diff --git a/.gitignore b/.gitignore index 9185880..361cbcd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -builder.cue stack.cue +builder.cue \ No newline at end of file diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue index 22caebc..9e933b5 100644 --- a/k8s/services/grafana/helm-8.5.cue +++ b/k8s/services/grafana/helm-8.5.cue @@ -2,436 +2,91 @@ package grafana import ( "k8s.io/api/core/v1" - // "stakpak.dev/devx/k8s" + "stakpak.dev/devx/k8s" ) -#KubeVersion: [=~"^8\\.5\\.1"]: minor: >=21 -#Values: [=~"^8\\.5\\.1"]: { +// Define Helm chart settings +#KubeVersion: [=~"^8\\.5\\."]: minor: >=21 - global: { - imageRegistry: string | *null - imagePullSecrets: [...string] | *[] - } - rbac: { - create: bool | *true - pspEnabled: bool | *false - pspUseAppArmor: bool | *false - namespaced: bool | *false - extraRoleRules: [...{}] | *[] - extraClusterRoleRules: [...{}] | *[] - } - serviceAccount: { - create: bool | *true - name: string | *null - nameTest: string | *null - labels: {} | *{} - automountServiceAccountToken: bool | *false - } - replicas: int | *1 - headlessService: bool | *false - automountServiceAccountToken: bool | *true - autoscaling: { - enabled: bool | *false - minReplicas: int | *1 - maxReplicas: int | *5 - targetCPU: string | *"60" - targetMemory: string | *"" - behavior: {} | *{} - } - podDisruptionBudget: {} | *{} - deploymentStrategy: { - type: string | *"RollingUpdate" - } - readinessProbe: { - httpGet: { - path: string | *"/api/health" - port: int | *3000 - } - } - livenessProbe: { - httpGet: { - path: string | *"/api/health" - port: int | *3000 - } - initialDelaySeconds: int | *60 - timeoutSeconds: int | *30 - failureThreshold: int | *10 - } - image: { - registry: string | *"docker.io" - repository: string | *"grafana/grafana" - tag: string | *"latest" - sha: string | *"" - pullPolicy: v1.PullPolicy | *"IfNotPresent" - pullSecrets: [...string] | *[] - } - testFramework: { - enabled: bool | *true - image: { - registry: string | *"docker.io" - repository: string | *"bats/bats" - tag: string | *"v1.4.1" - } - imagePullPolicy: v1.PullPolicy | *"IfNotPresent" - securityContext: {} | *{} - resources: {} | *{} - } - dnsPolicy: string | *null - dnsConfig: {} | *{} - securityContext: { - runAsNonRoot: bool | *true - runAsUser: int | *472 - runAsGroup: int | *472 - fsGroup: int | *472 - } - containerSecurityContext: { - allowPrivilegeEscalation: bool | *false - capabilities: { - drop: [...string] | *["ALL"] - } - seccompProfile: { - type: string | *"RuntimeDefault" - } - } - createConfigmap: bool | *true - extraConfigmapMounts: [...{}] | *[] - extraEmptyDirMounts: [...{}] | *[] - extraLabels: {} | *{} - downloadDashboardsImage: { - registry: string | *"docker.io" - repository: string | *"curlimages/curl" - tag: string | *"7.85.0" - sha: string | *"" - pullPolicy: v1.PullPolicy | *"IfNotPresent" - } - downloadDashboards: { - env: {} | *{} - envFromSecret: string | *"" - resources: {} | *{} - securityContext: { - allowPrivilegeEscalation: bool | *false - capabilities: { - drop: [...string] | *["ALL"] - } - seccompProfile: { - type: string | *"RuntimeDefault" - } - } - envValueFrom: {} | *{} - } - service: { - enabled: bool | *true - type: string | *"ClusterIP" - ipFamilyPolicy: string | *"" - ipFamilies: [...string] | *[] - loadBalancerIP: string | *"" - loadBalancerClass: string | *"" - loadBalancerSourceRanges: [...string] | *[] - port: int | *80 - targetPort: int | *3000 - annotations: {} | *{} - labels: {} | *{} - portName: string | *"service" - appProtocol: string | *"" - } - serviceMonitor: { - enabled: bool | *false - path: string | *"/metrics" - labels: {} | *{} - interval: string | *"30s" - scheme: string | *"http" - tlsConfig: {} | *{} - scrapeTimeout: string | *"30s" - relabelings: [...