diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index b18fd2935..000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
- - package-ecosystem: 'github-actions'
- directory: '/'
- schedule:
- interval: 'weekly'
diff --git a/.github/scripts/check-automerge.py b/.github/scripts/check-automerge.py
deleted file mode 100644
index 0559dc2dc..000000000
--- a/.github/scripts/check-automerge.py
+++ /dev/null
@@ -1,27 +0,0 @@
-import subprocess
-import re
-import os
-
-automerge = False
-old_major = old_minor = old_patch = new_major = new_minor = new_patch = None
-
-result = subprocess.run("git diff", shell=True, capture_output=True)
-if result.returncode == 0:
- diff = result.stdout.decode("utf-8")
- if match := re.search(r"\-.+?(\d+)\.(\d+)\.(\d+).+\"\$imagepolicy\"", diff):
- old_major, old_minor, old_patch = match.groups()
-
- if match := re.search(r"\+.+?(\d+)\.(\d+)\.(\d+).+\"\$imagepolicy\"", diff):
- new_major, new_minor, new_patch = match.groups()
-
- if new_major == old_major and new_minor == old_minor:
- automerge = True
-
-print("Automerge: %s" % automerge)
-print("Old tag: %s.%s.%s" % (old_major, old_minor, old_patch))
-print("New tag: %s.%s.%s" % (new_major, new_minor, new_patch))
-
-with open(os.environ["GITHUB_OUTPUT"], "a") as f :
- print("{0}={1}".format("automerge", automerge), file=f)
- print("{0}={1}".format("old_tag", "%s.%s.%s" % (old_major, old_minor, old_patch)), file=f)
- print("{0}={1}".format("new_tag", "%s.%s.%s" % (new_major, new_minor, new_patch)), file=f)
diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod
deleted file mode 100644
index d59f2c4b0..000000000
--- a/.github/scripts/infrautil/go.mod
+++ /dev/null
@@ -1,27 +0,0 @@
-module github.com/walnuts1018/infra/.github/scripts/infrautil
-
-go 1.23.2
-
-require (
- github.com/google/go-jsonnet v0.20.0
- github.com/google/subcommands v1.2.0
- github.com/phsym/console-slog v0.3.1
- github.com/yosuke-furukawa/json5 v0.1.1
-)
-
-require (
- github.com/fatih/color v1.16.0 // indirect
- github.com/goccy/go-yaml v1.11.3 // indirect
- github.com/kr/text v0.2.0 // indirect
- github.com/mattn/go-colorable v0.1.13 // indirect
- github.com/mattn/go-isatty v0.0.20 // indirect
- golang.org/x/sys v0.17.0 // indirect
- golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-)
-
-require (
- github.com/sters/yaml-diff v1.3.2
- gopkg.in/yaml.v2 v2.4.0 // indirect
- gopkg.in/yaml.v3 v3.0.1
- sigs.k8s.io/yaml v1.1.0 // indirect
-)
diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum
deleted file mode 100644
index 14ca1fbb7..000000000
--- a/.github/scripts/infrautil/go.sum
+++ /dev/null
@@ -1,59 +0,0 @@
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
-github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I=
-github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g=
-github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA=
-github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
-github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/phsym/console-slog v0.3.1 h1:Fuzcrjr40xTc004S9Kni8XfNsk+qrptQmyR+wZw9/7A=
-github.com/phsym/console-slog v0.3.1/go.mod h1:oJskjp/X6e6c0mGpfP8ELkfKUsrkDifYRAqJQgmdDS0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/sters/yaml-diff v1.3.2 h1:99Ke50QYFQYZjKMOiePxwyuQ+WeCvNy6cRooqdLs/ZE=
-github.com/sters/yaml-diff v1.3.2/go.mod h1:86usbNZiUqke5wYjMxDVEjmvGjmY2FkMwOwe0A5zf68=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/yosuke-furukawa/json5 v0.1.1 h1:0F9mNwTvOuDNH243hoPqvf+dxa5QsKnZzU20uNsh3ZI=
-github.com/yosuke-furukawa/json5 v0.1.1/go.mod h1:sw49aWDqNdRJ6DYUtIQiaA3xyj2IL9tjeNYmX2ixwcU=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
-golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
diff --git a/.github/scripts/infrautil/lib/testfiles/ingress.yaml b/.github/scripts/infrautil/lib/testfiles/ingress.yaml
deleted file mode 100644
index 28c7aa054..000000000
--- a/.github/scripts/infrautil/lib/testfiles/ingress.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- labels:
- app: http-dump
- app.kubernetes.io/name: http-dump
- name: http-dump
- namespace: default
-spec:
- ingressClassName: nginx
- rules:
- - host: httptest.walnuts.dev
- http:
- paths:
- - backend:
- service:
- name: http-dump
- port:
- number: 8080
- path: /
- pathType: Prefix
diff --git a/.github/workflows/badge.yaml b/.github/workflows/badge.yaml
index 955cb4903..97b42b41e 100644
--- a/.github/workflows/badge.yaml
+++ b/.github/workflows/badge.yaml
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: setup tailscale
- uses: tailscale/github-action@v2
+ uses: tailscale/github-action@v3
with:
oauth-client-id: ${{secrets.TAILSCALE_CLIENT_ID}}
oauth-secret: ${{secrets.TAILSCALE_SECRET}}
diff --git a/.github/workflows/gen-namespace.yaml b/.github/workflows/gen-namespace.yaml
index 78a705040..80194ced0 100644
--- a/.github/workflows/gen-namespace.yaml
+++ b/.github/workflows/gen-namespace.yaml
@@ -18,8 +18,8 @@ jobs:
- name: setup-go
uses: actions/setup-go@v5
with:
- go-version-file: ".github/scripts/infrautil/go.mod"
- cache-dependency-path: ".github/scripts/infrautil/go.sum"
+ go-version-file: "scripts/infrautil/go.mod"
+ cache-dependency-path: "scripts/infrautil/go.sum"
- name: make namespace
run: |
diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml
index 1692bd2d1..66011c37c 100644
--- a/.github/workflows/snapshot-diff.yaml
+++ b/.github/workflows/snapshot-diff.yaml
@@ -15,8 +15,8 @@ jobs:
- name: setup-go
uses: actions/setup-go@v5
with:
- go-version-file: ".github/scripts/infrautil/go.mod"
- cache-dependency-path: ".github/scripts/infrautil/go.sum"
+ go-version-file: "scripts/infrautil/go.mod"
+ cache-dependency-path: "scripts/infrautil/go.sum"
- name: make snapshot
run: |
@@ -31,7 +31,8 @@ jobs:
- name: mv
run: |
mkdir /tmp/snapshots-main
- mv k8s/argocdapps /tmp/snapshots-main/argocdapps
+ mv k8s/apps /tmp/snapshots-main/apps
+ mv k8s/helm /tmp/snapshots-main/helm
- name: Upload folder
uses: actions/upload-artifact@v4
@@ -51,21 +52,15 @@ jobs:
with:
name: manifests
- - name: install dyff
- run: |
- wget https://github.com/homeport/dyff/releases/download/v1.8.0/dyff_1.8.0_linux_amd64.tar.gz
- tar -xvf dyff_1.8.0_linux_amd64.tar.gz
- chmod +x dyff
-
- name: Build markdown comment with manifest diff
run: |
- echo "# Manifest diff
+ echo "# Manifest (k8s/apps) diff
Click to expand
\`\`\`diff
- $(for f in $(find snapshots-head -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done)
+ $(for f in $(find snapshots-head/apps -type f); do diff -u $(echo $f | sed 's/head/main/') $f; done)
\`\`\`
" | tee /tmp/diff.md
@@ -79,25 +74,23 @@ jobs:
https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \
-d @-
- - name: Build markdown comment with manifest dyff
+ - name: Build markdown comment with helm diff
run: |
- echo "# Manifest dyff
+ echo "# Helm diff
Click to expand
\`\`\`diff
- # $(./dyff between manifests-base.yaml manifests-head.yaml)
- $(for f in $(find snapshots-head -type f); do echo "## $f"; ./dyff between $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done)
+ $(for f in $(find snapshots-head/helm -type f); do diff -u $(echo $f | sed 's/head/main/') $f; done)
\`\`\`
-
- " | tee /tmp/dyff.md
+ " | tee /tmp/diff.md
# PRへのコメントだけど、issue commentのAPIを使うらしい
- name: Comment manifest diff to GitHub PR
continue-on-error: true
run: |
- cat /tmp/dyff.md | jq -Rs '{ "body": . }' | curl --fail \
+ cat /tmp/diff.md | jq -Rs '{ "body": . }' | curl --fail \
-X POST -H 'Accept: application/vnd.github.v3+json' \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \
diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml
index 4e211ed52..148027d53 100644
--- a/.github/workflows/snapshot.yaml
+++ b/.github/workflows/snapshot.yaml
@@ -1,6 +1,10 @@
name: Snapshot Auto Generation
on:
push:
+ branches:
+ - "**"
+ - "!snapshot"
+ pull_request:
branches:
- main
workflow_dispatch:
@@ -30,19 +34,30 @@ jobs:
- name: setup-go
uses: actions/setup-go@v5
with:
- go-version-file: ".github/scripts/infrautil/go.mod"
- cache-dependency-path: ".github/scripts/infrautil/go.sum"
+ go-version-file: "scripts/infrautil/go.mod"
+ cache-dependency-path: "scripts/infrautil/go.sum"
- name: make snapshot
run: |
make snapshot
+ - name: Upload folder
+ uses: actions/upload-artifact@v4
+ with:
+ if-no-files-found: error
+ name: snapshots
+ path: |
+ k8s/snapshots
+
- name: mv snapshot
+ if: ${{ github.ref_name == 'main' }}
run: |
- rm -rf k8s/argocdapps
- mv k8s/snapshots/argocdapps k8s/argocdapps
+ rm -rf k8s/apps
+ mv k8s/snapshots/apps k8s/apps
+ mv k8s/snapshots/helm k8s/helm
- name: push
+ if: ${{ github.ref_name == 'main' }}
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
@@ -52,6 +67,7 @@ jobs:
scan:
runs-on: ubuntu-latest
+ if: ${{ github.ref_name == 'main' }}
needs: snapshot
steps:
- uses: actions/checkout@v4
@@ -59,7 +75,7 @@ jobs:
ref: snapshot
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@0.28.0
+ uses: aquasecurity/trivy-action@0.29.0
with:
scan-type: "config"
format: "sarif"
@@ -76,11 +92,20 @@ jobs:
runs-on: ubuntu-latest
needs: snapshot
steps:
- - uses: actions/checkout@v4
+ - uses: actions/download-artifact@v4
with:
- ref: snapshot
+ name: snapshots
- name: Lint manifest with kubeconform
uses: docker://ghcr.io/yannh/kubeconform:latest
with:
- args: "-ignore-missing-schemas -strict -summary k8s/argocdapps"
+ args: "-ignore-missing-schemas -strict -summary apps"
+
+ # auto merge用
+ # auto megeはskipもsuccessとみなす
+ status-check:
+ runs-on: ubuntu-latest
+ needs: [lint]
+ if: failure()
+ steps:
+ - run: exit 1
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 8b1378917..000000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 7c07102c2..98175feae 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -1,9 +1,23 @@
misconfigurations:
- id: KSV017
paths:
- - "k8s/argocdapps/machine-status-api/deployment.yaml"
- statement: Accept Privileged
+ - "k8s/apps/machine-status-api/deployment.yaml"
+ statement: 特定のコンテナはPrivilegedを許可する
- id: KSV023
paths:
- - "k8s/argocdapps/samba/deployment.yaml"
- statement: accept hostpath
+ - "k8s/apps/samba/deployment.yaml"
+ statement: 特定のコンテナはホストマウントを許可する
+- id: AVD-KSV-0109
+ statement: Disable "ConfigMap with secrets" as there are many false positives.
+- id: AVD-KSV-01010
+ statement: Disable "ConfigMap with sensitive content" as there are many false positives.
+- id: KSV022
+ paths:
+ - "k8s/helm/cilium-helm.yaml"
+ statement: accept capabilities.add in cilium
+- id: AVD-KSV-0022
+ statement: "`NET_BIND_SERVICE` should be added to the capabilities.add list in the securityContext"
+- id: AVD-KSV-0020
+ statement: runAsUserのチェックは要らない
+- id: AVD-KSV-0021
+ statement: runAsGroupのチェックは要らない
diff --git a/Makefile b/Makefile
index 7b626700e..ad7ede989 100644
--- a/Makefile
+++ b/Makefile
@@ -1,22 +1,54 @@
-INFRAUTIL ?= .github/scripts/infrautil/infrautil
-
-.PHONY: build-tools
-build-tools: build-infrautil build-infrautil2
+INFRAUTIL ?= scripts/infrautil/infrautil
build-infrautil:
- cd .github/scripts/infrautil && go build -o infrautil .
+ cd scripts/infrautil && go build -o infrautil .
.PHONY: namespace
namespace: build-infrautil
- $(INFRAUTIL) namespace -d ./k8s/argocdapps -o ./k8s/namespaces/namespaces.json5
+ $(INFRAUTIL) namespace -d ./k8s/apps -o ./k8s/namespaces/namespaces.json5
.PHONY: snapshot
snapshot: build-infrautil
- $(INFRAUTIL) snapshot -d ./k8s/argocdapps -o ./k8s/snapshots/argocdapps
-
-# SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)
-# .PHONY: terraform
-# terraform:
-# terraform -chdir=".\terraform\kurumi" init
-# terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(SECRET_KEY)"
-# terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(SECRET_KEY)" -auto-approve
+ make app-snapshot
+ make helm-snapshot
+
+.PHONY: app-snapshot
+app-snapshot:
+ $(INFRAUTIL) snapshot -d ./k8s/apps -o ./k8s/snapshots/apps
+
+.PHONY: helm-snapshot
+helm-snapshot:
+ $(INFRAUTIL) helm-snapshot -d ./k8s/snapshots/apps -o ./k8s/snapshots/helm
+
+.PHONY: terraform
+terraform:
+ make terraform-setup
+ make terraform-plan
+ make terraform-apply
+
+.PHONY: terraform-setup
+terraform-setup:
+ kubectl port-forward -n minio services/minio 9000:9000 &
+
+ $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal))
+ terraform -chdir=".\terraform\kurumi" init -upgrade -backend-config="secret_key=$(MINIO_SECRET_KEY)" -migrate-state
+
+.PHONY: terraform-plan
+terraform-plan:
+ $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal))
+ $(eval CLOUDFLARE_API_TOKEN := $(shell op item get cloudflare --field terraform-api-token --reveal))
+ terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(MINIO_SECRET_KEY)" -var="cloudflare_api_token=$(CLOUDFLARE_API_TOKEN)"
+
+.PHONY: terraform-apply
+terraform-apply:
+ $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal))
+ $(eval CLOUDFLARE_API_TOKEN := $(shell op item get cloudflare --field terraform-api-token --reveal))
+ terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(MINIO_SECRET_KEY)" -var="cloudflare_api_token=$(CLOUDFLARE_API_TOKEN)" -auto-approve
+
+.PHONY: aquq
+aquq:
+ aqua i
+
+.PHONY: lint
+lint: snapshot
+ kubeconform -ignore-missing-schemas -strict -summary k8s/snapshots/apps
diff --git a/README.md b/README.md
index 57e0d0d98..2cc9decf7 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,18 @@
-
+
+ 
- 
+
+
+
@@ -26,15 +29,13 @@ Walnuts 家の自宅サーバ全般のリポジトリです。
- [README](./k8s/README.md)
### YAML
+
このリポジトリではjsonnetを用いてマニフェスト管理を行っています。
YAMLの生成結果は[snapshot](https://github.com/walnuts1018/infra/tree/snapshot)ブランチへと自動的にpushされるので、そちらを参照してください。
-## Actions
-
-- [k8s-badge](./.github/workflows/badge.yaml)
-- [CI](./.github/workflows/k8s.yaml)
-- [flux Manigests AutoGen](./.github/workflows/auto-gen.yaml)
## Renovate
- [renovate.json](./renovate.json5)
+
+
diff --git a/aqua.yaml b/aqua.yaml
new file mode 100644
index 000000000..e1ee880f8
--- /dev/null
+++ b/aqua.yaml
@@ -0,0 +1,14 @@
+---
+# aqua - Declarative CLI Version Manager
+# https://aquaproj.github.io/
+# checksum:
+# enabled: true
+# require_checksum: true
+# supported_envs:
+# - all
+registries:
+- type: standard
+ ref: v4.306.1 # renovate: depName=aquaproj/aqua-registry
+packages:
+- name: yannh/kubeconform@v0.6.7
+- name: hashicorp/terraform@v1.10.5
diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml
index f57933a83..a5e01b083 100644
--- a/k8s/_argocd/applications/apps.yaml
+++ b/k8s/_argocd/applications/apps.yaml
@@ -11,7 +11,7 @@ spec:
repoURL: https://github.com/walnuts1018/infra
revision: main
files:
- - path: "k8s/argocdapps/*/app.json5"
+ - path: "k8s/apps/*/app.json5"
template:
metadata:
name: '{{.name}}'
@@ -26,7 +26,7 @@ spec:
path: '{{.path.path}}'
directory:
recurse: true
- exclude: 'config/*'
+ exclude: '{config/*,_*/*}'
jsonnet:
tlas:
- name: ''
@@ -35,3 +35,6 @@ spec:
automated:
selfHeal: true
prune: true
+ syncOptions:
+ - ServerSideApply=true
+ - FailOnSharedResource=true
diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml
index 77a500f6a..3e35a09ba 100644
--- a/k8s/_argocd/applications/argocd.yaml
+++ b/k8s/_argocd/applications/argocd.yaml
@@ -13,6 +13,7 @@ spec:
repoURL: 'https://github.com/walnuts1018/infra'
targetRevision: main
directory:
+ recurse: true
jsonnet:
tlas:
- name: ''
@@ -21,3 +22,6 @@ spec:
automated:
selfHeal: true
prune: true
+ syncOptions:
+ - ServerSideApply=true
+ - FailOnSharedResource=true
diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml
index 6b718ded9..528c6a0a9 100644
--- a/k8s/_argocd/applications/namespaces.yaml
+++ b/k8s/_argocd/applications/namespaces.yaml
@@ -20,3 +20,6 @@ spec:
automated:
selfHeal: true
prune: true
+ syncOptions:
+ - ServerSideApply=true
+ - FailOnSharedResource=true
diff --git a/k8s/_argocd/argocd_components/appproject.jsonnet b/k8s/_argocd/argocd_components/appproject.jsonnet
new file mode 100644
index 000000000..9357793db
--- /dev/null
+++ b/k8s/_argocd/argocd_components/appproject.jsonnet
@@ -0,0 +1,34 @@
+{
+ apiVersion: 'argoproj.io/v1alpha1',
+ kind: 'AppProject',
+ metadata: {
+ name: 'default',
+ namespace: (import 'app.json5').namespace,
+ annotations: {
+ local slackChannel = 'sysop',
+ 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel,
+ 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel,
+ 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel,
+ },
+ },
+ spec: {
+ clusterResourceWhitelist: [
+ {
+ group: '*',
+ kind: '*',
+ },
+ ],
+ destinations: [
+ {
+ namespace: '*',
+ server: '*',
+ },
+ ],
+ orphanedResources: {
+ warn: false,
+ },
+ sourceRepos: [
+ '*',
+ ],
+ },
+}
diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet
index 86a38e522..824e30a90 100644
--- a/k8s/_argocd/argocd_components/helm.jsonnet
+++ b/k8s/_argocd/argocd_components/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'argo-cd',
repoURL: 'https://argoproj.github.io/argo-helm',
- targetRevision: '7.6.12',
+ targetRevision: '7.8.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet b/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet
new file mode 100644
index 000000000..3444bbdc9
--- /dev/null
+++ b/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet
@@ -0,0 +1,14 @@
+(import '../../components/external-secret.libsonnet') {
+ name: 'argocd-notifications-secret',
+ use_suffix: false,
+ namespace: (import 'app.json5').namespace,
+ data: [
+ {
+ secretKey: 'slack-token',
+ remoteRef: {
+ key: 'argocd',
+ property: 'slack-token',
+ },
+ },
+ ],
+}
diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml
index 95602727a..5ae4da800 100644
--- a/k8s/_argocd/argocd_components/values.yaml
+++ b/k8s/_argocd/argocd_components/values.yaml
@@ -17,28 +17,380 @@ configs:
- CiliumIdentity
clusters:
- "*"
- dex.config: |
- connectors:
- - type: oidc
- id: walnuts-dev
- name: walnuts-dev
- config:
- clientID: "291851981864108044"
- clientSecret: $argocd-oidc:client-secret
- issuer: https://auth.walnuts.dev
- scopes:
- - openid
- - email
- - profile
- - urn:zitadel:iam:org:projects:roles
+ resource.customizations.ignoreDifferences.apps_Deployment: |
+ jsonPointers:
+ - /spec/replicas
+ resource.customizations.ignoreDifferences.apps_StatefulSet: |
+ jsonPointers:
+ - /spec/replicas
+ resource.customizations.ignoreDifferences.autoscaling_HorizontalPodAutoscaler: |
+ jsonPointers:
+ - /spec/metrics
+ oidc.config: |
+ name: walnuts-dev
+ issuer: https://auth.walnuts.dev
+ clientID: "296595833422414292"
+ clientSecret: $argocd-oidc:client-secret
+ requestedScopes:
+ - openid
+ - email
+ - profile
+ users.anonymous.enabled: false
+ users.session.duration: "168h" # 7 days
+ application.resourceTrackingMethod: "annotation"
+ kustomize.buildOptions: --enable-helm
params:
otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317'
server.insecure: true
server.basehref: /
+ controller.diff.server.side: "true"
+ controller.resource.health.persist: "false"
+
+ rbac:
+ create: true
+ policy.csv: |
+ g, 237477822715658605:argocd-admin, role:admin
+ scopes: '[my:zitadel:grants]'
+ policy.default: ''
+
+controller:
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ resources:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 800m
+ memory: 512Mi
+
+dex:
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+
+redis:
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
server:
ingress:
enabled: true
controller: generic
- ingressClassName: "nginx"
+ ingressClassName: "cilium"
tls: false
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 128Mi
+
+repoServer:
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 48m
+ memory: 128Mi
+
+applicationSet:
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+
+notifications:
+ argocdUrl: "https://argocd.walnuts.dev"
+ context:
+ cluster: "kurumi"
+ secret:
+ create: false
+ name: "argocd-notifications-secret"
+ cm:
+ create: true
+ notifiers:
+ service.slack: |
+ token: $slack-token
+ icon: ":argo:"
+ username: argocd
+ templates:
+ template.app-deployed: |
+ email:
+ subject: New version of an application {{.app.metadata.name}} is up and running.
+ message: |
+ {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
+ slack:
+ attachments: |
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#18be52",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ },
+ {
+ "title": "Revision",
+ "value": "{{.app.status.sync.revision}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ template.app-health-degraded: |
+ email:
+ subject: Application {{.app.metadata.name}} has degraded.
+ message: |
+ {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
+ Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
+ slack:
+ attachments: |-
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#f4c030",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ template.app-sync-failed: |
+ email:
+ subject: Failed to sync application {{.app.metadata.name}}.
+ message: |
+ {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
+ Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
+ slack:
+ attachments: |-
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#E96D76",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ template.app-sync-running: |
+ email:
+ subject: Start syncing application {{.app.metadata.name}}.
+ message: |
+ The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
+ Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
+ slack:
+ attachments: |-
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#0DADEA",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ template.app-sync-status-unknown: |
+ email:
+ subject: Application {{.app.metadata.name}} sync status is 'Unknown'
+ message: |
+ {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
+ Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
+ {{if ne .serviceType "slack"}}
+ {{range $c := .app.status.conditions}}
+ * {{$c.message}}
+ {{end}}
+ {{end}}
+ slack:
+ attachments: |-
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#E96D76",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ template.app-sync-succeeded: |
+ email:
+ subject: Application {{.app.metadata.name}} has been successfully synced.
+ message: |
+ {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
+ Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
+ slack:
+ attachments: |-
+ [{
+ "title": "{{ .app.metadata.name}}",
+ "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
+ "color": "#18be52",
+ "fields": [
+ {
+ "title": "Sync Status",
+ "value": "{{.app.status.sync.status}}",
+ "short": true
+ },
+ {
+ "title": "Repository",
+ "value": "{{.app.spec.source.repoURL}}",
+ "short": true
+ }
+ {{range $index, $c := .app.status.conditions}}
+ {{if not $index}},{{end}}
+ {{if $index}},{{end}}
+ {
+ "title": "{{$c.type}}",
+ "value": "{{$c.message}}",
+ "short": true
+ }
+ {{end}}
+ ]
+ }]
+ triggers:
+ trigger.on-deployed: |
+ - description: Application is synced and healthy. Triggered once per commit.
+ oncePer: app.status.sync.revision
+ send:
+ - app-deployed
+ when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
+ trigger.on-health-degraded: |
+ - description: Application has degraded
+ send:
+ - app-health-degraded
+ when: app.status.health.status == 'Degraded'
+ trigger.on-sync-failed: |
+ - description: Application syncing has failed
+ send:
+ - app-sync-failed
+ when: app.status.operationState.phase in ['Error', 'Failed']
+ trigger.on-sync-running: |
+ - description: Application is being synced
+ send:
+ - app-sync-running
+ when: app.status.operationState.phase in ['Running']
+ trigger.on-sync-status-unknown: |
+ - description: Application status is 'Unknown'
+ send:
+ - app-sync-status-unknown
+ when: app.status.sync.status == 'Unknown'
+ trigger.on-sync-succeeded: |
+ - description: Application syncing has succeeded
+ send:
+ - app-sync-succeeded
+ when: app.status.operationState.phase in ['Succeeded']
+
+ defaultTriggers: |
+ - on-sync-status-unknown
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml
index 87679e805..90dd53cb8 100644
--- a/k8s/_argocd/clusters/kurumi/base.yaml
+++ b/k8s/_argocd/clusters/kurumi/base.yaml
@@ -12,7 +12,13 @@ spec:
- path: k8s/_argocd/applications
repoURL: 'https://github.com/walnuts1018/infra'
targetRevision: main
+ - path: k8s/_argocd/clusters/kurumi
+ repoURL: 'https://github.com/walnuts1018/infra'
+ targetRevision: main
syncPolicy:
automated:
selfHeal: true
prune: true
+ syncOptions:
+ - ServerSideApply=true
+ - FailOnSharedResource=true
diff --git a/k8s/argocdapps/ac-hacking-2024/app.json5 b/k8s/apps/ac-hacking-2024/app.json5
similarity index 100%
rename from k8s/argocdapps/ac-hacking-2024/app.json5
rename to k8s/apps/ac-hacking-2024/app.json5
diff --git a/k8s/argocdapps/ac-hacking-2024/back/deployment.jsonnet b/k8s/apps/ac-hacking-2024/back/deployment.jsonnet
similarity index 100%
rename from k8s/argocdapps/ac-hacking-2024/back/deployment.jsonnet
rename to k8s/apps/ac-hacking-2024/back/deployment.jsonnet
diff --git a/k8s/argocdapps/ac-hacking-2024/back/external-secret.jsonnet b/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet
similarity index 88%
rename from k8s/argocdapps/ac-hacking-2024/back/external-secret.jsonnet
rename to k8s/apps/ac-hacking-2024/back/external-secret.jsonnet
index 30b6c8943..b08d132f8 100644
--- a/k8s/argocdapps/ac-hacking-2024/back/external-secret.jsonnet
+++ b/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet
@@ -5,7 +5,7 @@
secretKey: 'postgres_password',
remoteRef: {
key: 'postgres_passwords',
- property: 'ac-hacking',
+ property: 'ac_hacking',
},
},
],
diff --git a/k8s/argocdapps/ac-hacking-2024/back/service.jsonnet b/k8s/apps/ac-hacking-2024/back/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/ac-hacking-2024/back/service.jsonnet
rename to k8s/apps/ac-hacking-2024/back/service.jsonnet
diff --git a/k8s/argocdapps/ac-hacking-2024/front/deployment.jsonnet b/k8s/apps/ac-hacking-2024/front/deployment.jsonnet
similarity index 100%
rename from k8s/argocdapps/ac-hacking-2024/front/deployment.jsonnet
rename to k8s/apps/ac-hacking-2024/front/deployment.jsonnet
diff --git a/k8s/argocdapps/ac-hacking-2024/front/service.jsonnet b/k8s/apps/ac-hacking-2024/front/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/ac-hacking-2024/front/service.jsonnet
rename to k8s/apps/ac-hacking-2024/front/service.jsonnet
diff --git a/k8s/argocdapps/ac-hacking-2024/oauth2-proxy.jsonnet b/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet
similarity index 76%
rename from k8s/argocdapps/ac-hacking-2024/oauth2-proxy.jsonnet
rename to k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet
index 12c12ec12..4149063b4 100644
--- a/k8s/argocdapps/ac-hacking-2024/oauth2-proxy.jsonnet
+++ b/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet
@@ -1,14 +1,14 @@
-(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') {
- app:: {
+(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({
+ app: {
name: 'ac-hacking',
namespace: (import 'app.json5').namespace,
},
domain: 'ac-hacking-2024.walnuts.dev',
upstream: 'http://ac-hacking-2024-back.ac-hacking-2024.svc.cluster.local:8080',
- oidc:: {
- secret:: {
+ oidc: {
+ secret: {
onepassword_item_name: 'ac-hacking-oauth2-proxy',
},
allowed_group: '237477822715658605:ac-hacking-admin',
},
-}
+})
diff --git a/k8s/apps/affine/app.json5 b/k8s/apps/affine/app.json5
new file mode 100644
index 000000000..1c9219465
--- /dev/null
+++ b/k8s/apps/affine/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "affine",
+ namespace: "affine",
+}
diff --git a/k8s/apps/affine/config/affine.js b/k8s/apps/affine/config/affine.js
new file mode 100644
index 000000000..972094979
--- /dev/null
+++ b/k8s/apps/affine/config/affine.js
@@ -0,0 +1,16 @@
+AFFiNE.use("oauth", {
+ providers: {
+ oidc: {
+ // OpenID Connect
+ issuer: "",
+ clientId: "",
+ clientSecret: "",
+ args: {
+ scope: "openid email profile",
+ claim_id: "preferred_username",
+ claim_email: "email",
+ claim_name: "name",
+ },
+ },
+ },
+});
diff --git a/k8s/apps/affine/configmap.jsonnet b/k8s/apps/affine/configmap.jsonnet
new file mode 100644
index 000000000..fd5245af5
--- /dev/null
+++ b/k8s/apps/affine/configmap.jsonnet
@@ -0,0 +1,8 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'affine.js': (importstr './config/affine.js'),
+ },
+}
diff --git a/k8s/apps/affine/external-secret.jsonnet b/k8s/apps/affine/external-secret.jsonnet
new file mode 100644
index 000000000..b3fa4aab4
--- /dev/null
+++ b/k8s/apps/affine/external-secret.jsonnet
@@ -0,0 +1,49 @@
+std.mergePatch((import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name + '-minio',
+ use_suffix: false,
+ data: [
+ {
+ secretKey: 'redispassword',
+ remoteRef: {
+ key: 'redis',
+ property: 'password',
+ },
+ },
+ {
+ secretKey: 'dbpassword',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'affine',
+ },
+ },
+ {
+ secretKey: 'mailerpassword',
+ remoteRef: {
+ key: 'resend',
+ property: 'api-key',
+ },
+ },
+ {
+ secretKey: 'oidcclientsecret',
+ remoteRef: {
+ key: 'zitadel',
+ property: 'affine',
+ },
+ },
+ ],
+}, {
+ spec: {
+ target: {
+ template: {
+ engineVersion: 'v2',
+ type: 'Opaque',
+ data: {
+ 'postgres-url': 'postgres://affine:{{ .dbpassword }}@postgresql-default.databases.svc.cluster.local/affine',
+ redispassword: '{{ .redispassword }}',
+ 'mailer-password': '{{ .mailerpassword }}',
+ 'oidc-client-secret': '{{ .oidcclientsecret }}',
+ },
+ },
+ },
+ },
+})
diff --git a/k8s/apps/affine/ingress.jsonnet b/k8s/apps/affine/ingress.jsonnet
new file mode 100644
index 000000000..5317f0cac
--- /dev/null
+++ b/k8s/apps/affine/ingress.jsonnet
@@ -0,0 +1,36 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ annotations: {
+ 'nginx.ingress.kubernetes.io/proxy-body-size': '4G',
+ },
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'affine.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import 'service.jsonnet').metadata.name,
+ port: {
+ name: 'http',
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ },
+}
diff --git a/k8s/argocdapps/misskey/pvc.jsonnet b/k8s/apps/affine/pvc.jsonnet
similarity index 79%
rename from k8s/argocdapps/misskey/pvc.jsonnet
rename to k8s/apps/affine/pvc.jsonnet
index 3cda9e945..7a56eaedb 100644
--- a/k8s/argocdapps/misskey/pvc.jsonnet
+++ b/k8s/apps/affine/pvc.jsonnet
@@ -2,11 +2,11 @@
apiVersion: 'v1',
kind: 'PersistentVolumeClaim',
metadata: {
- name: (import 'app.json5').name,
+ name: 'affine-storage',
},
spec: {
storageClassName: 'longhorn',
- volumeName: 'misskey',
+ volumeName: 'affine-storage',
accessModes: [
'ReadWriteOnce',
],
diff --git a/k8s/apps/affine/redis.jsonnet b/k8s/apps/affine/redis.jsonnet
new file mode 100644
index 000000000..c42766565
--- /dev/null
+++ b/k8s/apps/affine/redis.jsonnet
@@ -0,0 +1,39 @@
+{
+ apiVersion: 'redis.redis.opstreelabs.in/v1beta2',
+ kind: 'Redis',
+ metadata: {
+ local appname = (import 'app.json5').name + '-redis',
+ name: appname,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: appname },
+
+ },
+ spec: {
+ kubernetesConfig: {
+ image: 'quay.io/opstree/redis:v7.0.12',
+ imagePullPolicy: 'IfNotPresent',
+ redisSecret: {
+ name: (import 'external-secret.jsonnet').metadata.name,
+ key: 'redispassword',
+ },
+ },
+ storage: {
+ volumeClaimTemplate: {
+ spec: {
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ resources: {
+ requests: {
+ storage: '1Gi',
+ },
+ },
+ },
+ },
+ },
+ podSecurityContext: {
+ fsGroup: 1000,
+ runAsUser: 1000,
+ },
+ },
+}
diff --git a/k8s/argocdapps/photoprism/service.jsonnet b/k8s/apps/affine/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/service.jsonnet
rename to k8s/apps/affine/service.jsonnet
diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet
new file mode 100644
index 000000000..5d5aac69b
--- /dev/null
+++ b/k8s/apps/affine/statefulset.jsonnet
@@ -0,0 +1,231 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'StatefulSet',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ serviceName: (import 'service.jsonnet').metadata.name,
+ replicas: 1,
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ local env = [
+ {
+ name: 'AFFINE_SERVER_HOST',
+ value: 'affine.walnuts.dev',
+ },
+ {
+ name: 'AFFINE_SERVER_PORT',
+ value: std.toString($.spec.template.spec.containers[0].ports[0].containerPort),
+ },
+ {
+ name: 'AFFINE_SERVER_EXTERNAL_URL',
+ value: 'https://affine.walnuts.dev',
+ },
+ {
+ name: 'NODE_OPTIONS',
+ value: '--import=./scripts/register.js',
+ },
+ {
+ name: 'AFFINE_CONFIG_PATH',
+ value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath,
+ },
+ {
+ name: 'REDIS_SERVER_HOST',
+ value: (import 'redis.jsonnet').metadata.name,
+ },
+ {
+ name: 'DATABASE_URL',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').metadata.name,
+ key: 'postgres-url',
+ },
+ },
+ },
+ {
+ name: 'NODE_ENV',
+ value: 'production',
+ },
+ {
+ name: 'DEPLOYMENT_TYPE',
+ value: 'selfhosted',
+ },
+ {
+ name: 'MAILER_HOST',
+ value: 'smtp.resend.com',
+ },
+ {
+ name: 'DEV_SERVER_URL',
+ value: 'https://affine.walnuts.dev',
+ },
+ {
+ name: 'MAILER_PORT',
+ value: '587',
+ },
+ {
+ name: 'MAILER_USER',
+ value: 'resend',
+ },
+ {
+ name: 'MAILER_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').metadata.name,
+ key: 'mailer-password',
+ },
+ },
+ },
+ {
+ name: 'MAILER_SENDER',
+ value: 'affine@resend.walnuts.dev',
+ },
+ {
+ name: 'OAUTH_OIDC_ISSUER',
+ value: 'https://auth.walnuts.dev',
+ },
+ {
+ name: 'OAUTH_OIDC_CLIENT_ID',
+ value: '296071951179383022',
+ },
+ {
+ name: 'OAUTH_OIDC_CLIENT_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').metadata.name,
+ key: 'oidc-client-secret',
+ },
+ },
+ },
+ ],
+ local volumeMounts = [
+ {
+ mountPath: '/root/.affine/storage',
+ name: 'affine-storage',
+ },
+ {
+ mountPath: '/root/.affine/config',
+ name: 'affine-config',
+ },
+ {
+ mountPath: '/root/.affine/config/affine.js',
+ subPath: 'affine.js',
+ readOnly: true,
+ name: 'affine-config-affine-js',
+ },
+ {
+ mountPath: '/usr/local/share/.cache',
+ name: 'usr-local-share-cache',
+ },
+ {
+ mountPath: '/tmp',
+ name: 'tmp',
+ },
+ ],
+ initContainers: [
+ (import '../../components/container.libsonnet') {
+ name: 'affine-init',
+ image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d',
+ command: ['sh', '-c', 'node ./scripts/self-host-predeploy'],
+ securityContext:: null,
+ env: env,
+ volumeMounts: volumeMounts,
+ resources: {
+ limits: {
+ memory: '512Mi',
+ },
+ requests: {
+ memory: '360Mi',
+ },
+ },
+ },
+ ],
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'affine',
+ image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d',
+ command: ['sh', '-c', 'node ./dist/index.js'],
+ securityContext:: null,
+ env: env,
+ volumeMounts: volumeMounts,
+ ports: [
+ {
+ containerPort: 3010,
+ name: 'http',
+ },
+ {
+ containerPort: 5555,
+ name: 'prisma',
+ },
+ ],
+ resources: {
+ limits: {
+ cpu: '500m',
+ memory: '512Mi',
+ },
+ requests: {
+ cpu: '2m',
+ memory: '180Mi',
+ },
+ },
+ livenessProbe: {
+ httpGet: {
+ path: '/info',
+ port: 'http',
+ },
+ failureThreshold: 1,
+ initialDelaySeconds: 10,
+ periodSeconds: 10,
+ },
+ readinessProbe: {
+ httpGet: {
+ path: '/info',
+ port: 'http',
+ },
+ },
+ },
+ ],
+ volumes: [
+ {
+ name: 'affine-config-affine-js',
+ configMap: {
+ name: (import 'configmap.jsonnet').metadata.name,
+ items: [
+ {
+ key: 'affine.js',
+ path: 'affine.js',
+ },
+ ],
+ },
+ },
+ {
+ name: 'affine-storage',
+ persistentVolumeClaim: {
+ claimName: (import 'pvc.jsonnet').metadata.name,
+ },
+ },
+ {
+ name: 'affine-config',
+ emptyDir: {},
+ },
+ {
+ name: 'usr-local-share-cache',
+ emptyDir: {},
+ },
+ {
+ name: 'tmp',
+ emptyDir: {},
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/blackbox-exporter/app.json5 b/k8s/apps/blackbox-exporter/app.json5
new file mode 100644
index 000000000..25130824c
--- /dev/null
+++ b/k8s/apps/blackbox-exporter/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "blackbox-exporter",
+ namespace: "monitoring",
+}
diff --git a/k8s/apps/blackbox-exporter/helm.jsonnet b/k8s/apps/blackbox-exporter/helm.jsonnet
new file mode 100644
index 000000000..ef631d2ec
--- /dev/null
+++ b/k8s/apps/blackbox-exporter/helm.jsonnet
@@ -0,0 +1,9 @@
+(import '../../components/helm.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+
+ chart: 'prometheus-blackbox-exporter',
+ repoURL: 'https://prometheus-community.github.io/helm-charts',
+ targetRevision: '9.2.0',
+ values: (importstr 'values.yaml'),
+}
diff --git a/k8s/apps/blackbox-exporter/values.yaml b/k8s/apps/blackbox-exporter/values.yaml
new file mode 100644
index 000000000..ab32730fa
--- /dev/null
+++ b/k8s/apps/blackbox-exporter/values.yaml
@@ -0,0 +1,23 @@
+serviceMonitor:
+ selfMonitor:
+ enabled: true
+ enabled: true
+ targets:
+ - name: "walnuts-dev"
+ url: "https://walnuts.dev/healthz"
+ - name: "http-test"
+ url: "https://httptest.walnuts.dev/"
+ - name: "blog"
+ url: "https://blog.walnuts.dev/"
+ - name: "grafana"
+ url: "https://grafana.walnuts.dev/healthz"
+ - name: "oekaki-dengon-game"
+ url: "https://oekaki.walnuts.dev/public"
+ - name: "misskey"
+ url: "https://misskey.walnuts.dev/healthz"
+ - name: "minio"
+ url: "https://minio.walnuts.dev/minio/health/live"
+ - name: "nextcloud"
+ url: "https://nextcloud.walnuts.dev/status.php"
+ - name: "zitadel"
+ url: "https://auth.walnuts.dev/healthz"
diff --git a/k8s/argocdapps/blog/app.json5 b/k8s/apps/blog/app.json5
similarity index 100%
rename from k8s/argocdapps/blog/app.json5
rename to k8s/apps/blog/app.json5
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/config/nginx.conf b/k8s/apps/blog/config/nginx.conf
similarity index 85%
rename from k8s/argocdapps/walnuts-dev-www-redirect/config/nginx.conf
rename to k8s/apps/blog/config/nginx.conf
index 0ded8adc3..f728ccc06 100644
--- a/k8s/argocdapps/walnuts-dev-www-redirect/config/nginx.conf
+++ b/k8s/apps/blog/config/nginx.conf
@@ -1,6 +1,6 @@
user nginx;
worker_processes 1;
-error_log /var/log/nginx/error.log;
+error_log /dev/stderr;
events {
worker_connections 10240;
}
@@ -18,7 +18,7 @@ http {
'forwardedfor:$http_x_forwarded_for\t'
'request_time:$request_time';
- access_log /var/log/nginx/access.log main;
+ access_log /dev/stdout main;
include /etc/nginx/virtualhost/virtualhost.conf;
}
diff --git a/k8s/apps/blog/config/virtualhost.conf b/k8s/apps/blog/config/virtualhost.conf
new file mode 100644
index 000000000..018c76829
--- /dev/null
+++ b/k8s/apps/blog/config/virtualhost.conf
@@ -0,0 +1,18 @@
+server {
+ listen 8080 default_server;
+ server_name "";
+ proxy_redirect off;
+ location / {
+ rewrite ^(.*)$ https://walnuts.hatenablog.com/ redirect;
+ }
+}
+
+server {
+ listen 8081 default_server;
+ server_name "";
+ location /healthz {
+ access_log off;
+ add_header 'Content-Type' 'application/json';
+ return 200 '{"status":"UP"}';
+ }
+}
diff --git a/k8s/apps/blog/configmap.jsonnet b/k8s/apps/blog/configmap.jsonnet
new file mode 100644
index 000000000..439a91c2d
--- /dev/null
+++ b/k8s/apps/blog/configmap.jsonnet
@@ -0,0 +1,9 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'nginx.conf': (importstr './config/nginx.conf'),
+ 'virtualhost.conf': (importstr './config/virtualhost.conf'),
+ },
+}
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/deployment.jsonnet b/k8s/apps/blog/deployment.jsonnet
similarity index 95%
rename from k8s/argocdapps/walnuts-dev-www-redirect/deployment.jsonnet
rename to k8s/apps/blog/deployment.jsonnet
index 88abae67e..520e4831a 100644
--- a/k8s/argocdapps/walnuts-dev-www-redirect/deployment.jsonnet
+++ b/k8s/apps/blog/deployment.jsonnet
@@ -23,7 +23,7 @@
containers: [
std.mergePatch((import '../../components/container.libsonnet') {
name: 'nginx',
- image: 'nginx:1.27.2',
+ image: 'nginx:1.27.3',
ports: [
{
containerPort: 8080,
@@ -31,8 +31,8 @@
],
livenessProbe: {
httpGet: {
- path: '/',
- port: 8080,
+ path: '/healthz',
+ port: 8081,
},
failureThreshold: 1,
initialDelaySeconds: 10,
@@ -70,7 +70,7 @@
memory: '100Mi',
},
requests: {
- memory: '5Mi',
+ memory: '10Mi',
},
},
}, {
diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet
new file mode 100644
index 000000000..137115352
--- /dev/null
+++ b/k8s/apps/blog/ingress.jsonnet
@@ -0,0 +1,44 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ // annotations: {
+ // 'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
+ // },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'blog.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import 'service.jsonnet').metadata.name,
+ port: {
+ number: (import 'service.jsonnet').spec.ports[0].port,
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ // tls: [
+ // {
+ // hosts: [
+ // 'blog.walnuts.dev',
+ // ],
+ // secretName: (import 'app.json5').name + '-tls',
+ // },
+ // ],
+ },
+}
diff --git a/k8s/argocdapps/blog/service.jsonnet b/k8s/apps/blog/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/blog/service.jsonnet
rename to k8s/apps/blog/service.jsonnet
diff --git a/k8s/argocdapps/cert-manager/app.json5 b/k8s/apps/cert-manager/app.json5
similarity index 100%
rename from k8s/argocdapps/cert-manager/app.json5
rename to k8s/apps/cert-manager/app.json5
diff --git a/k8s/argocdapps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet
similarity index 72%
