diff --git a/k8s/README.md b/k8s/README.md index b3d0483..e048762 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -344,7 +344,27 @@ Using the project [zero-to-jupyterhub](https://zero-to-jupyterhub.readthedocs.io ```sh helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ helm upgrade --cleanup-on-fail --install jupyter jupyterhub/jupyterhub --namespace datalab --values datalab/jupyter-values.yaml +``` +## fuel datalab + +```sh +helm repo add influxdata https://helm.influxdata.com/ +helm upgrade --install influxdb influxdata/influxdb --namespace datalab --values datalab/influxdb.yml +helm upgrade --install telegraf influxdata/telegraf --namespace datalab --values datalab/telegraf.yml +helm repo add bitnami https://charts.bitnami.com/bitnami +helm install postgres bitnami/postgresql --namespace datalab --values datalab/postgres.yml.secret +``` + +## timescaledb @datalab + +```sh +git clone git@github.com:timescale/timescaledb-kubernetes.git ../../timescaledb-kubernetes +../../timescaledb-kubernetes/charts/timescaledb-single/generate_kustomization.sh timescaledb +cp -r "../../timescaledb-kubernetes/charts/timescaledb-single/kustomize/timescaledb" ./datalab/timescaledb.secret +kubectl apply -n datalab -k ./datalab/timescaledb.secret +helm repo add timescaledb 'https://raw.githubusercontent.com/timescale/timescaledb-kubernetes/master/charts/repo/' +helm install timescaledb timescaledb/timescaledb-single --namespace datalab --values datalab/timescaledb.yml ``` ## mailu diff --git a/k8s/datalab/influxdb.yml b/k8s/datalab/influxdb.yml new file mode 100644 index 0000000..1031407 --- /dev/null +++ b/k8s/datalab/influxdb.yml @@ -0,0 +1,2 @@ +persistence: + size: 20Gi \ No newline at end of file diff --git a/k8s/datalab/jupyter-values.yaml b/k8s/datalab/jupyter-values.yaml index ccf5778..913d85c 100644 --- a/k8s/datalab/jupyter-values.yaml +++ b/k8s/datalab/jupyter-values.yaml @@ -16,6 +16,14 @@ singleuser: image: name: "jupyter/tensorflow-notebook" tag: latest + extraEnv: + GRANT_SUDO: "yes" + uid: 0 + cmd: null + cpu: + guarantee: 1 + memory: + guarantee: "5G" ingress: enabled: true diff --git a/k8s/datalab/mopbot.yaml b/k8s/datalab/mopbot.yaml index 0526d2e..f910a89 100644 --- a/k8s/datalab/mopbot.yaml +++ b/k8s/datalab/mopbot.yaml @@ -41,6 +41,8 @@ spec: value: "353004365:AAFF1hSa6IiUAmLBAKiSg6Wi1g9lVQ2L6rw" - name: API_KEY_TANKER value: "0376b4b4-5829-15a3-c391-15d8b20d3d4e" + - name: API_KEY_GRAFANA + value: "eyJrIjoia3QxQ2Z3QVZ1S0xnekthdTR4S1B4NlVrOHBDMVU1R2giLCJuIjoiaW1hZ2UtcmVuZGVyZXIiLCJpZCI6MX0=" volumes: - name: tmp emptyDir: diff --git a/k8s/datalab/postgres.yml.secret b/k8s/datalab/postgres.yml.secret new file mode 100644 index 0000000..d06f9e0 Binary files /dev/null and b/k8s/datalab/postgres.yml.secret differ diff --git a/k8s/datalab/telegraf.yml b/k8s/datalab/telegraf.yml new file mode 100644 index 0000000..80b45fc --- /dev/null +++ b/k8s/datalab/telegraf.yml @@ -0,0 +1,7 @@ +config: + outputs: + - influxdb: + urls: + - "http://influxdb.datalab:8086" + database: "telegraf" + \ No newline at end of file diff --git a/k8s/datalab/timescaledb.secret/credentials.conf b/k8s/datalab/timescaledb.secret/credentials.conf new file mode 100644 index 0000000..95ddd1c --- /dev/null +++ b/k8s/datalab/timescaledb.secret/credentials.conf @@ -0,0 +1,3 @@ +PATRONI_SUPERUSER_PASSWORD=Li8oMPBv4Gx9S30jOXnxdl5bx57Wz7AF +PATRONI_REPLICATION_PASSWORD=dSNy0Dpz81ICZgpfdbQkcDXeJFWcIfNL +PATRONI_admin_PASSWORD=Q7SZJaO5NFPmL3MQOOfecYZ8vqHJ41YG diff --git a/k8s/datalab/timescaledb.secret/kustomization.yaml b/k8s/datalab/timescaledb.secret/kustomization.yaml new file mode 100644 index 0000000..ad8efdd --- /dev/null +++ b/k8s/datalab/timescaledb.secret/kustomization.yaml @@ -0,0 +1,21 @@ +# This file and its contents are licensed under the Apache License 2.0. +# Please see the included NOTICE for copyright information and LICENSE for a copy of the license. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +secretGenerator: + - name: -credentials + env: credentials.conf + - name: -certificate + type: kubernetes.io/tls + files: + - tls.key + - tls.crt + - name: -pgbackrest + env: pgbackrest.conf +namePrefix: timescaledb +commonLabels: + app: timescaledb-timescaledb + cluster-name: timescaledb +generatorOptions: + disableNameSuffixHash: true diff --git a/k8s/datalab/timescaledb.secret/pgbackrest.conf b/k8s/datalab/timescaledb.secret/pgbackrest.conf new file mode 100644 index 0000000..e69de29 diff --git a/k8s/datalab/timescaledb.secret/tls.crt b/k8s/datalab/timescaledb.secret/tls.crt new file mode 100644 index 0000000..d2f3640 --- /dev/null +++ b/k8s/datalab/timescaledb.secret/tls.