add glitchtip + openobserve

2026-05-21 13:49:50 +03:00 · 2026-05-21 13:49:50 +03:00 · db766445dd
commit db766445dd
parent 26639b6208
14 changed files with 260 additions and 0 deletions
--- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
@ -72,6 +72,20 @@ patches:
      kind: HelmRelease
      name: minio
      namespace: minio
+  - path: ./patches/glitchtip.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: glitchtip
+      namespace: glitchtip
+  - path: ./patches/openobserve.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: openobserve
+      namespace: openobserve
  - path: ./patches/rabbitmq.yaml
    target:
      group: helm.toolkit.fluxcd.io
--- a/clusters/yc-k8s-test/infrastructure/patches/glitchtip.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/glitchtip.yaml
@ -0,0 +1,38 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: glitchtip
+  namespace: glitchtip
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    universal-chart:
+      services:
+        web:
+          deployment:
+            replicaCount:
+              _default: 1
+          serviceAccount:
+            enabled: true
+            name:
+              _default: glitchtip-vault
+        worker:
+          deployment:
+            replicaCount:
+              _default: 1
+          serviceAccount:
+            enabled: false
+            name:
+              _default: glitchtip-vault
+    glitchtip:
+      secret:
+        create: false
+        name: glitchtip-secret
+      migrate:
+        enabled: true
+      vault:
+        enabled: true
+        role: glitchtip
+        authPath: auth/kubernetes
+        secretPath: secrets/data/vault/apps/glitchtip
--- a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
@ -49,6 +49,18 @@ spec:
              issuerRef:
                name: letsencrypt-issuer-istio
                kind: ClusterIssuer
+            glitchtip-tls:
+              dnsNames:
+                - glitchtip.contour.infra.sarex.tech
+              issuerRef:
+                name: letsencrypt-issuer-istio
+                kind: ClusterIssuer
+            openobserve-tls:
+              dnsNames:
+                - openobserve.contour.infra.sarex.tech
+              issuerRef:
+                name: letsencrypt-issuer-istio
+                kind: ClusterIssuer
            camunda-keycloak-tls:
              dnsNames:
                - camunda-keycloak.contour.infra.sarex.tech
@ -135,6 +147,22 @@ spec:
                    - keycloak.contour.infra.sarex.tech
                  tls:
                    credentialName: keycloak-tls
+            glitchtip:
+              name: glitchtip-gateway
+              namespace: gateway
+              servers:
+                - hosts:
+                    - glitchtip.contour.infra.sarex.tech
+                  tls:
+                    credentialName: glitchtip-tls
+            openobserve:
+              name: openobserve-gateway
+              namespace: gateway
+              servers:
+                - hosts:
+                    - openobserve.contour.infra.sarex.tech
+                  tls:
+                    credentialName: openobserve-tls
            vault:
              name: vault-gateway
              namespace: gateway
@ -526,6 +554,30 @@ spec:
                    prefix: /
                  service: keycloak-keycloak-contour.keycloak.svc.cluster.local
                  port: 80
+            glitchtip:
+              name: glitchtip-virt-service
+              namespace: gateway
+              hosts:
+                - glitchtip.contour.infra.sarex.tech
+              gateways:
+                - gateway/glitchtip-gateway
+              routes:
+                - path:
+                    prefix: /
+                  service: glitchtip-web.glitchtip.svc.cluster.local
+                  port: 8000
+            openobserve:
+              name: openobserve-virt-service
+              namespace: gateway
+              hosts:
+                - openobserve.contour.infra.sarex.tech
+              gateways:
+                - gateway/openobserve-gateway
+              routes:
+                - path:
+                    prefix: /
+                  service: openobserve-web.openobserve.svc.cluster.local
+                  port: 5080
            camunda-keycloak:
              name: camunda-keycloak-virt-service
              namespace: gateway
--- a/clusters/yc-k8s-test/infrastructure/patches/openobserve.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/openobserve.yaml
