: gitlabhq_production
keepalives: null
keepalivesCount: null
keepalivesIdle: null
keepalivesInterval: null
main: {}
password:
key: postgres-password
secret: gitlab-postgres
useSecret: true
tcpUserTimeout: null
username: gitlab
registry:
enabled: true
host: registry.gitlab.nationtech.io
port: 433
tokenIssuer: gitlab-issuer
api:
protocol: http
serviceName: registry
port: 5000
tls:
enabled: true
secretName: gitlab-registry-tls
sentry:
clientside_dsn: null
dsn: null
enabled: false
environment: null
serviceDeskEmail:
enabled: false
shell:
authToken:
secret: gitlab-gitlab-shell-auth-token
hostKeys:
secret: gitlab-gitlab-shell-host-keys
sidekiq:
routingRules: []
smtp:
enabled: false
uploads:
bucket: gitlab-uploads
enabled: true
proxy_download: true
usernameChangingEnabled: true
webhookTimeout: null
webservice:
tls:
enabled: true
workerTimeout: 300
workhorse:
tls:
enabled: false
serviceName: webservice-default
minio:
install: true
nginx-ingress:
class: nginx
enabled: false
tcpExternalConfig: 'true'
nginx-ingress-geo:
enabled: false
rbac:
create: true
scope: false
serviceAccount:
create: true
tcpExternalConfig: 'true'
postgresql:
auth:
existingSecret: '{{ include "gitlab.psql.password.secret" . }}'
password: bogus-satisfy-upgrade
postgresPassword: bogus-satisfy-upgrade
replicationPassword: ""
replicationUsername: repl_user
secretKeys:
adminPasswordKey: postgresql-postgres-password
replicationPasswordKey: replication-password
userPasswordKey: '{{ include "gitlab.psql.password.key" $ }}'
usePasswordFiles: false
image:
tag: 14.10.0
install: true
metrics:
enabled: true
service:
annotations:
gitlab.com/prometheus_port: '9187'
gitlab.com/prometheus_scrape: 'true'
prometheus.io/port: '9187'
prometheus.io/scrape: 'true'
primary:
extraVolumeMounts:
- mountPath: /docker-entrypoint-preinitdb.d/init_revision.sh
name: custom-init-scripts
subPath: init_revision.sh
initdb:
scriptsConfigMap: '{{ include "gitlab.psql.initdbscripts" $}}'
podAnnotations:
postgresql.gitlab/init-revision: '1'
prometheus:
install: false
alertmanager:
enabled: true
config:
global:
resolve_timeout: 5m
route:
group_by: ['job']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'null'
routes:
- match:
alertname: Watchdog
receiver: 'null'
receivers:
- name: 'null'
kubeStateMetrics:
enabled: true
nodeExporter:
enabled: true
pushgateway:
enabled: true
rbac:
create: true
server:
image:
tag: v2.38.0
retention: 15d
strategy:
type: Recreate
serverFiles:
prometheus.yml:
scrape_configs:
- job_name: prometheus
static_configs:
- targets:
- localhost:9090
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
job_name: kubernetes-apiservers
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: default;kubernetes;https
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape
- action: replace
regex: (https?)
source_labels:
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_pod_annotation_gitlab_com_prometheus_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: kubernetes_pod_name
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape
- action: replace
regex: (https?)
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
- job_name: kubernetes-services
kubernetes_sd_configs:
- role: service
metrics_path: /probe
params:
module:
- http_2xx
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_service_annotation_gitlab_com_prometheus_probe
- source_labels:
- __address__
target_label: __param_target
- replacement: blackbox
target_label: __address__
- source_labels:
- __param_target
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
rbac:
create: true
redis:
architecture: standalone
auth:
existingSecret: gitlab-redis-secret
existingSecretKey: redis-password
usePasswordFiles: true
cluster:
enabled: false
install: true
metrics:
enabled: true
registry:
enabled: true
database:
enabled: true
name: registry # must match the database name you created above
user: registry # must match the database username you created above
password:
secret: gitlab-registry-postgresql # must match the secret name
key: password # must match the secret key to read the password from
sslmode: verify-full
ssl:
secret: gitlab-registry-postgresql-ssl # you will need to create this secret manually
clientKey: client-key.pem
clientCertificate: client-cert.pem
serverCA: server-ca.pem
migrations:
enabled: true # this option will execute the schema migration as part of the registry deployment
tls:
enabled: true
secretName: gitlab-registry-tls
shared-secrets:
enabled: true
env: production
rbac:
create: true
resources:
requests:
cpu: 50m
securityContext:
fsGroup: 65534
runAsUser: 65534
selfsign:
caSubject: GitLab Helm Chart
expiry: 3650d
image:
repository: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign
keyAlgorithm: rsa
keySize: '4096'
serviceAccount:
create: true
enabled: true
gitlab-runner:
install: true
rbac:
create: true
runners:
locked: false
# Set secret to an arbitrary value because the runner chart renders the gitlab-runner.secret template only if it is not empty.
# The parent/GitLab chart overrides the template to render the actual secret name.
secret: "nonempty"
privileged: true
config: |
[[runners]]
[runners.kubernetes]
privileged = true
image = "ubuntu:22.04"
{{- if .Values.global.minio.enabled }}
[runners.cache]
Type = "s3"
Path = "gitlab-runner"
Shared = true
[runners.cache.s3]
ServerAddress = {{ include "gitlab-runner.cache-tpl.s3ServerAddress" . }}
BucketName = "runner-cache"
BucketLocation = "us-east-1"
Insecure = true
{{ end }}
podAnnotations:
gitlab.com/prometheus_scrape: "true"
gitlab.com/prometheus_port: 9252
upgradeCheck:
annotations: {}
configMapAnnotations: {}
enabled: true
image: {}
priorityClassName: ''
resources:
requests:
cpu: 50m
securityContext:
fsGroup: 65534
runAsUser: 65534
tolerations: []

1378
applications/gitlab/values2.yaml Normal file
View File

File diff suppressed because it is too large Load Diff