{}] | *[] - metricRelabelings: [...{}] | *[] - targetLabels: [...string] | *[] - } - extraExposePorts: [...{}] | *[] - hostAliases: [...{}] | *[] - ingress: { - enabled: bool | *false - annotations: {} | *{} - labels: {} | *{} - path: string | *"/" - pathType: string | *"Prefix" - hosts: [...string] | *["chart-example.local"] - extraPaths: [...{}] | *[] - tls: [...{}] | *[] - } - resources: {} | *{} - nodeSelector: {} | *{} - tolerations: [...{}] | *[] - affinity: {} | *{} - topologySpreadConstraints: [...{}] | *[] - extraInitContainers: [...{}] | *[] - extraContainers: string | *"" - extraContainerVolumes: [...{}] | *[] - extraVolumeMounts: [...{}] | *[] - extraVolumes: [...{}] | *[] - persistence: { - type: string | *"pvc" - enabled: bool | *false - accessModes: [...string] | *["ReadWriteOnce"] - size: string | *"10Gi" - finalizers: [...string] | *["kubernetes.io/pvc-protection"] - extraPvcLabels: {} | *{} - disableWarning: bool | *false - inMemory: { - enabled: bool | *false - } - lookupVolumeName: bool | *true - } - initChownData: { - enabled: bool | *true - image: { - registry: string | *"docker.io" - repository: string | *"library/busybox" - tag: string | *"1.31.1" - sha: string | *"" - pullPolicy: v1.PullPolicy | *"IfNotPresent" - } - resources: {} | *{} - securityContext: { - runAsNonRoot: bool | *false - runAsUser: int | *0 - seccompProfile: { - type: string | *"RuntimeDefault" - } - capabilities: { - add: [...string] | *["CHOWN"] - } - } - } - adminUser: string | *"admin" - adminPassword: string | *"admin" - admin: { - existingSecret: string | *"" - userKey: string | *"admin-user" - passwordKey: string | *"admin-password" - } - command: [...string] | *null - args: [...string] | *null - env: {} | *{} - envValueFrom: {} | *{} - envFromSecret: string | *"" - envRenderSecret: {} | *{} - envFromSecrets: [...{}] | *[] - envFromConfigMaps: [...{}] | *[] - enableServiceLinks: bool | *true - extraSecretMounts: [...{}] | *[] - extraVolumeMounts: [...{}] | *[] - extraVolumes: [...{}] | *[] - lifecycleHooks: {} | *{} - plugins: [...string] | *[] - datasources: { - enabled: bool | *false - } - alerting: {} | *{} - notifiers: {} | *{} - dashboardProviders: {} | *{} - dashboards: {} | *{} - dashboardsConfigMaps: {} | *{} - grafana_ini: { - paths: { - data: string | *"/var/lib/grafana/" - logs: string | *"/var/log/grafana" - plugins: string | *"/var/lib/grafana/plugins" - provisioning: string | *"/etc/grafana/provisioning" - } - analytics: { - check_for_updates: bool | *true - } - log: { - mode: string | *"console" - } - grafana_net: { - url: string | *"https://grafana.net" - } - server: { - domain: string | *"" - } - } - ldap: { - enabled: bool | *false - existingSecret: string | *"" - config: string | *"" - } - smtp: { - existingSecret: string | *"" - userKey: string | *"user" - passwordKey: string | *"password" - } - sidecar: { - image: { - registry: string | *"quay.io" - repository: string | *"kiwigrid/k8s-sidecar" - tag: string | *"1.27.4" - sha: string | *"" - pullPolicy: v1.PullPolicy | *"IfNotPresent" - } - resources: {} | *{} - securityContext: { - allowPrivilegeEscalation: bool | *false - capabilities: { - drop: [...string] | *["ALL"] - } - seccompProfile: { - type: string | *"RuntimeDefault" - } - } - alerts: { - enabled: bool | *false - env: {} | *{} - label: string | *"grafana_alert" - labelValue: string | *"" - searchNamespace: string | *null - watchMethod: string | *"WATCH" - resource: string | *"both" - reloadURL: string | *"http://localhost:3000/api/admin/provisioning/alerting/reload" - skipReload: bool | *false - initAlerts: bool | *false - } - dashboards: { - enabled: bool | *false - env: {} | *{} - SCProvider: bool | *true - label: string | *"grafana_dashboard" - labelValue: string | *"" - folder: string | *"/tmp/dashboards" - defaultFolderName: string | *null - searchNamespace: string | *null - watchMethod: string | *"WATCH" - resource: string | *"both" - folderAnnotation: string | *null - reloadURL: string | *"http://localhost:3000/api/admin/provisioning/dashboards/reload" - skipReload: bool | *false - } - datasources: { - enabled: bool | *false - env: {} | *{} - label: string | *"grafana_datasource" - labelValue: string | *"" - searchNamespace: string | *null - watchMethod: string | *"WATCH" - resource: string | *"both" - reloadURL: string | *"http://localhost:3000/api/admin/provisioning/datasources/reload" - skipReload: bool | *false - initDatasources: bool | *false - } - plugins: { - enabled: bool | *false - env: {} | *{} - label: string | *"grafana_plugin" - labelValue: string | *"" - searchNamespace: string | *null - watchMethod: string | *"WATCH" - resource: string | *"both" - reloadURL: string | *"http://localhost:3000/api/admin/provisioning/plugins/reload" - skipReload: bool | *false - initPlugins: bool | *false - } - notifiers: { - enabled: bool | *false - env: {} | *{} - label: string | *"grafana_notifier" - labelValue: string | *"" - searchNamespace: string | *null - watchMethod: string | *"WATCH" - resource: string | *"both" - reloadURL: string | *"http://localhost:3000/api/admin/provisioning/notifications/reload" - skipReload: bool | *false - initNotifiers: bool | *false - } - } - namespaceOverride: string | *"" - revisionHistoryLimit: int | *10 - imageRenderer: { - deploymentStrategy: {} | *{} - enabled: bool | *false - replicas: int | *1 - autoscaling: { - enabled: bool | *false - minReplicas: int | *1 - maxReplicas: int | *5 - targetCPU: string | *"60" - targetMemory: string | *"" - behavior: {} | *{} - } - serverURL: string | *"" - renderingCallbackURL: string | *"" - image: { - registry: string | *"docker.io" - repository: string | *"grafana/grafana-image-renderer" - tag: string | *"latest" - sha: string | *"" - pullPolicy: v1.PullPolicy | *"Always" - } - env: { - HTTP_HOST: string | *"0.0.0.0" - } - envValueFrom: {} | *{} - serviceAccountName: string | *"" - securityContext: {} | *{} - containerSecurityContext: { - seccompProfile: { - type: string | *"RuntimeDefault" - } - capabilities: { - drop: [...string] | *["ALL"] - } - allowPrivilegeEscalation: bool | *false - readOnlyRootFilesystem: bool | *true - } - service: { - enabled: bool | *true - portName: string | *"http" - port: int | *8081 - targetPort: int | *8081 - appProtocol: string | *"" - } - serviceMonitor: { - enabled: bool | *false - path: string | *"/metrics" - labels: {} | *{} - interval: string | *"1m" - scheme: string | *"http" - tlsConfig: {} | *{} - scrapeTimeout: string | *"30s" - relabelings: [...