rename from k8s/argocdapps/cert-manager/helm.jsonnet
rename to k8s/apps/cert-manager/helm.jsonnet
index c9a9d2c09..d2a6e57bd 100644
--- a/k8s/argocdapps/cert-manager/helm.jsonnet
+++ b/k8s/apps/cert-manager/helm.jsonnet
@@ -3,8 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'cert-manager',
repoURL: 'https://charts.jetstack.io',
- targetRevision: 'v1.16.1',
- valuesObject: {
- installCRDs: true,
- },
+ targetRevision: 'v1.17.0',
+ values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/cert-manager/values.yaml b/k8s/apps/cert-manager/values.yaml
new file mode 100644
index 000000000..8501e2d7e
--- /dev/null
+++ b/k8s/apps/cert-manager/values.yaml
@@ -0,0 +1,25 @@
+installCRDs: true
+config:
+ featureGates:
+ ExperimentalGatewayAPISupport: true
+prometheus:
+ enabled: true
+ servicemonitor:
+ enabled: true
+
+resources:
+ requests:
+ cpu: 1m
+ memory: 78Mi
+
+webhook:
+ resources:
+ requests:
+ cpu: 2m
+ memory: 64Mi
+
+cainjector:
+ resources:
+ requests:
+ cpu: 1m
+ memory: 134Mi
diff --git a/k8s/argocdapps/cilium-hubble-oauth2-proxy/app.json5 b/k8s/apps/cilium-hubble-oauth2-proxy/app.json5
similarity index 52%
rename from k8s/argocdapps/cilium-hubble-oauth2-proxy/app.json5
rename to k8s/apps/cilium-hubble-oauth2-proxy/app.json5
index 19b972795..671b40705 100644
--- a/k8s/argocdapps/cilium-hubble-oauth2-proxy/app.json5
+++ b/k8s/apps/cilium-hubble-oauth2-proxy/app.json5
@@ -1,4 +1,4 @@
{
- name: "hubble",
+ name: "hubble-oauth2-proxy",
namespace: "cilium-system",
}
diff --git a/k8s/argocdapps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet
similarity index 66%
rename from k8s/argocdapps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet
rename to k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet
index b1665a316..3988bb3a9 100644
--- a/k8s/argocdapps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet
+++ b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet
@@ -1,14 +1,14 @@
-(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') {
- app:: {
- name: (import 'app.json5').name,
+(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({
+ app: {
+ name: 'hubble',
namespace: (import 'app.json5').namespace,
},
domain: 'hubble.walnuts.dev',
upstream: 'http://hubble-ui.cilium-system.svc.cluster.local:80',
- oidc:: {
- secret:: {
+ oidc: {
+ secret: {
onepassword_item_name: 'hubble-oauth2-proxy',
},
allowed_group: '237477822715658605:hubble-admin',
},
-}
+})
diff --git a/k8s/argocdapps/cilium-ipaddress/app.json5 b/k8s/apps/cilium-ipaddress/app.json5
similarity index 100%
rename from k8s/argocdapps/cilium-ipaddress/app.json5
rename to k8s/apps/cilium-ipaddress/app.json5
diff --git a/k8s/argocdapps/cilium-ipaddress/l2-announcement-policy.jsonnet b/k8s/apps/cilium-ipaddress/l2-announcement-policy.jsonnet
similarity index 100%
rename from k8s/argocdapps/cilium-ipaddress/l2-announcement-policy.jsonnet
rename to k8s/apps/cilium-ipaddress/l2-announcement-policy.jsonnet
diff --git a/k8s/argocdapps/cilium-ipaddress/loadbalancerippool.jsonnet b/k8s/apps/cilium-ipaddress/loadbalancerippool.jsonnet
similarity index 100%
rename from k8s/argocdapps/cilium-ipaddress/loadbalancerippool.jsonnet
rename to k8s/apps/cilium-ipaddress/loadbalancerippool.jsonnet
diff --git a/k8s/argocdapps/cilium/app.json5 b/k8s/apps/cilium/app.json5
similarity index 100%
rename from k8s/argocdapps/cilium/app.json5
rename to k8s/apps/cilium/app.json5
diff --git a/k8s/apps/cilium/external-secret.jsonnet b/k8s/apps/cilium/external-secret.jsonnet
new file mode 100644
index 000000000..80c6e0f3d
--- /dev/null
+++ b/k8s/apps/cilium/external-secret.jsonnet
@@ -0,0 +1,29 @@
+std.mergePatch((import '../../components/external-secret.libsonnet') {
+ name: 'cloudflare-origin-cert',
+ namespace: (import 'app.json5').namespace,
+ use_suffix: false,
+ data: [
+ {
+ secretKey: 'tls.crt',
+ remoteRef: {
+ key: 'cloudflare-origin-cert',
+ property: 'tls.crt',
+ },
+ },
+ {
+ secretKey: 'tls.key',
+ remoteRef: {
+ key: 'cloudflare-origin-cert',
+ property: 'tls.key',
+ },
+ },
+ ],
+}, {
+ spec: {
+ target: {
+ template: {
+ type: 'kubernetes.io/tls',
+ },
+ },
+ },
+})
diff --git a/k8s/argocdapps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet
similarity index 88%
rename from k8s/argocdapps/cilium/helm.jsonnet
rename to k8s/apps/cilium/helm.jsonnet
index b6054f3e9..9103b66bc 100644
--- a/k8s/argocdapps/cilium/helm.jsonnet
+++ b/k8s/apps/cilium/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'cilium',
repoURL: 'https://helm.cilium.io/',
- targetRevision: '1.16.3',
+ targetRevision: '1.17.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml
new file mode 100644
index 000000000..792360aaf
--- /dev/null
+++ b/k8s/apps/cilium/values.yaml
@@ -0,0 +1,91 @@
+kubeProxyReplacement: true
+l7Proxy: true
+k8sServiceHost: 192.168.0.17
+k8sServicePort: 16443
+l2announcements:
+ enabled: true
+bgpControlPlane:
+ enabled: true
+k8sClientRateLimit:
+ qps: 10
+ burst: 20
+clustermesh:
+ apiserver:
+ tls:
+ auto:
+ enabled: true
+ method: cronJob
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ingressController:
+ enabled: true
+ loadbalancerMode: shared
+ default: true
+ enforceHttps: true
+ service:
+ loadBalancerIP: 192.168.0.129
+ defaultSecretName: cloudflare-origin-cert
+ defaultSecretNamespace: cilium-system
+ secretsNamespace:
+ create: false
+ name: cilium-secrets
+ # -- Enable secret sync, which will make sure all TLS secrets used by Ingress are synced to secretsNamespace.name.
+ # If disabled, TLS secrets must be maintained externally.
+ sync: true
+nodePort:
+ enabled: true
+hubble:
+ tls:
+ enabled: true
+ auto:
+ enabled: true
+ method: cronJob
+ relay:
+ enabled: true
+ prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ ui:
+ enabled: true
+ metrics:
+ enableOpenMetrics: true
+ enabled:
+ - dns
+ - drop
+ - tcp
+ - flow
+ - port-distribution
+ - icmp
+ - httpV2:exemplars=true
+ serviceMonitor:
+ enabled: true
+ dashboards:
+ enabled: true
+envoy:
+ prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+operator:
+ tolerations: []
+ prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ trustCRDsExist: true
+envoyConfig:
+ enabled: true
+ secretsNamespace:
+ create: false
+ name: cilium-secrets
+tls:
+ secretsNamespace:
+ create: false
+ name: cilium-secrets
diff --git a/k8s/apps/cloudflare-tunnel-operator/app.json5 b/k8s/apps/cloudflare-tunnel-operator/app.json5
new file mode 100644
index 000000000..4d4aaff5e
--- /dev/null
+++ b/k8s/apps/cloudflare-tunnel-operator/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "cloudflare-tunnel-operator",
+ namespace: "cloudflare-tunnel-operator",
+}
diff --git a/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet b/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet
new file mode 100644
index 000000000..c6aae704d
--- /dev/null
+++ b/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet
@@ -0,0 +1,14 @@
+(import '../../components/external-secret.libsonnet') {
+ use_suffix: false,
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ data: [
+ {
+ secretKey: 'cloudflareAPIToken',
+ remoteRef: {
+ key: 'cloudflare',
+ property: 'cloudflare-tunnel-operator',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet
new file mode 100644
index 000000000..e6fb6dd28
--- /dev/null
+++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet
@@ -0,0 +1,13 @@
+(import '../../components/helm.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+
+ chart: 'cloudflare-tunnel-operator',
+ repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/',
+ targetRevision: '1.2.1',
+ valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), {
+ cloudflareToken: {
+ existingSecret: (import 'external-secret.jsonnet').spec.target.name,
+ },
+ }),
+}
diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml
new file mode 100644
index 000000000..25b77beef
--- /dev/null
+++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml
@@ -0,0 +1,11 @@
+cloudflareToken:
+ cloudflareAccountID: "38b5eab012d216dfcc52dcd69e7764b5"
+ cloudflareZoneID: "48b02398c8bc932f4d0b1dba83de196c"
+controllerManager:
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 1m
+ memory: 32Mi
diff --git a/k8s/argocdapps/cloudflared/app.json5 b/k8s/apps/cloudflare-tunnel/app.json5
similarity index 56%
rename from k8s/argocdapps/cloudflared/app.json5
rename to k8s/apps/cloudflare-tunnel/app.json5
index 248a6c028..ef99d469c 100644
--- a/k8s/argocdapps/cloudflared/app.json5
+++ b/k8s/apps/cloudflare-tunnel/app.json5
@@ -1,4 +1,4 @@
{
- name: "cloudflared",
+ name: "cloudflare-tunnel",
namespace: "network-exporter",
}
diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet
new file mode 100644
index 000000000..504b2cb7f
--- /dev/null
+++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet
@@ -0,0 +1,16 @@
+{
+ apiVersion: 'cf-tunnel-operator.walnuts.dev/v1beta1',
+ kind: 'CloudflareTunnel',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + {
+ appname: (import 'app.json5').name,
+ },
+ },
+ spec: {
+ replicas: 3,
+ default: true,
+ enableServiceMonitor: true,
+ },
+}
diff --git a/k8s/argocdapps/clusterissuer/app.json5 b/k8s/apps/clusterissuer/app.json5
similarity index 100%
rename from k8s/argocdapps/clusterissuer/app.json5
rename to k8s/apps/clusterissuer/app.json5
diff --git a/k8s/argocdapps/clusterissuer/external-secret.jsonnet b/k8s/apps/clusterissuer/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/clusterissuer/external-secret.jsonnet
rename to k8s/apps/clusterissuer/external-secret.jsonnet
diff --git a/k8s/argocdapps/clusterissuer/letsencrypt-prod.jsonnet b/k8s/apps/clusterissuer/letsencrypt-prod.jsonnet
similarity index 100%
rename from k8s/argocdapps/clusterissuer/letsencrypt-prod.jsonnet
rename to k8s/apps/clusterissuer/letsencrypt-prod.jsonnet
diff --git a/k8s/argocdapps/clusterissuer/letsencrypt-stg.jsonnet b/k8s/apps/clusterissuer/letsencrypt-stg.jsonnet
similarity index 100%
rename from k8s/argocdapps/clusterissuer/letsencrypt-stg.jsonnet
rename to k8s/apps/clusterissuer/letsencrypt-stg.jsonnet
diff --git a/k8s/argocdapps/clusterissuer/selfsigned.jsonnet b/k8s/apps/clusterissuer/selfsigned.jsonnet
similarity index 100%
rename from k8s/argocdapps/clusterissuer/selfsigned.jsonnet
rename to k8s/apps/clusterissuer/selfsigned.jsonnet
diff --git a/k8s/argocdapps/code-server-operator/app.json5 b/k8s/apps/code-server-operator/app.json5
similarity index 100%
rename from k8s/argocdapps/code-server-operator/app.json5
rename to k8s/apps/code-server-operator/app.json5
diff --git a/k8s/argocdapps/code-server-operator/helm.jsonnet b/k8s/apps/code-server-operator/helm.jsonnet
similarity index 90%
rename from k8s/argocdapps/code-server-operator/helm.jsonnet
rename to k8s/apps/code-server-operator/helm.jsonnet
index e55727d6c..386bbc470 100644
--- a/k8s/argocdapps/code-server-operator/helm.jsonnet
+++ b/k8s/apps/code-server-operator/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'code-server-operator',
repoURL: 'https://walnuts1018.github.io/code-server-operator/',
- targetRevision: '0.5.7',
+ targetRevision: '0.5.12',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/code-server-operator/values.yaml b/k8s/apps/code-server-operator/values.yaml
new file mode 100644
index 000000000..e64f6c608
--- /dev/null
+++ b/k8s/apps/code-server-operator/values.yaml
@@ -0,0 +1,9 @@
+fullnameOverride: code-server-operator
+controllerManager:
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 1m
+ memory: 32Mi
diff --git a/k8s/argocdapps/code-server/README.md b/k8s/apps/code-server/README.md
similarity index 100%
rename from k8s/argocdapps/code-server/README.md
rename to k8s/apps/code-server/README.md
diff --git a/k8s/argocdapps/code-server/app.json5 b/k8s/apps/code-server/app.json5
similarity index 100%
rename from k8s/argocdapps/code-server/app.json5
rename to k8s/apps/code-server/app.json5
diff --git a/k8s/argocdapps/code-server/network-policy.jsonnet b/k8s/apps/code-server/network-policy.jsonnet
similarity index 100%
rename from k8s/argocdapps/code-server/network-policy.jsonnet
rename to k8s/apps/code-server/network-policy.jsonnet
diff --git a/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml b/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml
deleted file mode 100644
index b129b01a9..000000000
--- a/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: dashy-oauth2-proxy
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: dashy-oauth2-proxy
- data:
- - secretKey: client-id
- remoteRef:
- key: dashy-oauth2-proxy
- property: client-id
- - secretKey: client-secret
- remoteRef:
- key: dashy-oauth2-proxy
- property: client-secret
- - secretKey: cookie-secret
- remoteRef:
- key: dashy-oauth2-proxy
- property: cookie-secret
- - secretKey: redis-password
- remoteRef:
- key: redis
- property: password
diff --git a/k8s/apps/dashy-oauth2-proxy/helm.yaml b/k8s/apps/dashy-oauth2-proxy/helm.yaml
deleted file mode 100644
index 806de0429..000000000
--- a/k8s/apps/dashy-oauth2-proxy/helm.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: dashy-oauth2-proxy
-spec:
- url: https://oauth2-proxy.github.io/manifests
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: dashy-oauth2-proxy
-spec:
- chart:
- spec:
- chart: oauth2-proxy
- version: 7.7.28
- values:
- config:
- existingSecret: dashy-oauth2-proxy
- configFile: |-
- email_domains = [ "*" ]
- upstreams = [ "http://dashy.dashy.svc.cluster.local:8080/" ]
- pass_access_token = true
- user_id_claim = "sub"
- oidc_groups_claim="my:zitadel:grants"
- allowed_groups = ["237477822715658605:dashy"]
-
- extraArgs:
- provider: oidc
- redirect-url: https://dashy.walnuts.dev/oauth2/callback
- oidc-issuer-url: https://auth.walnuts.dev
- skip-provider-button: true
- ingress:
- enabled: true
- className: nginx
- path: /
- pathType: Prefix
- hosts:
- - "dashy.walnuts.dev"
- sessionStorage:
- type: redis
- redis:
- existingSecret: "dashy-oauth2-proxy"
- passwordKey: "redis-password"
- clientType: "sentinel"
- sentinel:
- existingSecret: "dashy-oauth2-proxy"
- passwordKey: "redis-password"
- masterName: "mymaster"
- connectionUrls: "redis://dashy-oauth2-proxy-redis:6379,redis://dashy-oauth2-proxy-redis-sentinel:26379"
- metrics:
- enabled: true
diff --git a/k8s/apps/dashy-oauth2-proxy/kustomization.yaml b/k8s/apps/dashy-oauth2-proxy/kustomization.yaml
deleted file mode 100644
index 140a4b3d0..000000000
--- a/k8s/apps/dashy-oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: dashy
-resources:
-- externalsecret.yaml
-- helm.yaml
-- redis.yaml
-components:
-- ../../components/helm
diff --git a/k8s/apps/dashy-oauth2-proxy/redis.yaml b/k8s/apps/dashy-oauth2-proxy/redis.yaml
deleted file mode 100644
index 2bf9414d0..000000000
--- a/k8s/apps/dashy-oauth2-proxy/redis.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
- name: dashy-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: dashy-oauth2-proxy-redis
-spec:
- clusterSize: 2
- kubernetesConfig:
- image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "dashy-oauth2-proxy"
- key: "redis-password"
- storage:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
----
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
- name: dashy-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: dashy-oauth2-proxy-redis
-spec:
- clusterSize: 3
- redisSentinelConfig:
- redisReplicationName: dashy-oauth2-proxy-redis
- masterGroupName: "mymaster"
- redisPort: "6379"
- quorum: "2"
- parallelSyncs: "1"
- failoverTimeout: "180000"
- downAfterMilliseconds: "30000"
- kubernetesConfig:
- image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "dashy-oauth2-proxy"
- key: "redis-password"
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
diff --git a/k8s/apps/dashy/deployment.yaml b/k8s/apps/dashy/deployment.yaml
deleted file mode 100644
index 7e72e987e..000000000
--- a/k8s/apps/dashy/deployment.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dashy
- labels:
- app: dashy
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: dashy
- template:
- metadata:
- labels:
- app: dashy
- spec:
- containers:
- - name: dashy
- # securityContext:
- # readOnlyRootFilesystem: true
- image: lissy93/dashy:3.1.0 # {"$imagepolicy": "dashy:dashy"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8080
- resources:
- limits: {}
- requests:
- memory: 180Mi
- env:
- - name: NODE_ENV
- value: "production"
- volumeMounts:
- - name: dashy
- mountPath: /app/user-data
- - name: tmp
- mountPath: /tmp
- volumes:
- - name: dashy
- persistentVolumeClaim:
- claimName: dashy
- - name: tmp
- emptyDir: {}
- priorityClassName: low
diff --git a/k8s/apps/dashy/image-policy.yaml b/k8s/apps/dashy/image-policy.yaml
deleted file mode 100644
index 7fcfa1517..000000000
--- a/k8s/apps/dashy/image-policy.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: dashy
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/dashy
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/dashy
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: dashy
-spec:
- image: lissy93/dashy
- interval: 2m0s
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: dashy
-spec:
- imageRepositoryRef:
- name: dashy
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/apps/dashy/kustomization.yaml b/k8s/apps/dashy/kustomization.yaml
deleted file mode 100644
index 6f988e846..000000000
--- a/k8s/apps/dashy/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: dashy
-resources:
-- deployment.yaml
-- service.yaml
-- pvc.yaml
-- image-policy.yaml
diff --git a/k8s/apps/dashy/pvc.yaml b/k8s/apps/dashy/pvc.yaml
deleted file mode 100644
index f3627c477..000000000
--- a/k8s/apps/dashy/pvc.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: dashy
-spec:
- storageClassName: longhorn
- volumeName: dashy
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
diff --git a/k8s/apps/dashy/service.yaml b/k8s/apps/dashy/service.yaml
deleted file mode 100644
index 39634c669..000000000
--- a/k8s/apps/dashy/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: dashy
- labels:
- app: dashy
-spec:
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- selector:
- app: dashy
- type: ClusterIP
diff --git a/k8s/argocdapps/descheduler/app.json5 b/k8s/apps/descheduler/app.json5
similarity index 100%
rename from k8s/argocdapps/descheduler/app.json5
rename to k8s/apps/descheduler/app.json5
diff --git a/k8s/argocdapps/descheduler/helm.jsonnet b/k8s/apps/descheduler/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/descheduler/helm.jsonnet
rename to k8s/apps/descheduler/helm.jsonnet
index 73ce1b9e6..bfdd83566 100644
--- a/k8s/argocdapps/descheduler/helm.jsonnet
+++ b/k8s/apps/descheduler/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'descheduler',
repoURL: 'https://kubernetes-sigs.github.io/descheduler/',
- targetRevision: '0.31.0',
+ targetRevision: '0.32.1',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml
similarity index 88%
rename from k8s/argocdapps/descheduler/values.yaml
rename to k8s/apps/descheduler/values.yaml
index 9ddb6de25..6341b2385 100644
--- a/k8s/argocdapps/descheduler/values.yaml
+++ b/k8s/apps/descheduler/values.yaml
@@ -17,6 +17,7 @@ deschedulerPolicy:
args:
nodeAffinityType:
- requiredDuringSchedulingIgnoredDuringExecution
+ - preferredDuringSchedulingIgnoredDuringExecution
- name: RemovePodsViolatingTopologySpreadConstraint
args:
constraints:
@@ -24,13 +25,13 @@ deschedulerPolicy:
- name: LowNodeUtilization
args:
thresholds:
- cpu: 30
- memory: 50
- pods: 30
- targetThresholds:
- cpu: 50
+ cpu: 60
memory: 60
- pods: 50
+ pods: 60
+ targetThresholds:
+ cpu: 70
+ memory: 70
+ pods: 70
plugins:
balance:
enabled:
diff --git a/k8s/apps/elasticsearch/app.json5 b/k8s/apps/elasticsearch/app.json5
new file mode 100644
index 000000000..244c3af04
--- /dev/null
+++ b/k8s/apps/elasticsearch/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "elasticsearch",
+ namespace: "elasticsearch",
+}
diff --git a/k8s/apps/elasticsearch/elasticsearch-plugins.yml b/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml
similarity index 99%
rename from k8s/apps/elasticsearch/elasticsearch-plugins.yml
rename to k8s/apps/elasticsearch/config/elasticsearch-plugins.yml
index 214a0a17d..9ecc6ed30 100644
--- a/k8s/apps/elasticsearch/elasticsearch-plugins.yml
+++ b/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml
@@ -1,4 +1,3 @@
# https://www.elastic.co/guide/en/elasticsearch/plugins/current/manage-plugins-using-configuration-file.html
plugins:
- id: analysis-icu
-
diff --git a/k8s/apps/elasticsearch/configmap.jsonnet b/k8s/apps/elasticsearch/configmap.jsonnet
new file mode 100644
index 000000000..cb7a9fddf
--- /dev/null
+++ b/k8s/apps/elasticsearch/configmap.jsonnet
@@ -0,0 +1,8 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'elasticsearch-plugins.yml': (importstr './config/elasticsearch-plugins.yml'),
+ },
+}
diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet
new file mode 100644
index 000000000..97794458d
--- /dev/null
+++ b/k8s/apps/elasticsearch/deployment.jsonnet
@@ -0,0 +1,100 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ securityContext: {
+ fsGroup: 1000,
+ fsGroupChangePolicy: 'OnRootMismatch',
+ },
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'elasticsearch',
+ securityContext: {
+ seccompProfile: {
+ type: 'RuntimeDefault',
+ },
+ },
+ image: 'docker.elastic.co/elasticsearch/elasticsearch:8.17.1',
+ ports: [
+ {
+ containerPort: 9200,
+ },
+ ],
+ resources: {
+ requests: {
+ cpu: '10m',
+ memory: '3000Mi',
+ },
+ limits: {
+ cpu: '1',
+ memory: '6000Mi',
+ },
+ },
+ env: [
+ {
+ name: 'discovery.type',
+ value: 'single-node',
+ },
+ {
+ name: 'cluster.name',
+ value: 'kurumi',
+ },
+ {
+ name: 'xpack.security.enabled',
+ value: 'false',
+ },
+ ],
+ volumeMounts: [
+ {
+ name: 'config',
+ mountPath: '/usr/share/elasticsearch/config/elasticsearch-plugins.yml',
+ subPath: 'elasticsearch-plugins.yml',
+ readOnly: true,
+ },
+ {
+ name: 'data',
+ mountPath: '/usr/share/elasticsearch/data',
+ },
+ {
+ name: 'tmp',
+ mountPath: '/tmp',
+ },
+ ],
+ },
+ ],
+ volumes: [
+ {
+ name: 'config',
+ configMap: {
+ name: (import 'configmap.jsonnet').metadata.name,
+ },
+ },
+ {
+ name: 'data',
+ persistentVolumeClaim: {
+ claimName: (import 'pvc.jsonnet').metadata.name,
+ },
+ },
+ {
+ name: 'tmp',
+ emptyDir: {},
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/elasticsearch/deployment.yaml b/k8s/apps/elasticsearch/deployment.yaml
deleted file mode 100644
index 269fe80ae..000000000
--- a/k8s/apps/elasticsearch/deployment.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: elasticsearch
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: elasticsearch
- template:
- metadata:
- labels:
- app: elasticsearch
- spec:
- securityContext:
- fsGroup: 1000
- fsGroupChangePolicy: "OnRootMismatch"
- containers:
- - name: elasticsearch
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- # readOnlyRootFilesystem: true
- image: docker.elastic.co/elasticsearch/elasticsearch:8.15.3 # {"$imagepolicy": "elasticsearch:elasticsearch"}
- ports:
- - containerPort: 9200
- resources:
- requests:
- cpu: "0"
- memory: 3000Mi
- limits:
- cpu: "1"
- memory: "6000Mi"
- env:
- - name: discovery.type
- value: single-node
- - name: cluster.name
- value: kurumi
- - name: xpack.security.enabled
- value: "false"
- volumeMounts:
- - name: config
- mountPath: "/usr/share/elasticsearch/config/elasticsearch-plugins.yml"
- subPath: "elasticsearch-plugins.yml"
- readOnly: true
- - name: data
- mountPath: /usr/share/elasticsearch/data
- - name: tmp
- mountPath: /tmp
- volumes:
- - name: config
- configMap:
- name: elasticsearch-configmap
- - name: data
- persistentVolumeClaim:
- claimName: elasticsearch
- - name: tmp
- emptyDir: {}
diff --git a/k8s/apps/elasticsearch/image-policy.yaml b/k8s/apps/elasticsearch/image-policy.yaml
deleted file mode 100644
index 00da3229f..000000000
--- a/k8s/apps/elasticsearch/image-policy.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: elasticsearch
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/elasticsearch
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/elasticsearch
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: elasticsearch
-spec:
- image: docker.elastic.co/elasticsearch/elasticsearch
- interval: 2m0s
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: elasticsearch
-spec:
- imageRepositoryRef:
- name: elasticsearch
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/apps/elasticsearch/kustomization.yaml b/k8s/apps/elasticsearch/kustomization.yaml
deleted file mode 100644
index d04a95a2a..000000000
--- a/k8s/apps/elasticsearch/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: elasticsearch
-resources:
-- deployment.yaml
-- service.yaml
-- pvc.yaml
-- image-policy.yaml
-configMapGenerator:
-- name: elasticsearch-configmap
- files:
- - elasticsearch-plugins.yml
diff --git a/k8s/apps/elasticsearch/pvc.jsonnet b/k8s/apps/elasticsearch/pvc.jsonnet
new file mode 100644
index 000000000..0a5922ce0
--- /dev/null
+++ b/k8s/apps/elasticsearch/pvc.jsonnet
@@ -0,0 +1,23 @@
+{
+ apiVersion: 'v1',
+ kind: 'PersistentVolumeClaim',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: std.mergePatch((import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, {
+ 'recurring-job-group.longhorn.io/default': 'enabled',
+ }),
+ },
+ spec: {
+ storageClassName: 'longhorn',
+ volumeName: 'elasticsearch',
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ resources: {
+ requests: {
+ storage: '1Gi',
+ },
+ },
+ },
+}
diff --git a/k8s/apps/elasticsearch/pvc.yaml b/k8s/apps/elasticsearch/pvc.yaml
deleted file mode 100644
index ff1608f9c..000000000
--- a/k8s/apps/elasticsearch/pvc.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: elasticsearch
- labels:
- recurring-job-group.longhorn.io/default: enabled
-spec:
- storageClassName: longhorn
- volumeName: elasticsearch
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
diff --git a/k8s/argocdapps/cloudflared/service.jsonnet b/k8s/apps/elasticsearch/service.jsonnet
similarity index 90%
rename from k8s/argocdapps/cloudflared/service.jsonnet
rename to k8s/apps/elasticsearch/service.jsonnet
index 9ee509136..15fabb5f1 100644
--- a/k8s/argocdapps/cloudflared/service.jsonnet
+++ b/k8s/apps/elasticsearch/service.jsonnet
@@ -1,6 +1,6 @@
{
- kind: 'Service',
apiVersion: 'v1',
+ kind: 'Service',
metadata: {
name: (import 'app.json5').name,
namespace: (import 'app.json5').namespace,
@@ -11,8 +11,8 @@
ports: [
{
protocol: 'TCP',
- port: 60123,
- targetPort: 60123,
+ port: 9200,
+ targetPort: 9200,
},
],
type: 'ClusterIP',
diff --git a/k8s/apps/elasticsearch/service.yaml b/k8s/apps/elasticsearch/service.yaml
deleted file mode 100644
index ebf008cf1..000000000
--- a/k8s/apps/elasticsearch/service.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: elasticsearch
-spec:
- selector:
- app: elasticsearch
- ports:
- - protocol: TCP
- port: 9200
- targetPort: 9200
- type: ClusterIP
diff --git a/k8s/apps/external-dns/clusterrole.yaml b/k8s/apps/external-dns/clusterrole.yaml
deleted file mode 100644
index ad65458a4..000000000
--- a/k8s/apps/external-dns/clusterrole.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: external-dns
-rules:
-- apiGroups: [""]
- resources: ["services", "endpoints", "pods"]
- verbs: ["get", "watch", "list"]
-- apiGroups: ["extensions", "networking.k8s.io"]
- resources: ["ingresses"]
- verbs: ["get", "watch", "list"]
-- apiGroups: [""]
- resources: ["nodes"]
- verbs: ["list", "watch"]
diff --git a/k8s/apps/external-dns/clusterrolebinding.yaml b/k8s/apps/external-dns/clusterrolebinding.yaml
deleted file mode 100644
index bd8cb64d7..000000000
--- a/k8s/apps/external-dns/clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: external-dns-viewer
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: external-dns
-subjects:
-- kind: ServiceAccount
- name: external-dns
- namespace: default
diff --git a/k8s/apps/external-dns/deployment.yaml b/k8s/apps/external-dns/deployment.yaml
deleted file mode 100644
index eec13d198..000000000
--- a/k8s/apps/external-dns/deployment.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: external-dns
-spec:
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: external-dns
- template:
- metadata:
- labels:
- app: external-dns
- spec:
- serviceAccountName: external-dns
- containers:
- - name: external-dns
- securityContext:
- readOnlyRootFilesystem: true
- image: ghcr.io/walnuts1018/external-dns:670a2816bbb5c344117eab45003d7a6ff2c86349-10 # {"$imagepolicy": "kube-system:external-dns"}
- args:
- - --source=ingress
- - --domain-filter=walnuts.dev
- - --provider=cloudflare-tunnel
- - --annotation-filter=walnuts.dev/externaldns.skip notin (true)
- env:
- - name: CF_API_TOKEN
- valueFrom:
- secretKeyRef:
- name: external-dns-secret
- key: cf-api-token
- - name: CF_ACCOUNT_ID
- value: 38b5eab012d216dfcc52dcd69e7764b5
- - name: CF_TUNNEL_ID
- value: 603f4f99-268a-4d2a-8c2a-66d29ef1f528
- resources:
- requests:
- memory: 32Mi
- limits: {}
- nodeSelector:
- kubernetes.io/arch: amd64
diff --git a/k8s/apps/external-dns/externalsecret.yaml b/k8s/apps/external-dns/externalsecret.yaml
deleted file mode 100644
index 6f6179214..000000000
--- a/k8s/apps/external-dns/externalsecret.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: external-dns-secret
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: external-dns-secret
- data:
- - secretKey: cf-api-token
- remoteRef:
- key: cloudflare
- property: apitoken
diff --git a/k8s/apps/external-dns/image-policy.yaml b/k8s/apps/external-dns/image-policy.yaml
deleted file mode 100644
index 60403e079..000000000
--- a/k8s/apps/external-dns/image-policy.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: external-dns
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/external-dns
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/external-dns
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: external-dns
-spec:
- image: ghcr.io/walnuts1018/external-dns
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: external-dns
-spec:
- imageRepositoryRef:
- name: external-dns
- filterTags:
- ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number
- pattern: ".*-[a-f0-9]+-(?P[0-9]+)"
- extract: "$ts"
- policy:
- numerical:
- order: asc
diff --git a/k8s/apps/external-dns/kustomization.yaml b/k8s/apps/external-dns/kustomization.yaml
deleted file mode 100644
index 4a09cabe0..000000000
--- a/k8s/apps/external-dns/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kube-system
-resources:
-- externalsecret.yaml
-- clusterrole.yaml
-- clusterrolebinding.yaml
-- deployment.yaml
-- serviceaccount.yaml
-- image-policy.yaml
diff --git a/k8s/apps/external-dns/serviceaccount.yaml b/k8s/apps/external-dns/serviceaccount.yaml
deleted file mode 100644
index 5b022409b..000000000
--- a/k8s/apps/external-dns/serviceaccount.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: external-dns
diff --git a/k8s/argocdapps/external-secrets-store/app.json5 b/k8s/apps/external-secrets-store/app.json5
similarity index 100%
rename from k8s/argocdapps/external-secrets-store/app.json5
rename to k8s/apps/external-secrets-store/app.json5
diff --git a/k8s/argocdapps/external-secrets-store/onepassword.jsonnet b/k8s/apps/external-secrets-store/onepassword.jsonnet
similarity index 100%
rename from k8s/argocdapps/external-secrets-store/onepassword.jsonnet
rename to k8s/apps/external-secrets-store/onepassword.jsonnet
diff --git a/k8s/argocdapps/external-secrets/app.json5 b/k8s/apps/external-secrets/app.json5
similarity index 100%
rename from k8s/argocdapps/external-secrets/app.json5
rename to k8s/apps/external-secrets/app.json5
diff --git a/k8s/argocdapps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet
similarity index 75%
rename from k8s/argocdapps/external-secrets/helm.jsonnet
rename to k8s/apps/external-secrets/helm.jsonnet
index 6bfca6b63..e88aaf238 100644
--- a/k8s/argocdapps/external-secrets/helm.jsonnet
+++ b/k8s/apps/external-secrets/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'external-secrets',
repoURL: 'https://charts.external-secrets.io',
- targetRevision: '0.10.5',
- values: '',
+ targetRevision: '0.14.0',
+ values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/external-secrets/values.yaml b/k8s/apps/external-secrets/values.yaml
new file mode 100644
index 000000000..f5f0cd533
--- /dev/null
+++ b/k8s/apps/external-secrets/values.yaml
@@ -0,0 +1,16 @@
+resources:
+ requests:
+ cpu: 20m
+ memory: 128Mi
+
+webhook:
+ resources:
+ requests:
+ cpu: 10m
+ memory: 32Mi
+
+certController:
+ resources:
+ requests:
+ cpu: 2m
+ memory: 28Mi
diff --git a/k8s/apps/fitbit-manager/app.json5 b/k8s/apps/fitbit-manager/app.json5
new file mode 100644
index 000000000..527e1951f
--- /dev/null
+++ b/k8s/apps/fitbit-manager/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "fitbit-manager",
+ namespace: "fitbit-manager",
+}
diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet
new file mode 100644
index 000000000..ab6b9c613
--- /dev/null
+++ b/k8s/apps/fitbit-manager/cronjob.jsonnet
@@ -0,0 +1,47 @@
+{
+ apiVersion: 'batch/v1',
+ kind: 'CronJob',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ schedule: '*/15 * * * *',
+ concurrencyPolicy: 'Forbid',
+ startingDeadlineSeconds: 12000,
+ jobTemplate: {
+ spec: {
+ template: {
+ spec: {
+ restartPolicy: 'OnFailure',
+ containers: [
+ {
+ name: 'fitbit-manager',
+ image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.4',
+ command: [
+ '/app/fitbit-manager-job',
+ ],
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 8080,
+ },
+ ],
+ resources: {
+ limits: {
+ memory: '300Mi',
+ },
+ requests: {
+ memory: '10Mi',
+ },
+ },
+ env: (import 'env.libsonnet').env,
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+}
diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet
new file mode 100644
index 000000000..e41d3edc5
--- /dev/null
+++ b/k8s/apps/fitbit-manager/deployment.jsonnet
@@ -0,0 +1,43 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ containers: [
+ {
+ name: 'fitbit-manager',
+ image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.4',
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 8080,
+ },
+ ],
+ resources: {
+ limits: {
+ memory: '300Mi',
+ },
+ requests: {
+ memory: '10Mi',
+ },
+ },
+ env: (import 'env.libsonnet').env,
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/fitbit-manager/deployment.yaml b/k8s/apps/fitbit-manager/deployment.yaml
deleted file mode 100644
index 3e656324b..000000000
--- a/k8s/apps/fitbit-manager/deployment.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: fitbit-manager
- labels:
- app: fitbit-manager
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: fitbit-manager
- template:
- metadata:
- labels:
- app: fitbit-manager
- spec:
- containers:
- - name: fitbit-manager
- securityContext:
- readOnlyRootFilesystem: true
- seccompProfile:
- type: RuntimeDefault
- image: ghcr.io/walnuts1018/fitbit-manager:0.8.3 # {"$imagepolicy": "default:fitbit-manager"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8080
- resources:
- limits: {}
- requests:
- memory: 10Mi
- env:
- - name: GIN_MODE
- value: "release"
- - name: CLIENT_ID
- valueFrom:
- secretKeyRef:
- name: fitbit-manager-secret
- key: client_id
- - name: CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: fitbit-manager-secret
- key: client_secret
- - name: COOKIE_SECRET
- valueFrom:
- secretKeyRef:
- name: fitbit-manager-secret
- key: cookie_secret
- - name: PSQL_ENDPOINT
- value: "postgresql-default.databases.svc.cluster.local"
- - name: PSQL_PORT
- value: "5432"
- - name: PSQL_DATABASE
- value: "fitbit_manager"
- - name: PSQL_USER
- value: "fitbit_manager"
- - name: PSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: fitbit-manager-secret
- key: postgres_password
- - name: INFLUXDB_ENDPOINT
- value: "http://influxdb-influxdb2.databases.svc.cluster.local"
- - name: INFLUXDB_AUTH_TOKEN
- valueFrom:
- secretKeyRef:
- name: fitbit-manager-secret
- key: influxdb_auth_token
- - name: INFLUXDB_ORG
- value: "influxdata"
- - name: INFLUXDB_BUCKET
- value: "fitbit_manager"
diff --git a/k8s/apps/fitbit-manager/env.libsonnet b/k8s/apps/fitbit-manager/env.libsonnet
new file mode 100644
index 000000000..4f9f71e04
--- /dev/null
+++ b/k8s/apps/fitbit-manager/env.libsonnet
@@ -0,0 +1,97 @@
+{
+ env: [
+ {
+ name: 'USER_ID',
+ value: 'B84M2S',
+ },
+ {
+ name: 'SERVER_URL',
+ value: 'https://fitbit.walnuts.dev/',
+ },
+ {
+ name: 'CLIENT_ID',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'client_id',
+ },
+ },
+ },
+ {
+ name: 'CLIENT_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'client_secret',
+ },
+ },
+ },
+ {
+ name: 'COOKIE_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'cookie_secret',
+ },
+ },
+ },
+ {
+ name: 'PSQL_HOST',
+ value: 'postgresql-default.databases.svc.cluster.local',
+ },
+ {
+ name: 'PSQL_PORT',
+ value: '5432',
+ },
+ {
+ name: 'PSQL_DATABASE',
+ value: 'fitbit_manager',
+ },
+ {
+ name: 'PSQL_USER',
+ value: 'fitbit_manager',
+ },
+ {
+ name: 'PSQL_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'postgres_password',
+ },
+ },
+ },
+ {
+ name: 'INFLUXDB_ENDPOINT',
+ value: 'http://influxdb-influxdb2.databases.svc.cluster.local',
+ },
+ {
+ name: 'INFLUXDB_AUTH_TOKEN',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'influxdb_auth_token',
+ },
+ },
+ },
+ {
+ name: 'INFLUXDB_ORG',
+ value: 'influxdata',
+ },
+ {
+ name: 'INFLUXDB_BUCKET',
+ value: 'fitbit_manager',
+ },
+ {
+ name: 'OTEL_EXPORTER_OTLP_ENDPOINT',
+ value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317',
+ },
+ {
+ name: 'OTEL_EXPORTER_OTLP_INSECURE',
+ value: 'true',
+ },
+ {
+ name: 'RECORD_START_DATETIME',
+ value: '2022-11-01T00:00:00Z',
+ },
+ ],
+}
diff --git a/k8s/apps/fitbit-manager/external-secret.jsonnet b/k8s/apps/fitbit-manager/external-secret.jsonnet
new file mode 100644
index 000000000..7610b6ab4
--- /dev/null
+++ b/k8s/apps/fitbit-manager/external-secret.jsonnet
@@ -0,0 +1,40 @@
+(import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'client_id',
+ remoteRef: {
+ key: 'fitbit_manager',
+ property: 'client_id',
+ },
+ },
+ {
+ secretKey: 'client_secret',
+ remoteRef: {
+ key: 'fitbit_manager',
+ property: 'client_secret',
+ },
+ },
+ {
+ secretKey: 'cookie_secret',
+ remoteRef: {
+ key: 'fitbit_manager',
+ property: 'cookie_secret',
+ },
+ },
+ {
+ secretKey: 'postgres_password',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'fitbit_manager',
+ },
+ },
+ {
+ secretKey: 'influxdb_auth_token',
+ remoteRef: {
+ key: 'influxdb',
+ property: 'fitbit-manager-auth-token',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/fitbit-manager/externalsecret.yaml b/k8s/apps/fitbit-manager/externalsecret.yaml
deleted file mode 100644
index d2c75945d..000000000
--- a/k8s/apps/fitbit-manager/externalsecret.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: fitbit-manager-secret
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: fitbit-manager-secret
- data:
- - secretKey: client_id
- remoteRef:
- key: fitbit_manager
- property: client_id
- - secretKey: client_secret
- remoteRef:
- key: fitbit_manager
- property: client_secret
- - secretKey: cookie_secret
- remoteRef:
- key: fitbit_manager
- property: cookie_secret
- - secretKey: postgres_password
- remoteRef:
- key: postgres_passwords
- property: fitbit-manager
- - secretKey: influxdb_auth_token
- remoteRef:
- key: influxdb
- property: fitbit-manager-auth-token
diff --git a/k8s/apps/fitbit-manager/image-policy.yaml b/k8s/apps/fitbit-manager/image-policy.yaml
deleted file mode 100644
index 3ddd86774..000000000
--- a/k8s/apps/fitbit-manager/image-policy.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: fitbit-manager
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/fitbit-manager
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/fitbit-manager
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: fitbit-manager
-spec:
- image: ghcr.io/walnuts1018/fitbit-manager
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: fitbit-manager
-spec:
- imageRepositoryRef:
- name: fitbit-manager
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/apps/fitbit-manager/ingress.jsonnet b/k8s/apps/fitbit-manager/ingress.jsonnet
new file mode 100644
index 000000000..12de6a75f
--- /dev/null
+++ b/k8s/apps/fitbit-manager/ingress.jsonnet
@@ -0,0 +1,33 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'fitbit.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import 'service.jsonnet').metadata.name,
+ port: {
+ number: 8080,
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ },
+}
diff --git a/k8s/apps/fitbit-manager/ingress.yaml b/k8s/apps/fitbit-manager/ingress.yaml
deleted file mode 100644
index 882e8a375..000000000
--- a/k8s/apps/fitbit-manager/ingress.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: fitbit-manager
-spec:
- ingressClassName: "nginx"
- rules:
- - host: "fitbit.walnuts.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: fitbit-manager
- port:
- number: 8080
diff --git a/k8s/apps/fitbit-manager/kustomization.yaml b/k8s/apps/fitbit-manager/kustomization.yaml
