sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use generated monitoring secrets

Browse Source
This commit is contained in:
Kochetkov S 2026-05-25 16:33:24 +03:00
parent 2131400030
commit 51c62cbccc
4 changed files with 239 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
clusters/wb/infrastructure/patches/glitchtip.yaml
View File

@ -13,6 +13,12 @@ spec:
deployment:
replicaCount:
_default: 1
podAnnotations:
_default: null
command:
_default: []
args:
_default: []
envs:
- name: SERVER_ROLE
value:
@ -26,10 +32,65 @@ spec:
- name: ENABLE_OPEN_USER_REGISTRATION
value:
_default: "false"
secretEnvs:
- name: DATABASE_URL
secretName:
_default: glitchtip-secret
secretKey: DATABASE_URL
- name: PGHOST
secretName:
_default: glitchtip-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: glitchtip-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: glitchtip-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: glitchtip-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: glitchtip-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: glitchtip-secret
secretKey: PGSSLMODE
- name: REDIS_URL
secretName:
_default: glitchtip-secret
secretKey: REDIS_URL
- name: SECRET_KEY
secretName:
_default: glitchtip-secret
secretKey: SECRET_KEY
- name: EMAIL_URL
secretName:
_default: glitchtip-secret
secretKey: EMAIL_URL
- name: DEFAULT_FROM_EMAIL
secretName:
_default: glitchtip-secret
secretKey: DEFAULT_FROM_EMAIL
serviceAccount:
enabled: true
name:
_default: glitchtip
worker:
deployment:
replicaCount:
_default: 1
podAnnotations:
_default: null
command:
_default: []
args:
_default: []
envs:
- name: SERVER_ROLE
value:
@ -40,13 +101,93 @@ spec:
- name: GLITCHTIP_DOMAIN
value:
_default: https://glitchtip-srx.wb.ru
secretEnvs:
- name: DATABASE_URL
secretName:
_default: glitchtip-secret
secretKey: DATABASE_URL
- name: PGHOST
secretName:
_default: glitchtip-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: glitchtip-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: glitchtip-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: glitchtip-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: glitchtip-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: glitchtip-secret
secretKey: PGSSLMODE
- name: REDIS_URL
secretName:
_default: glitchtip-secret
secretKey: REDIS_URL
- name: SECRET_KEY
secretName:
_default: glitchtip-secret
secretKey: SECRET_KEY
- name: EMAIL_URL
secretName:
_default: glitchtip-secret
secretKey: EMAIL_URL
- name: DEFAULT_FROM_EMAIL
secretName:
_default: glitchtip-secret
secretKey: DEFAULT_FROM_EMAIL
serviceAccount:
enabled: false
name:
_default: ""
glitchtip:
secret:
create: true
data:
PGHOST: sarex-vpsql-01.xc.wb.ru
PGPORT: "5432"
PGDATABASE: glitchtip
PGUSER: glitchtip
PGSSLMODE: disable
REDIS_URL: redis://glitchtip-redis:6379/0
EMAIL_URL: consolemail://
DEFAULT_FROM_EMAIL: glitchtip@grafana-srx.wb.ru
GLITCHTIP_ADMIN_EMAIL: admin@grafana-srx.wb.ru
migrate:
enabled: true
env:
PORT: "8000"
GLITCHTIP_DOMAIN: https://glitchtip-srx.wb.ru
command:
- /bin/sh
- -ec
- |
python manage.py migrate --noinput
python manage.py shell <<'PY'
import os
from django.contrib.auth import get_user_model
email = os.environ["GLITCHTIP_ADMIN_EMAIL"]
password = os.environ["GLITCHTIP_ADMIN_PASSWORD"]
User = get_user_model()
user, _ = User.objects.get_or_create(email=email)
user.is_superuser = True
user.is_staff = True
user.is_active = True
user.set_password(password)
user.save(update_fields=["password", "is_superuser", "is_staff", "is_active"])
print(f"admin-user-ensured:{email}")
PY
vault:
enabled: false

98
clusters/wb/infrastructure/patches/openobserve.yaml
View File

@ -13,21 +13,115 @@ spec:
deployment:
replicaCount:
_default: 1
podAnnotations:
_default: null
image:
name:
_default: public.ecr.aws/zinclabs/openobserve:v0.60.3
pullPolicy:
_default: IfNotPresent
envs:
- name: ZO_HTTP_PORT
value:
_default: "5080"
- name: ZO_LOCAL_MODE
value:
_default: "true"
_default: "false"
- name: ZO_META_STORE
value:
_default: postgres
- name: ZO_CLUSTER_COORDINATOR
value:
_default: nats
- name: ZO_NATS_REPLICAS
value:
_default: "1"
- name: ZO_S3_PROVIDER
value:
_default: s3
- name: ZO_S3_SERVER_URL
value:
_default: http://10.49.10.90:9000
- name: ZO_S3_BUCKET_NAME
value:
_default: openobserve
- name: ZO_S3_REGION_NAME
value:
_default: ru-central1
- name: ZO_TELEMETRY
value:
_default: "false"
secretEnvs:
- name: ZO_ROOT_USER_EMAIL
secretName:
_default: openobserve-secret
secretKey: ZO_ROOT_USER_EMAIL
- name: ZO_ROOT_USER_PASSWORD
secretName:
_default: openobserve-secret
secretKey: ZO_ROOT_USER_PASSWORD
- name: ZO_META_POSTGRES_DSN
secretName:
_default: openobserve-secret
secretKey: ZO_META_POSTGRES_DSN
- name: ZO_NATS_ADDR
secretName:
_default: openobserve-secret
secretKey: ZO_NATS_ADDR
- name: PGHOST
secretName:
_default: openobserve-secret
secretKey: PGHOST
- name: PGPORT
secretName:
_default: openobserve-secret
secretKey: PGPORT
- name: PGDATABASE
secretName:
_default: openobserve-secret
secretKey: PGDATABASE
- name: PGUSER
secretName:
_default: openobserve-secret
secretKey: PGUSER
- name: PGPASSWORD
secretName:
_default: openobserve-secret
secretKey: PGPASSWORD
- name: PGSSLMODE
secretName:
_default: openobserve-secret
secretKey: PGSSLMODE
- name: ZO_S3_ACCESS_KEY
secretName:
_default: openobserve-secret
secretKey: ZO_S3_ACCESS_KEY
- name: ZO_S3_SECRET_KEY
secretName:
_default: openobserve-secret
secretKey: ZO_S3_SECRET_KEY
serviceAccount:
enabled: true
name:
_default: openobserve
openobserve:
secret:
create: true
data:
ZO_ROOT_USER_EMAIL: admin@grafana-srx.wb.ru
PGHOST: sarex-vpsql-01.xc.wb.ru
PGPORT: "5432"
PGDATABASE: openobserve
PGUSER: openobserve
PGSSLMODE: disable
ZO_NATS_ADDR: nats://openobserve-nats:4222
nats:
enabled: false
enabled: true
replicaCount: 1
persistence:
enabled: true
size: 10Gi
storageClassName: local-path
otelCollector:
enabled: false
vault:

2
infrastructure/glitchtip/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: glitchtip
version: "0.1.8"
version: "0.1.9"
sourceRef:
kind: HelmRepository
name: yc-oci-charts

2
infrastructure/openobserve/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: openobserve
version: "0.1.10"
version: "0.1.11"
sourceRef:
kind: HelmRepository
name: yc-oci-charts