{}] | *[] - targetLabels: [...string] | *[] - } - grafanaProtocol: string | *"http" - grafanaSubPath: string | *"" - podPortName: string | *"http" - revisionHistoryLimit: int | *10 - networkPolicy: { - limitIngress: bool | *true - limitEgress: bool | *false - extraIngressSelectors: [...{}] | *[] - } - resources: {} | *{} - nodeSelector: {} | *{} - tolerations: [...{}] | *[] - affinity: {} | *{} - extraConfigmapMounts: [...{}] | *[] - extraSecretMounts: [...{}] | *[] - extraVolumeMounts: [...{}] | *[] - extraVolumes: [...{}] | *[] - } - networkPolicy: { - enabled: bool | *false - ingress: bool | *true - allowExternal: bool | *true - explicitNamespacesSelector: {} | *{} - egress: { - enabled: bool | *false - blockDNSResolution: bool | *false - ports: [...{}] | *[] - to: [...{}] | *[] - } - } - enableKubeBackwardCompatibility: bool | *false - useStatefulSet: bool | *false - extraObjects: [...{}] | *[] - assertNoLeakedSecrets: bool | *true +#Values: [=~"^8\\.5\\."]: { + + global: { + imageRegistry: string | *null + imagePullSecrets: [...string] | *[] + } + + grafana: { + enabled: bool | *true + isDefault: bool | *true + + // Health check probes + readinessProbe: { + httpGet: { + path: string | *"/api/health" + port: int | *3000 + } + } + livenessProbe: { + httpGet: { + path: string | *"/api/health" + port: int | *3000 + } + initialDelaySeconds: int | *60 + timeoutSeconds: int | *30 + failureThreshold: int | *10 + } + + // Service configuration + service: { + enabled: bool | *true + type: string | *"ClusterIP" + port: int | *80 + targetPort: int | *3000 + annotations: k8s.#Annotations + labels: k8s.#Labels + } + + // Image configuration for Grafana + image: { + registry: string | *"docker.io" + repository: string | *"grafana/grafana" + tag: string | *"latest" + pullPolicy: v1.PullPolicy | *"IfNotPresent" + } + + // Resource requests and limits + resources: { + limits: { + cpu: string | *"500m" + memory: string | *"1Gi" + } + requests: { + cpu: string | *"250m" + memory: string | *"512Mi" + } + } + + // Persistence settings + persistence: { + enabled: bool | *false + accessModes: [...string] | *["ReadWriteOnce"] + size: string | *"10Gi" + } + + // Additional configurations for pods + nodeSelector: k8s.#Labels + tolerations: [...v1.#Toleration] + affinity: v1.#Affinity + } + // Service account and RBAC + serviceAccount: { + create: bool | *true + name: string | *null + } + rbac: { + create: bool | *true + pspEnabled: bool | *false + extraRoleRules: [...{}] | *[] + extraClusterRoleRules: [...{}] | *[] + } } \ No newline at end of file diff --git a/k8s/services/grafana/helm.cue b/k8s/services/grafana/helm.cue index 6beadd1..be42cdf 100644 --- a/k8s/services/grafana/helm.cue +++ b/k8s/services/grafana/helm.cue @@ -16,7 +16,7 @@ import ( url: "https://grafana.github.io/helm-charts" chart: "grafana" - version: string | *"8.5.1" + version: string | *"8.5.11" namespace: string | *"monitoring" release: string diff --git a/k8s/services/grafana/resources/resources.cue b/k8s/services/grafana/resources/resources.cue new file mode 100644 index 0000000..4660682 --- /dev/null +++ b/k8s/services/grafana/resources/resources.cue @@ -0,0 +1,14 @@ +package resources + +#GrafanaDataSource: { + "datasources.yaml": { + apiVersion: 1 + datasources: [...