deleted file mode 100644
index 5e13e8fe1..000000000
--- a/k8s/apps/fitbit-manager/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
-- deployment.yaml
-- service.yaml
-- externalsecret.yaml
-- ingress.yaml
-- image-policy.yaml
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/service.jsonnet b/k8s/apps/fitbit-manager/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/wakatime-to-slack-profile/service.jsonnet
rename to k8s/apps/fitbit-manager/service.jsonnet
diff --git a/k8s/apps/fitbit-manager/service.yaml b/k8s/apps/fitbit-manager/service.yaml
deleted file mode 100644
index 3420ac41e..000000000
--- a/k8s/apps/fitbit-manager/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: fitbit-manager
- labels:
- app: fitbit-manager
-spec:
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- selector:
- app: fitbit-manager
- type: ClusterIP
diff --git a/k8s/apps/gha-runner-controller/app.json5 b/k8s/apps/gha-runner-controller/app.json5
new file mode 100644
index 000000000..64075bb14
--- /dev/null
+++ b/k8s/apps/gha-runner-controller/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "gha-runner-controller",
+ namespace: "gha-runner-controller",
+}
diff --git a/k8s/apps/gha-runner-controller/helm.jsonnet b/k8s/apps/gha-runner-controller/helm.jsonnet
new file mode 100644
index 000000000..43eb4c712
--- /dev/null
+++ b/k8s/apps/gha-runner-controller/helm.jsonnet
@@ -0,0 +1,8 @@
+(import '../../components/helm.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+
+ ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller',
+ targetRevision: '0.10.1',
+ values: (importstr 'values.yaml'),
+}
diff --git a/k8s/apps/gha-runner-controller/values.yaml b/k8s/apps/gha-runner-controller/values.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/k8s/apps/gha-runner/app.json5 b/k8s/apps/gha-runner/app.json5
new file mode 100644
index 000000000..005bee91c
--- /dev/null
+++ b/k8s/apps/gha-runner/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "gha-runner",
+ namespace: "gha-runner",
+}
diff --git a/k8s/apps/gha-runner/external-secret.jsonnet b/k8s/apps/gha-runner/external-secret.jsonnet
new file mode 100644
index 000000000..6cd48e505
--- /dev/null
+++ b/k8s/apps/gha-runner/external-secret.jsonnet
@@ -0,0 +1,28 @@
+(import '../../components/external-secret.libsonnet') {
+ use_suffix: false,
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ data: [
+ {
+ secretKey: 'github_app_id',
+ remoteRef: {
+ key: 'github',
+ property: 'github_app_id',
+ },
+ },
+ {
+ secretKey: 'github_app_installation_id',
+ remoteRef: {
+ key: 'github',
+ property: 'github_app_installation_id',
+ },
+ },
+ {
+ secretKey: 'github_app_private_key',
+ remoteRef: {
+ key: 'github',
+ property: 'github_app_private_key',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet
new file mode 100644
index 000000000..6615506ae
--- /dev/null
+++ b/k8s/apps/gha-runner/helm.jsonnet
@@ -0,0 +1,22 @@
+local urls = (import 'urls.libsonnet');
+local gen = function(githubConfigUrl)
+ (import '../../components/helm.libsonnet') {
+ name: std.md5(githubConfigUrl),
+ namespace: (import 'app.json5').namespace,
+
+ ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set',
+ targetRevision: '0.10.1',
+ valuesObject: {
+ githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name,
+ githubConfigUrl: githubConfigUrl,
+ controllerServiceAccount: {
+ namespace: (import '../gha-runner-controller/app.json5').namespace,
+ name: (import '../gha-runner-controller/app.json5').name + '-gha-rs-controller',
+ },
+ containerMode: {
+ type: 'dind',
+ },
+ },
+ };
+
+std.map(gen, urls)
diff --git a/k8s/apps/gha-runner/network-policy.jsonnet b/k8s/apps/gha-runner/network-policy.jsonnet
new file mode 100644
index 000000000..c84941c10
--- /dev/null
+++ b/k8s/apps/gha-runner/network-policy.jsonnet
@@ -0,0 +1,65 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'NetworkPolicy',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ },
+ spec: {
+ podSelector: {
+ matchLabels: {
+ 'app.kubernetes.io/part-of': 'gha-runner-scale-set',
+ },
+ },
+ policyTypes: [
+ 'Ingress',
+ 'Egress',
+ ],
+ ingress: [
+ {
+ from: [
+ {
+ namespaceSelector: {
+ matchLabels: {
+ 'kubernetes.io/metadata.name': 'kube-system',
+ },
+ },
+ podSelector: {
+ matchLabels: {
+ 'k8s-app': 'kube-dns',
+ },
+ },
+ },
+ ],
+ },
+ ],
+ egress: [
+ {
+ to: [
+ {
+ ipBlock: {
+ cidr: '0.0.0.0/0',
+ except: [
+ '192.168.0.0/16',
+ '10.244.0.0/16',
+ '10.96.0.0/12',
+ ],
+ },
+ },
+ {
+ namespaceSelector: {
+ matchLabels: {
+ 'kubernetes.io/metadata.name': 'kube-system',
+ },
+ },
+ podSelector: {
+ matchLabels: {
+ 'k8s-app': 'kube-dns',
+ },
+ },
+ },
+ ],
+ },
+ ],
+ },
+}
diff --git a/k8s/apps/gha-runner/urls.libsonnet b/k8s/apps/gha-runner/urls.libsonnet
new file mode 100644
index 000000000..598f49b2e
--- /dev/null
+++ b/k8s/apps/gha-runner/urls.libsonnet
@@ -0,0 +1,3 @@
+[
+ 'https://github.com/walnuts1018/cloudflare-tunnel-operator',
+]
diff --git a/k8s/argocdapps/ghcr-login-secret/app.json5 b/k8s/apps/ghcr-login-secret/app.json5
similarity index 100%
rename from k8s/argocdapps/ghcr-login-secret/app.json5
rename to k8s/apps/ghcr-login-secret/app.json5
diff --git a/k8s/argocdapps/ghcr-login-secret/external-secret.jsonnet b/k8s/apps/ghcr-login-secret/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/ghcr-login-secret/external-secret.jsonnet
rename to k8s/apps/ghcr-login-secret/external-secret.jsonnet
diff --git a/k8s/argocdapps/github-readme-stats/app.json5 b/k8s/apps/github-readme-stats/app.json5
similarity index 100%
rename from k8s/argocdapps/github-readme-stats/app.json5
rename to k8s/apps/github-readme-stats/app.json5
diff --git a/k8s/argocdapps/github-readme-stats/deployment.jsonnet b/k8s/apps/github-readme-stats/deployment.jsonnet
similarity index 100%
rename from k8s/argocdapps/github-readme-stats/deployment.jsonnet
rename to k8s/apps/github-readme-stats/deployment.jsonnet
diff --git a/k8s/argocdapps/github-readme-stats/external-secret.jsonnet b/k8s/apps/github-readme-stats/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/github-readme-stats/external-secret.jsonnet
rename to k8s/apps/github-readme-stats/external-secret.jsonnet
diff --git a/k8s/argocdapps/github-readme-stats/ingress.jsonnet b/k8s/apps/github-readme-stats/ingress.jsonnet
similarity index 87%
rename from k8s/argocdapps/github-readme-stats/ingress.jsonnet
rename to k8s/apps/github-readme-stats/ingress.jsonnet
index b8f44553a..734751b4f 100644
--- a/k8s/argocdapps/github-readme-stats/ingress.jsonnet
+++ b/k8s/apps/github-readme-stats/ingress.jsonnet
@@ -7,7 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'github-readme-stats.walnuts.dev',
@@ -18,7 +18,7 @@
pathType: 'Prefix',
backend: {
service: {
- name: (import 'service.json5').metadata.name,
+ name: (import 'service.jsonnet').metadata.name,
port: {
number: 80,
},
diff --git a/k8s/argocdapps/github-readme-stats/service.jsonnet b/k8s/apps/github-readme-stats/service.jsonnet
similarity index 75%
rename from k8s/argocdapps/github-readme-stats/service.jsonnet
rename to k8s/apps/github-readme-stats/service.jsonnet
index b74090b88..dc69ba5fc 100644
--- a/k8s/argocdapps/github-readme-stats/service.jsonnet
+++ b/k8s/apps/github-readme-stats/service.jsonnet
@@ -7,9 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- selector: {
- matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
ports: [
{
protocol: 'TCP',
diff --git a/k8s/argocdapps/hedgedoc/app.json5 b/k8s/apps/hedgedoc/app.json5
similarity index 100%
rename from k8s/argocdapps/hedgedoc/app.json5
rename to k8s/apps/hedgedoc/app.json5
diff --git a/k8s/argocdapps/hedgedoc/deployment.jsonnet b/k8s/apps/hedgedoc/deployment.jsonnet
similarity index 98%
rename from k8s/argocdapps/hedgedoc/deployment.jsonnet
rename to k8s/apps/hedgedoc/deployment.jsonnet
index e16b32e5c..fcf0df43e 100644
--- a/k8s/argocdapps/hedgedoc/deployment.jsonnet
+++ b/k8s/apps/hedgedoc/deployment.jsonnet
@@ -19,7 +19,7 @@
containers: [
(import '../../components/container.libsonnet') {
name: 'hedgedoc',
- image: 'quay.io/hedgedoc/hedgedoc:1.10.0',
+ image: 'quay.io/hedgedoc/hedgedoc:1.10.1',
imagePullPolicy: 'IfNotPresent',
ports: [
{
@@ -30,7 +30,7 @@
resources: {
limits: {},
requests: {
- memory: '100Mi',
+ memory: '80Mi',
},
},
env: [
diff --git a/k8s/argocdapps/hedgedoc/external-secret.jsonnet b/k8s/apps/hedgedoc/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/hedgedoc/external-secret.jsonnet
rename to k8s/apps/hedgedoc/external-secret.jsonnet
diff --git a/k8s/argocdapps/hedgedoc/ingress.jsonnet b/k8s/apps/hedgedoc/ingress.jsonnet
similarity index 96%
rename from k8s/argocdapps/hedgedoc/ingress.jsonnet
rename to k8s/apps/hedgedoc/ingress.jsonnet
index 6ab3c13f7..a0fd79683 100644
--- a/k8s/argocdapps/hedgedoc/ingress.jsonnet
+++ b/k8s/apps/hedgedoc/ingress.jsonnet
@@ -10,7 +10,7 @@
},
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'hedgedoc.walnuts.dev',
diff --git a/k8s/argocdapps/hedgedoc/service.jsonnet b/k8s/apps/hedgedoc/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/hedgedoc/service.jsonnet
rename to k8s/apps/hedgedoc/service.jsonnet
diff --git a/.github/scripts/infrautil/lib/testfiles/app.json5 b/k8s/apps/http-dump/app.json5
similarity index 100%
rename from .github/scripts/infrautil/lib/testfiles/app.json5
rename to k8s/apps/http-dump/app.json5
diff --git a/k8s/argocdapps/http-dump/deployment.jsonnet b/k8s/apps/http-dump/deployment.jsonnet
similarity index 93%
rename from k8s/argocdapps/http-dump/deployment.jsonnet
rename to k8s/apps/http-dump/deployment.jsonnet
index f44ce9233..b4d55ce8c 100644
--- a/k8s/argocdapps/http-dump/deployment.jsonnet
+++ b/k8s/apps/http-dump/deployment.jsonnet
@@ -19,7 +19,7 @@
containers: [
(import '../../components/container.libsonnet') {
name: 'http-dump',
- image: 'ghcr.io/walnuts1018/http-dump:629824cedeccfb239b7d490f2f6dffb70f12a5f7-24',
+ image: 'ghcr.io/walnuts1018/http-dump:57d44747fb87b9197c335f275763279861c90def-33',
ports: [
{
name: 'http',
diff --git a/k8s/argocdapps/http-dump/ingress.jsonnet b/k8s/apps/http-dump/ingress.jsonnet
similarity index 96%
rename from k8s/argocdapps/http-dump/ingress.jsonnet
rename to k8s/apps/http-dump/ingress.jsonnet
index d4316d93a..cfa0cedb7 100644
--- a/k8s/argocdapps/http-dump/ingress.jsonnet
+++ b/k8s/apps/http-dump/ingress.jsonnet
@@ -7,7 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'httptest.walnuts.dev',
diff --git a/k8s/argocdapps/http-dump/service.jsonnet b/k8s/apps/http-dump/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/http-dump/service.jsonnet
rename to k8s/apps/http-dump/service.jsonnet
diff --git a/k8s/argocdapps/influxdb/app.json5 b/k8s/apps/influxdb/app.json5
similarity index 100%
rename from k8s/argocdapps/influxdb/app.json5
rename to k8s/apps/influxdb/app.json5
diff --git a/k8s/argocdapps/influxdb/external-secret.jsonnet b/k8s/apps/influxdb/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/influxdb/external-secret.jsonnet
rename to k8s/apps/influxdb/external-secret.jsonnet
diff --git a/k8s/argocdapps/influxdb/helm.jsonnet b/k8s/apps/influxdb/helm.jsonnet
similarity index 100%
rename from k8s/argocdapps/influxdb/helm.jsonnet
rename to k8s/apps/influxdb/helm.jsonnet
diff --git a/k8s/argocdapps/influxdb/values.yaml b/k8s/apps/influxdb/values.yaml
similarity index 98%
rename from k8s/argocdapps/influxdb/values.yaml
rename to k8s/apps/influxdb/values.yaml
index 4674755ed..ac3a9eabb 100644
--- a/k8s/argocdapps/influxdb/values.yaml
+++ b/k8s/apps/influxdb/values.yaml
@@ -20,7 +20,7 @@ ingress:
enabled: true
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
- className: nginx
+ className: cilium
tls: false
# secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx
hostname: influxdb.walnuts.dev
diff --git a/k8s/apps/kibana/app.json5 b/k8s/apps/kibana/app.json5
new file mode 100644
index 000000000..787f9cf21
--- /dev/null
+++ b/k8s/apps/kibana/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "kibana",
+ namespace: "elasticsearch",
+}
diff --git a/k8s/apps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet
new file mode 100644
index 000000000..6bcf270d1
--- /dev/null
+++ b/k8s/apps/kibana/deployment.jsonnet
@@ -0,0 +1,62 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ containers: [
+ {
+ name: 'kibana',
+ securityContext: {
+ readOnlyRootFilesystem: true,
+ runAsNonRoot: true,
+ },
+ image: 'docker.elastic.co/kibana/kibana:8.17.1',
+ ports: [
+ {
+ name: 'http',
+ containerPort: 5601,
+ },
+ ],
+ env: [
+ {
+ name: 'ELASTICSEARCH_HOSTS',
+ value: 'http://%s.%s.svc.cluster.local:9200' % [(import '../elasticsearch/service.jsonnet').metadata.name, (import '../elasticsearch/app.json5').namespace],
+ },
+ ],
+ resources: {
+ limits: {},
+ requests: {
+ memory: '500Mi',
+ },
+ },
+ volumeMounts: [
+ {
+ mountPath: '/usr/share/kibana/data',
+ name: 'kibana-data',
+ },
+ ],
+ },
+ ],
+ volumes: [
+ {
+ name: 'kibana-data',
+ emptyDir: {},
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/kibana/deployment.yaml b/k8s/apps/kibana/deployment.yaml
deleted file mode 100644
index 1f8df3dab..000000000
--- a/k8s/apps/kibana/deployment.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kibana
- labels:
- app: kibana
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kibana
- template:
- metadata:
- labels:
- app: kibana
- spec:
- containers:
- - name: kibana
- securityContext:
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- image: docker.elastic.co/kibana/kibana:8.15.3 # {"$imagepolicy": "elasticsearch:kibana"}
- ports:
- - name: http
- containerPort: 5601
- env:
- - name: ELASTICSEARCH_HOSTS
- value: "http://elasticsearch.databases.svc.cluster.local:9200"
- #- name: SERVER_PUBLICBASEURL
- # value: "https://kibana.walnuts.dev"
- resources:
- limits: {}
- requests:
- memory: 500Mi
- volumeMounts:
- - mountPath: /usr/share/kibana/data
- name: kibana-data
- volumes:
- - name: kibana-data
- emptyDir: {}
diff --git a/k8s/apps/kibana/image-policy.yaml b/k8s/apps/kibana/image-policy.yaml
deleted file mode 100644
index 2d0cc6e98..000000000
--- a/k8s/apps/kibana/image-policy.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: kibana
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/kibana
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/kibana
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: kibana
-spec:
- image: docker.elastic.co/kibana/kibana
- interval: 2m0s
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: kibana
-spec:
- imageRepositoryRef:
- name: kibana
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/apps/kibana/kustomization.yaml b/k8s/apps/kibana/kustomization.yaml
deleted file mode 100644
index 4c120cf5e..000000000
--- a/k8s/apps/kibana/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: elasticsearch
-resources:
-- deployment.yaml
-- service.yaml
-- ./oauth2-proxy
-- image-policy.yaml
diff --git a/k8s/apps/kibana/oauth2-proxy.jsonnet b/k8s/apps/kibana/oauth2-proxy.jsonnet
new file mode 100644
index 000000000..e706bcb3c
--- /dev/null
+++ b/k8s/apps/kibana/oauth2-proxy.jsonnet
@@ -0,0 +1,14 @@
+(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({
+ app: {
+ name: 'kibana',
+ namespace: (import 'app.json5').namespace,
+ },
+ domain: 'kibana.walnuts.dev',
+ upstream: 'http://kibana.elasticsearch.svc.cluster.local:5601',
+ oidc: {
+ secret: {
+ onepassword_item_name: 'kibana-oauth2-proxy',
+ },
+ allowed_group: '237477822715658605:kibana-admin',
+ },
+})
diff --git a/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml b/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml
deleted file mode 100644
index 351bcd3e0..000000000
--- a/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: kibana-oauth2-proxy
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: kibana-oauth2-proxy
- data:
- - secretKey: client-id
- remoteRef:
- key: kibana-oauth2-proxy
- property: client-id
- - secretKey: client-secret
- remoteRef:
- key: kibana-oauth2-proxy
- property: client-secret
- - secretKey: cookie-secret
- remoteRef:
- key: kibana-oauth2-proxy
- property: cookie-secret
- - secretKey: redis-password
- remoteRef:
- key: redis
- property: password
diff --git a/k8s/apps/kibana/oauth2-proxy/helm.yaml b/k8s/apps/kibana/oauth2-proxy/helm.yaml
deleted file mode 100644
index 8c9d86352..000000000
--- a/k8s/apps/kibana/oauth2-proxy/helm.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: kibana-oauth2-proxy
-spec:
- url: https://oauth2-proxy.github.io/manifests
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: kibana-oauth2-proxy
-spec:
- chart:
- spec:
- chart: oauth2-proxy
- version: 7.7.28
- values:
- config:
- existingSecret: kibana-oauth2-proxy
- configFile: |-
- email_domains = [ "*" ]
- upstreams = [ "http://kibana.elasticsearch.svc.cluster.local:5601" ]
- pass_access_token = true
- user_id_claim = "sub"
- oidc_groups_claim="my:zitadel:grants"
- allowed_groups = ["237477822715658605:kibana-admin"]
-
- extraArgs:
- provider: oidc
- redirect-url: https://kibana.walnuts.dev/oauth2/callback
- oidc-issuer-url: https://auth.walnuts.dev
- skip-provider-button: true
- ingress:
- enabled: true
- className: nginx
- path: /
- pathType: Prefix
- hosts:
- - "kibana.walnuts.dev"
- sessionStorage:
- type: redis
- redis:
- existingSecret: "kibana-oauth2-proxy"
- passwordKey: "redis-password"
- clientType: "sentinel"
- sentinel:
- existingSecret: "kibana-oauth2-proxy"
- passwordKey: "redis-password"
- masterName: "mymaster"
- connectionUrls: "redis://kibana-oauth2-proxy-redis:6379,redis://kibana-oauth2-proxy-redis-sentinel:26379"
- metrics:
- enabled: true
diff --git a/k8s/apps/kibana/oauth2-proxy/kustomization.yaml b/k8s/apps/kibana/oauth2-proxy/kustomization.yaml
deleted file mode 100644
index ba766e9f0..000000000
--- a/k8s/apps/kibana/oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- externalsecret.yaml
-- helm.yaml
-- redis.yaml
-components:
-- ../../../components/helm
diff --git a/k8s/apps/kibana/oauth2-proxy/redis.yaml b/k8s/apps/kibana/oauth2-proxy/redis.yaml
deleted file mode 100644
index 196cd6a05..000000000
--- a/k8s/apps/kibana/oauth2-proxy/redis.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
- name: kibana-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: kibana-oauth2-proxy-redis
-spec:
- clusterSize: 2
- kubernetesConfig:
- image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "kibana-oauth2-proxy"
- key: "redis-password"
- storage:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
----
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
- name: kibana-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: kibana-oauth2-proxy-redis
-spec:
- clusterSize: 3
- redisSentinelConfig:
- redisReplicationName: kibana-oauth2-proxy-redis
- masterGroupName: "mymaster"
- redisPort: "6379"
- quorum: "2"
- parallelSyncs: "1"
- failoverTimeout: "180000"
- downAfterMilliseconds: "30000"
- kubernetesConfig:
- image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "kibana-oauth2-proxy"
- key: "redis-password"
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
diff --git a/k8s/apps/kibana/service.jsonnet b/k8s/apps/kibana/service.jsonnet
new file mode 100644
index 000000000..44822d10b
--- /dev/null
+++ b/k8s/apps/kibana/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 5601,
+ targetPort: 5601,
+ },
+ ],
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/kibana/service.yaml b/k8s/apps/kibana/service.yaml
deleted file mode 100644
index b7e9d9f9f..000000000
--- a/k8s/apps/kibana/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: kibana
- labels:
- app: kibana
-spec:
- ports:
- - name: http
- port: 5601
- targetPort: 5601
- selector:
- app: kibana
- type: ClusterIP
diff --git a/k8s/apps/komga/app.json5 b/k8s/apps/komga/app.json5
new file mode 100644
index 000000000..69a743855
--- /dev/null
+++ b/k8s/apps/komga/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "komga",
+ namespace: "komga",
+}
diff --git a/k8s/apps/komga/application.yml b/k8s/apps/komga/config/application.yml
similarity index 78%
rename from k8s/apps/komga/application.yml
rename to k8s/apps/komga/config/application.yml
index 5a38ea2a6..357829cf1 100644
--- a/k8s/apps/komga/application.yml
+++ b/k8s/apps/komga/config/application.yml
@@ -13,7 +13,6 @@ spring:
# the placeholders in {} will be replaced automatically, you don't need to change this line
redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
provider:
- zitadel: # this must match the provider above
+ zitadel:
user-name-attribute: sub
- # either set the issuer-uri, in which case the app will lookup the configuration for you automatically
issuer-uri: https://auth.walnuts.dev
diff --git a/k8s/argocdapps/blog/configmap.jsonnet b/k8s/apps/komga/configmap.jsonnet
similarity index 57%
rename from k8s/argocdapps/blog/configmap.jsonnet
rename to k8s/apps/komga/configmap.jsonnet
index b852fae5f..78305a1ed 100644
--- a/k8s/argocdapps/blog/configmap.jsonnet
+++ b/k8s/apps/komga/configmap.jsonnet
@@ -2,12 +2,11 @@
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
- name: (import 'app.json5').name,
+ name: (import 'app.json5').name + '-secret-template' + '-' + std.md5(std.toString($.data))[0:6],
namespace: (import 'app.json5').namespace,
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
data: {
- 'nginx.conf': (importstr './config/nginx.conf'),
- 'virtualhost.conf': (importstr './config/virtualhost.conf'),
+ 'application.yml': (importstr './config/application.yml'),
},
}
diff --git a/k8s/apps/komga/external-secret.jsonnet b/k8s/apps/komga/external-secret.jsonnet
new file mode 100644
index 000000000..5f34fa6a6
--- /dev/null
+++ b/k8s/apps/komga/external-secret.jsonnet
@@ -0,0 +1,35 @@
+std.mergePatch((import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'clientsecret',
+ remoteRef: {
+ key: 'komga',
+ property: 'client-secret',
+ },
+ },
+ ],
+}, {
+ spec: {
+ target: {
+ template: {
+ engineVersion: 'v2',
+ type: 'Opaque',
+ templateFrom: [
+ {
+ target: 'Data',
+ configMap: {
+ name: (import 'configmap.jsonnet').metadata.name,
+ items: [
+ {
+ key: 'application.yml',
+ templateAs: 'Values',
+ },
+ ],
+ },
+ },
+ ],
+ },
+ },
+ },
+})
diff --git a/k8s/apps/komga/externalsecret.yaml b/k8s/apps/komga/externalsecret.yaml
deleted file mode 100644
index 7df1f8fc7..000000000
--- a/k8s/apps/komga/externalsecret.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: komga-config
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: komga-config
- template:
- engineVersion: v2
- type: Opaque
- templateFrom:
- - target: Data
- configMap:
- name: komga-config
- items:
- - key: application.yml
- templateAs: Values
- data:
- - secretKey: clientsecret
- remoteRef:
- key: komga
- property: client-secret
-
diff --git a/k8s/apps/komga/image-policy.yaml b/k8s/apps/komga/image-policy.yaml
deleted file mode 100644
index 4fa68de6c..000000000
--- a/k8s/apps/komga/image-policy.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: komga
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/komga
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/komga
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: komga
-spec:
- image: gotson/komga
- interval: 2m0s
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: komga
-spec:
- imageRepositoryRef:
- name: komga
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/argocdapps/nginx-test/ingress.jsonnet b/k8s/apps/komga/ingress.jsonnet
similarity index 78%
rename from k8s/argocdapps/nginx-test/ingress.jsonnet
rename to k8s/apps/komga/ingress.jsonnet
index 8f31d4c3f..4d417d8c3 100644
--- a/k8s/argocdapps/nginx-test/ingress.jsonnet
+++ b/k8s/apps/komga/ingress.jsonnet
@@ -2,15 +2,18 @@
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
+ annotations: {
+ 'nginx.ingress.kubernetes.io/proxy-body-size': '4G',
+ },
name: (import 'app.json5').name,
namespace: (import 'app.json5').namespace,
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
- host: 'nginxtest.walnuts.dev',
+ host: 'komga.walnuts.dev',
http: {
paths: [
{
@@ -20,7 +23,7 @@
service: {
name: (import 'service.jsonnet').metadata.name,
port: {
- number: (import 'service.jsonnet').spec.ports[0].port,
+ name: 'http',
},
},
},
diff --git a/k8s/apps/komga/ingress.yaml b/k8s/apps/komga/ingress.yaml
deleted file mode 100644
index 3d6be2440..000000000
--- a/k8s/apps/komga/ingress.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 4G
- name: komga
-spec:
- ingressClassName: "nginx"
- rules:
- - host: komga.walnuts.dev
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: komga
- port:
- name: http
-
diff --git a/k8s/apps/komga/kustomization.yaml b/k8s/apps/komga/kustomization.yaml
deleted file mode 100644
index 332bbec1d..000000000
--- a/k8s/apps/komga/kustomization.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: komga
-resources:
-- externalsecret.yaml
-- service.yaml
-- ingress.yaml
-- statefulset.yaml
-- pvc.yaml
-- image-policy.yaml
-configMapGenerator:
-- name: komga-config
- files:
- - application.yml
-generatorOptions:
- disableNameSuffixHash: true
diff --git a/k8s/apps/komga/pvc.jsonnet b/k8s/apps/komga/pvc.jsonnet
new file mode 100644
index 000000000..5d3ba95de
--- /dev/null
+++ b/k8s/apps/komga/pvc.jsonnet
@@ -0,0 +1,18 @@
+{
+ apiVersion: 'v1',
+ kind: 'PersistentVolumeClaim',
+ metadata: {
+ name: 'komga-config',
+ },
+ spec: {
+ storageClassName: 'longhorn',
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ resources: {
+ requests: {
+ storage: '2Gi',
+ },
+ },
+ },
+}
diff --git a/k8s/apps/komga/pvc.yaml b/k8s/apps/komga/pvc.yaml
deleted file mode 100644
index c955deaa9..000000000
--- a/k8s/apps/komga/pvc.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: komga-config
-spec:
- storageClassName: longhorn
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 2Gi
diff --git a/k8s/apps/komga/service.jsonnet b/k8s/apps/komga/service.jsonnet
new file mode 100644
index 000000000..e9869e0ae
--- /dev/null
+++ b/k8s/apps/komga/service.jsonnet
@@ -0,0 +1,21 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 80,
+ protocol: 'TCP',
+ targetPort: 'http',
+ },
+ ],
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/komga/service.yaml b/k8s/apps/komga/service.yaml
deleted file mode 100644
index eb7857aa7..000000000
--- a/k8s/apps/komga/service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: komga
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: komga
- type: ClusterIP
diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet
new file mode 100644
index 000000000..eb456a68c
--- /dev/null
+++ b/k8s/apps/komga/statefulset.jsonnet
@@ -0,0 +1,100 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'StatefulSet',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ serviceName: (import 'service.jsonnet').metadata.name,
+ replicas: 1,
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'komga',
+ image: 'gotson/komga:1.19.1',
+ resources: {
+ limits: {
+ cpu: '500m',
+ memory: '2Gi',
+ },
+ requests: {
+ cpu: '5m',
+ memory: '1Gi',
+ },
+ },
+ securityContext:: null,
+ ports: [
+ {
+ containerPort: 25600,
+ name: 'http',
+ },
+ ],
+ readinessProbe: {
+ httpGet: {
+ path: '/actuator/health',
+ port: 'http',
+ },
+ },
+ volumeMounts: [
+ {
+ mountPath: '/config',
+ name: 'config-dir',
+ },
+ {
+ mountPath: '/config/application.yml',
+ name: 'config-file',
+ subPath: 'application.yml',
+ readOnly: true,
+ },
+ {
+ mountPath: '/books',
+ name: 'book-dir',
+ },
+ {
+ mountPath: '/tmp',
+ name: 'tmp',
+ },
+ ],
+ },
+ ],
+ volumes: [
+ {
+ name: 'config-dir',
+ persistentVolumeClaim: {
+ claimName: (import 'pvc.jsonnet').metadata.name,
+ },
+ },
+ {
+ name: 'config-file',
+ secret: {
+ secretName: (import 'external-secret.jsonnet').spec.target.name,
+ },
+ },
+ {
+ name: 'book-dir',
+ hostPath: {
+ path: '/mnt/data/share/Books',
+ type: 'Directory',
+ },
+ },
+ {
+ emptyDir: {},
+ name: 'tmp',
+ },
+ ],
+ nodeSelector: {
+ 'kubernetes.io/hostname': 'cake',
+ },
+ },
+ },
+ },
+}
diff --git a/k8s/apps/komga/statefulset.yaml b/k8s/apps/komga/statefulset.yaml
deleted file mode 100644
index 0b4e402b9..000000000
--- a/k8s/apps/komga/statefulset.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: komga
-spec:
- selector:
- matchLabels:
- app: komga
- serviceName: komga
- replicas: 1
- template:
- metadata:
- labels:
- app: komga
- spec:
- containers:
- - name: komga
- # securityContext:
- # readOnlyRootFilesystem: true
- image: gotson/komga:1.14.1 # {"$imagepolicy": "komga:komga"}
- resources:
- limits: {}
- requests:
- memory: 600Mi
- ports:
- - containerPort: 25600
- name: http
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: http
- volumeMounts:
- - mountPath: /config
- name: config-dir
- - mountPath: /config/application.yml
- name: config-file
- subPath: application.yml
- readOnly: true
- - mountPath: /books
- name: book-dir
- - mountPath: /tmp
- name: tmp
- volumes:
- - name: config-dir
- persistentVolumeClaim:
- claimName: komga-config
- - name: config-file
- secret:
- secretName: komga-config
- - name: book-dir
- hostPath:
- path: /mnt/data/share/Books
- type: Directory
- - emptyDir: {}
- name: tmp
- nodeSelector:
- kubernetes.io/hostname: cake
diff --git a/k8s/apps/krakend/deployment.yaml b/k8s/apps/krakend/deployment.yaml
deleted file mode 100644
index 71df56bf5..000000000
--- a/k8s/apps/krakend/deployment.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: krakend
-spec:
- selector:
- matchLabels:
- app: krakend
- replicas: 1
- template:
- metadata:
- labels:
- app: krakend
- spec:
- containers:
- - name: krakend
- image: devopsfaith/krakend:2.7.2 # {"$imagepolicy": "krakend-system:krakend"}
- ports:
- - containerPort: 8080
- imagePullPolicy: IfNotPresent
- command: ["/usr/bin/krakend"]
- args: ["run", "-d", "-c", "/etc/krakend/krakend.json", "-p", "8080"]
- securityContext:
- allowPrivilegeEscalation: false
- runAsNonRoot: true
- runAsUser: 1000
- readOnlyRootFilesystem: true
- capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
- volumeMounts:
- - name: config
- mountPath: /etc/krakend
- readOnly: true
- env:
- - name: KRAKEND_PORT
- value: "8080"
- resources:
- limits: {}
- requests:
- memory: 50Mi
- volumes:
- - name: config
- configMap:
- name: krakend-configmap
- items:
- - key: krakend.json
- path: krakend.json
diff --git a/k8s/apps/krakend/image-policy.yaml b/k8s/apps/krakend/image-policy.yaml
deleted file mode 100644
index ef5dd9250..000000000
--- a/k8s/apps/krakend/image-policy.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: krakend
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/krakend
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/krakend
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: krakend
-spec:
- image: devopsfaith/krakend
- interval: 2m0s
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: krakend
-spec:
- imageRepositoryRef:
- name: krakend
- policy:
- semver:
- range: ">=0.0.0"
diff --git a/k8s/apps/krakend/ingress.yaml b/k8s/apps/krakend/ingress.yaml
deleted file mode 100644
index f443aa5f5..000000000
--- a/k8s/apps/krakend/ingress.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: krakend
-spec:
- ingressClassName: "nginx"
- rules:
- - host: "api.walnuts.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: krakend
- port:
- number: 8080
diff --git a/k8s/apps/krakend/krakend.json b/k8s/apps/krakend/krakend.json
deleted file mode 100644
index a4bc2ee8c..000000000
--- a/k8s/apps/krakend/krakend.json
+++ /dev/null
@@ -1,164 +0,0 @@
-{
- "$schema": "https://www.krakend.io/schema/krakend.json",
- "version": 3,
- "name": "Main API Gateway",
- "timeout": "3000ms",
- "cache_ttl": "300s",
- "output_encoding": "json",
- "endpoints": [
- {
- "endpoint": "/v1/httptest",
- "method": "GET",
- "output_encoding": "string",
- "backend": [
- {
- "url_pattern": "/",
- "encoding": "string",
- "sd": "static",
- "method": "GET",
- "host": ["http://http-dump.default.svc.cluster.local:8080"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/machines/start/{machineName}",
- "method": "POST",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/machines/start/{machineName}",
- "encoding": "json",
- "sd": "static",
- "method": "POST",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/machines/start/{machineName}/automated",
- "method": "POST",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/machines/start/{machineName}/automated",
- "encoding": "json",
- "sd": "static",
- "method": "POST",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/machines/stop/{machineName}",
- "method": "POST",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/machines/stop/{machineName}",
- "encoding": "json",
- "sd": "static",
- "method": "POST",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/machines/stop/{machineName}/automated",
- "method": "POST",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/machines/stop/{machineName}/automated",
- "encoding": "json",
- "sd": "static",
- "method": "POST",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/machines/status/{machineName}",
- "method": "GET",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/machines/status/{machineName}",
- "encoding": "json",
- "sd": "static",
- "method": "GET",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- },
- {
- "endpoint": "/machine-manager/v1/tasks/{taskId}",
- "method": "GET",
- "output_encoding": "json",
- "backend": [
- {
- "url_pattern": "/v1/tasks/{taskId}",
- "encoding": "json",
- "sd": "static",
- "method": "GET",
- "host": ["http://machine-status-api.default.svc.cluster.local"],
- "disable_host_sanitize": false
- }
- ],
- "extra_config": {
- "auth/validator": {
- "alg": "RS256",
- "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs",
- "cache": true
- }
- }
- }
- ]
-}
diff --git a/k8s/apps/krakend/kustomization.yaml b/k8s/apps/krakend/kustomization.yaml
deleted file mode 100644
index df1de826d..000000000
--- a/k8s/apps/krakend/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: krakend-system
-resources:
-- service.yaml
-- deployment.yaml
-- ingress.yaml
-- image-policy.yaml
-configMapGenerator:
-- name: krakend-configmap
- files:
- - krakend.json
diff --git a/k8s/apps/krakend/service.yaml b/k8s/apps/krakend/service.yaml
deleted file mode 100644
index de31fc551..000000000
--- a/k8s/apps/krakend/service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: krakend
-spec:
- type: ClusterIP
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- protocol: TCP
- selector:
- app: krakend
diff --git a/k8s/argocdapps/local-path-provisioner/app.json5 b/k8s/apps/local-path-provisioner/app.json5
similarity index 100%
rename from k8s/argocdapps/local-path-provisioner/app.json5
rename to k8s/apps/local-path-provisioner/app.json5
diff --git a/k8s/argocdapps/local-path-provisioner/application.jsonnet b/k8s/apps/local-path-provisioner/application.jsonnet
similarity index 100%
rename from k8s/argocdapps/local-path-provisioner/application.jsonnet
rename to k8s/apps/local-path-provisioner/application.jsonnet
diff --git a/k8s/argocdapps/loki/app.json5 b/k8s/apps/loki/app.json5
similarity index 100%
rename from k8s/argocdapps/loki/app.json5
rename to k8s/apps/loki/app.json5
diff --git a/k8s/argocdapps/loki/external-secret.jsonnet b/k8s/apps/loki/external-secret.jsonnet
similarity index 69%
rename from k8s/argocdapps/loki/external-secret.jsonnet
rename to k8s/apps/loki/external-secret.jsonnet
index 22ee69fcf..3b78511ef 100644
--- a/k8s/argocdapps/loki/external-secret.jsonnet
+++ b/k8s/apps/loki/external-secret.jsonnet
@@ -1,5 +1,5 @@
(import '../../components/external-secret.libsonnet') {
- name: (import 'app.json5').name + '-minio',
+ name: (import 'app.json5').name,
use_suffix: false,
data: [
{
@@ -16,5 +16,12 @@
property: 'minio-secret-key',
},
},
+ {
+ secretKey: 'redispassword',
+ remoteRef: {
+ key: 'redis',
+ property: 'password',
+ },
+ },
],
}
diff --git a/k8s/argocdapps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/loki/helm.jsonnet
rename to k8s/apps/loki/helm.jsonnet
index ef0fb05cc..f269e5fac 100644
--- a/k8s/argocdapps/loki/helm.jsonnet
+++ b/k8s/apps/loki/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'loki',
repoURL: 'https://grafana.github.io/helm-charts',
- targetRevision: '6.18.0',
+ targetRevision: '6.25.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml
new file mode 100644
index 000000000..ecdc1ec2c
--- /dev/null
+++ b/k8s/apps/loki/values.yaml
@@ -0,0 +1,212 @@
+deploymentMode: SimpleScalable
+loki:
+ auth_enabled: false
+ commonConfig:
+ replication_factor: 1
+ storage:
+ type: s3
+ bucketNames:
+ chunks: "loki-chunks"
+ ruler: "loki-ruler"
+ admin: "loki-admin"
+ s3:
+ endpoint: "http://minio.minio.svc.cluster.local:9000"
+ region: ap-northeast-1
+ secretAccessKey: "${secretAccessKey}"
+ accessKeyId: "${accessKeyId}"
+ s3ForcePathStyle: true
+ insecure: true
+ http_config:
+ insecure_skip_verify: true
+ server:
+ # "error": "HTTP 500 \"Internal Server Error\": rpc error: code = ResourceExhausted desc = grpc: received message larger than max (4840865 vs. 4194304)"
+ # https://grafana.com/docs/loki/latest/configure/
+ grpc_server_max_recv_msg_size: 104857600
+ grpc_server_max_send_msg_size: 104857600
+ schemaConfig:
+ configs:
+ - from: '2024-01-01'
+ store: tsdb
+ index:
+ prefix: loki_index_
+ period: 24h
+ object_store: s3
+ schema: v13
+ ingester:
+ chunk_encoding: snappy
+ tracing:
+ enabled: true
+ querier:
+ max_concurrent: 4
+ limits_config:
+ allow_structured_metadata: true
+ retention_period: 336h
+ ingestion_burst_size_mb: 100
+ shard_streams:
+ enabled: true
+ desired_rate: 104857600 # 10MiB
+ reject_old_samples: false
+
+write:
+ replicas: 2
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 6
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ requests:
+ memory: 300Mi
+ cpu: 100m
+ limits:
+ memory: 1Gi
+ cpu: 1
+ extraArgs: [ "-config.expand-env=true" ]
+ extraEnvFrom:
+ - secretRef:
+ name: loki
+ persistence:
+ volumeClaimsEnabled: false
+ dataVolumeParameters:
+ emptyDir: {}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution: []
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - write
+ topologyKey: kubernetes.io/hostname
+
+read:
+ replicas: 2
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 6
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ requests:
+ memory: 240Mi
+ cpu: 30m
+ limits:
+ memory: 1Gi
+ cpu: 1
+ extraArgs: [ "-config.expand-env=true" ]
+ extraEnvFrom:
+ - secretRef:
+ name: loki
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution: []
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - read
+ topologyKey: kubernetes.io/hostname
+
+backend:
+ replicas: 2
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 6
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ requests:
+ memory: 256Mi
+ cpu: 20m
+ limits:
+ memory: 1Gi
+ cpu: 100m
+ extraArgs: [ "-config.expand-env=true" ]
+ extraEnvFrom:
+ - secretRef:
+ name: loki
+ persistence:
+ volumeClaimsEnabled: false
+ dataVolumeParameters:
+ emptyDir: {}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution: []
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - backend
+ topologyKey: kubernetes.io/hostname
+
+gateway:
+ replicas: 1
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 100
+ targetMemoryUtilizationPercentage: 100
+ resources:
+ requests:
+ memory: 20Mi
+ cpu: 10m
+ limits:
+ memory: 512Mi
+ cpu: 100m
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution: []
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - gateway
+ topologyKey: kubernetes.io/hostname
+
+singleBinary:
+ replicas: 0
+
+sidecar:
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 5m
+ memory: 100Mi
+chunksCache:
+ allocatedMemory: 8192
+ resources:
+ requests:
+ cpu: 50m
+ memory: 4Gi
+ limits:
+ memory: 9830Mi
+resultsCache:
+ allocatedMemory: 1024
+ resources:
+ requests:
+ cpu: 50m
+ memory: 1Gi
+ limits:
+ memory: 1229Mi
diff --git a/k8s/argocdapps/longhorn-backup/app.json5 b/k8s/apps/longhorn-backup/app.json5
similarity index 100%
rename from k8s/argocdapps/longhorn-backup/app.json5
rename to k8s/apps/longhorn-backup/app.json5
diff --git a/k8s/argocdapps/longhorn-backup/recurring-job.jsonnet b/k8s/apps/longhorn-backup/recurring-job.jsonnet
similarity index 100%
rename from k8s/argocdapps/longhorn-backup/recurring-job.jsonnet
rename to k8s/apps/longhorn-backup/recurring-job.jsonnet
diff --git a/k8s/argocdapps/longhorn-oauth2-proxy/app.json5 b/k8s/apps/longhorn-oauth2-proxy/app.json5
similarity index 100%
rename from k8s/argocdapps/longhorn-oauth2-proxy/app.json5
rename to k8s/apps/longhorn-oauth2-proxy/app.json5
diff --git a/k8s/argocdapps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet
similarity index 75%
rename from k8s/argocdapps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet
rename to k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet
index 7ecf9ec9a..0ef4c67c3 100644
--- a/k8s/argocdapps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet
+++ b/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet
@@ -1,14 +1,14 @@
-(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') {
