264 lines
6.2 KiB
YAML
264 lines
6.2 KiB
YAML
---
|
|
apiVersion: mongodbcommunity.mongodb.com/v1
|
|
kind: MongoDBCommunity
|
|
metadata:
|
|
name: mongodb
|
|
spec:
|
|
additionalMongodConfig:
|
|
systemLog:
|
|
quiet: true
|
|
members: 3
|
|
type: ReplicaSet
|
|
version: "5.0.13"
|
|
security:
|
|
authentication:
|
|
modes: ["SCRAM"]
|
|
users:
|
|
- name: readwrite
|
|
db: application
|
|
passwordSecretRef:
|
|
name: mongodb-application-readwrite-password
|
|
roles:
|
|
- name: readWrite
|
|
db: application
|
|
scramCredentialsSecretName: mongodb-application-readwrite
|
|
- name: readonly
|
|
db: application
|
|
passwordSecretRef:
|
|
name: mongodb-application-readonly-password
|
|
roles:
|
|
- name: readOnly
|
|
db: application
|
|
scramCredentialsSecretName: mongodb-application-readonly
|
|
statefulSet:
|
|
spec:
|
|
logLevel: WARN
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: mongod
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 2Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
- name: mongodb-agent
|
|
resources:
|
|
requests:
|
|
cpu: 1m
|
|
memory: 100Mi
|
|
limits: {}
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- mongodb-svc
|
|
topologyKey: kubernetes.io/hostname
|
|
nodeSelector:
|
|
dedicated: monitoring
|
|
tolerations:
|
|
- key: dedicated
|
|
operator: Equal
|
|
value: monitoring
|
|
effect: NoSchedule
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: logs-volume
|
|
spec:
|
|
storageClassName: local-path
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 512Mi
|
|
- metadata:
|
|
name: data-volume
|
|
spec:
|
|
storageClassName: local-path
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: log-shipper
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 50%
|
|
selector:
|
|
matchLabels:
|
|
app: log-shipper
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: log-shipper
|
|
spec:
|
|
serviceAccountName: log-shipper
|
|
containers:
|
|
- name: log-shipper
|
|
image: harbor.k-space.ee/k-space/log-shipper
|
|
securityContext:
|
|
runAsUser: 0
|
|
env:
|
|
- name: MY_POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: MONGODB_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mongodb-application-readwrite
|
|
key: connectionString.standard
|
|
ports:
|
|
- containerPort: 8000
|
|
name: metrics
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
volumeMounts:
|
|
- name: etcmachineid
|
|
mountPath: /etc/machine-id
|
|
readOnly: true
|
|
- name: varlibdockercontainers
|
|
mountPath: /var/lib/docker/containers
|
|
readOnly: true
|
|
- name: varlog
|
|
mountPath: /var/log
|
|
readOnly: true
|
|
volumes:
|
|
- name: etcmachineid
|
|
hostPath:
|
|
path: /etc/machine-id
|
|
- name: varlibdockercontainers
|
|
hostPath:
|
|
path: /var/lib/docker/containers
|
|
- name: varlog
|
|
hostPath:
|
|
path: /var/log
|
|
tolerations:
|
|
- operator: "Exists"
|
|
effect: "NoExecute"
|
|
- operator: "Exists"
|
|
effect: "NoSchedule"
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: logging-log-shipper
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: log-shipper
|
|
namespace: playground
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: filebeat
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: log-shipper
|
|
labels:
|
|
app: log-shipper
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: log-shipper
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: log-shipper
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: prometheus-operator
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: mongodb-svc
|
|
ports:
|
|
- port: 27017
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: log-viewer-backend
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: log-viewer-backend
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: mongodb-svc
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: log-viewer-frontend
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: log-viewer-frontend
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: log-shipper
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: log-shipper
|
|
podMetricsEndpoints:
|
|
- port: metrics
|