{ + name: string + type: string + url: string + access: "proxy" + isDefault: bool | *false + }] + } +} \ No newline at end of file diff --git a/k8s/services/loki/helm-2.10.cue b/k8s/services/loki/helm-2.10.cue new file mode 100644 index 0000000..89bd755 --- /dev/null +++ b/k8s/services/loki/helm-2.10.cue @@ -0,0 +1,39 @@ +package loki + +#KubeVersion: [=~"^2\\.10\\."]: minor: >=21 +#Values: [=~"^2\\.10\\."]: { + + loki: { + env: [ + { + name: "AWS_ACCESS_KEY_ID" + valueFrom: { + secretKeyRef: { + name: *"iam-loki-s3" | string + key: *"AWS_ACCESS_KEY_ID" | string + } + } + }, + { + name: "AWS_SECRET_ACCESS_KEY" + valueFrom: { + secretKeyRef: { + name: *"iam-loki-s3" | string + key: *"AWS_SECRET_ACCESS_KEY" | string + } + } + } + ] + ... + } + + promtail: { + enabled: *true | bool + config: { + clients: [{ + url: *"http://loki.monitoring.svc.cluster.local:3100/loki/api/v1/push" | string + }] + } + } + +} diff --git a/k8s/services/loki/helm-6.16.cue b/k8s/services/loki/helm-6.16.cue deleted file mode 100644 index f478135..0000000 --- a/k8s/services/loki/helm-6.16.cue +++ /dev/null @@ -1,42 +0,0 @@ -package loki - -#KubeVersion: [=~"^6\\.16\\.0"]: minor: >=21 -#Values: [=~"^6\\.16\\.0"]: { - - // Loki settings - loki: { - enabled: bool | *true - isDefault: bool | *true - // url: string | *"http://{{(include \"loki.serviceName\" .)}}:{{ .Values.loki.service.port }}" - readinessProbe: { - httpGet: { - path: string | *"/ready" - port: string | *"http-metrics" - } - initialDelaySeconds: int | *45 - } - livenessProbe: { - httpGet: { - path: string | *"/ready" - port: string | *"http-metrics" - } - initialDelaySeconds: int | *45 - } - datasource: { - jsonData: string | *"{}" - uid: string | *"" - } - } - - // Promtail settings - promtail: { - enabled: bool | *true - config: { - logLevel: string | *"info" - serverPort: int | *3101 - // clients: [{ - // url: string | *"http://{{ .Release.Name }}:3100/loki/api/v1/push" - // }] - } - } -} \ No newline at end of file diff --git a/k8s/services/loki/helm.cue b/k8s/services/loki/helm.cue index 9203b6c..a3a3a96 100644 --- a/k8s/services/loki/helm.cue +++ b/k8s/services/loki/helm.cue @@ -14,9 +14,9 @@ import ( helm: { repoType: "default" url: "https://grafana.github.io/helm-charts" - chart: "loki" + chart: "loki-stack" - version: string | *"6.16.0" + version: string | *"2.10.2" namespace: string | *"monitoring" release: string diff --git a/k8s/services/loki/resources/resources.cue b/k8s/services/loki/resources/resources.cue new file mode 100644 index 0000000..281f1ea --- /dev/null +++ b/k8s/services/loki/resources/resources.cue @@ -0,0 +1,40 @@ +package resources + +#LokiStorageConfig: { + schema_config: { + configs: [{ + from: *"2021-05-12" | string + store: *"boltdb-shipper" | string + object_store: *"s3" | string + schema: *"v11" | string + index: { + prefix: *"loki_index_" | string + period: *"24h" | string + } + }] + } + + storage_config: { + aws: { + s3: *"s3://us-east-1/observtest" | string + s3forcepathstyle: *true | bool + bucketnames: *"observtest" | string + region: *"us-east-1" | string + insecure: *false | bool + sse_encryption: *false | bool + } + boltdb_shipper: { + shared_store: *"s3" | string + cache_ttl: *"24h" | string + } + } + } + +#Promtail: { + enabled: *true | bool + config: { + clients: [{ + url: *"http://loki.monitoring.svc.cluster.local:3100/loki/api/v1/push" | string + }] + } +} \ No newline at end of file diff --git a/k8s/services/pixie/helm-0.1.cue b/k8s/services/pixie/helm-0.1.cue new file mode 100644 index 0000000..b3ed434 --- /dev/null +++ b/k8s/services/pixie/helm-0.1.cue @@ -0,0 +1,58 @@ +package pixie + +import ( + "k8s.io/api/core/v1" + "stakpak.dev/devx/k8s" +) + +#KubeVersion: [=~"^0\\.1\\."]: minor: >=21 +#Values: [=~"^0\\.1\\."]: { + // OLM configuration + deployOLM: *"" | string // Optional; defaults to whether OLM is present in the cluster. + olmNamespace: *"olm" | string + olmOperatorNamespace: *"px-operator" | string + olmBundleChannel: *"stable" | string + + olmCatalogSource: { + annotations: {} // Optional annotations for CatalogSource pods. + labels: {} // Optional labels for CatalogSource pods. + } + + // Vizier configuration + vizier: { + name: *"pixie" | string // Name of the Vizier instance + clusterName: string | *"ObservTest" // Cluster name for Vizier monitoring + version: *"" | string // Operator deploys the latest version if empty + // deployKey: string | *"px-dep-7f20ab42-b199-418f-872b-f5a84378152f" // Deployment key for Vizier + deployKey: string // Deployment key for Vizier + disableAutoUpdate: *false | bool // Disable auto-updates if true + useEtcdOperator: *false | bool // Use etcd for in-memory storage if true + cloudAddr: *"withpixie.ai:443" | string // Pixie cloud instance address + devCloudNamespace: *"plc" | string // Namespace for dev Pixie cloud, if used + + pemMemoryLimit: *"" | string // PEM pod memory limit (defaults to 2Gi if empty) + pemMemoryRequest: *"" | string // PEM pod memory request (defaults to pemMemoryLimit if empty) + dataAccess: *"Full" | string // Data access level for scripts on cluster + + pod: { + annotations: k8s.#Annotations + labels: k8s.#Labels + resources: { + + limits: { + cpu: *"500m" | string + memory: *"2Gi" | string + } + requests: { + cpu: *"100m" | string + memory: *"1Gi" | string + } + } + + nodeSelector: k8s.#Labels + tolerations: [...v1.#Toleration] + } + + } + +} \ No newline at end of file diff --git a/k8s/services/pixie/helm.cue b/k8s/services/pixie/helm.cue new file mode 100644 index 0000000..4539702 --- /dev/null +++ b/k8s/services/pixie/helm.cue @@ -0,0 +1,29 @@ +package pixie + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/v1/traits" +) + +#PixieChart: { + traits.#Helm + k8s: "version": (v1.getMatch & { + match: helm.version + input: #KubeVersion + }).result + helm: { + repoType: "default" + url: "https://pixie-operator-charts.storage.googleapis.com" + chart: "pixie-operator-chart" + + version: string | *"0.1.6" + + namespace: "pl" + release: string | *"pixie" + + values: (v1.getMatch & { + match: version + input: #Values + }).result + } +} \ No newline at end of file diff --git a/k8s/services/prometheus/helm-25.26.cue b/k8s/services/prometheus/helm-25.26.cue index 9ebe013..fcf7012 100644 --- a/k8s/services/prometheus/helm-25.26.cue +++ b/k8s/services/prometheus/helm-25.26.cue @@ -1,143 +1,172 @@ package prometheus -#KubeVersion: [=~"^25\\.26\\.0"]: minor: >=21 -#Values: [=~"^25\\.26\\.0"]: { +import ( + "k8s.io/api/core/v1" + "stakpak.dev/devx/k8s" +) - rbac: create: bool | *true - podSecurityPolicy: enabled: bool | *false - imagePullSecrets: [...{ name: string }] - serviceAccounts: { - server: { - create: bool | *true - name: string | *"" - annotations: [string]: string - } - } - commonMetaLabels: [string]: string - configmapReload: { - reloadUrl: string | *"" - env: [...{ - name: string - value: string | *"" - valueFrom: { - secretKeyRef: { - name: string - key: string - optional: bool | *false - } - } - }] - prometheus: { - enabled: bool | *true - name: string | *"configmap-reload" - image: { - repository: string | *"quay.io/prometheus-operator/prometheus-config-reloader" - tag: string | *"latest" - digest: string | *"" - pullPolicy: string | *"IfNotPresent" - } - containerPort: int | *8080 - containerPortName: string | *"metrics" - extraArgs: [string]: string - extraVolumeDirs: [string]: string - extraVolumeMounts: [string]: string - extraConfigmapMounts: [...