- app:: {
+(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({
+ app: {
name: 'longhorn',
namespace: (import 'app.json5').namespace,
},
domain: 'longhorn.walnuts.dev',
upstream: 'http://longhorn-frontend.longhorn-system.svc.cluster.local/#/dashboard',
- oidc:: {
- secret:: {
+ oidc: {
+ secret: {
onepassword_item_name: 'longhorn-oauth2-proxy',
},
allowed_group: '237477822715658605:longhorn-admin',
},
-}
+})
diff --git a/k8s/argocdapps/longhorn/app.json5 b/k8s/apps/longhorn/app.json5
similarity index 100%
rename from k8s/argocdapps/longhorn/app.json5
rename to k8s/apps/longhorn/app.json5
diff --git a/k8s/argocdapps/longhorn/external-secret.jsonnet b/k8s/apps/longhorn/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/longhorn/external-secret.jsonnet
rename to k8s/apps/longhorn/external-secret.jsonnet
diff --git a/k8s/argocdapps/longhorn/helm.jsonnet b/k8s/apps/longhorn/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/longhorn/helm.jsonnet
rename to k8s/apps/longhorn/helm.jsonnet
index 39a7e50c2..eec7c2ce6 100644
--- a/k8s/argocdapps/longhorn/helm.jsonnet
+++ b/k8s/apps/longhorn/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'longhorn',
repoURL: 'https://charts.longhorn.io',
- targetRevision: '1.7.2',
+ targetRevision: '1.8.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/longhorn/storage-class.jsonnet b/k8s/apps/longhorn/storage-class.jsonnet
similarity index 100%
rename from k8s/argocdapps/longhorn/storage-class.jsonnet
rename to k8s/apps/longhorn/storage-class.jsonnet
diff --git a/k8s/argocdapps/longhorn/values.yaml b/k8s/apps/longhorn/values.yaml
similarity index 96%
rename from k8s/argocdapps/longhorn/values.yaml
rename to k8s/apps/longhorn/values.yaml
index d0aa2128f..6d0b8d8e8 100644
--- a/k8s/argocdapps/longhorn/values.yaml
+++ b/k8s/apps/longhorn/values.yaml
@@ -1,8 +1,6 @@
defaultSettings:
allowNodeDrainWithLastHealthyReplica: true
orphanAutoDeletion: true
- backupTarget: "cifs://samba.walnuts.dev/share/longhorn"
- backupTargetCredentialSecret: "cifs-secret"
defaultReplicaCount: 2
csi:
attacherReplicaCount: 2
@@ -27,3 +25,7 @@ longhornRecoveryBackend:
metrics:
serviceMonitor:
enabled: true
+
+defaultBackupStore:
+ backupTarget: "cifs://samba.walnuts.dev/share/longhorn"
+ backupTargetCredentialSecret: "cifs-secret"
diff --git a/k8s/argocdapps/machine-status-api/app.json5 b/k8s/apps/machine-status-api/app.json5
similarity index 100%
rename from k8s/argocdapps/machine-status-api/app.json5
rename to k8s/apps/machine-status-api/app.json5
diff --git a/k8s/argocdapps/machine-status-api/deployment.jsonnet b/k8s/apps/machine-status-api/deployment.jsonnet
similarity index 100%
rename from k8s/argocdapps/machine-status-api/deployment.jsonnet
rename to k8s/apps/machine-status-api/deployment.jsonnet
diff --git a/k8s/argocdapps/machine-status-api/service.jsonnet b/k8s/apps/machine-status-api/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/machine-status-api/service.jsonnet
rename to k8s/apps/machine-status-api/service.jsonnet
diff --git a/k8s/argocdapps/metrics-server/app.json5 b/k8s/apps/metrics-server/app.json5
similarity index 100%
rename from k8s/argocdapps/metrics-server/app.json5
rename to k8s/apps/metrics-server/app.json5
diff --git a/k8s/argocdapps/metrics-server/helm.jsonnet b/k8s/apps/metrics-server/helm.jsonnet
similarity index 100%
rename from k8s/argocdapps/metrics-server/helm.jsonnet
rename to k8s/apps/metrics-server/helm.jsonnet
diff --git a/k8s/argocdapps/metrics-server/values.yaml b/k8s/apps/metrics-server/values.yaml
similarity index 100%
rename from k8s/argocdapps/metrics-server/values.yaml
rename to k8s/apps/metrics-server/values.yaml
diff --git a/k8s/argocdapps/minio/app.json5 b/k8s/apps/minio/app.json5
similarity index 100%
rename from k8s/argocdapps/minio/app.json5
rename to k8s/apps/minio/app.json5
diff --git a/k8s/argocdapps/minio/external-secret.jsonnet b/k8s/apps/minio/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/minio/external-secret.jsonnet
rename to k8s/apps/minio/external-secret.jsonnet
diff --git a/k8s/argocdapps/minio/helm.jsonnet b/k8s/apps/minio/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/minio/helm.jsonnet
rename to k8s/apps/minio/helm.jsonnet
index b829548ab..886e377da 100644
--- a/k8s/argocdapps/minio/helm.jsonnet
+++ b/k8s/apps/minio/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'minio',
repoURL: 'https://charts.min.io/',
- targetRevision: '5.3.0',
+ targetRevision: '5.4.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/minio/values.yaml b/k8s/apps/minio/values.yaml
similarity index 66%
rename from k8s/argocdapps/minio/values.yaml
rename to k8s/apps/minio/values.yaml
index 1a96bc2bc..1bcf02a4d 100644
--- a/k8s/argocdapps/minio/values.yaml
+++ b/k8s/apps/minio/values.yaml
@@ -1,26 +1,23 @@
-mode: standalone
-replicas: 1
+mode: distributed
+replicas: 3
existingSecret: minio
persistence:
storageClass: longhorn
- size: 24Gi
- volumeName: minio
+ size: 32Gi
accessMode: ReadWriteOnce
ingress:
enabled: true
- ingressClassName: nginx
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 128G
+ ingressClassName: cilium
hosts:
- minio.walnuts.dev
consoleIngress:
enabled: true
- ingressClassName: nginx
+ ingressClassName: cilium
hosts:
- minio-console.walnuts.dev
resources:
requests:
- memory: 500Mi
+ memory: 1Gi
oidc:
enabled: true
configUrl: "https://auth.walnuts.dev/.well-known/openid-configuration"
@@ -33,11 +30,21 @@ oidc:
redirectUri: "https://minio-console.walnuts.dev/oauth_callback"
displayName: "Walnuts.dev"
environment:
- MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://minio-console.walnuts.dev/oauth_callback"
MINIO_SERVER_URL: "https://minio.walnuts.dev"
MINIO_BROWSER_REDIRECT_URL: "https://minio-console.walnuts.dev"
metrics:
serviceMonitor:
enabled: true
-
+ includeNode: true
users: []
+
+# podAnnotations:
+# instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default'
+# instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio'
+
+containerSecurityContext:
+ readOnlyRootFilesystem: true
+ runAsNonRoot: false
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: 'RuntimeDefault'
diff --git a/k8s/argocdapps/misskey/app.json5 b/k8s/apps/misskey/app.json5
similarity index 100%
rename from k8s/argocdapps/misskey/app.json5
rename to k8s/apps/misskey/app.json5
diff --git a/k8s/argocdapps/misskey/config/default.yml b/k8s/apps/misskey/config/default.yml
similarity index 100%
rename from k8s/argocdapps/misskey/config/default.yml
rename to k8s/apps/misskey/config/default.yml
diff --git a/k8s/argocdapps/misskey/configmap.jsonnet b/k8s/apps/misskey/configmap.jsonnet
similarity index 100%
rename from k8s/argocdapps/misskey/configmap.jsonnet
rename to k8s/apps/misskey/configmap.jsonnet
diff --git a/k8s/argocdapps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet
similarity index 90%
rename from k8s/argocdapps/misskey/deployment.jsonnet
rename to k8s/apps/misskey/deployment.jsonnet
index 10f621362..9d9a4eb6b 100644
--- a/k8s/argocdapps/misskey/deployment.jsonnet
+++ b/k8s/apps/misskey/deployment.jsonnet
@@ -26,7 +26,7 @@
initContainers: [
(import '../../components/container.libsonnet') {
name: 'misskey-init',
- image: 'misskey/misskey:2024.10.1',
+ image: 'misskey/misskey:2025.1.0',
imagePullPolicy: 'IfNotPresent',
command: [
'pnpm',
@@ -35,7 +35,7 @@
],
volumeMounts: [
{
- name: 'misskey-pv',
+ name: 'misskey-files',
mountPath: '/misskey/files',
},
{
@@ -49,7 +49,7 @@
containers: [
(import '../../components/container.libsonnet') {
name: 'misskey',
- image: 'misskey/misskey:2024.10.1',
+ image: 'misskey/misskey:2025.1.0',
imagePullPolicy: 'IfNotPresent',
ports: [
{
@@ -58,7 +58,7 @@
],
volumeMounts: [
{
- name: 'misskey-pv',
+ name: 'misskey-files',
mountPath: '/misskey/files',
},
{
@@ -108,19 +108,14 @@
},
resources: {
requests: {
- memory: '512Mi',
+ cpu: '10m',
+ memory: '720Mi',
},
limits: {},
},
},
],
volumes: [
- {
- name: 'misskey-pv',
- persistentVolumeClaim: {
- claimName: (import 'pvc.jsonnet').metadata.name,
- },
- },
{
name: 'misskey-config',
secret: {
@@ -131,6 +126,10 @@
name: 'tmp',
emptyDir: {},
},
+ {
+ name: 'misskey-files',
+ emptyDir: {},
+ },
],
},
},
diff --git a/k8s/argocdapps/misskey/external-secret.jsonnet b/k8s/apps/misskey/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/misskey/external-secret.jsonnet
rename to k8s/apps/misskey/external-secret.jsonnet
diff --git a/k8s/argocdapps/misskey/ingress.jsonnet b/k8s/apps/misskey/ingress.jsonnet
similarity index 96%
rename from k8s/argocdapps/misskey/ingress.jsonnet
rename to k8s/apps/misskey/ingress.jsonnet
index 57f13523e..2c7499f31 100644
--- a/k8s/argocdapps/misskey/ingress.jsonnet
+++ b/k8s/apps/misskey/ingress.jsonnet
@@ -10,7 +10,7 @@
},
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'misskey.walnuts.dev',
diff --git a/k8s/apps/misskey/postgresql.jsonnet b/k8s/apps/misskey/postgresql.jsonnet
new file mode 100644
index 000000000..50af35f12
--- /dev/null
+++ b/k8s/apps/misskey/postgresql.jsonnet
@@ -0,0 +1,52 @@
+{
+ apiVersion: 'acid.zalan.do/v1',
+ kind: 'postgresql',
+ metadata: {
+ name: (import 'app.json5').name + '-postgresql',
+ namespace: (import 'app.json5').namespace,
+ },
+ spec: {
+ teamId: 'default',
+ volume: {
+ size: '5Gi',
+ storageClass: 'longhorn',
+ },
+ numberOfInstances: 2,
+ users: {
+ postgres: [
+ 'superuser',
+ 'createdb',
+ ],
+ misskey: [],
+ },
+ databases: {
+ misskey: 'misskey',
+ },
+ postgresql: {
+ version: '17',
+ parameters: {
+ max_standby_archive_delay: '180s',
+ max_standby_streaming_delay: '180s',
+ },
+ },
+ resources: {
+ },
+ patroni: {
+ pg_hba: [
+ 'local all all trust',
+ 'hostssl all +zalandos 127.0.0.1/32 pam',
+ 'host all all 127.0.0.1/32 md5',
+ 'hostssl all +zalandos ::1/128 pam',
+ 'host all all ::1/128 md5',
+ 'local replication standby trust',
+ 'hostssl replication standby all md5',
+ 'hostssl all +zalandos all pam',
+ 'hostssl all all all md5',
+ 'host all all 10.0.0.0/8 md5',
+ ],
+ },
+ enableLogicalBackup: true,
+ logicalBackupRetention: '1 week',
+ logicalBackupSchedule: '0 18 * * *',
+ },
+}
diff --git a/k8s/argocdapps/misskey/redis.jsonnet b/k8s/apps/misskey/redis.jsonnet
similarity index 100%
rename from k8s/argocdapps/misskey/redis.jsonnet
rename to k8s/apps/misskey/redis.jsonnet
diff --git a/k8s/argocdapps/misskey/service.jsonnet b/k8s/apps/misskey/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/misskey/service.jsonnet
rename to k8s/apps/misskey/service.jsonnet
diff --git a/k8s/argocdapps/moco/app.json5 b/k8s/apps/moco/app.json5
similarity index 100%
rename from k8s/argocdapps/moco/app.json5
rename to k8s/apps/moco/app.json5
diff --git a/k8s/argocdapps/moco/helm.jsonnet b/k8s/apps/moco/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/moco/helm.jsonnet
rename to k8s/apps/moco/helm.jsonnet
index c9bcec18e..ae67bf9f7 100644
--- a/k8s/argocdapps/moco/helm.jsonnet
+++ b/k8s/apps/moco/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'moco',
repoURL: 'https://cybozu-go.github.io/moco/',
- targetRevision: '0.14.0',
+ targetRevision: '0.15.1',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/moco/values.yaml b/k8s/apps/moco/values.yaml
similarity index 94%
rename from k8s/argocdapps/moco/values.yaml
rename to k8s/apps/moco/values.yaml
index 915473741..715fd5020 100644
--- a/k8s/argocdapps/moco/values.yaml
+++ b/k8s/apps/moco/values.yaml
@@ -12,4 +12,4 @@ affinity:
resources:
requests:
cpu: 10m
- memory: 60Mi
+ memory: 40Mi
diff --git a/k8s/apps/mpeg-dash-encoder/app.json5 b/k8s/apps/mpeg-dash-encoder/app.json5
new file mode 100644
index 000000000..2dbca1e01
--- /dev/null
+++ b/k8s/apps/mpeg-dash-encoder/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "mpeg-dash-encoder",
+ namespace: "mpeg-dash-encoder",
+}
diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet
new file mode 100644
index 000000000..fc4b50916
--- /dev/null
+++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet
@@ -0,0 +1,140 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ containers: [
+ std.mergePatch((import '../../components/container.libsonnet') {
+ name: 'mpeg-dash-encoder',
+ image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:52054e17d80858a0d2c515601db0a6f189352cf4-14',
+ ports: [
+ {
+ containerPort: 8080,
+ },
+ ],
+ livenessProbe: {
+ httpGet: {
+ path: '/healthz',
+ port: 8080,
+ },
+ failureThreshold: 1,
+ initialDelaySeconds: 10,
+ periodSeconds: 10,
+ },
+ env: [
+ {
+ name: 'LOG_LEVEL',
+ value: 'debug',
+ },
+ {
+ name: 'ADMIN_TOKEN',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'admin_token',
+ },
+ },
+ },
+ {
+ name: 'JWT_SIGN_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'jwt_sign_secret',
+ },
+ },
+ },
+ {
+ name: 'MINIO_ENDPOINT',
+ value: 'minio.minio.svc.cluster.local:9000',
+ },
+ {
+ name: 'MINIO_ACCESS_KEY',
+ value: 'k1KHQ1COSPXdYb3CBDUJ',
+ },
+ {
+ name: 'MINIO_SECRET_KEY',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'minio_secret_key',
+ },
+ },
+ },
+ {
+ name: 'MINIO_BUCKET',
+ value: 'mucaron',
+ },
+ {
+ name: 'MINIO_REGION',
+ value: 'ap-northeast-1',
+ },
+ {
+ name: 'MINIO_USE_SSL',
+ value: 'false',
+ },
+ {
+ name: 'FFMPEG_HW_ACCEL',
+ value: 'qsv',
+ },
+ {
+ name: 'MINIO_SOURCE_UPLOAD_BUCKET',
+ value: 'mpeg-dash-encoder-source-upload',
+ },
+ {
+ name: 'MINIO_OUTPUT_BUCKET',
+ value: 'mpeg-dash-encoder-output',
+ },
+ {
+ name: 'OTEL_EXPORTER_OTLP_ENDPOINT',
+ value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317',
+ },
+ ],
+ volumeMounts: [
+ {
+ mountPath: '/tmp',
+ name: 'tmp',
+ },
+ {
+ mountPath: '/var/log/mpeg-dash-encoder',
+ name: 'log',
+ },
+ ],
+ resources: {
+ },
+ }, {
+ securityContext: {
+ privileged: true,
+ },
+ }),
+ ],
+ volumes: [
+ {
+ name: 'tmp',
+ emptyDir: {},
+ },
+ {
+ name: 'log',
+ emptyDir: {},
+ },
+ ],
+ nodeSelector: {
+ 'kubernetes.io/hostname': 'cake',
+ },
+ },
+ },
+ },
+}
diff --git a/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet b/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet
new file mode 100644
index 000000000..d70dc3afa
--- /dev/null
+++ b/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet
@@ -0,0 +1,26 @@
+(import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'admin_token',
+ remoteRef: {
+ key: 'mpeg-dash-encoder',
+ property: 'admin_token',
+ },
+ },
+ {
+ secretKey: 'jwt_sign_secret',
+ remoteRef: {
+ key: 'mpeg-dash-encoder',
+ property: 'jwt_sign_secret',
+ },
+ },
+ {
+ secretKey: 'minio_secret_key',
+ remoteRef: {
+ key: 'mpeg-dash-encoder',
+ property: 'minio_secret_key',
+ },
+ },
+ ],
+}
diff --git a/k8s/argocdapps/blog/ingress.jsonnet b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet
similarity index 90%
rename from k8s/argocdapps/blog/ingress.jsonnet
rename to k8s/apps/mpeg-dash-encoder/ingress.jsonnet
index 97356bca8..6d975aef2 100644
--- a/k8s/argocdapps/blog/ingress.jsonnet
+++ b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet
@@ -7,10 +7,10 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
- host: 'blog.walnuts.dev',
+ host: 'mpeg-dash-encoder.walnuts.dev',
http: {
paths: [
{
diff --git a/k8s/argocdapps/nginx-test/service.jsonnet b/k8s/apps/mpeg-dash-encoder/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/nginx-test/service.jsonnet
rename to k8s/apps/mpeg-dash-encoder/service.jsonnet
diff --git a/k8s/argocdapps/mucaron/app.json5 b/k8s/apps/mucaron/app.json5
similarity index 100%
rename from k8s/argocdapps/mucaron/app.json5
rename to k8s/apps/mucaron/app.json5
diff --git a/k8s/argocdapps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet
similarity index 93%
rename from k8s/argocdapps/mucaron/back/deployment.jsonnet
rename to k8s/apps/mucaron/back/deployment.jsonnet
index 51fa18b67..6875cab76 100644
--- a/k8s/argocdapps/mucaron/back/deployment.jsonnet
+++ b/k8s/apps/mucaron/back/deployment.jsonnet
@@ -4,22 +4,22 @@
metadata: {
name: (import '../app.json5').name + '-back',
namespace: (import '../app.json5').namespace,
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
},
spec: {
replicas: 1,
selector: {
- matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
},
template: {
metadata: {
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
},
spec: {
containers: [
(import '../../../components/container.libsonnet') {
name: 'mucaron-backend',
- image: 'ghcr.io/walnuts1018/mucaron-backend:d6be1e4266c1e34e7265cd7c46cdef25c192a5da-62',
+ image: 'ghcr.io/walnuts1018/mucaron-backend:c8675c77b41b7155943b6316448ae856beea214f-88',
ports: [
{
containerPort: 8080,
@@ -28,7 +28,7 @@
resources: {
requests: {
cpu: '10m',
- memory: '512Mi',
+ memory: '100Mi',
},
limits: {
cpu: '2',
@@ -83,7 +83,7 @@
},
{
name: 'MINIO_ACCESS_KEY',
- value: 'oZzVGMWfbXtGtuzgPd3R',
+ value: '4SYRxLsspRxsvXvaddkz',
},
{
name: 'MINIO_SECRET_KEY',
diff --git a/k8s/argocdapps/mucaron/back/external-secret.jsonnet b/k8s/apps/mucaron/back/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/mucaron/back/external-secret.jsonnet
rename to k8s/apps/mucaron/back/external-secret.jsonnet
diff --git a/k8s/argocdapps/mucaron/back/pvc.jsonnet b/k8s/apps/mucaron/back/pvc.jsonnet
similarity index 100%
rename from k8s/argocdapps/mucaron/back/pvc.jsonnet
rename to k8s/apps/mucaron/back/pvc.jsonnet
diff --git a/k8s/argocdapps/mucaron/back/redis.jsonnet b/k8s/apps/mucaron/back/redis.jsonnet
similarity index 100%
rename from k8s/argocdapps/mucaron/back/redis.jsonnet
rename to k8s/apps/mucaron/back/redis.jsonnet
diff --git a/k8s/argocdapps/mucaron/back/service.jsonnet b/k8s/apps/mucaron/back/service.jsonnet
similarity index 80%
rename from k8s/argocdapps/mucaron/back/service.jsonnet
rename to k8s/apps/mucaron/back/service.jsonnet
index fb6ed532b..b38e103ff 100644
--- a/k8s/argocdapps/mucaron/back/service.jsonnet
+++ b/k8s/apps/mucaron/back/service.jsonnet
@@ -4,10 +4,10 @@
metadata: {
name: (import '../app.json5').name + '-back',
namespace: (import '../app.json5').namespace,
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
},
spec: {
- selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
ports: [
{
protocol: 'TCP',
diff --git a/k8s/argocdapps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet
similarity index 83%
rename from k8s/argocdapps/mucaron/front/deployment.jsonnet
rename to k8s/apps/mucaron/front/deployment.jsonnet
index fdf8d2390..35cfff8da 100644
--- a/k8s/argocdapps/mucaron/front/deployment.jsonnet
+++ b/k8s/apps/mucaron/front/deployment.jsonnet
@@ -4,22 +4,22 @@
metadata: {
name: (import '../app.json5').name + '-front',
namespace: (import '../app.json5').namespace,
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
},
spec: {
replicas: 1,
selector: {
- matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
},
template: {
metadata: {
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
},
spec: {
containers: [
(import '../../../components/container.libsonnet') {
name: 'mucaron-front',
- image: 'ghcr.io/walnuts1018/mucaron-frontend:6ee43def7714d6fc0c1dcfa0be59c4a4fbdeeaff-33',
+ image: 'ghcr.io/walnuts1018/mucaron-frontend:6815d5031e94f24ff1027f8616f7a8315a082f66-64',
ports: [
{
containerPort: 3000,
@@ -32,7 +32,7 @@
},
requests: {
cpu: '10m',
- memory: '20Mi',
+ memory: '100Mi',
},
},
volumeMounts: [
diff --git a/k8s/argocdapps/mucaron/front/service.jsonnet b/k8s/apps/mucaron/front/service.jsonnet
similarity index 80%
rename from k8s/argocdapps/mucaron/front/service.jsonnet
rename to k8s/apps/mucaron/front/service.jsonnet
index 9bd12b1b8..d5ad5346a 100644
--- a/k8s/argocdapps/mucaron/front/service.jsonnet
+++ b/k8s/apps/mucaron/front/service.jsonnet
@@ -4,10 +4,10 @@
metadata: {
name: (import '../app.json5').name + '-front',
namespace: (import '../app.json5').namespace,
- labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
},
spec: {
- selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
ports: [
{
protocol: 'TCP',
diff --git a/k8s/argocdapps/mucaron/ingress.jsonnet b/k8s/apps/mucaron/ingress.jsonnet
similarity index 97%
rename from k8s/argocdapps/mucaron/ingress.jsonnet
rename to k8s/apps/mucaron/ingress.jsonnet
index 6f1167e09..ffd7b803c 100644
--- a/k8s/argocdapps/mucaron/ingress.jsonnet
+++ b/k8s/apps/mucaron/ingress.jsonnet
@@ -10,7 +10,7 @@
},
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'mucaron.walnuts.dev',
diff --git a/k8s/apps/mysql-default/app.json5 b/k8s/apps/mysql-default/app.json5
new file mode 100644
index 000000000..df38b1988
--- /dev/null
+++ b/k8s/apps/mysql-default/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "mysql-default",
+ namespace: "databases",
+}
diff --git a/k8s/apps/mysql-default/kustomization.yaml b/k8s/apps/mysql-default/kustomization.yaml
deleted file mode 100644
index c476fa28c..000000000
--- a/k8s/apps/mysql-default/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: databases
-resources:
-- mysqlcluster.yaml
diff --git a/k8s/apps/mysql-default/mysql-cluster.jsonnet b/k8s/apps/mysql-default/mysql-cluster.jsonnet
new file mode 100644
index 000000000..f893c93de
--- /dev/null
+++ b/k8s/apps/mysql-default/mysql-cluster.jsonnet
@@ -0,0 +1,110 @@
+{
+ apiVersion: 'moco.cybozu.com/v1beta2',
+ kind: 'MySQLCluster',
+ metadata: {
+ name: (import 'app.json5').name,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 3,
+ podTemplate: {
+ spec: {
+ affinity: {
+ nodeAffinity: {
+ preferredDuringSchedulingIgnoredDuringExecution: [
+ {
+ weight: 100,
+ preference: {
+ matchExpressions: [
+ {
+ key: 'kubernetes.io/arch',
+ operator: 'In',
+ values: [
+ 'amd64',
+ ],
+ },
+ ],
+ },
+ },
+ ],
+ },
+ podAntiAffinity: {
+ requiredDuringSchedulingIgnoredDuringExecution: [
+ {
+ labelSelector: {
+ matchExpressions: [
+ {
+ key: 'app.kubernetes.io/instance',
+ operator: 'In',
+ values: [
+ 'test',
+ ],
+ },
+ ],
+ },
+ topologyKey: 'kubernetes.io/hostname',
+ },
+ ],
+ preferredDuringSchedulingIgnoredDuringExecution: [
+ {
+ weight: 10,
+ podAffinityTerm: {
+ labelSelector: {
+ matchExpressions: [
+ {
+ key: 'app.kubernetes.io/name',
+ operator: 'In',
+ values: [
+ 'mysql',
+ ],
+ },
+ ],
+ },
+ topologyKey: 'kubernetes.io/hostname',
+ },
+ },
+ ],
+ },
+ },
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'mysqld',
+ image: 'ghcr.io/cybozu-go/moco/mysql:8.4.4',
+ resources: {
+ requests: {
+ memory: '400Mi',
+ },
+ limits: {
+ memory: '2Gi',
+ },
+ },
+ },
+ ],
+ },
+ },
+ volumeClaimTemplates: [
+ {
+ metadata: {
+ name: 'mysql-data',
+ },
+ spec: {
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ storageClassName: 'longhorn',
+ resources: {
+ requests: {
+ storage: '10Gi',
+ },
+ },
+ },
+ },
+ ],
+ primaryServiceTemplate: {
+ spec: {
+ type: 'LoadBalancer',
+ loadBalancerIP: '192.168.0.133',
+ },
+ },
+ },
+}
diff --git a/k8s/apps/mysql-default/mysqlcluster.yaml b/k8s/apps/mysql-default/mysqlcluster.yaml
deleted file mode 100644
index 82aa28a0a..000000000
--- a/k8s/apps/mysql-default/mysqlcluster.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-apiVersion: moco.cybozu.com/v1beta2
-kind: MySQLCluster
-metadata:
- name: default
-spec:
- replicas: 3
- podTemplate:
- spec:
- affinity:
- nodeAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 100
- preference:
- matchExpressions:
- - key: kubernetes.io/arch
- operator: In
- values:
- - amd64
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/instance
- operator: In
- values:
- - test
- topologyKey: "kubernetes.io/hostname"
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 10
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values:
- - mysql
- topologyKey: "kubernetes.io/hostname"
- containers:
- - name: mysqld
- securityContext:
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- image: ghcr.io/cybozu-go/moco/mysql:8.4.2
- resources:
- requests:
- memory: "400Mi"
- limits:
- memory: "2Gi"
- volumeClaimTemplates:
- - metadata:
- name: mysql-data
- spec:
- accessModes: ["ReadWriteOnce"]
- storageClassName: "longhorn"
- resources:
- requests:
- storage: 10Gi
- primaryServiceTemplate:
- spec:
- type: LoadBalancer
- loadBalancerIP: "192.168.0.133"
diff --git a/k8s/argocdapps/nextcloud/app.json5 b/k8s/apps/nextcloud/app.json5
similarity index 100%
rename from k8s/argocdapps/nextcloud/app.json5
rename to k8s/apps/nextcloud/app.json5
diff --git a/k8s/argocdapps/nextcloud/external-secret.jsonnet b/k8s/apps/nextcloud/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/nextcloud/external-secret.jsonnet
rename to k8s/apps/nextcloud/external-secret.jsonnet
diff --git a/k8s/argocdapps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/nextcloud/helm.jsonnet
rename to k8s/apps/nextcloud/helm.jsonnet
index 1ae3bcff7..b3f9c1138 100644
--- a/k8s/argocdapps/nextcloud/helm.jsonnet
+++ b/k8s/apps/nextcloud/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'nextcloud',
repoURL: 'https://nextcloud.github.io/helm/',
- targetRevision: '6.2.1',
+ targetRevision: '6.6.3',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/nextcloud/pvc.jsonnet b/k8s/apps/nextcloud/pvc.jsonnet
similarity index 100%
rename from k8s/argocdapps/nextcloud/pvc.jsonnet
rename to k8s/apps/nextcloud/pvc.jsonnet
diff --git a/k8s/argocdapps/nextcloud/redis.jsonnet b/k8s/apps/nextcloud/redis.jsonnet
similarity index 100%
rename from k8s/argocdapps/nextcloud/redis.jsonnet
rename to k8s/apps/nextcloud/redis.jsonnet
diff --git a/k8s/argocdapps/nextcloud/values.yaml b/k8s/apps/nextcloud/values.yaml
similarity index 75%
rename from k8s/argocdapps/nextcloud/values.yaml
rename to k8s/apps/nextcloud/values.yaml
index 40581232e..963ed24f9 100644
--- a/k8s/argocdapps/nextcloud/values.yaml
+++ b/k8s/apps/nextcloud/values.yaml
@@ -1,32 +1,32 @@
ingress:
enabled: true
- className: nginx
+ className: cilium
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 128G
# nginx.ingress.kubernetes.io/server-snippet: |-
-# server_tokens off;
-# proxy_hide_header X-Powered-By;
+ # server_tokens off;
+ # proxy_hide_header X-Powered-By;
-# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
-# location = /.well-known/carddav {
-# return 301 $scheme://$host/remote.php/dav;
-# }
-# location = /.well-known/caldav {
-# return 301 $scheme://$host/remote.php/dav;
-# }
-# location = /robots.txt {
-# allow all;
-# log_not_found off;
-# access_log off;
-# }
-# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
-# deny all;
-# }
-# location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
-# deny all;
-# }
+ # rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+ # rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+ # location = /.well-known/carddav {
+ # return 301 $scheme://$host/remote.php/dav;
+ # }
+ # location = /.well-known/caldav {
+ # return 301 $scheme://$host/remote.php/dav;
+ # }
+ # location = /robots.txt {
+ # allow all;
+ # log_not_found off;
+ # access_log off;
+ # }
+ # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+ # deny all;
+ # }
+ # location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+ # deny all;
+ # }
phpClientHttpsFix:
enabled: true
@@ -134,4 +134,4 @@ resources:
limits:
memory: 4096Mi
requests:
- memory: 256Mi
+ memory: 170Mi
diff --git a/k8s/argocdapps/nginx-test/app.json5 b/k8s/apps/nginx-test/app.json5
similarity index 100%
rename from k8s/argocdapps/nginx-test/app.json5
rename to k8s/apps/nginx-test/app.json5
diff --git a/k8s/argocdapps/nginx-test/config/nginx.conf b/k8s/apps/nginx-test/config/nginx.conf
similarity index 85%
rename from k8s/argocdapps/nginx-test/config/nginx.conf
rename to k8s/apps/nginx-test/config/nginx.conf
index 0ded8adc3..f728ccc06 100644
--- a/k8s/argocdapps/nginx-test/config/nginx.conf
+++ b/k8s/apps/nginx-test/config/nginx.conf
@@ -1,6 +1,6 @@
user nginx;
worker_processes 1;
-error_log /var/log/nginx/error.log;
+error_log /dev/stderr;
events {
worker_connections 10240;
}
@@ -18,7 +18,7 @@ http {
'forwardedfor:$http_x_forwarded_for\t'
'request_time:$request_time';
- access_log /var/log/nginx/access.log main;
+ access_log /dev/stdout main;
include /etc/nginx/virtualhost/virtualhost.conf;
}
diff --git a/k8s/argocdapps/nginx-test/config/virtualhost.conf b/k8s/apps/nginx-test/config/virtualhost.conf
similarity index 78%
rename from k8s/argocdapps/nginx-test/config/virtualhost.conf
rename to k8s/apps/nginx-test/config/virtualhost.conf
index a57f53ec7..d13a58db3 100644
--- a/k8s/argocdapps/nginx-test/config/virtualhost.conf
+++ b/k8s/apps/nginx-test/config/virtualhost.conf
@@ -22,3 +22,13 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
+
+server {
+ listen 8081 default_server;
+ server_name "";
+ location /healthz {
+ access_log off;
+ add_header 'Content-Type' 'application/json';
+ return 200 '{"status":"UP"}';
+ }
+}
diff --git a/k8s/apps/nginx-test/configmap.jsonnet b/k8s/apps/nginx-test/configmap.jsonnet
new file mode 100644
index 000000000..439a91c2d
--- /dev/null
+++ b/k8s/apps/nginx-test/configmap.jsonnet
@@ -0,0 +1,9 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'nginx.conf': (importstr './config/nginx.conf'),
+ 'virtualhost.conf': (importstr './config/virtualhost.conf'),
+ },
+}
diff --git a/k8s/argocdapps/nginx-test/deployment.jsonnet b/k8s/apps/nginx-test/deployment.jsonnet
similarity index 96%
rename from k8s/argocdapps/nginx-test/deployment.jsonnet
rename to k8s/apps/nginx-test/deployment.jsonnet
index 88abae67e..474f8e772 100644
--- a/k8s/argocdapps/nginx-test/deployment.jsonnet
+++ b/k8s/apps/nginx-test/deployment.jsonnet
@@ -23,7 +23,7 @@
containers: [
std.mergePatch((import '../../components/container.libsonnet') {
name: 'nginx',
- image: 'nginx:1.27.2',
+ image: 'nginx:1.27.3',
ports: [
{
containerPort: 8080,
@@ -31,8 +31,8 @@
],
livenessProbe: {
httpGet: {
- path: '/',
- port: 8080,
+ path: '/healthz',
+ port: 8081,
},
failureThreshold: 1,
initialDelaySeconds: 10,
diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet
new file mode 100644
index 000000000..1e0c77ddb
--- /dev/null
+++ b/k8s/apps/nginx-test/ingress.jsonnet
@@ -0,0 +1,44 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ annotations: {
+ 'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
+ },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'nginxtest.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import 'service.jsonnet').metadata.name,
+ port: {
+ number: (import 'service.jsonnet').spec.ports[0].port,
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ tls: [
+ {
+ hosts: [
+ 'nginxtest.walnuts.dev',
+ ],
+ secretName: (import 'app.json5').name + '-tls',
+ },
+ ],
+ },
+}
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/service.jsonnet b/k8s/apps/nginx-test/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/walnuts-dev-www-redirect/service.jsonnet
rename to k8s/apps/nginx-test/service.jsonnet
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml
deleted file mode 100644
index 17a3800ea..000000000
--- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-nameReference:
-- kind: ConfigMap
- fieldSpecs:
- - path: spec/values/extraVolumes/configMap/name
- kind: HelmRelease
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml
deleted file mode 100644
index 36d76420c..000000000
--- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: oekaki-oauth2-proxy
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: oekaki-oauth2-proxy
- data:
- - secretKey: client-id
- remoteRef:
- key: oekaki-oauth2-proxy
- property: client-id
- - secretKey: client-secret
- remoteRef:
- key: oekaki-oauth2-proxy
- property: client-secret
- - secretKey: cookie-secret
- remoteRef:
- key: oekaki-oauth2-proxy
- property: cookie-secret
- - secretKey: redis-password
- remoteRef:
- key: redis
- property: password
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml
deleted file mode 100644
index f8e4770cc..000000000
--- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml
+++ /dev/null
@@ -1,83 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: oekaki-oauth2-proxy
-spec:
- url: https://oauth2-proxy.github.io/manifests
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: oekaki-oauth2-proxy
-spec:
- chart:
- spec:
- chart: oauth2-proxy
- version: 7.7.28
- values:
- config:
- existingSecret: oekaki-oauth2-proxy
- configFile: |-
- email_domains = [ "*" ]
- upstreams = [ "http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/" ]
- pass_access_token = true
- user_id_claim = "sub"
- oidc_groups_claim="my:zitadel:grants"
- allowed_groups = ["237477822715658605:oekaki-admin"]
- skip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"]
- custom_templates_dir = "/etc/oauth2-proxy/templates"
- extraArgs:
- provider: oidc
- redirect-url: https://oekaki.walnuts.dev/oauth2/callback
- oidc-issuer-url: https://auth.walnuts.dev
- skip-provider-button: true
-
- extraVolumes:
- - name: custom-templates
- configMap:
- name: oekaki-oauth2-proxy-templates
- items:
- - key: robots.txt
- path: robots.txt
- extraVolumeMounts:
- - name: custom-templates
- mountPath: /etc/oauth2-proxy/templates
- readOnly: true
-
- ingress:
- enabled: true
- className: nginx
- path: /
- # Only used if API capabilities (networking.k8s.io/v1) allow it
- pathType: Prefix
- # Used to create an Ingress record.
- hosts:
- - "oekaki.walnuts.dev"
-
- # Configure the session storage type, between cookie and redis
- sessionStorage:
- # Can be one of the supported session storage cookie|redis
- type: redis
- redis:
- # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
- existingSecret: "oekaki-oauth2-proxy"
- # Key of the Kubernetes secret data containing the redis password value
- passwordKey: "redis-password"
- # Can be one of standalone|cluster|sentinel
- clientType: "sentinel"
- sentinel:
- existingSecret: "oekaki-oauth2-proxy"
- passwordKey: "redis-password"
- # Redis sentinel master name
- masterName: "mymaster"
- # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
- connectionUrls: "redis://oekaki-oauth2-proxy-redis:6379,redis://oekaki-oauth2-proxy-redis-sentinel:26379"
-
- metrics:
- enabled: true
-
- resources:
- limits:
- memory: 512Mi
- requests:
- memory: 10Mi
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml
deleted file mode 100644
index c8498e8c7..000000000
--- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: oekaki-dengon-game
-resources:
-- externalsecret.yaml
-- helm.yaml
-- redis.yaml
-components:
-- ../../components/helm
-configMapGenerator:
-- name: oekaki-oauth2-proxy-templates
- files:
- - robots.txt
-configurations:
-- configurations.yaml
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml
deleted file mode 100644
index 98504399f..000000000
--- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
- name: oekaki-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: oekaki-oauth2-proxy-redis
-spec:
- clusterSize: 2
- kubernetesConfig:
- image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "oekaki-oauth2-proxy"
- key: "redis-password"
- storage:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
----
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
- name: oekaki-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: oekaki-oauth2-proxy-redis
-spec:
- clusterSize: 3
- redisSentinelConfig:
- redisReplicationName: oekaki-oauth2-proxy-redis
- masterGroupName: "mymaster"
- redisPort: "6379"
- quorum: "2"
- parallelSyncs: "1"
- failoverTimeout: "180000"
- downAfterMilliseconds: "30000"
- kubernetesConfig:
- image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "oekaki-oauth2-proxy"
- key: "redis-password"
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
diff --git a/k8s/apps/oekaki-dengon-game/app.json5 b/k8s/apps/oekaki-dengon-game/app.json5
new file mode 100644
index 000000000..f56509ae1
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "oekaki-dengon-game",
+ namespace: "oekaki-dengon-game",
+}
diff --git a/k8s/apps/oekaki-dengon-game/back/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/back/deployment.jsonnet
new file mode 100644
index 000000000..4cf272711
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/back/deployment.jsonnet
@@ -0,0 +1,123 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import '../app.json5').name + '-back',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ annotations: {
+ 'instrumentation.opentelemetry.io/inject-go': 'opentelemetry-collector/default',
+ 'instrumentation.opentelemetry.io/otel-go-auto-target-exe': '/app/server',
+ },
+ },
+ spec: {
+ imagePullSecrets: [
+ {
+ name: 'ghcr-login-secret',
+ },
+ ],
+ containers: [
+ (import '../../../components/container.libsonnet') {
+ name: 'oekaki-dengon-game-back',
+ image: 'ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13',
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 8080,
+ },
+ ],
+ env: [
+ {
+ name: 'GIN_MODE',
+ value: 'release',
+ },
+ {
+ name: 'POSTGRES_ADMIN_USER',
+ value: 'postgres',
+ },
+ {
+ name: 'POSTGRES_ADMIN_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'postgres-admin-password',
+ },
+ },
+ },
+ {
+ name: 'POSTGRES_USER',
+ value: 'oekaki_dengon_game',
+ },
+ {
+ name: 'POSTGRES_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'postgres-user-password',
+ },
+ },
+ },
+ {
+ name: 'POSTGRES_DB',
+ value: 'oekaki_dengon_game',
+ },
+ {
+ name: 'POSTGRES_HOST',
+ value: 'postgresql-default.databases.svc.cluster.local',
+ },
+ {
+ name: 'POSTGRES_PORT',
+ value: '5432',
+ },
+ {
+ name: 'MINIO_ENDPOINT',
+ value: 'minio.walnuts.dev',
+ },
+ {
+ name: 'MINIO_ACCESS_KEY',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'minio-access-key',
+ },
+ },
+ },
+ {
+ name: 'MINIO_SECRET_KEY',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'minio-secret-key',
+ },
+ },
+ },
+ {
+ name: 'MINIO_BUCKET',
+ value: 'oekaki-dengon-game',
+ },
+ {
+ name: 'MINIO_KEY_PREFIX',
+ value: '',
+ },
+ ],
+ resources: {
+ requests: {
+ memory: '10Mi',
+ },
+ limits: {},
+ },
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/oekaki-dengon-game/back/deployment.yaml b/k8s/apps/oekaki-dengon-game/back/deployment.yaml
deleted file mode 100644
index 84660f78c..000000000
--- a/k8s/apps/oekaki-dengon-game/back/deployment.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: oekaki-dengon-game-back
- labels:
- app: oekaki-dengon-game-back
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: oekaki-dengon-game-back
- template:
- metadata:
- labels:
- app: oekaki-dengon-game-back
- annotations:
- instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default'
- instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/app/server'
- spec:
- containers:
- - name: oekaki-dengon-game-back
- securityContext:
- readOnlyRootFilesystem: true
- seccompProfile:
- type: RuntimeDefault
- image: "ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13" # {"$imagepolicy": "oekaki-dengon-game:oekaki-dengon-game-back"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8080
- env:
- - name: GIN_MODE
- value: "release"
- - name: POSTGRES_ADMIN_USER
- value: "postgres"
- - name: POSTGRES_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: oekaki-dengon-game-secret
- key: postgres-admin-password
- - name: POSTGRES_USER
- value: "oekaki_dengon_game"
- - name: POSTGRES_PASSWORD
- valueFrom:
- secretKeyRef:
- name: oekaki-dengon-game-secret
- key: postgres-user-password
- - name: POSTGRES_DB
- value: oekaki_dengon_game
- - name: POSTGRES_HOST
- value: "postgresql-default.databases.svc.cluster.local"
- - name: POSTGRES_PORT
- value: "5432"
- - name: MINIO_ENDPOINT
- value: "minio.walnuts.dev"
- - name: MINIO_ACCESS_KEY
- valueFrom:
- secretKeyRef:
- name: oekaki-dengon-game-secret
- key: minio-access-key
- - name: MINIO_SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: oekaki-dengon-game-secret
- key: minio-secret-key
- - name: MINIO_BUCKET
- value: "oekaki-dengon-game"
- - name: MINIO_KEY_PREFIX
- value: ""
- resources:
- requests:
- memory: 10Mi
- limits: {}
diff --git a/k8s/apps/oekaki-dengon-game/back/image-policy.yaml b/k8s/apps/oekaki-dengon-game/back/image-policy.yaml
deleted file mode 100644
index 0d4ab33ff..000000000
--- a/k8s/apps/oekaki-dengon-game/back/image-policy.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: oekaki-dengon-game-back
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/oekaki-dengon-game-back
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/oekaki-dengon-game/back
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: oekaki-dengon-game-back
-spec:
- image: ghcr.io/kmc-jp/oekaki-dengon-game-back
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: oekaki-dengon-game-back
-spec:
- imageRepositoryRef:
- name: oekaki-dengon-game-back
- filterTags:
- ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number
- pattern: ".*-[a-f0-9]+-(?P[0-9]+)"
- extract: "$ts"
- policy:
- numerical:
- order: asc
diff --git a/k8s/apps/oekaki-dengon-game/back/kustomization.yaml b/k8s/apps/oekaki-dengon-game/back/kustomization.yaml
deleted file mode 100644
index ef7633829..000000000
--- a/k8s/apps/oekaki-dengon-game/back/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- image-policy.yaml
diff --git a/k8s/apps/oekaki-dengon-game/back/service.jsonnet b/k8s/apps/oekaki-dengon-game/back/service.jsonnet
new file mode 100644
index 000000000..b38e103ff