@ -0,0 +1,68 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openobserve
+  namespace: openobserve
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    universal-chart:
+      services:
+        openobserve:
+          deployment:
+            replicaCount:
+              _default: 1
+          envs:
+            - name: ZO_HTTP_PORT
+              value:
+                _default: "5080"
+            - name: ZO_LOCAL_MODE
+              value:
+                _default: "false"
+            - name: ZO_META_STORE
+              value:
+                _default: postgres
+            - name: ZO_CLUSTER_COORDINATOR
+              value:
+                _default: nats
+            - name: ZO_NATS_REPLICAS
+              value:
+                _default: "1"
+            - name: ZO_S3_PROVIDER
+              value:
+                _default: s3
+            - name: ZO_S3_SERVER_URL
+              value:
+                _default: http://minio.minio.svc.cluster.local:9000
+            - name: ZO_S3_BUCKET_NAME
+              value:
+                _default: open-observe
+            - name: ZO_S3_REGION_NAME
+              value:
+                _default: ru-central1
+            - name: ZO_TELEMETRY
+              value:
+                _default: "false"
+          serviceAccount:
+            enabled: true
+            name:
+              _default: openobserve-vault
+    openobserve:
+      secret:
+        create: false
+        name: openobserve-secret
+      nats:
+        enabled: true
+        replicaCount: 1
+        persistence:
+          enabled: true
+          size: 10Gi
+          storageClassName: local-path
+      otelCollector:
+        enabled: false
+      vault:
+        enabled: true
+        role: openobserve
+        authPath: auth/kubernetes
+        secretPath: secrets/data/vault/apps/openobserve
--- a/clusters/yc-k8s-test/infrastructure/patches/postgresql.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/postgresql.yaml
@ -136,6 +136,16 @@ spec:
            - pg_stat_statements
            - uuid-ossp
          restoreFromDump: false
+        - name: glitchtip
+          user: glitchtip
+          passwordKey: glitchtip
+          extensions: []
+          restoreFromDump: false
+        - name: openobserve
+          user: openobserve
+          passwordKey: openobserve
+          extensions: []
+          restoreFromDump: false

        # - name: camunda_db
        #   user: camunda
--- a/infrastructure/glitchtip/base/helmrelease.yaml
+++ b/infrastructure/glitchtip/base/helmrelease.yaml
@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: glitchtip
+  namespace: glitchtip
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: glitchtip-contour
+      version: "0.1.7"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
--- a/infrastructure/glitchtip/base/kustomization.yaml
+++ b/infrastructure/glitchtip/base/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: glitchtip
+resources:
+  - namespace.yaml
+  - helmrelease.yaml
--- a/infrastructure/glitchtip/base/namespace.yaml
+++ b/infrastructure/glitchtip/base/namespace.yaml
@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: glitchtip
+  labels:
+    istio-injection: enabled
--- a/infrastructure/glitchtip/kustomization.yaml
+++ b/infrastructure/glitchtip/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./base
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@ -9,6 +9,8 @@ resources:
  - keycloak
  - local-path-provisioner
  - minio
+  - glitchtip
+  - openobserve
  - openldap
  - postgresql
  - rabbitmq
--- a/infrastructure/openobserve/base/helmrelease.yaml
+++ b/infrastructure/openobserve/base/helmrelease.yaml
@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openobserve
+  namespace: openobserve
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: openobserve-contour
+      version: "0.1.7"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
--- a/infrastructure/openobserve/base/kustomization.yaml
+++ b/infrastructure/openobserve/base/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openobserve
+resources:
+  - namespace.yaml
+  - helmrelease.yaml
--- a/infrastructure/openobserve/base/namespace.yaml
+++ b/infrastructure/openobserve/base/namespace.yaml
@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openobserve
+  labels:
+    istio-injection: enabled
--- a/infrastructure/openobserve/kustomization.yaml
+++ b/infrastructure/openobserve/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./base