{ - name: string - mountPath: string - subPath: string - configMap: string - readOnly: bool | *true - }] - containerSecurityContext: [string]: string - livenessProbe: { - httpGet: { - path: string | *"/healthz" - port: int | *8080 - scheme: string | *"HTTP" - } - periodSeconds: int | *10 - initialDelaySeconds: int | *2 - } - readinessProbe: { - httpGet: { - path: string | *"/healthz" - port: int | *8080 - scheme: string | *"HTTP" - } - periodSeconds: int | *10 - } - startupProbe: { - enabled: bool | *false - httpGet: { - path: string | *"/healthz" - port: int | *8080 - scheme: string | *"HTTP" - } - periodSeconds: int | *10 - } - resources: [string]: string - } - } +#KubeVersion: [=~"^25\\.26\\."]: minor: >=21 +#Values: [=~"^25\\.26\\."]: { - server: { - name: string | *"server" - image: { - repository: string | *"quay.io/prometheus/prometheus" - tag: string | *"" - digest: string | *"" - pullPolicy: string | *"IfNotPresent" - } - global: { - scrape_interval: string | *"1m" - scrape_timeout: string | *"10s" - evaluation_interval: string | *"1m" - } - resources: { - limits: { - cpu: string | *"500m" - memory: string | *"512Mi" - } - requests: { - cpu: string | *"500m" - memory: string | *"512Mi" - } - } - podSecurityContext: { - runAsUser: int | *65534 - runAsNonRoot: bool | *true - fsGroup: int | *65534 - } - service: { - enabled: bool | *true - type: string | *"ClusterIP" - servicePort: int | *80 - } - ingress: { - enabled: bool | *false - annotations: [string]: string - hosts: [string] - path: string | *"/" - tls: [...{ - secretName: string - hosts: [string] - }] - } - persistentVolume: { - enabled: bool | *true - size: string | *"8Gi" - storageClass: string | *"" - accessModes: [...string] | *["ReadWriteOnce"] - mountPath: string | *"/data" - } - alertmanager: { - enabled: bool | *true - persistence: { - enabled: bool | *true - size: string | *"2Gi" - } - } - kubeStateMetrics: enabled: bool | *true - nodeExporter: enabled: bool | *true - pushGateway: enabled: bool | *true - } -} \ No newline at end of file + // RBAC settings + rbac: create: bool | *true + + // Pod Security Policy settings + podSecurityPolicy: enabled: bool | *false + + // Image pull secrets for Prometheus deployment + imagePullSecrets: [...v1.#LocalObjectReference] + + // Service Account configuration + #ServiceAccount: { + // Specifies whether a service account should be created. + create: bool | *true + // Annotations for the service account. + annotations: k8s.Annotations | *null + // Extra labels for the service account. + extraLabels: [string]: string + // Name of the service account to use. + name: string | *"" + } + + // Common meta labels + commonMetaLabels: [string]: string + + // ConfigMap reload settings + configmapReload: { + reloadUrl: string | *"" + env: [...{ + name: string + value: string | *"" + valueFrom: { + secretKeyRef: { + name: string + key: string + optional: bool | *false + } + } + }] + prometheus: { + enabled: bool | *true + name: string | *"configmap-reload" + image: { + repository: string | *"quay.io/prometheus-operator/prometheus-config-reloader" + tag: string | *"v0.77.2" + digest: string | *"" + pullPolicy: string | *"IfNotPresent" + } + containerPort: int | *8080 + containerPortName: string | *"metrics" + extraArgs: [string]: string + extraVolumeDirs: [] + extraVolumeMounts: [] + extraConfigmapMounts: [...