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/back/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ kind: 'Service',
+ apiVersion: 'v1',
+ metadata: {
+ name: (import '../app.json5').name + '-back',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ ports: [
+ {
+ protocol: 'TCP',
+ port: 8080,
+ targetPort: 8080,
+ },
+ ],
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/oekaki-dengon-game/back/service.yaml b/k8s/apps/oekaki-dengon-game/back/service.yaml
deleted file mode 100644
index 62b52c640..000000000
--- a/k8s/apps/oekaki-dengon-game/back/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: oekaki-dengon-game-back
- labels:
- app: oekaki-dengon-game-back
-spec:
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- selector:
- app: oekaki-dengon-game-back
- type: ClusterIP
diff --git a/k8s/apps/oekaki-dengon-game/external-secret.jsonnet b/k8s/apps/oekaki-dengon-game/external-secret.jsonnet
new file mode 100644
index 000000000..ca7245b63
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/external-secret.jsonnet
@@ -0,0 +1,33 @@
+(import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'postgres-admin-password',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'postgres',
+ },
+ },
+ {
+ secretKey: 'postgres-user-password',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'oekaki_dengon_game',
+ },
+ },
+ {
+ secretKey: 'minio-access-key',
+ remoteRef: {
+ key: 'oekaki-dengon-game',
+ property: 'minio-access-key',
+ },
+ },
+ {
+ secretKey: 'minio-secret-key',
+ remoteRef: {
+ key: 'oekaki-dengon-game',
+ property: 'minio-secret-key',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/oekaki-dengon-game/externalsecret.yaml b/k8s/apps/oekaki-dengon-game/externalsecret.yaml
deleted file mode 100644
index db204ec5d..000000000
--- a/k8s/apps/oekaki-dengon-game/externalsecret.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: oekaki-dengon-game-secret
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: oekaki-dengon-game-secret
- data:
- - secretKey: postgres-admin-password
- remoteRef:
- key: postgres_passwords
- property: postgres
- - secretKey: postgres-user-password
- remoteRef:
- key: postgres_passwords
- property: oekaki-dengon-game
- - secretKey: minio-access-key
- remoteRef:
- key: oekaki-dengon-game
- property: minio-access-key
- - secretKey: minio-secret-key
- remoteRef:
- key: oekaki-dengon-game
- property: minio-secret-key
diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet
new file mode 100644
index 000000000..2822dc551
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet
@@ -0,0 +1,54 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import '../app.json5').name + '-front',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ imagePullSecrets: [
+ {
+ name: 'ghcr-login-secret',
+ },
+ ],
+ containers: [
+ (import '../../../components/container.libsonnet') {
+ name: 'oekaki-dengon-game-front',
+ image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-10b57aae4bfe56124907ac1b03bc822a635e173f-95',
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 3000,
+ },
+ ],
+ env: [
+ {
+ name: 'API_URL',
+ value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import '../back/service.jsonnet') + ':8080/api',
+ },
+ ],
+ resources: {
+ limits: {},
+ requests: {
+ memory: '80Mi',
+ },
+ },
+ },
+ ],
+ nodeSelector: {
+ 'kubernetes.io/arch': 'amd64',
+ },
+ },
+ },
+ },
+}
diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.yaml b/k8s/apps/oekaki-dengon-game/front/deployment.yaml
deleted file mode 100644
index 532e6b105..000000000
--- a/k8s/apps/oekaki-dengon-game/front/deployment.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: oekaki-dengon-game-front
- labels:
- app: oekaki-dengon-game-front
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: oekaki-dengon-game-front
- template:
- metadata:
- labels:
- app: oekaki-dengon-game-front
- spec:
- imagePullSecrets:
- - name: ghcr-login-secret
- containers:
- - name: oekaki-dengon-game-front
- securityContext:
- readOnlyRootFilesystem: true
- seccompProfile:
- type: RuntimeDefault
- image: ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-87 # {"$imagepolicy": "oekaki-dengon-game:oekaki-dengon-game-front"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 3000
- env:
- - name: API_URL
- value: "http://oekaki-dengon-game-back.oekaki-dengon-game.svc.cluster.local:8080/api"
- resources:
- limits: {}
- requests:
- memory: 160Mi
- nodeSelector:
- kubernetes.io/arch: amd64
diff --git a/k8s/apps/oekaki-dengon-game/front/image-policy.yaml b/k8s/apps/oekaki-dengon-game/front/image-policy.yaml
deleted file mode 100644
index 91d9a0869..000000000
--- a/k8s/apps/oekaki-dengon-game/front/image-policy.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: oekaki-dengon-game-front
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/oekaki-dengon-game-front
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/oekaki-dengon-game/front
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: oekaki-dengon-game-front
-spec:
- image: ghcr.io/kmc-jp/oekaki-dengon-game-front
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: oekaki-dengon-game-front
-spec:
- imageRepositoryRef:
- name: oekaki-dengon-game-front
- filterTags:
- ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number
- pattern: ".*-[a-f0-9]+-(?P[0-9]+)"
- extract: "$ts"
- policy:
- numerical:
- order: asc
diff --git a/k8s/apps/oekaki-dengon-game/front/kustomization.yaml b/k8s/apps/oekaki-dengon-game/front/kustomization.yaml
deleted file mode 100644
index ef7633829..000000000
--- a/k8s/apps/oekaki-dengon-game/front/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- image-policy.yaml
diff --git a/k8s/apps/oekaki-dengon-game/front/service.jsonnet b/k8s/apps/oekaki-dengon-game/front/service.jsonnet
new file mode 100644
index 000000000..abe3a4997
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/front/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import '../app.json5').name + '-front',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 3000,
+ targetPort: 3000,
+ },
+ ],
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/oekaki-dengon-game/front/service.yaml b/k8s/apps/oekaki-dengon-game/front/service.yaml
deleted file mode 100644
index 46a6598bc..000000000
--- a/k8s/apps/oekaki-dengon-game/front/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: oekaki-dengon-game-front
- labels:
- app: oekaki-dengon-game-front
-spec:
- ports:
- - name: http
- port: 3000
- targetPort: 3000
- selector:
- app: oekaki-dengon-game-front
- type: ClusterIP
diff --git a/k8s/apps/oekaki-dengon-game/kustomization.yaml b/k8s/apps/oekaki-dengon-game/kustomization.yaml
deleted file mode 100644
index b98d996f2..000000000
--- a/k8s/apps/oekaki-dengon-game/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: oekaki-dengon-game
-resources:
-- externalsecret.yaml
-- ./back
-- ./front
diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/robots.txt b/k8s/apps/oekaki-dengon-game/oauth2-proxy/config/robots.txt
similarity index 100%
rename from k8s/apps/oekaki-dengon-game-oauth2-proxy/robots.txt
rename to k8s/apps/oekaki-dengon-game/oauth2-proxy/config/robots.txt
diff --git a/k8s/apps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet b/k8s/apps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet
new file mode 100644
index 000000000..d37ca820d
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet
@@ -0,0 +1,8 @@
+(import '../../../components/configmap.libsonnet') {
+ name: (import '../app.json5').name + '-oauth2-proxy',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name },
+ data: {
+ 'robots.txt': (importstr './config/robots.txt'),
+ },
+}
diff --git a/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet
new file mode 100644
index 000000000..82b373806
--- /dev/null
+++ b/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet
@@ -0,0 +1,45 @@
+local upstream = 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/';
+local allowed_group = '237477822715658605:oekaki-admin';
+
+(import '../../../components/oauth2-proxy/oauth2-proxy.libsonnet')(
+ {
+ app: {
+ name: 'oekaki',
+ namespace: (import '../app.json5').namespace,
+ },
+ domain: 'oekaki.walnuts.dev',
+ upstream: upstream,
+ oidc: {
+ secret: {
+ onepassword_item_name: 'oekaki-oauth2-proxy',
+ },
+ allowed_group: allowed_group,
+ },
+ },
+ valuesObject={
+ config: {
+ configFile: 'email_domains = [ "*" ]\nupstreams = [ "%s" ]\npass_access_token = true\nuser_id_claim = "sub"\noidc_groups_claim="my:zitadel:grants"\nallowed_groups = ["%s"]\nskip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"]\ncustom_templates_dir = "/etc/oauth2-proxy/templates"' % [upstream, allowed_group],
+ },
+ extraVolumes: [
+ {
+ name: 'custom-templates',
+ configMap: {
+ name: (import 'configmap.jsonnet').metadata.name,
+ items: [
+ {
+ key: 'robots.txt',
+ path: 'robots.txt',
+ },
+ ],
+ },
+ },
+ ],
+ extraVolumeMounts: [
+ {
+ name: 'custom-templates',
+ mountPath: '/etc/oauth2-proxy/templates',
+ readOnly: true,
+ },
+ ],
+ },
+)
diff --git a/k8s/apps/openchokin/app.json5 b/k8s/apps/openchokin/app.json5
new file mode 100644
index 000000000..1b2211c12
--- /dev/null
+++ b/k8s/apps/openchokin/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "openchokin",
+ namespace: "openchokin",
+}
diff --git a/k8s/apps/openchokin/back/deployment.jsonnet b/k8s/apps/openchokin/back/deployment.jsonnet
new file mode 100644
index 000000000..68d50d4de
--- /dev/null
+++ b/k8s/apps/openchokin/back/deployment.jsonnet
@@ -0,0 +1,84 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import '../app.json5').name + '-back',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ containers: [
+ (import '../../../components/container.libsonnet') {
+ name: 'openchokin-back',
+ image: 'ghcr.io/walnuts1018/openchokin-back:v0.0.0-cd205cba77a922ba01009c04203a0e4b962a31d8-97',
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 8080,
+ },
+ ],
+ env: [
+ {
+ name: 'GIN_MODE',
+ value: 'release',
+ },
+ {
+ name: 'POSTGRES_ADMIN_USER',
+ value: 'postgres',
+ },
+ {
+ name: 'POSTGRES_ADMIN_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'postgres-admin-password',
+ },
+ },
+ },
+ {
+ name: 'POSTGRES_USER',
+ value: 'openchokin',
+ },
+ {
+ name: 'POSTGRES_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'postgres-user-password',
+ },
+ },
+ },
+ {
+ name: 'POSTGRES_DB',
+ value: 'openchokin',
+ },
+ {
+ name: 'POSTGRES_HOST',
+ value: 'postgresql-default.databases.svc.cluster.local',
+ },
+ {
+ name: 'POSTGRES_PORT',
+ value: '5432',
+ },
+ ],
+ resources: {
+ requests: {
+ memory: '10Mi',
+ },
+ limits: {},
+ },
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/openchokin/back/deployment.yaml b/k8s/apps/openchokin/back/deployment.yaml
deleted file mode 100644
index 6446de858..000000000
--- a/k8s/apps/openchokin/back/deployment.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: openchokin-back
- labels:
- app: openchokin-back
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: openchokin-back
- template:
- metadata:
- labels:
- app: openchokin-back
- spec:
- containers:
- - name: openchokin-back
- securityContext:
- readOnlyRootFilesystem: true
- seccompProfile:
- type: RuntimeDefault
- image: "ghcr.io/walnuts1018/openchokin-back:v0.0.0-cd205cba77a922ba01009c04203a0e4b962a31d8-97" # {"$imagepolicy": "openchokin:openchokin-back"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8080
- env:
- - name: GIN_MODE
- value: "release"
- - name: POSTGRES_ADMIN_USER
- value: "postgres"
- - name: POSTGRES_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: postgres-admin-password
- - name: POSTGRES_USER
- value: "openchokin"
- - name: POSTGRES_PASSWORD
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: postgres-user-password
- - name: POSTGRES_DB
- value: "openchokin"
- - name: POSTGRES_HOST
- value: "postgresql-default.databases.svc.cluster.local"
- - name: POSTGRES_PORT
- value: "5432"
- resources:
- requests:
- memory: 10Mi
- limits: {}
diff --git a/k8s/apps/openchokin/back/image-policy.yaml b/k8s/apps/openchokin/back/image-policy.yaml
deleted file mode 100644
index e7489e74d..000000000
--- a/k8s/apps/openchokin/back/image-policy.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: openchokin-back
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/openchokin-back
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/openchokin/back
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: openchokin-back
-spec:
- image: ghcr.io/walnuts1018/openchokin-back
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: openchokin-back
-spec:
- imageRepositoryRef:
- name: openchokin-back
- filterTags:
- ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number
- pattern: ".*-[a-f0-9]+-(?P[0-9]+)"
- extract: "$ts"
- policy:
- numerical:
- order: asc
diff --git a/k8s/apps/openchokin/back/ingress.jsonnet b/k8s/apps/openchokin/back/ingress.jsonnet
new file mode 100644
index 000000000..09b6ad0e4
--- /dev/null
+++ b/k8s/apps/openchokin/back/ingress.jsonnet
@@ -0,0 +1,33 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ name: (import '../app.json5').name + '-back',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'api-openchokin.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import './service.jsonnet').metadata.name,
+ port: {
+ number: 8080,
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ },
+}
diff --git a/k8s/apps/openchokin/back/ingress.yaml b/k8s/apps/openchokin/back/ingress.yaml
deleted file mode 100644
index cfffe8e11..000000000
--- a/k8s/apps/openchokin/back/ingress.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: openchokin-back
-spec:
- ingressClassName: "nginx"
- rules:
- - host: "api-openchokin.walnuts.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: "openchokin-back"
- port:
- number: 8080
diff --git a/k8s/apps/openchokin/back/kustomization.yaml b/k8s/apps/openchokin/back/kustomization.yaml
deleted file mode 100644
index e8968ce90..000000000
--- a/k8s/apps/openchokin/back/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- image-policy.yaml
-- ingress.yaml
diff --git a/k8s/apps/openchokin/back/service.jsonnet b/k8s/apps/openchokin/back/service.jsonnet
new file mode 100644
index 000000000..5c6f630f4
--- /dev/null
+++ b/k8s/apps/openchokin/back/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import '../app.json5').name + '-back',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 8080,
+ targetPort: 8080,
+ },
+ ],
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/openchokin/back/service.yaml b/k8s/apps/openchokin/back/service.yaml
deleted file mode 100644
index ff63481e2..000000000
--- a/k8s/apps/openchokin/back/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: openchokin-back
- labels:
- app: openchokin-back
-spec:
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- selector:
- app: openchokin-back
- type: ClusterIP
diff --git a/k8s/apps/openchokin/external-secret.jsonnet b/k8s/apps/openchokin/external-secret.jsonnet
new file mode 100644
index 000000000..79fd2b5fc
--- /dev/null
+++ b/k8s/apps/openchokin/external-secret.jsonnet
@@ -0,0 +1,54 @@
+(import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'zitade-client-id',
+ remoteRef: {
+ key: 'openchokin',
+ property: 'ZITADEL_CLIENT_ID',
+ },
+ },
+ {
+ secretKey: 'zitadel-client-secret',
+ remoteRef: {
+ key: 'openchokin',
+ property: 'ZITADEL_CLIENT_SECRET',
+ },
+ },
+ {
+ secretKey: 'nextauth-secret',
+ remoteRef: {
+ key: 'openchokin',
+ property: 'NEXTAUTH_SECRET',
+ },
+ },
+ {
+ secretKey: 'postgres-admin-password',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'postgres',
+ },
+ },
+ {
+ secretKey: 'postgres-user-password',
+ remoteRef: {
+ key: 'postgres_passwords',
+ property: 'openchokin',
+ },
+ },
+ {
+ secretKey: 'redis-password',
+ remoteRef: {
+ key: 'redis',
+ property: 'password',
+ },
+ },
+ {
+ secretKey: 'cache-password',
+ remoteRef: {
+ key: 'openchokin',
+ property: 'CACHE_PASSWORD',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/openchokin/externalsecret.yaml b/k8s/apps/openchokin/externalsecret.yaml
deleted file mode 100644
index 1459ea7fd..000000000
--- a/k8s/apps/openchokin/externalsecret.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: openchokin-secret
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: openchokin-secret
- data:
- - secretKey: zitade-client-id
- remoteRef:
- key: openchokin
- property: ZITADEL_CLIENT_ID
- - secretKey: zitadel-client-secret
- remoteRef:
- key: openchokin
- property: ZITADEL_CLIENT_SECRET
- - secretKey: nextauth-secret
- remoteRef:
- key: openchokin
- property: NEXTAUTH_SECRET
- - secretKey: postgres-admin-password
- remoteRef:
- key: postgres_passwords
- property: postgres
- - secretKey: postgres-user-password
- remoteRef:
- key: postgres_passwords
- property: openchokin
- - secretKey: redis-password
- remoteRef:
- key: redis
- property: password
- - secretKey: cache-password
- remoteRef:
- key: openchokin
- property: CACHE_PASSWORD
diff --git a/k8s/apps/openchokin/front/deployment.jsonnet b/k8s/apps/openchokin/front/deployment.jsonnet
new file mode 100644
index 000000000..34e50e862
--- /dev/null
+++ b/k8s/apps/openchokin/front/deployment.jsonnet
@@ -0,0 +1,107 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import '../app.json5').name + '-front',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ containers: [
+ (import '../../../components/container.libsonnet') {
+ name: 'openchokin-front',
+ image: 'ghcr.io/walnuts1018/openchokin-front:v0.0.0-805921b42b330190ff496e2d810ec3846947162a-66',
+ imagePullPolicy: 'IfNotPresent',
+ ports: [
+ {
+ containerPort: 3000,
+ },
+ ],
+ resources: {
+ requests: {
+ memory: '100Mi',
+ },
+ limits: {},
+ },
+ env: [
+ {
+ name: 'ZITADEL_URL',
+ value: 'https://auth.walnuts.dev',
+ },
+ {
+ name: 'NEXTAUTH_URL',
+ value: 'https://openchokin.walnuts.dev',
+ },
+ {
+ name: 'ZITADEL_CLIENT_ID',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'zitade-client-id',
+ },
+ },
+ },
+ {
+ name: 'ZITADEL_CLIENT_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'zitadel-client-secret',
+ },
+ },
+ },
+ {
+ name: 'NEXTAUTH_SECRET',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'nextauth-secret',
+ },
+ },
+ },
+ {
+ name: 'REDIS_SENTINEL_HOST',
+ value: 'openchokin-front-redis-sentinel',
+ },
+ {
+ name: 'REDIS_SENTINEL_PORT',
+ value: '26379',
+ },
+ {
+ name: 'REDIS_SENTINEL_NAME',
+ value: 'mymaster',
+ },
+ {
+ name: 'REDIS_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'redis-password',
+ },
+ },
+ },
+ {
+ name: 'CACHE_PASSWORD',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'cache-password',
+ },
+ },
+ },
+ ],
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/openchokin/front/deployment.yaml b/k8s/apps/openchokin/front/deployment.yaml
deleted file mode 100644
index d00628f95..000000000
--- a/k8s/apps/openchokin/front/deployment.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: openchokin-front
- labels:
- app: openchokin-front
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: openchokin-front
- template:
- metadata:
- labels:
- app: openchokin-front
- spec:
- containers:
- - name: openchokin-front
- securityContext:
- readOnlyRootFilesystem: true
- seccompProfile:
- type: RuntimeDefault
- image: "ghcr.io/walnuts1018/openchokin-front:v0.0.0-805921b42b330190ff496e2d810ec3846947162a-66" # {"$imagepolicy": "openchokin:openchokin-front"}
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 3000
- resources:
- requests:
- memory: 100Mi
- limits: {}
- env:
- - name: ZITADEL_URL
- value: "https://auth.walnuts.dev"
- - name: NEXTAUTH_URL
- value: "https://openchokin.walnuts.dev"
- - name: ZITADEL_CLIENT_ID
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: zitade-client-id
- - name: ZITADEL_CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: zitadel-client-secret
- - name: NEXTAUTH_SECRET
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: nextauth-secret
- - name: REDIS_SENTINEL_HOST
- value: "openchokin-front-redis-sentinel"
- - name: REDIS_SENTINEL_PORT
- value: "26379"
- - name: REDIS_SENTINEL_NAME
- value: "mymaster"
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: redis-password
- - name: CACHE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: openchokin-secret
- key: cache-password
diff --git a/k8s/apps/openchokin/front/image-policy.yaml b/k8s/apps/openchokin/front/image-policy.yaml
deleted file mode 100644
index e9c63b492..000000000
--- a/k8s/apps/openchokin/front/image-policy.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageUpdateAutomation
-metadata:
- name: openchokin-front
-spec:
- git:
- checkout:
- ref:
- branch: main
- commit:
- author:
- email: fluxcdbot@users.noreply.github.com
- name: fluxcdbot
- messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
- push:
- branch: fluxcd/openchokin-front
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- update:
- path: ./k8s/apps/openchokin/front
- strategy: Setters
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
- name: openchokin-front
-spec:
- image: ghcr.io/walnuts1018/openchokin-front
- interval: 2m0s
- secretRef:
- name: ghcr-login-secret
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
- name: openchokin-front
-spec:
- imageRepositoryRef:
- name: openchokin-front
- filterTags:
- ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number
- pattern: ".*-[a-f0-9]+-(?P[0-9]+)"
- extract: "$ts"
- policy:
- numerical:
- order: asc
diff --git a/k8s/apps/openchokin/front/ingress.jsonnet b/k8s/apps/openchokin/front/ingress.jsonnet
new file mode 100644
index 000000000..8118ad23b
--- /dev/null
+++ b/k8s/apps/openchokin/front/ingress.jsonnet
@@ -0,0 +1,33 @@
+{
+ apiVersion: 'networking.k8s.io/v1',
+ kind: 'Ingress',
+ metadata: {
+ name: (import '../app.json5').name + '-front',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ ingressClassName: 'cilium',
+ rules: [
+ {
+ host: 'openchokin.walnuts.dev',
+ http: {
+ paths: [
+ {
+ path: '/',
+ pathType: 'Prefix',
+ backend: {
+ service: {
+ name: (import './service.jsonnet').metadata.name,
+ port: {
+ number: 3000,
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ },
+}
diff --git a/k8s/apps/openchokin/front/ingress.yaml b/k8s/apps/openchokin/front/ingress.yaml
deleted file mode 100644
index 879c16f92..000000000
--- a/k8s/apps/openchokin/front/ingress.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: openchokin-front
-spec:
- ingressClassName: "nginx"
- rules:
- - host: "openchokin.walnuts.dev"
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: "openchokin-front"
- port:
- number: 3000
diff --git a/k8s/apps/openchokin/front/kustomization.yaml b/k8s/apps/openchokin/front/kustomization.yaml
deleted file mode 100644
index b7c09b376..000000000
--- a/k8s/apps/openchokin/front/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- image-policy.yaml
-- ingress.yaml
-- redis.yaml
diff --git a/k8s/apps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet
new file mode 100644
index 000000000..aea37d3a4
--- /dev/null
+++ b/k8s/apps/openchokin/front/redis.jsonnet
@@ -0,0 +1,71 @@
+[
+ {
+ apiVersion: 'redis.redis.opstreelabs.in/v1beta2',
+ kind: 'RedisReplication',
+ metadata: {
+ name: (import '../app.json5').name + '-front-redis',
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front-redis' },
+ },
+ spec: {
+ clusterSize: 2,
+ kubernetesConfig: {
+ image: 'quay.io/opstree/redis:v7.0.12',
+ imagePullPolicy: 'IfNotPresent',
+ redisSecret: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'redis-password',
+ },
+ },
+ storage: {
+ volumeClaimTemplate: {
+ spec: {
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ resources: {
+ requests: {
+ storage: '1Gi',
+ },
+ },
+ },
+ },
+ },
+ podSecurityContext: {
+ fsGroup: 1000,
+ runAsUser: 1000,
+ },
+ },
+ },
+ {
+ apiVersion: 'redis.redis.opstreelabs.in/v1beta2',
+ kind: 'RedisSentinel',
+ metadata: {
+ name: (import '../app.json5').name + '-front-redis',
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front-redis' },
+ },
+ spec: {
+ clusterSize: 3,
+ redisSentinelConfig: {
+ redisReplicationName: 'openchokin-front-redis',
+ masterGroupName: 'mymaster',
+ redisPort: '6379',
+ quorum: '2',
+ parallelSyncs: '1',
+ failoverTimeout: '180000',
+ downAfterMilliseconds: '30000',
+ },
+ kubernetesConfig: {
+ image: 'quay.io/opstree/redis-sentinel:v7.2.7',
+ imagePullPolicy: 'IfNotPresent',
+ redisSecret: {
+ name: (import '../external-secret.jsonnet').spec.target.name,
+ key: 'redis-password',
+ },
+ },
+ podSecurityContext: {
+ fsGroup: 1000,
+ runAsUser: 1000,
+ },
+ },
+ },
+]
diff --git a/k8s/apps/openchokin/front/redis.yaml b/k8s/apps/openchokin/front/redis.yaml
deleted file mode 100644
index f5b9ebd8e..000000000
--- a/k8s/apps/openchokin/front/redis.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
- name: openchokin-front-redis
- labels:
- app.kubernetes.io/name: openchokin-front-redis
-spec:
- clusterSize: 2
- kubernetesConfig:
- image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "openchokin-secret"
- key: "redis-password"
- storage:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
----
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
- name: openchokin-front-redis
- labels:
- app.kubernetes.io/name: openchokin-front-redis
-spec:
- clusterSize: 3
- redisSentinelConfig:
- redisReplicationName: openchokin-front-redis
- masterGroupName: "mymaster"
- redisPort: "6379"
- quorum: "2"
- parallelSyncs: "1"
- failoverTimeout: "180000"
- downAfterMilliseconds: "30000"
- kubernetesConfig:
- image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "openchokin-secret"
- key: "redis-password"
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
diff --git a/k8s/apps/openchokin/front/service.jsonnet b/k8s/apps/openchokin/front/service.jsonnet
new file mode 100644
index 000000000..abe3a4997
--- /dev/null
+++ b/k8s/apps/openchokin/front/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import '../app.json5').name + '-front',
+ namespace: (import '../app.json5').namespace,
+ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 3000,
+ targetPort: 3000,
+ },
+ ],
+ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/apps/openchokin/front/service.yaml b/k8s/apps/openchokin/front/service.yaml
deleted file mode 100644
index fa7d370ce..000000000
--- a/k8s/apps/openchokin/front/service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: openchokin-front
- labels:
- app: openchokin-front
-spec:
- ports:
- - name: http
- port: 3000
- targetPort: 3000
- selector:
- app: openchokin-front
- type: ClusterIP
diff --git a/k8s/apps/openchokin/kustomization.yaml b/k8s/apps/openchokin/kustomization.yaml
deleted file mode 100644
index 8b45787a6..000000000
--- a/k8s/apps/openchokin/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: openchokin
-resources:
-- externalsecret.yaml
-- ./front
-- ./back
diff --git a/k8s/argocdapps/opentelemetry-collectors/app.json5 b/k8s/apps/opentelemetry-collectors/app.json5
similarity index 100%
rename from k8s/argocdapps/opentelemetry-collectors/app.json5
rename to k8s/apps/opentelemetry-collectors/app.json5
diff --git a/k8s/argocdapps/opentelemetry-collectors/cluster-role-binding.jsonnet b/k8s/apps/opentelemetry-collectors/cluster-role-binding.jsonnet
similarity index 100%
rename from k8s/argocdapps/opentelemetry-collectors/cluster-role-binding.jsonnet
rename to k8s/apps/opentelemetry-collectors/cluster-role-binding.jsonnet
diff --git a/k8s/argocdapps/opentelemetry-collectors/cluster-role.jsonnet b/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet
similarity index 93%
rename from k8s/argocdapps/opentelemetry-collectors/cluster-role.jsonnet
rename to k8s/apps/opentelemetry-collectors/cluster-role.jsonnet
index 6ef9a2425..2efaa80a5 100644
--- a/k8s/argocdapps/opentelemetry-collectors/cluster-role.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet
@@ -131,6 +131,18 @@
'watch',
],
},
+ {
+ apiGroups: [
+ 'events.k8s.io',
+ ],
+ resources: [
+ 'events',
+ ],
+ verbs: [
+ 'list',
+ 'watch',
+ ],
+ },
{
nonResourceURLs: [
'/metrics',
diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet
similarity index 74%
rename from k8s/argocdapps/opentelemetry-collectors/collectors/_base.libsonnet
rename to k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet
index a601fda13..b3e952496 100644
--- a/k8s/argocdapps/opentelemetry-collectors/collectors/_base.libsonnet
+++ b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet
@@ -1,9 +1,6 @@
{
apiVersion: 'opentelemetry.io/v1beta1',
kind: 'OpenTelemetryCollector',
- metadata: {
- name: error 'metadata.name is required',
- },
spec: {
managementState: 'managed',
serviceAccount: (import '../sa.jsonnet').metadata.name,
diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet
similarity index 86%
rename from k8s/argocdapps/opentelemetry-collectors/collectors/daemonset.jsonnet
rename to k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet
index 03aa99f8e..47c8566d9 100644
--- a/k8s/argocdapps/opentelemetry-collectors/collectors/daemonset.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet
@@ -1,6 +1,4 @@
-(import '_base.libsonnet') + {
- apiVersion: 'opentelemetry.io/v1beta1',
- kind: 'OpenTelemetryCollector',
+std.mergePatch((import '_base.libsonnet'), {
metadata: {
name: 'k8s-daemonset',
},
@@ -134,6 +132,22 @@
timeout: '15s',
override: false,
},
+ transform: {
+ error_mode: 'ignore',
+ log_statements: [
+ {
+ context: 'log',
+ statements: [
+ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")',
+ 'set(body, cache["msg"]) where cache["msg"] != nil',
+ 'delete_key(cache, "msg")',
+ 'truncate_all(cache, 1024)',
+ 'limit(cache, 100, [])',
+ 'merge_maps(resource.attributes, cache, "insert")',
+ ],
+ },
+ ],
+ },
},
exporters: {
'otlp/default': {
@@ -168,6 +182,7 @@
'memory_limiter',
'batch',
'k8sattributes',
+ 'transform',
],
exporters: [
'otlp/default',
@@ -198,11 +213,17 @@
value: 'k8s.node.name=$(K8S_NODE_NAME),k8s.node.ip=$(K8S_NODE_IP)',
},
],
- tolerations: [
- {
- operator: 'Exists',
+ resources: {
+ requests: {
+ cpu: '100m',
+ memory: '150Mi',
},
- ],
+ },
+ // tolerations: [
+ // {
+ // operator: 'Exists',
+ // },
+ // ],
volumeMounts: [
{
name: 'varlogpods',
@@ -234,4 +255,4 @@
runAsGroup: 0,
},
},
-}
+})
diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet
similarity index 73%
rename from k8s/argocdapps/opentelemetry-collectors/collectors/default.jsonnet
rename to k8s/apps/opentelemetry-collectors/collectors/default.jsonnet
index 261c4350c..7c57f9cb4 100644
--- a/k8s/argocdapps/opentelemetry-collectors/collectors/default.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet
@@ -1,15 +1,46 @@
-(import '_base.libsonnet') + {
- apiVersion: 'opentelemetry.io/v1beta1',
- kind: 'OpenTelemetryCollector',
+std.mergePatch((import '_base.libsonnet'), {
metadata: {
name: 'default',
},
spec: {
- replicas: 1,
mode: 'deployment',
- serviceAccount: 'otel-collector',
- managementState: 'managed',
config: {
+ connectors: {
+ spanmetrics: {
+ histogram: {
+ explicit: {
+ buckets: [
+ '1ms',
+ '10ms',
+ '100ms',
+ '200ms',
+ '400ms',
+ '800ms',
+ '1s',
+ ],
+ },
+ },
+ dimensions: [
+ {
+ name: 'http.method',
+ default: 'GET',
+ },
+ {
+ name: 'http.host',
+ },
+ {
+ name: 'http.path',
+ },
+ {
+ name: 'http.target',
+ },
+ {
+ name: 'http.status_code',
+ },
+ ],
+ metrics_flush_interval: '15s',
+ },
+ },
receivers: {
otlp: {
protocols: {
@@ -26,47 +57,18 @@
limit_mib: 2000,
spike_limit_percentage: 15,
},
- batch: {
- send_batch_size: 5000,
- send_batch_max_size: 5000,
- timeout: '10s',
- },
k8sattributes: {
auth_type: 'serviceAccount',
- passthrough: true,
- filter: {
- node_from_env_var: 'K8S_NODE_NAME',
- },
extract: {
metadata: [
'k8s.cluster.uid',
],
},
- pod_association: [
- {
- sources: [
- {
- from: 'resource_attribute',
- name: 'k8s.pod.ip',
- },
- ],
- },
- {
- sources: [
- {
- from: 'resource_attribute',
- name: 'k8s.pod.uid',
- },
- ],
- },
- {
- sources: [
- {
- from: 'connection',
- },
- ],
- },
- ],
+ },
+ batch: {
+ send_batch_size: 5000,
+ send_batch_max_size: 5000,
+ timeout: '10s',
},
},
exporters: {
@@ -76,14 +78,20 @@
insecure: true,
},
},
+ 'otlp/prometheus-exporter': {
+ endpoint: 'prometheus-exporter-collector.opentelemetry-collector.svc.cluster.local:4317',
+ tls: {
+ insecure: true,
+ },
+ },
'otlp/tempo': {
endpoint: 'tempo.monitoring.svc.cluster.local:4317',
tls: {
insecure: true,
},
},
- 'otlp/prometheus-exporter': {
- endpoint: 'prometheus-exporter-collector.opentelemetry-collector.svc.cluster.local:4317',
+ 'otlphttp/loki': {
+ endpoint: 'http://loki-gateway.loki.svc.cluster.local/otlp',
tls: {
insecure: true,
},
@@ -92,19 +100,14 @@
endpoint: 'https://otlp-vaxila.mackerelio.com',
headers: {
Accept: '*/*',
- 'Mackerel-Api-Key': '${env:VAXILA_APIKEY}',
- },
- },
- 'otlp/signoz': {
- endpoint: 'signoz-otel-collector.signoz.svc.cluster.local:4317',
- tls: {
- insecure: true,
+ 'Mackerel-Api-Key': '${env:MACKEREL_APIKEY}',
},
},
- 'otlphttp/loki': {
- endpoint: 'http://loki-gateway.loki.svc.cluster.local/otlp',
- tls: {
- insecure: true,
+ 'otlp/mackerel': {
+ endpoint: 'otlp.mackerelio.com:4317',
+ compression: 'gzip',
+ headers: {
+ 'Mackerel-Api-Key': '${env:MACKEREL_APIKEY}',
},
},
},
@@ -121,11 +124,14 @@
],
exporters: [
'otlp/tempo',
+ 'spanmetrics',
+ 'otlphttp/vaxila',
],
},
metrics: {
receivers: [
'otlp',
+ 'spanmetrics',
],
processors: [
'memory_limiter',
@@ -133,7 +139,9 @@
'k8sattributes',
],
exporters: [
+ 'otlphttp/prometheus',
'otlp/prometheus-exporter',
+ 'otlp/mackerel',
],
},
logs: {
@@ -155,11 +163,13 @@
autoscaler: {
minReplicas: 1,
maxReplicas: 5,
+ targetCPUUtilization: 100,
+ targetMemoryUtilization: 100,
},
resources: {
requests: {
cpu: '20m',
- memory: '200Mi',
+ memory: '100Mi',
},
},
env: [
@@ -180,14 +190,14 @@
},
},
{
- name: 'VAXILA_APIKEY',
+ name: 'MACKEREL_APIKEY',
valueFrom: {
secretKeyRef: {
name: (import '../external-secret.jsonnet').spec.target.name,
- key: 'vaxila-api-key',
+ key: 'mackerel-api-key',
},
},
},
],
},
-}
+})
diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet
similarity index 93%
rename from k8s/argocdapps/opentelemetry-collectors/collectors/deployment.jsonnet
rename to k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet
index 353a01700..2b9d0f392 100644
--- a/k8s/argocdapps/opentelemetry-collectors/collectors/deployment.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet
@@ -1,15 +1,11 @@
-(import '_base.libsonnet') + {
- apiVersion: 'opentelemetry.io/v1beta1',
- kind: 'OpenTelemetryCollector',
+std.mergePatch((import '_base.libsonnet'), {
metadata: {
name: 'k8s-deployment',
},
spec: {
replicas: 1,
- serviceAccount: 'otel-collector',
mode: 'deployment',
image: 'otel/opentelemetry-collector-k8s',
- managementState: 'managed',
config: {
receivers: {
k8s_cluster: {
@@ -102,6 +98,12 @@
},
},
},
+ resources: {
+ requests: {
+ cpu: '6m',
+ memory: '90Mi',
+ },
+ },
env: [
{
name: 'K8S_NODE_IP',
@@ -113,4 +115,4 @@
},
],
},
-}
+})
diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet
similarity index 76%
rename from k8s/argocdapps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet
rename to k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet
index 0201a448a..c7963b95b 100644
--- a/k8s/argocdapps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet
@@ -1,13 +1,10 @@
-(import '_base.libsonnet') + {
- apiVersion: 'opentelemetry.io/v1beta1',
- kind: 'OpenTelemetryCollector',
+std.mergePatch((import '_base.libsonnet'), {
metadata: {
name: 'prometheus-exporter',
},
spec: {
mode: 'deployment',
image: 'otel/opentelemetry-collector-contrib',
- managementState: 'managed',
config: {
receivers: {
otlp: {
@@ -57,26 +54,15 @@
},
resources: {
requests: {
+ cpu: '20m',
memory: '200Mi',
},
},
autoscaler: {
minReplicas: 1,
maxReplicas: 5,
- metrics: [
- {
- type: 'Pods',
- pods: {
- metric: {
- name: 'memory',
- },
- target: {
- type: 'AverageValue',
- averageValue: '1Gi',
- },
- },
- },
- ],
+ targetCPUUtilization: 100,
+ targetMemoryUtilization: 100,
},
},
-}
+})
diff --git a/k8s/argocdapps/opentelemetry-collectors/external-secret.jsonnet b/k8s/apps/opentelemetry-collectors/external-secret.jsonnet
similarity index 63%
rename from k8s/argocdapps/opentelemetry-collectors/external-secret.jsonnet
rename to k8s/apps/opentelemetry-collectors/external-secret.jsonnet
index 535a0b370..e9c6a50c3 100644
--- a/k8s/argocdapps/opentelemetry-collectors/external-secret.jsonnet
+++ b/k8s/apps/opentelemetry-collectors/external-secret.jsonnet
@@ -8,12 +8,5 @@
property: 'api-key',
},
},
- {
- secretKey: 'vaxila-api-key',
- remoteRef: {
- key: 'mackerel',
- property: 'vaxila-api-key',
- },
- },
],
}
diff --git a/k8s/argocdapps/opentelemetry-collectors/sa.jsonnet b/k8s/apps/opentelemetry-collectors/sa.jsonnet
similarity index 100%
rename from k8s/argocdapps/opentelemetry-collectors/sa.jsonnet
rename to k8s/apps/opentelemetry-collectors/sa.jsonnet
diff --git a/k8s/argocdapps/opentelemetry-instrumentations/app.json5 b/k8s/apps/opentelemetry-instrumentations/app.json5
similarity index 100%
rename from k8s/argocdapps/opentelemetry-instrumentations/app.json5
rename to k8s/apps/opentelemetry-instrumentations/app.json5
diff --git a/k8s/argocdapps/opentelemetry-instrumentations/default.jsonnet b/k8s/apps/opentelemetry-instrumentations/default.jsonnet
similarity index 83%
rename from k8s/argocdapps/opentelemetry-instrumentations/default.jsonnet
rename to k8s/apps/opentelemetry-instrumentations/default.jsonnet
index 3d9fa88f1..5f84b7129 100644
--- a/k8s/argocdapps/opentelemetry-instrumentations/default.jsonnet
+++ b/k8s/apps/opentelemetry-instrumentations/default.jsonnet
@@ -39,6 +39,16 @@
value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4318',
},
],
+ resourceRequirements: {
+ limits: {
+ cpu: '500m',
+ memory: '256Mi',
+ },
+ requests: {
+ cpu: '50m',
+ memory: '32Mi',
+ },
+ },
},
},
}
diff --git a/k8s/argocdapps/opentelemetry-operator/app.json5 b/k8s/apps/opentelemetry-operator/app.json5
similarity index 100%
rename from k8s/argocdapps/opentelemetry-operator/app.json5
rename to k8s/apps/opentelemetry-operator/app.json5
diff --git a/k8s/argocdapps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet
similarity index 90%
rename from k8s/argocdapps/opentelemetry-operator/helm.jsonnet
rename to k8s/apps/opentelemetry-operator/helm.jsonnet
index e47e3de1b..8cebc16de 100644
--- a/k8s/argocdapps/opentelemetry-operator/helm.jsonnet
+++ b/k8s/apps/opentelemetry-operator/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'opentelemetry-operator',
repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts',
- targetRevision: '0.72.0',
+ targetRevision: '0.79.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/opentelemetry-operator/values.yaml b/k8s/apps/opentelemetry-operator/values.yaml
similarity index 87%
rename from k8s/argocdapps/opentelemetry-operator/values.yaml
rename to k8s/apps/opentelemetry-operator/values.yaml
index 403764c63..4bb42eb73 100644
--- a/k8s/argocdapps/opentelemetry-operator/values.yaml
+++ b/k8s/apps/opentelemetry-operator/values.yaml
@@ -6,7 +6,8 @@ manager:
- --enable-nginx-instrumentation=true
resources:
limits:
+ cpu: 200m
memory: 128Mi
requests:
cpu: 5m
- memory: 64Mi
+ memory: 50Mi
diff --git a/k8s/argocdapps/photoprism/app.json5 b/k8s/apps/photoprism/app.json5
similarity index 100%
rename from k8s/argocdapps/photoprism/app.json5
rename to k8s/apps/photoprism/app.json5
diff --git a/k8s/argocdapps/photoprism/cronjob.jsonnet b/k8s/apps/photoprism/cronjob.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/cronjob.jsonnet
rename to k8s/apps/photoprism/cronjob.jsonnet
diff --git a/k8s/argocdapps/photoprism/external-secret.jsonnet b/k8s/apps/photoprism/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/external-secret.jsonnet
rename to k8s/apps/photoprism/external-secret.jsonnet
diff --git a/k8s/argocdapps/photoprism/ingress.jsonnet b/k8s/apps/photoprism/ingress.jsonnet
similarity index 96%
rename from k8s/argocdapps/photoprism/ingress.jsonnet
rename to k8s/apps/photoprism/ingress.jsonnet
index 6ed3b902c..3f134002d 100644
--- a/k8s/argocdapps/photoprism/ingress.jsonnet
+++ b/k8s/apps/photoprism/ingress.jsonnet
@@ -10,7 +10,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'photoprism.walnuts.dev',
diff --git a/k8s/argocdapps/photoprism/mariadb/external-secret.jsonnet b/k8s/apps/photoprism/mariadb/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/mariadb/external-secret.jsonnet
rename to k8s/apps/photoprism/mariadb/external-secret.jsonnet
diff --git a/k8s/argocdapps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet
similarity index 65%
rename from k8s/argocdapps/photoprism/mariadb/helm.jsonnet
rename to k8s/apps/photoprism/mariadb/helm.jsonnet
index 50eab7a82..0a6ba0442 100644
--- a/k8s/argocdapps/photoprism/mariadb/helm.jsonnet
+++ b/k8s/apps/photoprism/mariadb/helm.jsonnet
@@ -1,8 +1,7 @@
(import '../../../components/helm.libsonnet') {
name: (import '../app.json5').name + '-mariadb',
namespace: (import '../app.json5').namespace,