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCApACCQDZeYJxNQgY+DANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAt0 +aW1lc2NhbGVkYjAeFw0yMDEyMjgxMTMxMjJaFw0yMDEyMjkxMTMxMjJaMBYxFDAS +BgNVBAMMC3RpbWVzY2FsZWRiMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAvExoS+tz1L1hrRzqYMVTi6hZUWawoce2GOySrSNQ5lPnSuBMzGiFzRbcJ8jy +LeUyKbauYQwir6UIz8DWoLVYDokGaLMQoDbU01AIAz/9pEzVaPkAX2yewCC6rTWV +YdCxxj1q9V0936I8LD6Fv/zcVhEKRLP9fkGV1kOLlRPyeY5tAZPHOJU4J//O5Gmh +PKQYiNqbGwN8Zo1t5P3vMjOfxLbCEQm3TpxVwmqnjqt9uCLoKoj+honqf5sURckZ +ACKLz8snT2eXiBD1QAlHKrfEeDlzU0HmtphWZ88ylz6X9plwLTdMBxE0Jccc8dib +FN/cAP/K1HdHpRqwXF8VVtlRGw/oIU2+RwqFc9X0O9l5sPGERnrVzfZ8urkpwIK+ +6jTOMI2IbdSwCQ0eN1Lm6h22n4ChE+szu6Px97fBAf5GJ5hz7O6C8pmrCfgXTEvg +8ow6Jj8P9E7bT9PYES05944BZQS1HkiK3MCbq6BLnIFCV+tqQcvHDuuibVyaCF91 +Q6qxR0BX3PH2/V53o25nebclexkxh9RkCevePUI69xBI9pN5eyvGWGr+BsFg95xL +qy8Xv3Q+S0RNvqhIyyxGA87+pBMdKFGbIaZC3Fkybbg7LkPymMaWlMx17XBofz8a +ac2yBUzStK6OoP8XImxNUFj3yWLQzgEnS6rbAzdOD7ayursCAwEAATANBgkqhkiG +9w0BAQsFAAOCAgEAurBNUezYtyXlUOLIHF6IOyj9jpbM9dAG4qN3ve3IXV/fds9o +daT51UtK02VrW4W/gt0oZPKaMI8oEG0iaAMGiy6oplJ9apVnZEwmunpQp7GnyQux +xGM8d4bgFjeSU1R3ramhrp4P6xDYBLiZBI7e/IRewenbdbUBv2O6qhAwewrFABQN +D5tSBkNacBcGUp2qnffbc1Ys0CplSTz/qDLSadznfrx6Py6ssngB/3Kxs3DDSUgM +U3v39uKghbmPq4t8NB/SginRLiG1KKJmkLWIurS/ZsHF7UifQPjnlpCOmS7KrCl6 +Df6Nq7WaICElh+3JymEAkba/vRVJAullbNOnQzAZh76kPAgjE2dypZx/l4E5aF+O +2FXlfRmqW5c3kDOpv0kRFMa5MXS5v1gtSB/aOjIw7AvNnDsL4vOs1S2T9C8UHwe2 +fuVCgsUsA0zSfcKtkyMhITI5/RgKHnmSUnvgvs44ikueOCCsitW4t5cxKYzsZbIw +vU99zwTIqctU/QQTQygskHXBopNS9oUD36h4pKWvav580ldeerpYab0OuhPMHJlE +hinID72nuZU/bngErG3JH74uy6AP0cx232ue44aS6HCfXv7ltd1c49oWzoNjue7N +fTAGjNVKNN9CaUBzK6bsr78zou0Pge3FdLEYpGh0VVAzijYW/OfY4QZbeh0= +-----END CERTIFICATE----- diff --git a/k8s/datalab/timescaledb.secret/tls.key b/k8s/datalab/timescaledb.secret/tls.key new file mode 100644 index 0000000..2336080 --- /dev/null +++ b/k8s/datalab/timescaledb.secret/tls.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC8TGhL63PUvWGt +HOpgxVOLqFlRZrChx7YY7JKtI1DmU+dK4EzMaIXNFtwnyPIt5TIptq5hDCKvpQjP +wNagtVgOiQZosxCgNtTTUAgDP/2kTNVo+QBfbJ7AILqtNZVh0LHGPWr1XT3fojws +PoW//NxWEQpEs/1+QZXWQ4uVE/J5jm0Bk8c4lTgn/87kaaE8pBiI2psbA3xmjW3k +/e8yM5/EtsIRCbdOnFXCaqeOq324IugqiP6Giep/mxRFyRkAIovPyydPZ5eIEPVA +CUcqt8R4OXNTQea2mFZnzzKXPpf2mXAtN0wHETQlxxzx2JsU39wA/8rUd0elGrBc +XxVW2VEbD+ghTb5HCoVz1fQ72Xmw8YRGetXN9ny6uSnAgr7qNM4wjYht1LAJDR43 +UubqHbafgKET6zO7o/H3t8EB/kYnmHPs7oLymasJ+BdMS+DyjDomPw/0TttP09gR +LTn3jgFlBLUeSIrcwJuroEucgUJX62pBy8cO66JtXJoIX3VDqrFHQFfc8fb9Xnej +bmd5tyV7GTGH1GQJ6949Qjr3EEj2k3l7K8ZYav4GwWD3nEurLxe/dD5LRE2+qEjL +LEYDzv6kEx0oUZshpkLcWTJtuDsuQ/KYxpaUzHXtcGh/PxppzbIFTNK0ro6g/xci +bE1QWPfJYtDOASdLqtsDN04PtrK6uwIDAQABAoICAQCHHEhGGYd+ofkhTzs5/r0o +275jM00QeI3IKpBAnbOh4Zh32KQik+lWNM352i00E15AIi3TwvJsl/3PnK4kmJq7 +q0SnAb2vSEjD64wkUNk9+Ee1T94dmoH6mEF6oZUzn5zAAzfpIWORQQbuNFqiXNz5 +ALcefwwoeQT7vnG8oZh98l1zIUd06VVnFh2tNcIVEiXspPdglcrAh0DQbAkjO3mr +m/t6YD9gr7q1ivP54kGOS7XNN4lynileMLeGL3q55w/tJPdq+Yj4gDqKHV4sX7oh +DhAbMJFMedieGkVR0v8VWhnsx93MwGJrrQiu3F7CxrJFIUW32HLXHGRpk2xrafnQ +Na4A86M9Ul49/z7OT/XbFAH/OzW0q1vPZD++QZvoNo+0ES4qKg0uTHXcXza5cxPW +/v32eSSVxO+5Mi+zH6aUvzCbcleFfDGIvKi780HUDk9oq0UK+9Y1geJ3YoptCMLb +WiiBt3Z4wzoTrywvF4P8lyTY5IWGchcrPk6zWRp+kclP7fWj2kXZHhr33F98+7IS +DkIhHCOfIzZwVWKY/n7sOQkVv8740wKVS+TxxGE9wPztNYygKBJCQHEXxIH/QkXh +k4Gqo5FYUCXXaiGtc3Ie2e5w18yirFKE0Mmaes4p5Mjxcw14HWR0gA6r94F8E/up +/jXTmgGlE2VY4AKecEyKgQKCAQEA8hwwFXFrvi6FVWfAO3onI9Go+t7Y2sPMgRrj +f/T3ISo449YsA0WSrL9IABirkujLH+1twpwcklEStmI8w4Aeuus+1/g/wEGGxADD +SyuHqR1cGAORKgXJ87Wg+Tf9Y7iWIt79oLg3xTPY5S04/IGZf8hYlscdabCkVqDL +NyuTv6moV7vQfELF+4yH+y0WkdDgaBb5bszGJrmXm5b4ePgJeoPMes6jFCzkbK7q +TvYig9mbldGurzq1+GmyXQFcyzgigTw/+tJUMIq9CD8AfS/8meYZDgD0LSdwJfeB +bDWn0EVE9i4sZ7d3nx/avV3rRuULj6xPhjtuoD1IaosG+b+1+wKCAQEAxxnmrrWw +tm1vTtM8ADosqhKE878ENv0Dcy2fxp3M4/wk/rZvp5PYWj1413vx78EeHzTNqLWA +4/IpGo9LuDPzVJtPou35ij8l+xk8yyGBNNmr+SWaI5Ht8Nu9/yMxXYziNqMUpuKs +8VRqha6V7ksqZlVJpj3lMhAGPM94OZK4E7UThAkeVSan+kfNCLzgPZEFrH3iRQ3X +sAMe2CMUoKW+bVPpiP0xP4Usa9d7D3xb716eD3ExC3+8eU4lahrv3Ryq8mifn5X+ +xKOHx5Qk5vLQhdWWXzFdQ9ZBIOFY0nAwXDAZcytUAUkzh8mHfCsOkdlDyg1dKKxh +q9oFAP5WceeyQQKCAQAuCpw+R650oUYr4qoU5Xrx/doDs0NL/vYyCxn+aGhivzPI +aB9AlAd7oHihxA9Exc5zCOTZoHRygsZrNq1VhFTTuQ7fZU9CUXO+bGK3NdT7nSC5 +VFxTwHwSQ5UUL8iZIS4z/XIAEWhRsTVrB7mRk1fMjB4EtmLqiXQHIVbj6/6R8UKZ +RJc2OkCKQMRPSNjE7BLw2IWgw4JfNOYW6ZPg9VJgIRZOuGMc4BikbnMShw4zQruq +txBgNGsMjZUkyLCL2OX+66VDHqJyBMBEBC8kn26LGc3j8tx8hcZ3AeVz3ZRHMBUY +N9mr86Dk+trPLkAi4EXdkagh38V+5YiS8lNmRUXnAoIBAQCTmd8LPETiKSTwcea0 +YGxGNO59aOmt/ko1c+hULR39Eis27Xa+6/rjg1j3nrpQPIGhLtscLFp+IkNYnkzL +JTBKU81pAzUQyRnWGfKYwKDx1kEItlib8A5Olgk3gRaSvOPjD2k7AyakzikeK7yY +6P5o2Od9p7snLvwAzunY/K0cZwwtwTjMdZjoEZyt0qAG5GEpbDV3bfitUtLl9rPP +GLCgiinCVbnR1l+FHzzq0Q2y2hkhZ4+tb6gA4e8Yxxl1eVA931Qe0esKShVZ3riw +wefWn+4XahgzNz4XKxhXAbbIURw85i0juunJy5x2b9EgTMpVmyyp/4l1Bm7ZOrRJ +QzRBAoIBAQCUN5yo4sTD+9umzV8GMY5UeAPCYw8LBaZ8KuosUNR5jd7QT5dBCI72 +SHaD6/B+bXME2j0N4RqYbOVhFodllAMk6E3YwPLuQ7Nb6YfqFqZezwO9a4bYigNC +ro6YGoFK6Q1SA/Jk09qWU02kIDSepa8r8k49FucdWC5S7DkLcYes7zl+06MMSZyc +gVQrcdCNqejDFejXjUi9dAbw5I0xIh+P3r4ZOekha6vnfr/bdT9WBeye5tM3s8Vg +A9dNoSknHSTa3j9+5ZYhkyndKmvLKSE7J10iX8HEFNpidWZm+u2SeDMBMDKfQdUL +BBU3UNBXwqXify2dGQautYYv8M1ljOnV +-----END PRIVATE KEY----- diff --git a/k8s/datalab/timescaledb.yml b/k8s/datalab/timescaledb.yml new file mode 100644 index 0000000..508c2e7 --- /dev/null +++ b/k8s/datalab/timescaledb.yml @@ -0,0 +1,15 @@ +replicaCount: 1 + +loadBalancer: + # If not enabled, we still expose the primary using a so called Headless Service + # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + enabled: false + +persistentVolumes: + # For sanity reasons, the actual PGDATA and wal directory will be subdirectories of the Volume mounts, + # this allows Patroni/a human/an automated operator to move directories during bootstrap, which cannot + # be done if we did not use subdirectories + # https://www.postgresql.org/docs/current/creating-cluster.html#CREATING-CLUSTER-MOUNT-POINTS + data: + enabled: true + size: 20Gi \ No newline at end of file diff --git a/k8s/monitoring/prometheus-operator.secret.yml b/k8s/monitoring/prometheus-operator.secret.yml index 132c8c3..26b9548 100644 --- a/k8s/monitoring/prometheus-operator.secret.yml +++ b/k8s/monitoring/prometheus-operator.secret.yml @@ -13,11 +13,27 @@ prometheus: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" - prometheusSpec: - scrapeInterval: "300s" + # prometheusSpec: + # scrapeInterval: "300s" + logLevel: debug + storageSpec: + ## Using PersistentVolumeClaim + ## + volumeClaimTemplate: + spec: + storageClassName: openebs-hostpath + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi + selector: {} alertmanager: enabled: false grafana: + persistence: + enabled: true + imageRenderer: + enabled: true adminPassword: kohkohh5sah1Do3ize2x ingress: enabled: true diff --git a/k8s/monitoring/tankerkoenig.yml b/k8s/monitoring/tankerkoenig.yml index 5bff495..e9ad5f9 100644 --- a/k8s/monitoring/tankerkoenig.yml +++ b/k8s/monitoring/tankerkoenig.yml @@ -62,11 +62,16 @@ metadata: namespace: monitoring labels: app: tankerkoenig-exporter + release: prometheus-operator spec: selector: matchLabels: app: tankerkoenig-exporter + namespaceSelector: + matchNames: + - monitoring endpoints: - - port: "9386" + - port: "tankerkoenig-exporter" interval: 15m - scrapeTimeout: 3m \ No newline at end of file + scrapeTimeout: 3m + path: "/metrics" \ No newline at end of file