{ + name: string + mountPath: string + subPath: string + configMap: string + readOnly: bool | *true + }] + containerSecurityContext: v1.#SecurityContext + livenessProbe: { + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + initialDelaySeconds: int | *2 + } + readinessProbe: { + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + } + startupProbe: { + enabled: bool | *false + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + } + resources: v1.#ResourceRequirements + } + } + + // Prometheus server settings + server: { + name: string | *"server" + image: { + repository: string | *"quay.io/prometheus/prometheus" + tag: string | *"" + digest: string | *"" + pullPolicy: string | *"IfNotPresent" + } + global: { + scrape_interval: string | *"1m" + scrape_timeout: string | *"10s" + evaluation_interval: string | *"1m" + } + resources: { + limits: { + cpu: string | *"500m" + memory: string | *"512Mi" + } + requests: { + cpu: string | *"500m" + memory: string | *"512Mi" + } + } + + // Pod security context + podSecurityContext: v1.#PodSecurityContext + + // Service configuration + service: { + enabled: bool | *true + type: string | *"ClusterIP" + servicePort: int | *80 + } + + // Ingress configuration + ingress: { + enabled: bool | *false + // annotations: [string]: string + annotations: k8s.Annotations | *null + hosts: [...string] + path: string | *"/" + tls: [...{ + secretName: string + hosts: [...string] + }] + } + + // Persistent volume configuration + persistentVolume: { + enabled: bool | *true + size: string | *"8Gi" + storageClass: string | *"" + accessModes: [...string] | *["ReadWriteOnce"] + mountPath: string | *"/data" + } + + // Alertmanager settings + alertmanager: { + enabled: bool | *true + persistence: { + enabled: bool | *true + size: string | *"2Gi" + } + } + + // Additional monitoring components + kubeStateMetrics: enabled: bool | *true + nodeExporter: enabled: bool | *true + pushGateway: enabled: bool | *true + } +} diff --git a/k8s/stacks/fullobserv.cue b/k8s/stacks/fullobserv.cue new file mode 100644 index 0000000..8bd514a --- /dev/null +++ b/k8s/stacks/fullobserv.cue @@ -0,0 +1,39 @@ +package stacks + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/k8s/services/loki" + "stakpak.dev/devx/k8s/services/grafana" + "stakpak.dev/devx/k8s/services/prometheus" + "stakpak.dev/devx/k8s/services/pixie" +) + +FullObservabilityStack: v1.#Stack & { + $metadata: stack: "FullObservabilityStack" + components: { + "loki": loki.#LokiChart & { + helm: { + release: "loki" + values: {} + } + } + "grafana": grafana.#GrafanaChart & { + helm: { + release: "grafana" + values: {} + } + } + "prometheus": prometheus.#PrometheusChart & { + helm: { + release: "prometheus" + values: {} + } + } + "pixie": pixie.#PixieChart & { + helm: { + release: "pixie" + values: {} + } + } + } +} \ No newline at end of file diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 499ddd6..02cab68 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -12,21 +12,18 @@ ObservabilityStack: v1.#Stack & { components: { "loki": loki.#LokiChart & { helm: { - version: "6.16.0" release: "loki" values: {} } } "grafana": grafana.#GrafanaChart & { helm: { - version: "8.5.1" release: "grafana" values: {} } } "prometheus": prometheus.#PrometheusChart & { helm: { - version: "25.26.0" release: "prometheus" values: {} }