- chart: 'mariadb',
- repoURL: 'https://charts.bitnami.com/bitnami',
- targetRevision: '19.1.2',
+ ociChartURL: 'registry-1.docker.io/bitnamicharts/mariadb',
+ targetRevision: '20.2.2',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/photoprism/mariadb/pvc.jsonnet b/k8s/apps/photoprism/mariadb/pvc.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/mariadb/pvc.jsonnet
rename to k8s/apps/photoprism/mariadb/pvc.jsonnet
diff --git a/k8s/argocdapps/photoprism/mariadb/values.yaml b/k8s/apps/photoprism/mariadb/values.yaml
similarity index 100%
rename from k8s/argocdapps/photoprism/mariadb/values.yaml
rename to k8s/apps/photoprism/mariadb/values.yaml
diff --git a/.github/scripts/infrautil/lib/testfiles/pvc.jsonnet b/k8s/apps/photoprism/pvc.jsonnet
similarity index 100%
rename from .github/scripts/infrautil/lib/testfiles/pvc.jsonnet
rename to k8s/apps/photoprism/pvc.jsonnet
diff --git a/k8s/apps/photoprism/service.jsonnet b/k8s/apps/photoprism/service.jsonnet
new file mode 100644
index 000000000..e9869e0ae
--- /dev/null
+++ b/k8s/apps/photoprism/service.jsonnet
@@ -0,0 +1,21 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 80,
+ protocol: 'TCP',
+ targetPort: 'http',
+ },
+ ],
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/argocdapps/photoprism/statefulset.jsonnet b/k8s/apps/photoprism/statefulset.jsonnet
similarity index 100%
rename from k8s/argocdapps/photoprism/statefulset.jsonnet
rename to k8s/apps/photoprism/statefulset.jsonnet
diff --git a/k8s/argocdapps/postgresql-default/app.json5 b/k8s/apps/postgresql-default/app.json5
similarity index 100%
rename from k8s/argocdapps/postgresql-default/app.json5
rename to k8s/apps/postgresql-default/app.json5
diff --git a/k8s/apps/postgresql-default/databases.libsonnet b/k8s/apps/postgresql-default/databases.libsonnet
new file mode 100644
index 000000000..4567262f3
--- /dev/null
+++ b/k8s/apps/postgresql-default/databases.libsonnet
@@ -0,0 +1,54 @@
+[
+ {
+ db_name: 'fitbit_manager',
+ user_name: 'fitbit_manager',
+ },
+ {
+ db_name: 'grafana',
+ user_name: 'grafana',
+ },
+ {
+ db_name: 'hedgedoc',
+ user_name: 'hedgedoc',
+ },
+ {
+ db_name: 'misskey',
+ user_name: 'misskey',
+ },
+ {
+ db_name: 'nextcloud',
+ user_name: 'nextcloud',
+ },
+ {
+ db_name: 'oekaki_dengon_game',
+ user_name: 'oekaki_dengon_game',
+ },
+ {
+ db_name: 'openchokin',
+ user_name: 'openchokin',
+ },
+ {
+ db_name: 'wakatime_to_slack',
+ user_name: 'wakatime',
+ },
+ {
+ db_name: 'zitadel',
+ user_name: 'zitadel',
+ },
+ {
+ db_name: 'ac_hacking',
+ user_name: 'ac_hacking',
+ },
+ {
+ db_name: 'mucaron',
+ user_name: 'mucaron',
+ },
+ {
+ db_name: 'affine',
+ user_name: 'affine',
+ },
+ {
+ db_name: 'openclarity',
+ user_name: 'openclarity',
+ },
+]
diff --git a/k8s/argocdapps/postgresql-default/external-secrets.jsonnet b/k8s/apps/postgresql-default/external-secrets.jsonnet
similarity index 90%
rename from k8s/argocdapps/postgresql-default/external-secrets.jsonnet
rename to k8s/apps/postgresql-default/external-secrets.jsonnet
index 5a96d12e4..ada2160cc 100644
--- a/k8s/argocdapps/postgresql-default/external-secrets.jsonnet
+++ b/k8s/apps/postgresql-default/external-secrets.jsonnet
@@ -3,7 +3,7 @@ local gen = function(username) {
apiVersion: 'external-secrets.io/v1beta1',
kind: 'ExternalSecret',
metadata: {
- name: '%s.default.credentials.postgresql.acid.zalan.do' % username,
+ name: (import 'functions.libsonnet').secretName(username),
},
spec: {
data: [
@@ -24,6 +24,7 @@ local gen = function(username) {
name: $.metadata.name,
template: {
data: {
+ username: username,
password: '{{ .password }}',
},
engineVersion: 'v2',
diff --git a/k8s/apps/postgresql-default/functions.libsonnet b/k8s/apps/postgresql-default/functions.libsonnet
new file mode 100644
index 000000000..980197ac9
--- /dev/null
+++ b/k8s/apps/postgresql-default/functions.libsonnet
@@ -0,0 +1,4 @@
+{
+ secretName(username):
+ std.join('-', std.split(username, '_')) + '.default.credentials.postgresql.acid.zalan.do',
+}
diff --git a/k8s/argocdapps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet
similarity index 87%
rename from k8s/argocdapps/postgresql-default/postgresql.jsonnet
rename to k8s/apps/postgresql-default/postgresql.jsonnet
index 120fdcb39..4c8b3abbe 100644
--- a/k8s/argocdapps/postgresql-default/postgresql.jsonnet
+++ b/k8s/apps/postgresql-default/postgresql.jsonnet
@@ -1,7 +1,6 @@
-local formatUsername(username) = (
- std.join('_', std.split(username, '-'))
-);
local usernames = (import 'users.libsonnet');
+local databases = (import 'databases.libsonnet');
+
{
apiVersion: 'acid.zalan.do/v1',
kind: 'postgresql',
@@ -16,24 +15,21 @@ local usernames = (import 'users.libsonnet');
},
numberOfInstances: 3,
users: {
- [formatUsername(username)]: []
+ [username]: []
for username in usernames
} + {
postgres: [
'superuser',
'createdb',
],
+ test: [],
},
databases: {
- [formatUsername(username)]: formatUsername(username)
- for username in usernames
- } + {
- postgres:: null,
- wakatime:: null,
- wakatime_to_slack: 'wakatime',
+ [database.db_name]: database.user_name
+ for database in databases
},
postgresql: {
- version: '16',
+ version: '17',
parameters: {
max_standby_archive_delay: '180s',
max_standby_streaming_delay: '180s',
@@ -45,6 +41,7 @@ local usernames = (import 'users.libsonnet');
memory: '600Mi',
},
limits: {
+ cpu: '2',
memory: '2Gi',
},
},
diff --git a/k8s/argocdapps/postgresql-default/service.jsonnet b/k8s/apps/postgresql-default/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/postgresql-default/service.jsonnet
rename to k8s/apps/postgresql-default/service.jsonnet
diff --git a/k8s/argocdapps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet
similarity index 61%
rename from k8s/argocdapps/postgresql-default/users.libsonnet
rename to k8s/apps/postgresql-default/users.libsonnet
index f8f7f4aac..25b75d976 100644
--- a/k8s/argocdapps/postgresql-default/users.libsonnet
+++ b/k8s/apps/postgresql-default/users.libsonnet
@@ -1,16 +1,17 @@
[
'postgres',
'juglans',
- 'fitbit-manager',
+ 'fitbit_manager',
'grafana',
'hedgedoc',
'misskey',
'nextcloud',
- 'oekaki-dengon-game',
+ 'oekaki_dengon_game',
'openchokin',
'wakatime',
'zitadel',
- 'ac-hacking',
- 'y-2024',
+ 'ac_hacking',
'mucaron',
+ 'affine',
+ 'openclarity',
]
diff --git a/k8s/argocdapps/priorities/app.json5 b/k8s/apps/priorities/app.json5
similarity index 100%
rename from k8s/argocdapps/priorities/app.json5
rename to k8s/apps/priorities/app.json5
diff --git a/k8s/argocdapps/priorities/default.jsonnet b/k8s/apps/priorities/default.jsonnet
similarity index 100%
rename from k8s/argocdapps/priorities/default.jsonnet
rename to k8s/apps/priorities/default.jsonnet
diff --git a/k8s/argocdapps/priorities/high.jsonnet b/k8s/apps/priorities/high.jsonnet
similarity index 100%
rename from k8s/argocdapps/priorities/high.jsonnet
rename to k8s/apps/priorities/high.jsonnet
diff --git a/k8s/argocdapps/priorities/low.jsonnet b/k8s/apps/priorities/low.jsonnet
similarity index 100%
rename from k8s/argocdapps/priorities/low.jsonnet
rename to k8s/apps/priorities/low.jsonnet
diff --git a/k8s/apps/prometheus-oauth2-proxy/app.json5 b/k8s/apps/prometheus-oauth2-proxy/app.json5
new file mode 100644
index 000000000..8e83e57dd
--- /dev/null
+++ b/k8s/apps/prometheus-oauth2-proxy/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "prometheus-oauth2-proxy",
+ namespace: "monitoring",
+}
diff --git a/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml b/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml
deleted file mode 100644
index d75de23ba..000000000
--- a/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: prometheus-oauth2-proxy
-spec:
- secretStoreRef:
- name: onepassword
- kind: ClusterSecretStore
- refreshInterval: 1m
- target:
- name: prometheus-oauth2-proxy
- data:
- - secretKey: client-id
- remoteRef:
- key: prometheus-oauth2-proxy
- property: client-id
- - secretKey: client-secret
- remoteRef:
- key: prometheus-oauth2-proxy
- property: client-secret
- - secretKey: cookie-secret
- remoteRef:
- key: prometheus-oauth2-proxy
- property: cookie-secret
- - secretKey: redis-password
- remoteRef:
- key: redis
- property: password
diff --git a/k8s/apps/prometheus-oauth2-proxy/helm.yaml b/k8s/apps/prometheus-oauth2-proxy/helm.yaml
deleted file mode 100644
index e73bebf05..000000000
--- a/k8s/apps/prometheus-oauth2-proxy/helm.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: prometheus-oauth2-proxy
-spec:
- url: https://oauth2-proxy.github.io/manifests
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: prometheus-oauth2-proxy
-spec:
- chart:
- spec:
- chart: oauth2-proxy
- version: 7.7.28
- values:
- config:
- existingSecret: prometheus-oauth2-proxy
- configFile: |-
- email_domains = [ "*" ]
- upstreams = [ "http://prometheus-operated.monitoring.svc.cluster.local:9090" ]
- pass_access_token = true
- user_id_claim = "sub"
- oidc_groups_claim="my:zitadel:grants"
- allowed_groups = ["237477822715658605:prometheus-admin"]
-
- extraArgs:
- provider: oidc
- redirect-url: https://prometheus.walnuts.dev/oauth2/callback
- oidc-issuer-url: https://auth.walnuts.dev
- skip-provider-button: true
- ingress:
- enabled: true
- className: nginx
- path: /
- pathType: Prefix
- hosts:
- - "prometheus.walnuts.dev"
- sessionStorage:
- type: redis
- redis:
- existingSecret: "prometheus-oauth2-proxy"
- passwordKey: "redis-password"
- clientType: "sentinel"
- sentinel:
- existingSecret: "prometheus-oauth2-proxy"
- passwordKey: "redis-password"
- masterName: "mymaster"
- connectionUrls: "redis://prometheus-oauth2-proxy-redis:6379,redis://prometheus-oauth2-proxy-redis-sentinel:26379"
- metrics:
- enabled: true
diff --git a/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml b/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml
deleted file mode 100644
index 4fc7b7a1c..000000000
--- a/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: monitoring
-resources:
-- externalsecret.yaml
-- helm.yaml
-- redis.yaml
-components:
-- ../../components/helm
diff --git a/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet
new file mode 100644
index 000000000..27e2b713b
--- /dev/null
+++ b/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet
@@ -0,0 +1,14 @@
+(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({
+ app: {
+ name: 'prometheus',
+ namespace: (import 'app.json5').namespace,
+ },
+ domain: 'prometheus.walnuts.dev',
+ upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090',
+ oidc: {
+ secret: {
+ onepassword_item_name: 'prometheus-oauth2-proxy',
+ },
+ allowed_group: '237477822715658605:prometheus-admin',
+ },
+})
diff --git a/k8s/apps/prometheus-oauth2-proxy/redis.yaml b/k8s/apps/prometheus-oauth2-proxy/redis.yaml
deleted file mode 100644
index 0dc17c6e2..000000000
--- a/k8s/apps/prometheus-oauth2-proxy/redis.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
- name: prometheus-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: prometheus-oauth2-proxy-redis
-spec:
- clusterSize: 2
- kubernetesConfig:
- image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "prometheus-oauth2-proxy"
- key: "redis-password"
- storage:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
----
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
- name: prometheus-oauth2-proxy-redis
- labels:
- app.kubernetes.io/name: prometheus-oauth2-proxy-redis
-spec:
- clusterSize: 3
- redisSentinelConfig:
- redisReplicationName: prometheus-oauth2-proxy-redis
- masterGroupName: "mymaster"
- redisPort: "6379"
- quorum: "2"
- parallelSyncs: "1"
- failoverTimeout: "180000"
- downAfterMilliseconds: "30000"
- kubernetesConfig:
- image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"}
- imagePullPolicy: "IfNotPresent"
- redisSecret:
- name: "prometheus-oauth2-proxy"
- key: "redis-password"
- podSecurityContext:
- fsGroup: 1000
- runAsUser: 1000
diff --git a/k8s/argocdapps/prometheus-stack/app.json5 b/k8s/apps/prometheus-stack/app.json5
similarity index 100%
rename from k8s/argocdapps/prometheus-stack/app.json5
rename to k8s/apps/prometheus-stack/app.json5
diff --git a/k8s/argocdapps/prometheus-stack/external-secret.jsonnet b/k8s/apps/prometheus-stack/external-secret.jsonnet
similarity index 93%
rename from k8s/argocdapps/prometheus-stack/external-secret.jsonnet
rename to k8s/apps/prometheus-stack/external-secret.jsonnet
index 31c544bf5..8438d5d8b 100644
--- a/k8s/argocdapps/prometheus-stack/external-secret.jsonnet
+++ b/k8s/apps/prometheus-stack/external-secret.jsonnet
@@ -33,8 +33,8 @@
{
secretKey: 'smtp_password',
remoteRef: {
- key: 'gmail',
- property: 'password',
+ key: 'resend',
+ property: 'api-key',
},
},
],
diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet
new file mode 100644
index 000000000..c9249a768
--- /dev/null
+++ b/k8s/apps/prometheus-stack/helm.jsonnet
@@ -0,0 +1,27 @@
+(import '../../components/helm.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+
+ chart: 'kube-prometheus-stack',
+ repoURL: 'https://prometheus-community.github.io/helm-charts',
+ targetRevision: '68.4.5',
+ valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), {
+ prometheus: {
+ prometheusSpec: {
+ local storageSize = 32,
+ storageSpec: {
+ volumeClaimTemplate: {
+ spec: {
+ resources: {
+ requests: {
+ storage: std.format('%dGi', storageSize),
+ },
+ },
+ },
+ },
+ },
+ retentionSize: std.format('%dGiB', storageSize * 0.75),
+ },
+ },
+ }),
+}
diff --git a/k8s/argocdapps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml
similarity index 73%
rename from k8s/argocdapps/prometheus-stack/values.yaml
rename to k8s/apps/prometheus-stack/values.yaml
index eeac2cdf3..b0fb3c365 100644
--- a/k8s/argocdapps/prometheus-stack/values.yaml
+++ b/k8s/apps/prometheus-stack/values.yaml
@@ -4,12 +4,12 @@ grafana:
limits:
memory: 800Mi
requests:
- memory: 330Mi
+ memory: 150Mi
ingress:
enabled: true
hosts:
- grafana.walnuts.dev
- ingressClassName: nginx
+ ingressClassName: cilium
rbac:
pspEnabled: false
testFramework:
@@ -56,9 +56,9 @@ grafana:
use_pkce: true
smtp:
enabled: true
- from_address: noreply@walnuts.dev
- host: smtp.gmail.com:587
- user: "r.juglans.1018@gmail.com"
+ from_address: grafana@resend.walnuts.dev
+ host: smtp.resend.com:587
+ user: "resend"
password: $__file{/etc/secrets/smtp_password}
database:
type: postgres
@@ -71,11 +71,12 @@ grafana:
enabled: true
plugins:
- knightss27-weathermap-panel
+ - grafana-github-datasource
prometheus-node-exporter:
prometheus:
monitor:
relabelings:
- - sourceLabels: [__meta_kubernetes_pod_node_name]
+ - sourceLabels: [ __meta_kubernetes_pod_node_name ]
separator: ;
regex: ^(.*)$
targetLabel: node
@@ -84,25 +85,36 @@ prometheus-node-exporter:
prometheus:
prometheusSpec:
serviceMonitorSelector:
- matchLabels: null #全てのServiceMonitorを監視対象にする
+ matchLabels: {} #全てのServiceMonitorを監視対象にする
podMonitorSelector:
- matchLabels: null #全てのPodMonitorを監視対象にする
+ matchLabels: {} #全てのPodMonitorを監視対象にする
+ probeSelector:
+ matchLabels: {} #全てのProbeを監視対象にする
+ probeNamespaceSelector:
+ matchLabels: {} #全てのNamespaceのProbeを監視対象にする
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: longhorn-local
- accessModes: ["ReadWriteOnce"]
+ accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 32Gi
resources:
requests:
- memory: 1000Mi
+ memory: 2Gi
limits:
- memory: 4000Mi
+ memory: 4Gi
retention: 14d
retentionSize: 30GiB
replicas: 1
enableRemoteWriteReceiver: true
- enableFeatures:
- - otlp-write-receiver
+ enableOTLPReceiver: true
+ otlp:
+ translationStrategy: "NoUTF8EscapingWithSuffixes"
+ tsdb:
+ outOfOrderTimeWindow: 30m
+ additionalConfig:
+ enableOTLPReceiver: true
+ otlp:
+ translationStrategy: "NoUTF8EscapingWithSuffixes"
diff --git a/k8s/argocdapps/redis-operator/app.json5 b/k8s/apps/redis-operator/app.json5
similarity index 100%
rename from k8s/argocdapps/redis-operator/app.json5
rename to k8s/apps/redis-operator/app.json5
diff --git a/k8s/argocdapps/ingress-nginx/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet
similarity index 58%
rename from k8s/argocdapps/ingress-nginx/helm.jsonnet
rename to k8s/apps/redis-operator/helm.jsonnet
index ece25fc35..e630dea34 100644
--- a/k8s/argocdapps/ingress-nginx/helm.jsonnet
+++ b/k8s/apps/redis-operator/helm.jsonnet
@@ -1,8 +1,8 @@
(import '../../components/helm.libsonnet') {
name: (import 'app.json5').name,
namespace: (import 'app.json5').namespace,
- chart: 'ingress-nginx',
- repoURL: 'https://kubernetes.github.io/ingress-nginx',
- targetRevision: '4.11.3',
+ chart: 'redis-operator',
+ repoURL: 'https://ot-container-kit.github.io/helm-charts/',
+ targetRevision: '0.19.2',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/redis-operator/values.yaml b/k8s/apps/redis-operator/values.yaml
new file mode 100644
index 000000000..918b1ad16
--- /dev/null
+++ b/k8s/apps/redis-operator/values.yaml
@@ -0,0 +1,11 @@
+resources:
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ requests:
+ cpu: 15m
+ memory: 32Mi
+
+# redisOperator:
+# extraArgs:
+# - "-zap-log-level=debug"
diff --git a/k8s/apps/renovate/app.json5 b/k8s/apps/renovate/app.json5
new file mode 100644
index 000000000..30c09a683
--- /dev/null
+++ b/k8s/apps/renovate/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "renovate",
+ namespace: "renovate",
+}
diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet
new file mode 100644
index 000000000..6222e8057
--- /dev/null
+++ b/k8s/apps/renovate/cronjob.jsonnet
@@ -0,0 +1,108 @@
+{
+ apiVersion: 'batch/v1',
+ kind: 'CronJob',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ schedule: '*/5 * * * *',
+ concurrencyPolicy: 'Forbid',
+ jobTemplate: {
+ spec: {
+ template: {
+ spec: {
+ securityContext: {
+ fsGroup: 12021,
+ fsGroupChangePolicy: 'OnRootMismatch',
+ },
+ restartPolicy: 'Never',
+ initContainers: [
+ (import '../../components/container.libsonnet') {
+ name: 'disk-cleaner',
+ image: 'debian:12.9-slim',
+ command: [
+ 'sh',
+ '-c',
+ 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("rm -rf /tmp/renovate/cache") }}\'',
+ ],
+ volumeMounts: [
+ {
+ name: 'renovate',
+ mountPath: '/tmp/renovate',
+ },
+ ],
+ securityContext: {
+ runAsUser: 0,
+ },
+ },
+ ],
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'renovate',
+ image: 'renovate/renovate:39.160.1',
+ resources: {
+ requests: {
+ cpu: '500m',
+ memory: '256Mi',
+ },
+ limits: {
+ cpu: '500m',
+ memory: '2Gi',
+ },
+ },
+ local branch_prefix = 'renovate/',
+ env: [
+ {
+ name: 'LOG_LEVEL',
+ value: 'debug',
+ },
+ {
+ name: 'RENOVATE_AUTODISCOVER',
+ value: 'true',
+ },
+ {
+ name: 'RENOVATE_AUTODISCOVER_FILTER',
+ value: 'walnuts1018/infra',
+ },
+ {
+ name: 'RENOVATE_BRANCH_PREFIX',
+ value: branch_prefix,
+ },
+ {
+ name: 'RENOVATE_BRANCH_PREFIX_OLD',
+ value: branch_prefix,
+ },
+ {
+ name: 'RENOVATE_TOKEN',
+ valueFrom: {
+ secretKeyRef: {
+ name: (import 'external-secret.jsonnet').spec.target.name,
+ key: 'github-token',
+ },
+ },
+ },
+ ],
+ volumeMounts: [
+ {
+ name: 'renovate',
+ mountPath: '/tmp/renovate',
+ },
+ ],
+ },
+ ],
+ volumes: [
+ {
+ name: 'renovate',
+ persistentVolumeClaim: {
+ claimName: 'renovate',
+ },
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+}
diff --git a/k8s/apps/renovate/external-secret.jsonnet b/k8s/apps/renovate/external-secret.jsonnet
new file mode 100644
index 000000000..39f818c94
--- /dev/null
+++ b/k8s/apps/renovate/external-secret.jsonnet
@@ -0,0 +1,12 @@
+(import '../../components/external-secret.libsonnet') {
+ name: (import 'app.json5').name,
+ data: [
+ {
+ secretKey: 'github-token',
+ remoteRef: {
+ key: 'renovate',
+ property: 'github_token',
+ },
+ },
+ ],
+}
diff --git a/k8s/apps/renovate/pvc.jsonnet b/k8s/apps/renovate/pvc.jsonnet
new file mode 100644
index 000000000..4af6b7261
--- /dev/null
+++ b/k8s/apps/renovate/pvc.jsonnet
@@ -0,0 +1,20 @@
+[
+ {
+ apiVersion: 'v1',
+ kind: 'PersistentVolumeClaim',
+ metadata: {
+ name: 'renovate',
+ },
+ spec: {
+ storageClassName: 'longhorn',
+ accessModes: [
+ 'ReadWriteOnce',
+ ],
+ resources: {
+ requests: {
+ storage: '3Gi',
+ },
+ },
+ },
+ },
+]
diff --git a/k8s/argocdapps/samba-backup/app.json5 b/k8s/apps/samba-backup/app.json5
similarity index 100%
rename from k8s/argocdapps/samba-backup/app.json5
rename to k8s/apps/samba-backup/app.json5
diff --git a/k8s/argocdapps/samba-backup/config/backup.sh b/k8s/apps/samba-backup/config/backup.sh
similarity index 100%
rename from k8s/argocdapps/samba-backup/config/backup.sh
rename to k8s/apps/samba-backup/config/backup.sh
diff --git a/k8s/apps/samba-backup/configmap.jsonnet b/k8s/apps/samba-backup/configmap.jsonnet
new file mode 100644
index 000000000..a73d047ba
--- /dev/null
+++ b/k8s/apps/samba-backup/configmap.jsonnet
@@ -0,0 +1,8 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name + '-script',
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'backup.sh': (importstr './config/backup.sh'),
+ },
+}
diff --git a/k8s/argocdapps/samba-backup/cronjob.jsonnet b/k8s/apps/samba-backup/cronjob.jsonnet
similarity index 99%
rename from k8s/argocdapps/samba-backup/cronjob.jsonnet
rename to k8s/apps/samba-backup/cronjob.jsonnet
index 33fac52f1..330215adb 100644
--- a/k8s/argocdapps/samba-backup/cronjob.jsonnet
+++ b/k8s/apps/samba-backup/cronjob.jsonnet
@@ -17,7 +17,7 @@
containers: [
std.mergePatch((import '../../components/container.libsonnet') {
name: 'samba-backup',
- image: 'debian:12.7',
+ image: 'debian:12.9',
command: [
'sh',
'/backup.sh',
diff --git a/k8s/argocdapps/samba-backup/external-secret.jsonnet b/k8s/apps/samba-backup/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/samba-backup/external-secret.jsonnet
rename to k8s/apps/samba-backup/external-secret.jsonnet
diff --git a/k8s/argocdapps/samba/app.json5 b/k8s/apps/samba/app.json5
similarity index 100%
rename from k8s/argocdapps/samba/app.json5
rename to k8s/apps/samba/app.json5
diff --git a/k8s/argocdapps/samba/deployment.jsonnet b/k8s/apps/samba/deployment.jsonnet
similarity index 98%
rename from k8s/argocdapps/samba/deployment.jsonnet
rename to k8s/apps/samba/deployment.jsonnet
index f6287adb3..6461d5666 100644
--- a/k8s/argocdapps/samba/deployment.jsonnet
+++ b/k8s/apps/samba/deployment.jsonnet
@@ -80,7 +80,7 @@
cpu: '1000m',
},
requests: {
- memory: '850Mi',
+ memory: '2Gi',
cpu: '10m',
},
},
diff --git a/k8s/argocdapps/samba/external-secret.jsonnet b/k8s/apps/samba/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/samba/external-secret.jsonnet
rename to k8s/apps/samba/external-secret.jsonnet
diff --git a/k8s/argocdapps/samba/service.jsonnet b/k8s/apps/samba/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/samba/service.jsonnet
rename to k8s/apps/samba/service.jsonnet
diff --git a/k8s/apps/smartctl-exporter/app.json5 b/k8s/apps/smartctl-exporter/app.json5
new file mode 100644
index 000000000..d8564d5f0
--- /dev/null
+++ b/k8s/apps/smartctl-exporter/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "smartctl-exporter",
+ namespace: "monitoring",
+}
diff --git a/k8s/apps/smartctl-exporter/helm.jsonnet b/k8s/apps/smartctl-exporter/helm.jsonnet
new file mode 100644
index 000000000..aca667ce8
--- /dev/null
+++ b/k8s/apps/smartctl-exporter/helm.jsonnet
@@ -0,0 +1,9 @@
+(import '../../components/helm.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+
+ chart: 'prometheus-smartctl-exporter',
+ repoURL: 'https://prometheus-community.github.io/helm-charts',
+ targetRevision: '0.13.0',
+ values: (importstr 'values.yaml'),
+}
diff --git a/k8s/apps/smartctl-exporter/helm.yaml b/k8s/apps/smartctl-exporter/helm.yaml
deleted file mode 100644
index b0d1a30dd..000000000
--- a/k8s/apps/smartctl-exporter/helm.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: smartctl-exporter
-spec:
- url: https://prometheus-community.github.io/helm-charts
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: smartctl-exporter
-spec:
- chart:
- spec:
- chart: prometheus-smartctl-exporter
- version: 0.10.0
- values:
- image:
- repository: ghcr.io/joryirving/smartctl_exporter
- tag: "0.12.0"
- podAnnotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "9666"
- prometheus.io/path: "/metrics"
- serviceMonitor:
- enabled: true
- relabelings:
- - sourceLabels: [__meta_kubernetes_pod_node_name]
- separator: ;
- regex: ^(.*)$
- targetLabel: node
- replacement: $1
- action: replace
diff --git a/k8s/apps/smartctl-exporter/kustomization.yaml b/k8s/apps/smartctl-exporter/kustomization.yaml
deleted file mode 100644
index 466d5a0e1..000000000
--- a/k8s/apps/smartctl-exporter/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: monitoring
-components:
-- ../../components/helm
-resources:
-- helm.yaml
diff --git a/k8s/apps/smartctl-exporter/values.yaml b/k8s/apps/smartctl-exporter/values.yaml
new file mode 100644
index 000000000..92e1475a4
--- /dev/null
+++ b/k8s/apps/smartctl-exporter/values.yaml
@@ -0,0 +1,16 @@
+image:
+ repository: ghcr.io/joryirving/smartctl_exporter
+ tag: "0.13.0"
+podAnnotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9666"
+ prometheus.io/path: "/metrics"
+serviceMonitor:
+ enabled: true
+ relabelings:
+ - sourceLabels: [ __meta_kubernetes_pod_node_name ]
+ separator: ;
+ regex: ^(.*)$
+ targetLabel: node
+ replacement: $1
+ action: replace
diff --git a/k8s/apps/snmp-exporter/app.json5 b/k8s/apps/snmp-exporter/app.json5
new file mode 100644
index 000000000..c9de489bb
--- /dev/null
+++ b/k8s/apps/snmp-exporter/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "snmp-exporter",
+ namespace: "monitoring",
+}
diff --git a/k8s/apps/snmp-exporter/generator.yaml b/k8s/apps/snmp-exporter/config/generator.yaml
similarity index 100%
rename from k8s/apps/snmp-exporter/generator.yaml
rename to k8s/apps/snmp-exporter/config/generator.yaml
diff --git a/k8s/argocdapps/prometheus-stack/helm.jsonnet b/k8s/apps/snmp-exporter/helm.jsonnet
similarity index 78%
rename from k8s/argocdapps/prometheus-stack/helm.jsonnet
rename to k8s/apps/snmp-exporter/helm.jsonnet
index aaa098888..c24186308 100644
--- a/k8s/argocdapps/prometheus-stack/helm.jsonnet
+++ b/k8s/apps/snmp-exporter/helm.jsonnet
@@ -2,8 +2,8 @@
name: (import 'app.json5').name,
namespace: (import 'app.json5').namespace,
- chart: 'kube-prometheus-stack',
+ chart: 'prometheus-snmp-exporter',
repoURL: 'https://prometheus-community.github.io/helm-charts',
- targetRevision: '65.6.0',
+ targetRevision: '6.0.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/snmp-exporter/helm.yaml b/k8s/apps/snmp-exporter/helm.yaml
deleted file mode 100644
index b95f9d058..000000000
--- a/k8s/apps/snmp-exporter/helm.yaml
+++ /dev/null
@@ -1,2556 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- name: snmp-exporter
-spec:
- url: https://prometheus-community.github.io/helm-charts
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- name: snmp-exporter
-spec:
- chart:
- spec:
- chart: prometheus-snmp-exporter
- version: 5.6.0
- values:
- serviceMonitor:
- enabled: true
- params:
- - name: ix2215
- target: "192.168.0.1"
- module:
- - nec_ix
- config: |
- # WARNING: This file was auto-generated using snmp_exporter generator, manual changes will be lost.
- auths:
- public_v1:
- community: public
- security_level: noAuthNoPriv
- auth_protocol: MD5
- priv_protocol: DES
- version: 1
- public_v2:
- community: public
- security_level: noAuthNoPriv
- auth_protocol: MD5
- priv_protocol: DES
- version: 2
- modules:
- nec_ix:
- walk:
- - 1.3.6.1.4.1.119.2.3.84.1
- - 1.3.6.1.4.1.119.2.3.84.10
- - 1.3.6.1.4.1.119.2.3.84.11
- - 1.3.6.1.4.1.119.2.3.84.12
- - 1.3.6.1.4.1.119.2.3.84.13
- - 1.3.6.1.4.1.119.2.3.84.14
- - 1.3.6.1.4.1.119.2.3.84.15
- - 1.3.6.1.4.1.119.2.3.84.2
- - 1.3.6.1.4.1.119.2.3.84.3
- - 1.3.6.1.4.1.119.2.3.84.4
- - 1.3.6.1.4.1.119.2.3.84.5
- - 1.3.6.1.4.1.119.2.3.84.6
- - 1.3.6.1.4.1.119.2.3.84.7
- - 1.3.6.1.4.1.119.2.3.84.8
- - 1.3.6.1.4.1.119.2.3.84.9
- metrics:
- - name: picoPostIndex
- oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1
- type: gauge
- help: Unique index for each POST. - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1
- indexes:
- - labelname: picoPostIndex
- type: gauge
- - name: picoPostFail
- oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2
- type: DisplayString
- help: POST fail information - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2
- indexes:
- - labelname: picoPostIndex
- type: gauge
- - name: picoMobileDeviceIndex
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1
- type: gauge
- help: The unique index for each Mobile module. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceVendorName
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2
- type: DisplayString
- help: The object of the vendor name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceName
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3
- type: DisplayString
- help: The object of the device name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceProductID
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4
- type: DisplayString
- help: The object of the product ID. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceSoftwareVersion
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5
- type: DisplayString
- help: The object of the software version. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceSignalBar
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6
- type: gauge
- help: The object of the signal bar. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceSignalStrength
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7
- type: gauge
- help: 'The signal strength can be: unknown(-1) :signal strength is unknown out-range(0):signal strength is 0 weak(1) :signal strength is 1 low(2) :signal strength is 2 high(3) :signal strength is 3 - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7'
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- enum_values:
- -1: unknown
- 0: out-range
- 1: weak
- 2: low
- 3: high
- - name: picoMobileDeviceSignalQuality
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8
- type: DisplayString
- help: The object of the signal quality. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceSignalElapsedTime
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9
- type: gauge
- help: The object of the elapsed time after signal acquiring. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceRadioInterface
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10
- type: DisplayString
- help: The object of the radio interface. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceCarrier
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11
- type: DisplayString
- help: The object of the carrier name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceDialerString
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12
- type: DisplayString
- help: The object of the dialer string. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceDialStatus
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13
- type: gauge
- help: 'The dial status can be: disconnected(0):dial status is disconnected - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13'
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- enum_values:
- 0: disconnected
- 1: connect
- 2: cancel
- 3: connected
- 4: postprocess
- - name: picoMobileDeviceInRangeCounts
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14
- type: gauge
- help: The in-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceOutRangeCounts
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15
- type: gauge
- help: The out-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoMobileDeviceResetCounts
- oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16
- type: gauge
- help: The reset device statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16
- indexes:
- - labelname: picoMobileDeviceIndex
- type: gauge
- - name: picoIPv4CacheEntries
- oid: 1.3.6.1.4.1.119.2.3.84.12.1.1
- type: gauge
- help: The number of current IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.1
- - name: picoIPv4CachePeaks
- oid: 1.3.6.1.4.1.119.2.3.84.12.1.2
- type: gauge
- help: The peak value of IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.2
- - name: picoIPv4CacheCreates
- oid: 1.3.6.1.4.1.119.2.3.84.12.1.3
- type: counter
- help: The total count of created IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.3
- - name: picoIPv4CacheOverflows
- oid: 1.3.6.1.4.1.119.2.3.84.12.1.4
- type: counter
- help: The total count of IPv4 cache overflow. - 1.3.6.1.4.1.119.2.3.84.12.1.4
- - name: picoIPv4UFSCacheEntries
- oid: 1.3.6.1.4.1.119.2.3.84.12.2.1
- type: gauge
- help: The number of current IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.1
- - name: picoIPv4UFSCachePeaks
- oid: 1.3.6.1.4.1.119.2.3.84.12.2.2
- type: gauge
- help: The peak value of IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.2
- - name: picoIPv4UFSCacheCreates
- oid: 1.3.6.1.4.1.119.2.3.84.12.2.3
- type: counter
- help: The total count of created IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.3
- - name: picoIPv4UFSCacheOverflows
- oid: 1.3.6.1.4.1.119.2.3.84.12.2.4
- type: counter
- help: The total count of IPv4 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.12.2.4
- - name: picoIPv6CacheEntries
- oid: 1.3.6.1.4.1.119.2.3.84.13.1.1
- type: gauge
- help: The number of current IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.1
- - name: picoIPv6CachePeaks
- oid: 1.3.6.1.4.1.119.2.3.84.13.1.2
- type: gauge
- help: The peak value of IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.2
- - name: picoIPv6CacheCreates
- oid: 1.3.6.1.4.1.119.2.3.84.13.1.3
- type: counter
- help: The total count of created IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.3
- - name: picoIPv6CacheOverflows
- oid: 1.3.6.1.4.1.119.2.3.84.13.1.4
- type: counter
- help: The total count of IPv6 cache overflow. - 1.3.6.1.4.1.119.2.3.84.13.1.4
- - name: picoIPv6UFSCacheEntries
- oid: 1.3.6.1.4.1.119.2.3.84.13.2.1
- type: gauge
- help: The number of current IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.1
- - name: picoIPv6UFSCachePeaks
- oid: 1.3.6.1.4.1.119.2.3.84.13.2.2
- type: gauge
- help: The peak value of IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.2
- - name: picoIPv6UFSCacheCreates
- oid: 1.3.6.1.4.1.119.2.3.84.13.2.3
- type: counter
- help: The total count of created IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.3
- - name: picoIPv6UFSCacheOverflows
- oid: 1.3.6.1.4.1.119.2.3.84.13.2.4
- type: counter
- help: The total count of IPv6 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.13.2.4
- - name: qosPolicyIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.1
- type: gauge
- help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.1.1.1
- indexes:
- - labelname: qosPolicyIfIndex
- type: gauge
- - name: qosPolicyName
- oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.2
- type: DisplayString
- help: QoS Policy name. - 1.3.6.1.4.1.119.2.3.84.14.1.1.2
- indexes:
- - labelname: qosPolicyIfIndex
- type: gauge
- - name: qosClassIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.1
- type: gauge
- help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.2.1.1
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.2
- type: gauge
- help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.2.1.2
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassName
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.3
- type: DisplayString
- help: QoS Class name. - 1.3.6.1.4.1.119.2.3.84.14.2.1.3
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassType
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.4
- type: gauge
- help: QoS Class type. - 1.3.6.1.4.1.119.2.3.84.14.2.1.4
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- enum_values:
- 1: cbq
- 2: llq
- - name: qosClassBandwidth
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.5
- type: gauge
- help: QoS Class Bandwidth. - 1.3.6.1.4.1.119.2.3.84.14.2.1.5
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassBandwidthUnit
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.6
- type: gauge
- help: QoS Class BandwidthUnit. - 1.3.6.1.4.1.119.2.3.84.14.2.1.6
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- enum_values:
- 1: kbps
- 2: percent
- - name: qosClassBitRate
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.7
- type: gauge
- help: QoS Class BitRate. - 1.3.6.1.4.1.119.2.3.84.14.2.1.7
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassEnqPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.8
- type: counter
- help: QoS Class Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.8
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassEnqBytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.9
- type: counter
- help: QoS Class Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.9
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassDeqPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.10
- type: counter
- help: QoS Class Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.10
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassDeqBytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.11
- type: counter
- help: QoS Class Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.11
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.12
- type: counter
- help: QoS Class Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.12
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosClassDropbytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.13
- type: counter
- help: QoS Class Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.13
- indexes:
- - labelname: qosClassIfIndex
- type: gauge
- - labelname: qosClassIndex
- type: gauge
- - name: qosQueueIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.1
- type: gauge
- help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.3.1.1
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueClassIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.2
- type: gauge
- help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.3.1.2
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueIndex
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.3
- type: gauge
- help: The queue index value of the queue - 1.3.6.1.4.1.119.2.3.84.14.3.1.3
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueEnqPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.4
- type: counter
- help: QoS Queue Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.4
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueEnqBytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.5
- type: counter
- help: QoS Queue Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.5
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueDeqPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.6
- type: counter
- help: QoS Queue Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.6
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueDeqBytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.7
- type: counter
- help: QoS Queue Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.7
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.8
- type: counter
- help: QoS Queue Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.8
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: qosQueueDropbytes
- oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.9
- type: counter
- help: QoS Queue Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.9
- indexes:
- - labelname: qosQueueIfIndex
- type: gauge
- - labelname: qosQueueClassIndex
- type: gauge
- - labelname: qosQueueIndex
- type: gauge
- - name: naptCacheIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1
- type: gauge
- help: The interface index value of the interface for which NAPT is enabled. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1
- indexes:
- - labelname: naptCacheIfIndex
- type: gauge
- - name: naptCacheEntries
- oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2
- type: gauge
- help: The number of current NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2
- indexes:
- - labelname: naptCacheIfIndex
- type: gauge
- - name: naptCachePeak
- oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3
- type: gauge
- help: The peak value of NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3
- indexes:
- - labelname: naptCacheIfIndex
- type: gauge
- - name: naptCacheCreates
- oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4
- type: counter
- help: The total count of created NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4
- indexes:
- - labelname: naptCacheIfIndex
- type: gauge
- - name: naptCacheOverflows
- oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5
- type: counter
- help: The total count of NAPT cache overflow. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5
- indexes:
- - labelname: naptCacheIfIndex
- type: gauge
- - name: picoCelsius
- oid: 1.3.6.1.4.1.119.2.3.84.2.1.1
- type: gauge
- help: Indicates the temperature of the equipment inside, in degree (Celsius). - 1.3.6.1.4.1.119.2.3.84.2.1.1
- - name: picoFahrenheit
- oid: 1.3.6.1.4.1.119.2.3.84.2.1.2
- type: gauge
- help: Indicates the temperature of the equipment inside, in degree (Fahrenheit). - 1.3.6.1.4.1.119.2.3.84.2.1.2
- - name: picoVoltage
- oid: 1.3.6.1.4.1.119.2.3.84.2.2
- type: gauge
- help: Indicates the observed voltage, in milli-volt (mV). - 1.3.6.1.4.1.119.2.3.84.2.2
- - name: picoFanIndex
- oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.1
- type: gauge
- help: Unique index for each fan module. - 1.3.6.1.4.1.119.2.3.84.2.3.1.1
- indexes:
- - labelname: picoFanIndex
- type: gauge
- - name: picoFanStatus
- oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.2
- type: gauge
- help: Status of a fan module - 1.3.6.1.4.1.119.2.3.84.2.3.1.2
- indexes:
- - labelname: picoFanIndex
- type: gauge
- enum_values:
- 1: normal
- 2: failure
- - name: picoFanRpm
- oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.3
- type: gauge
- help: Fan speed (Revolution Per Minutes) - 1.3.6.1.4.1.119.2.3.84.2.3.1.3
- indexes:
- - labelname: picoFanIndex
- type: gauge
- - name: picoPowerSupplyIndex
- oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.1
- type: gauge
- help: Unique index for each power supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.1
- indexes:
- - labelname: picoPowerSupplyIndex
- type: gauge
- - name: picoPowerSupplyType
- oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.2
- type: gauge
- help: Power supply module type. - 1.3.6.1.4.1.119.2.3.84.2.4.1.2
- indexes:
- - labelname: picoPowerSupplyIndex
- type: gauge
- enum_values:
- 0: notInstalled
- 1: systemACPS
- 2: ieee802dot3af-PoE-ACPS
- - name: picoPowerSupplyStatus
- oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.3
- type: gauge
- help: Status of a Power Supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.3
- indexes:
- - labelname: picoPowerSupplyIndex
- type: gauge
- enum_values:
- 0: notInstalled
- 1: normal
- 2: failure
- - name: picoSchedRtUtl1Sec
- oid: 1.3.6.1.4.1.119.2.3.84.2.5.1
- type: gauge
- help: Indicates the observed system utilization for last 1 second, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.1
- - name: picoSchedRtUtl5Sec
- oid: 1.3.6.1.4.1.119.2.3.84.2.5.2
- type: gauge
- help: Indicates the observed system utilization for last 5 seconds, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.2
- - name: picoSchedRtUtl1Min
- oid: 1.3.6.1.4.1.119.2.3.84.2.5.3
- type: gauge
- help: Indicates the observed system utilization for last 1 minute, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.3
- - name: picoSchedRtUtl1Hour
- oid: 1.3.6.1.4.1.119.2.3.84.2.5.4
- type: gauge
- help: Indicates the observed system utilization for last 1 hour, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.4
- - name: picoHeapSize
- oid: 1.3.6.1.4.1.119.2.3.84.2.6.1
- type: gauge
- help: Indicates the observed total heap size, in bytes. - 1.3.6.1.4.1.119.2.3.84.2.6.1
- - name: picoHeapUtil
- oid: 1.3.6.1.4.1.119.2.3.84.2.6.2
- type: gauge
- help: Indicates the observed current heap utilization, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.6.2
- - name: pipSecMibLevel
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.1.1
- type: gauge
- help: The version of the IPsec MIB. - 1.3.6.1.4.1.119.2.3.84.3.1.1.1
- - name: pikeGlobalActiveTunnels
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1
- type: gauge
- help: The number of currently active IPsec Phase-1 IKE Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1
- - name: pikeGlobalInNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6
- type: counter
- help: The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6
- - name: pikeGlobalInP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7
- type: counter
- help: The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7
- - name: pikeGlobalInP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8
- type: counter
- help: The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8
- - name: pikeGlobalInP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9
- type: counter
- help: The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9
- - name: pikeGlobalInP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10
- type: counter
- help: The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10
- - name: pikeGlobalOutNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14
- type: counter
- help: The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14
- - name: pikeGlobalOutP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15
- type: counter
- help: The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15
- - name: pikeGlobalOutP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16
- type: counter
- help: The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16
- - name: pikeGlobalOutP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17
- type: counter
- help: The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17
- - name: pikeGlobalOutP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18
- type: counter
- help: The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18
- - name: pikeGlobalInitTunnels
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19
- type: counter
- help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19
- - name: pikeGlobalInitTunnelFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20
- type: counter
- help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20
- - name: pikeGlobalRespTunnelFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21
- type: counter
- help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21
- - name: pikeGlobalAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23
- type: counter
- help: The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23
- - name: pikeGlobalDecryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24
- type: counter
- help: The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24
- - name: pikeGlobalHashValidFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25
- type: counter
- help: The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25
- - name: pikeGlobalRespTunnels
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27
- type: counter
- help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27
- - name: pikeGlobalInP1SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30
- type: counter
- help: The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30
- - name: pikeGlobalOutP1SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31
- type: counter
- help: The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31
- - name: pikePeerLocalType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1
- type: gauge
- help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikePeerLocalValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2
- type: DisplayString
- help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerRemoteType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3
- type: gauge
- help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikePeerRemoteValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4
- type: DisplayString
- help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerIntIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5
- type: gauge
- help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerLocalAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6
- type: OctetString
- help: The IP address of the local peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerRemoteAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7
- type: OctetString
- help: The IP address of the remote peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerActiveTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8
- type: gauge
- help: The length of time that the peer association has existed in hundredths of a second. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikePeerActiveTunnelIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9
- type: gauge
- help: The index of the active IPsec Phase-1 IKE Tunnel (pikeTunIndex in the pikeTunnelTable) for this peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9
- indexes:
- - labelname: pikePeerLocalType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerLocalValue
- type: DisplayString
- - labelname: pikePeerRemoteType
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - labelname: pikePeerRemoteValue
- type: DisplayString
- - labelname: pikePeerIntIndex
- type: gauge
- - name: pikeTunIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1
- type: gauge
- help: The index of the IPsec Phase-1 IKE Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunLocalType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2
- type: gauge
- help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikeTunLocalValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3
- type: DisplayString
- help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunLocalAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4
- type: OctetString
- help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunRemoteType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6
- type: gauge
- help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikeTunRemoteValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7
- type: DisplayString
- help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunRemoteAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8
- type: OctetString
- help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunNegoMode
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10
- type: gauge
- help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: main
- 2: aggressive
- - name: pikeTunDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11
- type: gauge
- help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pikeTunEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12
- type: gauge
- help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pikeTunHashAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13
- type: gauge
- help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: md5
- 3: sha
- 4: sha2-256
- 5: sha2-384
- 6: sha2-512
- - name: pikeTunAuthMethod
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14
- type: gauge
- help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: preSharedKey
- 3: rsaSig
- 4: rsaEncrypt
- 5: revPublicKey
- - name: pikeTunLifeTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15
- type: gauge
- help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunActiveTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16
- type: gauge
- help: The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunSaRefreshThreshold
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17
- type: gauge
- help: The security assoication refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunInNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22
- type: counter
- help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunInP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23
- type: counter
- help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunInP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24
- type: counter
- help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunInP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25
- type: counter
- help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunInP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26
- type: counter
- help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunOutNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30
- type: counter
- help: The total number of notifys sent by this IPsec Phase-1 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunOutP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunOutP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunOutP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunOutP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34
- type: counter
- help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- - name: pikeTunStatus
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35
- type: gauge
- help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35
- indexes:
- - labelname: pikeTunIndex
- type: gauge
- enum_values:
- 1: active
- 2: destroy
- - name: pipSecGlobalActiveTunnels
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1
- type: gauge
- help: The total number of currently active IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1
- - name: pipSecGlobalInOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3
- type: counter
- help: The total number of octets received by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3
- - name: pipSecGlobalInPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9
- type: counter
- help: The total number of packets received by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9
- - name: pipSecGlobalInDrops
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10
- type: counter
- help: The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10
- - name: pipSecGlobalInReplayDrops
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11
- type: counter
- help: The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11
- - name: pipSecGlobalInAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12
- type: counter
- help: The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12
- - name: pipSecGlobalInAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13
- type: counter
- help: The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13
- - name: pipSecGlobalInDecrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14
- type: counter
- help: The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14
- - name: pipSecGlobalInDecryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15
- type: counter
- help: The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15
- - name: pipSecGlobalOutOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16
- type: counter
- help: The total number of octets sent by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16
- - name: pipSecGlobalOutPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22
- type: counter
- help: The total number of packets sent by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22
- - name: pipSecGlobalOutDrops
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23
- type: counter
- help: The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23
- - name: pipSecGlobalOutAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24
- type: counter
- help: The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24
- - name: pipSecGlobalOutAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25
- type: counter
- help: The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25
- - name: pipSecGlobalOutEncrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26
- type: counter
- help: The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26
- - name: pipSecGlobalOutEncryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27
- type: counter
- help: The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27
- - name: pipSecGlobalNoSaFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33
- type: counter
- help: The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33
- - name: pipSecTunIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1
- type: gauge
- help: The index of the IPsec Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunIkeTunnelIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2
- type: gauge
- help: The index of the associated IPsec Phase-1 IKE Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunIkeTunnelAlive
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3
- type: gauge
- help: An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: "true"
- 2: "false"
- - name: pipSecTunLocalAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4
- type: OctetString
- help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunRemoteAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5
- type: OctetString
- help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunKeyType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6
- type: gauge
- help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: ike
- 2: manual
- - name: pipSecTunEncapMode
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7
- type: gauge
- help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: tunnel
- 2: transport
- - name: pipSecTunLifeSize
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8
- type: gauge
- help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunLifeTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9
- type: gauge
- help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunActiveTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10
- type: gauge
- help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunSaLifeSizeThreshold
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11
- type: gauge
- help: The security association LifeSize refresh threshold in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunSaLifeTimeThreshold
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12
- type: gauge
- help: The security association LifeTime refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunTotalRefreshes
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13
- type: counter
- help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunExpiredSaInstances
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14
- type: counter
- help: The total number of security associations which have expired. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunCurrentSaInstances
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15
- type: gauge
- help: The number of security associations which are currently active or expiring. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInSaDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16
- type: gauge
- help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pipSecTunInSaEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17
- type: gauge
- help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pipSecTunInSaAhAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18
- type: gauge
- help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunInSaEspAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19
- type: gauge
- help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunOutSaDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21
- type: gauge
- help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pipSecTunOutSaEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22
- type: gauge
- help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pipSecTunOutSaAhAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23
- type: gauge
- help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunOutSaEspAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24
- type: gauge
- help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunPmtu
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26
- type: gauge
- help: The Path MTU that has been determined for this IPsec Phase-2 tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27
- type: counter
- help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33
- type: counter
- help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34
- type: counter
- help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInReplayDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35
- type: counter
- help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36
- type: counter
- help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37
- type: counter
- help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInDecrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38
- type: counter
- help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunInDecryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39
- type: counter
- help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40
- type: counter
- help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46
- type: counter
- help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47
- type: counter
- help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48
- type: counter
- help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49
- type: counter
- help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutEncrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50
- type: counter
- help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunOutEncryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51
- type: counter
- help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - name: pipSecTunStatus
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56
- type: gauge
- help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- enum_values:
- 1: active
- 2: destroy
- - name: pipSecSpiIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1
- type: gauge
- help: The number of the SPI associated with the Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - labelname: pipSecSpiIndex
- type: gauge
- - name: pipSecSpiDirection
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2
- type: gauge
- help: The direction of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - labelname: pipSecSpiIndex
- type: gauge
- enum_values:
- 1: in
- 2: out
- - name: pipSecSpiValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3
- type: gauge
- help: The value of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - labelname: pipSecSpiIndex
- type: gauge
- - name: pipSecSpiProtocol
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4
- type: gauge
- help: The protocol of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - labelname: pipSecSpiIndex
- type: gauge
- enum_values:
- 1: ah
- 2: esp
- 3: ipcomp
- - name: pipSecSpiStatus
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5
- type: gauge
- help: The status of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5
- indexes:
- - labelname: pipSecTunIndex
- type: gauge
- - labelname: pipSecSpiIndex
- type: gauge
- enum_values:
- 1: active
- 2: expiring
- - name: pikeTunHistIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1
- type: gauge
- help: The index of the IPsec Phase-1 IKE Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistTermReason
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2
- type: gauge
- help: The reason the IPsec Phase-1 IKE Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: other
- 2: normal
- 3: operRequest
- 4: peerDelRequest
- 5: peerLost
- 6: applicationInitiated
- 7: xauthFailure
- 8: localFailure
- 9: checkPointReg
- - name: pikeTunHistActiveIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3
- type: gauge
- help: The index of the previously active IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistPeerLocalType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4
- type: gauge
- help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikeTunHistPeerLocalValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5
- type: DisplayString
- help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistPeerIntIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6
- type: gauge
- help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistPeerRemoteType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7
- type: gauge
- help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: idIpv4Addr
- 2: idFqdn
- 3: idDn
- 4: idIpv6Addr
- - name: pikeTunHistPeerRemoteValue
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8
- type: DisplayString
- help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistLocalAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9
- type: OctetString
- help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistRemoteAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11
- type: OctetString
- help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistNegoMode
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13
- type: gauge
- help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: main
- 2: aggressive
- - name: pikeTunHistDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14
- type: gauge
- help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pikeTunHistEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15
- type: gauge
- help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pikeTunHistHashAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16
- type: gauge
- help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: md5
- 3: sha
- 4: sha2-256
- 5: sha2-384
- 6: sha2-512
- - name: pikeTunHistAuthMethod
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17
- type: gauge
- help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: preSharedKey
- 3: rsaSig
- 4: rsaEncrypt
- 5: revPublicKey
- - name: pikeTunHistLifeTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18
- type: gauge
- help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistStartTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19
- type: gauge
- help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistActiveTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20
- type: gauge
- help: The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistInNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26
- type: counter
- help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistInP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27
- type: counter
- help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistInP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28
- type: counter
- help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistInP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29
- type: counter
- help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistInP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30
- type: counter
- help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistOutNotifys
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34
- type: counter
- help: The total number of notifys sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistOutP2Exchgs
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistOutP2ExchgInvalids
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistOutP2ExchgRejects
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37
- type: counter
- help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pikeTunHistOutP2SaDelRequests
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38
- type: counter
- help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38
- indexes:
- - labelname: pikeTunHistIndex
- type: gauge
- - name: pipSecTunHistIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1
- type: gauge
- help: The index of the IPsec Phase-2 Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistTermReason
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2
- type: gauge
- help: The reason the IPsec Phase-2 Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: other
- 2: normal
- 3: operRequest
- 4: peerDelRequest
- 5: peerLost
- 6: applicationInitiated
- 7: xauthFailure
- 8: seqNumRollOver
- 9: checkPointReq
- - name: pipSecTunHistActiveIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3
- type: gauge
- help: The index of the previously active IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistIkeTunnelIndex
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4
- type: gauge
- help: The index of the associated IPsec Phase-1 Tunnel (pikeTunIndex in the pikeTunnelTable). - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistLocalAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5
- type: OctetString
- help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistRemoteAddr
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6
- type: OctetString
- help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistKeyType
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7
- type: gauge
- help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: ike
- 2: manual
- - name: pipSecTunHistEncapMode
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8
- type: gauge
- help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: tunnel
- 2: transport
- - name: pipSecTunHistLifeSize
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9
- type: gauge
- help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistLifeTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10
- type: gauge
- help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistStartTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11
- type: gauge
- help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistActiveTime
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12
- type: gauge
- help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistTotalRefreshes
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13
- type: counter
- help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInSaDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15
- type: gauge
- help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pipSecTunHistInSaEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16
- type: gauge
- help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pipSecTunHistInSaAhAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17
- type: gauge
- help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunHistInSaEspAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18
- type: gauge
- help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunHistOutSaDiffHellmanGrp
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20
- type: gauge
- help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: modp768
- 3: modp1024
- 4: modp1536
- 5: modp2048
- - name: pipSecTunHistOutSaEncryptAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21
- type: gauge
- help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: des
- 3: des3
- 4: aes
- 9: "null"
- - name: pipSecTunHistOutSaAhAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22
- type: gauge
- help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunHistOutSaEspAuthAlgo
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23
- type: gauge
- help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- enum_values:
- 1: none
- 2: hmacMd5
- 3: hmacSha
- 4: hmacSha2-256
- 5: hmacSha2-384
- 6: hmacSha2-512
- - name: pipSecTunHistPmtu
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25
- type: gauge
- help: The Path MTU that was determined for this IPsec Phase-2 tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26
- type: counter
- help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32
- type: counter
- help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33
- type: counter
- help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInReplayDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34
- type: counter
- help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35
- type: counter
- help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36
- type: counter
- help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInDecrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37
- type: counter
- help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistInDecryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38
- type: counter
- help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutOctets
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39
- type: counter
- help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45
- type: counter
- help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutDropPkts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46
- type: counter
- help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutAuths
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47
- type: counter
- help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutAuthFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48
- type: counter
- help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutEncrypts
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49
- type: counter
- help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: pipSecTunHistOutEncryptFails
- oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50
- type: counter
- help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50
- indexes:
- - labelname: pipSecTunHistIndex
- type: gauge
- - name: picoLoginSessionIndex
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.1
- type: gauge
- help: Unique index for each login. - 1.3.6.1.4.1.119.2.3.84.4.1.1.1
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- - name: picoLoginSessionStatus
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.2
- type: gauge
- help: Status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.2
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- enum_values:
- 1: login
- 2: logout
- 3: fail
- - name: picoLoginSessionPrivilege
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.3
- type: gauge
- help: User privilege of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.3
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- enum_values:
- 1: administrator
- 2: monitor
- 3: operator
- 4: unknown
- - name: picoLoginSessionProcessMode
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.4
- type: gauge
- help: User process status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.4
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- enum_values:
- 1: operation
- 2: configure
- - name: picoLoginSessionTerminalType
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.5
- type: gauge
- help: Terminal type of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.5
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- enum_values:
- 1: unknown
- 2: local
- 3: remote
- - name: picoLoginSessionPeerIpAddress
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.6
- type: InetAddressIPv4
- help: Peer ipv4 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.6
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- - name: picoLoginSessionPeerIpv6Address
- oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.7
- type: OctetString
- help: Peer ipv6 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.7
- indexes:
- - labelname: picoLoginSessionIndex
- type: gauge
- - name: picoConfigType
- oid: 1.3.6.1.4.1.119.2.3.84.5.1
- type: gauge
- help: Configuration type. - 1.3.6.1.4.1.119.2.3.84.5.1
- enum_values:
- 1: default-config
- 2: startup-config
- 3: license
- - name: picoConfigEventType
- oid: 1.3.6.1.4.1.119.2.3.84.5.2
- type: gauge
- help: Event type of configuration modified. - 1.3.6.1.4.1.119.2.3.84.5.2
- enum_values:
- 1: write
- 2: erase
- - name: picoExtIfInstalledSlot
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.1
- type: gauge
- help: The slot number in which the extension card was installed. - 1.3.6.1.4.1.119.2.3.84.6.1.1.1
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.2
- type: gauge
- help: A unique value for each extension card. - 1.3.6.1.4.1.119.2.3.84.6.1.1.2
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfDescr
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.3
- type: DisplayString
- help: A textual string containing information about the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.3
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfUpperLayer
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.4
- type: gauge
- help: Index of interface to upper layers. - 1.3.6.1.4.1.119.2.3.84.6.1.1.4
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfType
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.5
- type: gauge
- help: The type of interface,, distinguished according to the physical/link protocol(s) immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.5
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- enum_values:
- 6: ethernet-csmacd
- 62: fastEther
- - name: picoExtIfSpeed
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.6
- type: gauge
- help: An estimate of the interface's current bandwidth in bits per second. - 1.3.6.1.4.1.119.2.3.84.6.1.1.6
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfDuplex
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.7
- type: gauge
- help: The current mode of this link. - 1.3.6.1.4.1.119.2.3.84.6.1.1.7
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- enum_values:
- 1: halfduplex
- 2: fullduplex
- - name: picoExtIfEffectiveMtu
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.8
- type: gauge
- help: The size of the largest datagram which can be sent/received on the interface, specified in octets. - 1.3.6.1.4.1.119.2.3.84.6.1.1.8
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfPhysicalAddress
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.9
- type: PhysAddress48
- help: The interface's address at the protocol layer immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.9
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoExtIfAdminStatus
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.10
- type: gauge
- help: The desired state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.10
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- enum_values:
- 1: up
- 2: down
- 3: testing
- - name: picoExtIfOperStatus
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.11
- type: gauge
- help: The current operational state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.11
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- enum_values:
- 1: up
- 2: down
- 3: testing
- - name: picoExtIfLastChange
- oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.12
- type: gauge
- help: The value of sysUpTime at the time the interface entered its current operational state. - 1.3.6.1.4.1.119.2.3.84.6.1.1.12
- indexes:
- - labelname: picoExtIfInstalledSlot
- type: gauge
- - labelname: picoExtIfIndex
- type: gauge
- - name: picoNetmonWatchgroupIndex
- oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1
- type: gauge
- help: Unique index for each Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1
- indexes:
- - labelname: picoNetmonWatchgroupIndex
- type: gauge
- - name: picoNetmonWatchgroupName
- oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2
- type: DisplayString
- help: Netmon Watchgroup Name. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2
- indexes:
- - labelname: picoNetmonWatchgroupIndex
- type: gauge
- - name: picoNetmonWatchgroupSequenceNumber
- oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3
- type: gauge
- help: Netmon Watchgroup sequence number. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3
- indexes:
- - labelname: picoNetmonWatchgroupIndex
- type: gauge
- - name: picoNetmonWatchgroupStatus
- oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4
- type: gauge
- help: Status of a Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4
- indexes:
- - labelname: picoNetmonWatchgroupIndex
- type: gauge
- enum_values:
- 1: normal
- 2: stand
- 3: disable
- - name: picoNetmonWatchgroupVarianceCounts
- oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5
- type: gauge
- help: Netmon Watchgroup variance statistics. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5
- indexes:
- - labelname: picoNetmonWatchgroupIndex
- type: gauge
- - name: picoNgnIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1
- type: gauge
- help: The interface index value of the interface for which NGN is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- - name: picoNgnType
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2
- type: gauge
- help: 'The mode of the NGN service can be: standard(1) :NGN service is standard - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2'
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- enum_values:
- 1: standard
- 2: numbergate
- - name: picoNgnIfType
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3
- type: gauge
- help: 'The type of the NGN interface can be: global(1) :NGN interface type is global - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3'
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- enum_values:
- 1: global
- 2: private
- - name: picoNgnStatus
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4
- type: gauge
- help: 'The state of the NGN SIP-UA register can be: notReady(1) :NGN service is not Ready - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4'
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- enum_values:
- 1: notReady
- 2: initializing
- 3: registering
- 4: registered
- - name: picoNgnSipServerIpAddress
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5
- type: InetAddressIPv4
- help: The object of the SIP server address. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- - name: picoNgnSipUri
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6
- type: DisplayString
- help: The object of the SIP URI. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- - name: picoNgnUpTime
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7
- type: gauge
- help: The time elapsed since registered. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7
- indexes:
- - labelname: picoNgnIfIndex
- type: gauge
- - name: picoNgnVpnIfIndex
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1
- type: gauge
- help: The interface index value of the interface for which NGN binding is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- - name: picoNgnVpnStatus
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2
- type: gauge
- help: 'The state of the NGN SIP-UA session can be: disconnected(1):SIP session is disconnected - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2'
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- enum_values:
- 1: disconnected
- 2: connecting
- 3: connected
- - name: picoNgnVpnPeerAddress
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3
- type: DisplayString
- help: The object of the NGN peer address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- - name: picoNgnVpnBandwidth
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4
- type: gauge
- help: The object of the NGN session bandwidth. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- - name: picoNgnVpnUsedTime
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5
- type: gauge
- help: The time elapsed since this connected NGN session. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- - name: picoNgnVpnSbcIpAddress
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6
- type: InetAddressIPv4
- help: The object of the NGN session SBC address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- - name: picoNgnVpnSbcPort
- oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7
- type: gauge
- help: The object of the NGN session SBC port. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7
- indexes:
- - labelname: picoNgnVpnIfIndex
- type: gauge
- retries: 3
- timeout: 10s
diff --git a/k8s/apps/snmp-exporter/kustomization.yaml b/k8s/apps/snmp-exporter/kustomization.yaml
deleted file mode 100644
index 466d5a0e1..000000000
--- a/k8s/apps/snmp-exporter/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: monitoring
-components:
-- ../../components/helm
-resources:
-- helm.yaml
diff --git a/k8s/apps/snmp-exporter/values.yaml b/k8s/apps/snmp-exporter/values.yaml
new file mode 100644
index 000000000..cba5ae05f
--- /dev/null
+++ b/k8s/apps/snmp-exporter/values.yaml
@@ -0,0 +1,2539 @@
+serviceMonitor:
+ enabled: true
+ params:
+ - name: ix2215
+ target: "192.168.0.1"
+ module:
+ - nec_ix
+config: |
+ # WARNING: This file was auto-generated using snmp_exporter generator, manual changes will be lost.
+ auths:
+ public_v1:
+ community: public
+ security_level: noAuthNoPriv
+ auth_protocol: MD5
+ priv_protocol: DES
+ version: 1
+ public_v2:
+ community: public
+ security_level: noAuthNoPriv
+ auth_protocol: MD5
+ priv_protocol: DES
+ version: 2
+ modules:
+ nec_ix:
+ walk:
+ - 1.3.6.1.4.1.119.2.3.84.1
+ - 1.3.6.1.4.1.119.2.3.84.10
+ - 1.3.6.1.4.1.119.2.3.84.11
+ - 1.3.6.1.4.1.119.2.3.84.12
+ - 1.3.6.1.4.1.119.2.3.84.13
+ - 1.3.6.1.4.1.119.2.3.84.14
+ - 1.3.6.1.4.1.119.2.3.84.15
+ - 1.3.6.1.4.1.119.2.3.84.2
+ - 1.3.6.1.4.1.119.2.3.84.3
+ - 1.3.6.1.4.1.119.2.3.84.4
+ - 1.3.6.1.4.1.119.2.3.84.5
+ - 1.3.6.1.4.1.119.2.3.84.6
+ - 1.3.6.1.4.1.119.2.3.84.7
+ - 1.3.6.1.4.1.119.2.3.84.8
+ - 1.3.6.1.4.1.119.2.3.84.9
+ metrics:
+ - name: picoPostIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1
+ type: gauge
+ help: Unique index for each POST. - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1
+ indexes:
+ - labelname: picoPostIndex
+ type: gauge
+ - name: picoPostFail
+ oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2
+ type: DisplayString
+ help: POST fail information - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2
+ indexes:
+ - labelname: picoPostIndex
+ type: gauge
+ - name: picoMobileDeviceIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1
+ type: gauge
+ help: The unique index for each Mobile module. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceVendorName
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2
+ type: DisplayString
+ help: The object of the vendor name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceName
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3
+ type: DisplayString
+ help: The object of the device name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceProductID
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4
+ type: DisplayString
+ help: The object of the product ID. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceSoftwareVersion
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5
+ type: DisplayString
+ help: The object of the software version. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceSignalBar
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6
+ type: gauge
+ help: The object of the signal bar. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceSignalStrength
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7
+ type: gauge
+ help: 'The signal strength can be: unknown(-1) :signal strength is unknown out-range(0):signal strength is 0 weak(1) :signal strength is 1 low(2) :signal strength is 2 high(3) :signal strength is 3 - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7'
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ enum_values:
+ -1: unknown
+ 0: out-range
+ 1: weak
+ 2: low
+ 3: high
+ - name: picoMobileDeviceSignalQuality
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8
+ type: DisplayString
+ help: The object of the signal quality. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceSignalElapsedTime
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9
+ type: gauge
+ help: The object of the elapsed time after signal acquiring. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceRadioInterface
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10
+ type: DisplayString
+ help: The object of the radio interface. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceCarrier
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11
+ type: DisplayString
+ help: The object of the carrier name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceDialerString
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12
+ type: DisplayString
+ help: The object of the dialer string. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceDialStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13
+ type: gauge
+ help: 'The dial status can be: disconnected(0):dial status is disconnected - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13'
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ enum_values:
+ 0: disconnected
+ 1: connect
+ 2: cancel
+ 3: connected
+ 4: postprocess
+ - name: picoMobileDeviceInRangeCounts
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14
+ type: gauge
+ help: The in-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceOutRangeCounts
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15
+ type: gauge
+ help: The out-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoMobileDeviceResetCounts
+ oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16
+ type: gauge
+ help: The reset device statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16
+ indexes:
+ - labelname: picoMobileDeviceIndex
+ type: gauge
+ - name: picoIPv4CacheEntries
+ oid: 1.3.6.1.4.1.119.2.3.84.12.1.1
+ type: gauge
+ help: The number of current IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.1
+ - name: picoIPv4CachePeaks
+ oid: 1.3.6.1.4.1.119.2.3.84.12.1.2
+ type: gauge
+ help: The peak value of IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.2
+ - name: picoIPv4CacheCreates
+ oid: 1.3.6.1.4.1.119.2.3.84.12.1.3
+ type: counter
+ help: The total count of created IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.3
+ - name: picoIPv4CacheOverflows
+ oid: 1.3.6.1.4.1.119.2.3.84.12.1.4
+ type: counter
+ help: The total count of IPv4 cache overflow. - 1.3.6.1.4.1.119.2.3.84.12.1.4
+ - name: picoIPv4UFSCacheEntries
+ oid: 1.3.6.1.4.1.119.2.3.84.12.2.1
+ type: gauge
+ help: The number of current IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.1
+ - name: picoIPv4UFSCachePeaks
+ oid: 1.3.6.1.4.1.119.2.3.84.12.2.2
+ type: gauge
+ help: The peak value of IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.2
+ - name: picoIPv4UFSCacheCreates
+ oid: 1.3.6.1.4.1.119.2.3.84.12.2.3
+ type: counter
+ help: The total count of created IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.3
+ - name: picoIPv4UFSCacheOverflows
+ oid: 1.3.6.1.4.1.119.2.3.84.12.2.4
+ type: counter
+ help: The total count of IPv4 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.12.2.4
+ - name: picoIPv6CacheEntries
+ oid: 1.3.6.1.4.1.119.2.3.84.13.1.1
+ type: gauge
+ help: The number of current IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.1
+ - name: picoIPv6CachePeaks
+ oid: 1.3.6.1.4.1.119.2.3.84.13.1.2
+ type: gauge
+ help: The peak value of IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.2
+ - name: picoIPv6CacheCreates
+ oid: 1.3.6.1.4.1.119.2.3.84.13.1.3
+ type: counter
+ help: The total count of created IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.3
+ - name: picoIPv6CacheOverflows
+ oid: 1.3.6.1.4.1.119.2.3.84.13.1.4
+ type: counter
+ help: The total count of IPv6 cache overflow. - 1.3.6.1.4.1.119.2.3.84.13.1.4
+ - name: picoIPv6UFSCacheEntries
+ oid: 1.3.6.1.4.1.119.2.3.84.13.2.1
+ type: gauge
+ help: The number of current IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.1
+ - name: picoIPv6UFSCachePeaks
+ oid: 1.3.6.1.4.1.119.2.3.84.13.2.2
+ type: gauge
+ help: The peak value of IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.2
+ - name: picoIPv6UFSCacheCreates
+ oid: 1.3.6.1.4.1.119.2.3.84.13.2.3
+ type: counter
+ help: The total count of created IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.3
+ - name: picoIPv6UFSCacheOverflows
+ oid: 1.3.6.1.4.1.119.2.3.84.13.2.4
+ type: counter
+ help: The total count of IPv6 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.13.2.4
+ - name: qosPolicyIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.1
+ type: gauge
+ help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.1.1.1
+ indexes:
+ - labelname: qosPolicyIfIndex
+ type: gauge
+ - name: qosPolicyName
+ oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.2
+ type: DisplayString
+ help: QoS Policy name. - 1.3.6.1.4.1.119.2.3.84.14.1.1.2
+ indexes:
+ - labelname: qosPolicyIfIndex
+ type: gauge
+ - name: qosClassIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.1
+ type: gauge
+ help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.2.1.1
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.2
+ type: gauge
+ help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.2.1.2
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassName
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.3
+ type: DisplayString
+ help: QoS Class name. - 1.3.6.1.4.1.119.2.3.84.14.2.1.3
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassType
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.4
+ type: gauge
+ help: QoS Class type. - 1.3.6.1.4.1.119.2.3.84.14.2.1.4
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ enum_values:
+ 1: cbq
+ 2: llq
+ - name: qosClassBandwidth
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.5
+ type: gauge
+ help: QoS Class Bandwidth. - 1.3.6.1.4.1.119.2.3.84.14.2.1.5
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassBandwidthUnit
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.6
+ type: gauge
+ help: QoS Class BandwidthUnit. - 1.3.6.1.4.1.119.2.3.84.14.2.1.6
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ enum_values:
+ 1: kbps
+ 2: percent
+ - name: qosClassBitRate
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.7
+ type: gauge
+ help: QoS Class BitRate. - 1.3.6.1.4.1.119.2.3.84.14.2.1.7
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassEnqPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.8
+ type: counter
+ help: QoS Class Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.8
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassEnqBytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.9
+ type: counter
+ help: QoS Class Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.9
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassDeqPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.10
+ type: counter
+ help: QoS Class Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.10
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassDeqBytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.11
+ type: counter
+ help: QoS Class Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.11
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.12
+ type: counter
+ help: QoS Class Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.12
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosClassDropbytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.13
+ type: counter
+ help: QoS Class Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.13
+ indexes:
+ - labelname: qosClassIfIndex
+ type: gauge
+ - labelname: qosClassIndex
+ type: gauge
+ - name: qosQueueIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.1
+ type: gauge
+ help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.3.1.1
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueClassIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.2
+ type: gauge
+ help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.3.1.2
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.3
+ type: gauge
+ help: The queue index value of the queue - 1.3.6.1.4.1.119.2.3.84.14.3.1.3
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueEnqPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.4
+ type: counter
+ help: QoS Queue Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.4
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueEnqBytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.5
+ type: counter
+ help: QoS Queue Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.5
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueDeqPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.6
+ type: counter
+ help: QoS Queue Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.6
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueDeqBytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.7
+ type: counter
+ help: QoS Queue Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.7
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.8
+ type: counter
+ help: QoS Queue Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.8
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: qosQueueDropbytes
+ oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.9
+ type: counter
+ help: QoS Queue Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.9
+ indexes:
+ - labelname: qosQueueIfIndex
+ type: gauge
+ - labelname: qosQueueClassIndex
+ type: gauge
+ - labelname: qosQueueIndex
+ type: gauge
+ - name: naptCacheIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1
+ type: gauge
+ help: The interface index value of the interface for which NAPT is enabled. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1
+ indexes:
+ - labelname: naptCacheIfIndex
+ type: gauge
+ - name: naptCacheEntries
+ oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2
+ type: gauge
+ help: The number of current NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2
+ indexes:
+ - labelname: naptCacheIfIndex
+ type: gauge
+ - name: naptCachePeak
+ oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3
+ type: gauge
+ help: The peak value of NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3
+ indexes:
+ - labelname: naptCacheIfIndex
+ type: gauge
+ - name: naptCacheCreates
+ oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4
+ type: counter
+ help: The total count of created NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4
+ indexes:
+ - labelname: naptCacheIfIndex
+ type: gauge
+ - name: naptCacheOverflows
+ oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5
+ type: counter
+ help: The total count of NAPT cache overflow. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5
+ indexes:
+ - labelname: naptCacheIfIndex
+ type: gauge
+ - name: picoCelsius
+ oid: 1.3.6.1.4.1.119.2.3.84.2.1.1
+ type: gauge
+ help: Indicates the temperature of the equipment inside, in degree (Celsius). - 1.3.6.1.4.1.119.2.3.84.2.1.1
+ - name: picoFahrenheit
+ oid: 1.3.6.1.4.1.119.2.3.84.2.1.2
+ type: gauge
+ help: Indicates the temperature of the equipment inside, in degree (Fahrenheit). - 1.3.6.1.4.1.119.2.3.84.2.1.2
+ - name: picoVoltage
+ oid: 1.3.6.1.4.1.119.2.3.84.2.2
+ type: gauge
+ help: Indicates the observed voltage, in milli-volt (mV). - 1.3.6.1.4.1.119.2.3.84.2.2
+ - name: picoFanIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.1
+ type: gauge
+ help: Unique index for each fan module. - 1.3.6.1.4.1.119.2.3.84.2.3.1.1
+ indexes:
+ - labelname: picoFanIndex
+ type: gauge
+ - name: picoFanStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.2
+ type: gauge
+ help: Status of a fan module - 1.3.6.1.4.1.119.2.3.84.2.3.1.2
+ indexes:
+ - labelname: picoFanIndex
+ type: gauge
+ enum_values:
+ 1: normal
+ 2: failure
+ - name: picoFanRpm
+ oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.3
+ type: gauge
+ help: Fan speed (Revolution Per Minutes) - 1.3.6.1.4.1.119.2.3.84.2.3.1.3
+ indexes:
+ - labelname: picoFanIndex
+ type: gauge
+ - name: picoPowerSupplyIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.1
+ type: gauge
+ help: Unique index for each power supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.1
+ indexes:
+ - labelname: picoPowerSupplyIndex
+ type: gauge
+ - name: picoPowerSupplyType
+ oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.2
+ type: gauge
+ help: Power supply module type. - 1.3.6.1.4.1.119.2.3.84.2.4.1.2
+ indexes:
+ - labelname: picoPowerSupplyIndex
+ type: gauge
+ enum_values:
+ 0: notInstalled
+ 1: systemACPS
+ 2: ieee802dot3af-PoE-ACPS
+ - name: picoPowerSupplyStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.3
+ type: gauge
+ help: Status of a Power Supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.3
+ indexes:
+ - labelname: picoPowerSupplyIndex
+ type: gauge
+ enum_values:
+ 0: notInstalled
+ 1: normal
+ 2: failure
+ - name: picoSchedRtUtl1Sec
+ oid: 1.3.6.1.4.1.119.2.3.84.2.5.1
+ type: gauge
+ help: Indicates the observed system utilization for last 1 second, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.1
+ - name: picoSchedRtUtl5Sec
+ oid: 1.3.6.1.4.1.119.2.3.84.2.5.2
+ type: gauge
+ help: Indicates the observed system utilization for last 5 seconds, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.2
+ - name: picoSchedRtUtl1Min
+ oid: 1.3.6.1.4.1.119.2.3.84.2.5.3
+ type: gauge
+ help: Indicates the observed system utilization for last 1 minute, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.3
+ - name: picoSchedRtUtl1Hour
+ oid: 1.3.6.1.4.1.119.2.3.84.2.5.4
+ type: gauge
+ help: Indicates the observed system utilization for last 1 hour, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.4
+ - name: picoHeapSize
+ oid: 1.3.6.1.4.1.119.2.3.84.2.6.1
+ type: gauge
+ help: Indicates the observed total heap size, in bytes. - 1.3.6.1.4.1.119.2.3.84.2.6.1
+ - name: picoHeapUtil
+ oid: 1.3.6.1.4.1.119.2.3.84.2.6.2
+ type: gauge
+ help: Indicates the observed current heap utilization, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.6.2
+ - name: pipSecMibLevel
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.1.1
+ type: gauge
+ help: The version of the IPsec MIB. - 1.3.6.1.4.1.119.2.3.84.3.1.1.1
+ - name: pikeGlobalActiveTunnels
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1
+ type: gauge
+ help: The number of currently active IPsec Phase-1 IKE Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1
+ - name: pikeGlobalInNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6
+ type: counter
+ help: The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6
+ - name: pikeGlobalInP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7
+ - name: pikeGlobalInP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8
+ - name: pikeGlobalInP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9
+ - name: pikeGlobalInP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10
+ type: counter
+ help: The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10
+ - name: pikeGlobalOutNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14
+ type: counter
+ help: The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14
+ - name: pikeGlobalOutP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15
+ - name: pikeGlobalOutP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16
+ - name: pikeGlobalOutP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17
+ - name: pikeGlobalOutP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18
+ type: counter
+ help: The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18
+ - name: pikeGlobalInitTunnels
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19
+ type: counter
+ help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19
+ - name: pikeGlobalInitTunnelFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20
+ type: counter
+ help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20
+ - name: pikeGlobalRespTunnelFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21
+ type: counter
+ help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21
+ - name: pikeGlobalAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23
+ type: counter
+ help: The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23
+ - name: pikeGlobalDecryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24
+ type: counter
+ help: The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24
+ - name: pikeGlobalHashValidFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25
+ type: counter
+ help: The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25
+ - name: pikeGlobalRespTunnels
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27
+ type: counter
+ help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27
+ - name: pikeGlobalInP1SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30
+ type: counter
+ help: The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30
+ - name: pikeGlobalOutP1SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31
+ type: counter
+ help: The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31
+ - name: pikePeerLocalType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1
+ type: gauge
+ help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikePeerLocalValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2
+ type: DisplayString
+ help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerRemoteType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3
+ type: gauge
+ help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikePeerRemoteValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4
+ type: DisplayString
+ help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerIntIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5
+ type: gauge
+ help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerLocalAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6
+ type: OctetString
+ help: The IP address of the local peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerRemoteAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7
+ type: OctetString
+ help: The IP address of the remote peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerActiveTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8
+ type: gauge
+ help: The length of time that the peer association has existed in hundredths of a second. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikePeerActiveTunnelIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9
+ type: gauge
+ help: The index of the active IPsec Phase-1 IKE Tunnel (pikeTunIndex in the pikeTunnelTable) for this peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9
+ indexes:
+ - labelname: pikePeerLocalType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerLocalValue
+ type: DisplayString
+ - labelname: pikePeerRemoteType
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - labelname: pikePeerRemoteValue
+ type: DisplayString
+ - labelname: pikePeerIntIndex
+ type: gauge
+ - name: pikeTunIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1
+ type: gauge
+ help: The index of the IPsec Phase-1 IKE Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunLocalType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2
+ type: gauge
+ help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikeTunLocalValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3
+ type: DisplayString
+ help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunLocalAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4
+ type: OctetString
+ help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunRemoteType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6
+ type: gauge
+ help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikeTunRemoteValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7
+ type: DisplayString
+ help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunRemoteAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8
+ type: OctetString
+ help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunNegoMode
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10
+ type: gauge
+ help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: main
+ 2: aggressive
+ - name: pikeTunDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11
+ type: gauge
+ help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pikeTunEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12
+ type: gauge
+ help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pikeTunHashAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13
+ type: gauge
+ help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: md5
+ 3: sha
+ 4: sha2-256
+ 5: sha2-384
+ 6: sha2-512
+ - name: pikeTunAuthMethod
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14
+ type: gauge
+ help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: preSharedKey
+ 3: rsaSig
+ 4: rsaEncrypt
+ 5: revPublicKey
+ - name: pikeTunLifeTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15
+ type: gauge
+ help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunActiveTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16
+ type: gauge
+ help: The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunSaRefreshThreshold
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17
+ type: gauge
+ help: The security assoication refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunInNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22
+ type: counter
+ help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunInP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunInP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunInP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunInP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26
+ type: counter
+ help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunOutNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30
+ type: counter
+ help: The total number of notifys sent by this IPsec Phase-1 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunOutP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunOutP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunOutP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunOutP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34
+ type: counter
+ help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ - name: pikeTunStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35
+ type: gauge
+ help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35
+ indexes:
+ - labelname: pikeTunIndex
+ type: gauge
+ enum_values:
+ 1: active
+ 2: destroy
+ - name: pipSecGlobalActiveTunnels
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1
+ type: gauge
+ help: The total number of currently active IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1
+ - name: pipSecGlobalInOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3
+ type: counter
+ help: The total number of octets received by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3
+ - name: pipSecGlobalInPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9
+ type: counter
+ help: The total number of packets received by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9
+ - name: pipSecGlobalInDrops
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10
+ type: counter
+ help: The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10
+ - name: pipSecGlobalInReplayDrops
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11
+ type: counter
+ help: The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11
+ - name: pipSecGlobalInAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12
+ type: counter
+ help: The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12
+ - name: pipSecGlobalInAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13
+ type: counter
+ help: The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13
+ - name: pipSecGlobalInDecrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14
+ type: counter
+ help: The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14
+ - name: pipSecGlobalInDecryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15
+ type: counter
+ help: The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15
+ - name: pipSecGlobalOutOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16
+ type: counter
+ help: The total number of octets sent by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16
+ - name: pipSecGlobalOutPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22
+ type: counter
+ help: The total number of packets sent by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22
+ - name: pipSecGlobalOutDrops
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23
+ type: counter
+ help: The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23
+ - name: pipSecGlobalOutAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24
+ type: counter
+ help: The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24
+ - name: pipSecGlobalOutAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25
+ type: counter
+ help: The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25
+ - name: pipSecGlobalOutEncrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26
+ type: counter
+ help: The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26
+ - name: pipSecGlobalOutEncryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27
+ type: counter
+ help: The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27
+ - name: pipSecGlobalNoSaFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33
+ type: counter
+ help: The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33
+ - name: pipSecTunIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1
+ type: gauge
+ help: The index of the IPsec Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunIkeTunnelIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2
+ type: gauge
+ help: The index of the associated IPsec Phase-1 IKE Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunIkeTunnelAlive
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3
+ type: gauge
+ help: An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: "true"
+ 2: "false"
+ - name: pipSecTunLocalAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4
+ type: OctetString
+ help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunRemoteAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5
+ type: OctetString
+ help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunKeyType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6
+ type: gauge
+ help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: ike
+ 2: manual
+ - name: pipSecTunEncapMode
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7
+ type: gauge
+ help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: tunnel
+ 2: transport
+ - name: pipSecTunLifeSize
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8
+ type: gauge
+ help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunLifeTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9
+ type: gauge
+ help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunActiveTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10
+ type: gauge
+ help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunSaLifeSizeThreshold
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11
+ type: gauge
+ help: The security association LifeSize refresh threshold in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunSaLifeTimeThreshold
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12
+ type: gauge
+ help: The security association LifeTime refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunTotalRefreshes
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13
+ type: counter
+ help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunExpiredSaInstances
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14
+ type: counter
+ help: The total number of security associations which have expired. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunCurrentSaInstances
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15
+ type: gauge
+ help: The number of security associations which are currently active or expiring. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInSaDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16
+ type: gauge
+ help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pipSecTunInSaEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17
+ type: gauge
+ help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pipSecTunInSaAhAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18
+ type: gauge
+ help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunInSaEspAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19
+ type: gauge
+ help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunOutSaDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21
+ type: gauge
+ help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pipSecTunOutSaEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22
+ type: gauge
+ help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pipSecTunOutSaAhAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23
+ type: gauge
+ help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunOutSaEspAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24
+ type: gauge
+ help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunPmtu
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26
+ type: gauge
+ help: The Path MTU that has been determined for this IPsec Phase-2 tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27
+ type: counter
+ help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33
+ type: counter
+ help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34
+ type: counter
+ help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInReplayDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35
+ type: counter
+ help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36
+ type: counter
+ help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37
+ type: counter
+ help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInDecrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38
+ type: counter
+ help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunInDecryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39
+ type: counter
+ help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40
+ type: counter
+ help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46
+ type: counter
+ help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47
+ type: counter
+ help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48
+ type: counter
+ help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49
+ type: counter
+ help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutEncrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50
+ type: counter
+ help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunOutEncryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51
+ type: counter
+ help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - name: pipSecTunStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56
+ type: gauge
+ help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ enum_values:
+ 1: active
+ 2: destroy
+ - name: pipSecSpiIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1
+ type: gauge
+ help: The number of the SPI associated with the Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - labelname: pipSecSpiIndex
+ type: gauge
+ - name: pipSecSpiDirection
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2
+ type: gauge
+ help: The direction of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - labelname: pipSecSpiIndex
+ type: gauge
+ enum_values:
+ 1: in
+ 2: out
+ - name: pipSecSpiValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3
+ type: gauge
+ help: The value of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - labelname: pipSecSpiIndex
+ type: gauge
+ - name: pipSecSpiProtocol
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4
+ type: gauge
+ help: The protocol of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - labelname: pipSecSpiIndex
+ type: gauge
+ enum_values:
+ 1: ah
+ 2: esp
+ 3: ipcomp
+ - name: pipSecSpiStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5
+ type: gauge
+ help: The status of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5
+ indexes:
+ - labelname: pipSecTunIndex
+ type: gauge
+ - labelname: pipSecSpiIndex
+ type: gauge
+ enum_values:
+ 1: active
+ 2: expiring
+ - name: pikeTunHistIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1
+ type: gauge
+ help: The index of the IPsec Phase-1 IKE Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistTermReason
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2
+ type: gauge
+ help: The reason the IPsec Phase-1 IKE Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: other
+ 2: normal
+ 3: operRequest
+ 4: peerDelRequest
+ 5: peerLost
+ 6: applicationInitiated
+ 7: xauthFailure
+ 8: localFailure
+ 9: checkPointReg
+ - name: pikeTunHistActiveIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3
+ type: gauge
+ help: The index of the previously active IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistPeerLocalType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4
+ type: gauge
+ help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikeTunHistPeerLocalValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5
+ type: DisplayString
+ help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistPeerIntIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6
+ type: gauge
+ help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistPeerRemoteType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7
+ type: gauge
+ help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: idIpv4Addr
+ 2: idFqdn
+ 3: idDn
+ 4: idIpv6Addr
+ - name: pikeTunHistPeerRemoteValue
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8
+ type: DisplayString
+ help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistLocalAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9
+ type: OctetString
+ help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistRemoteAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11
+ type: OctetString
+ help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistNegoMode
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13
+ type: gauge
+ help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: main
+ 2: aggressive
+ - name: pikeTunHistDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14
+ type: gauge
+ help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pikeTunHistEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15
+ type: gauge
+ help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pikeTunHistHashAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16
+ type: gauge
+ help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: md5
+ 3: sha
+ 4: sha2-256
+ 5: sha2-384
+ 6: sha2-512
+ - name: pikeTunHistAuthMethod
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17
+ type: gauge
+ help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: preSharedKey
+ 3: rsaSig
+ 4: rsaEncrypt
+ 5: revPublicKey
+ - name: pikeTunHistLifeTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18
+ type: gauge
+ help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistStartTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19
+ type: gauge
+ help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistActiveTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20
+ type: gauge
+ help: The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistInNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26
+ type: counter
+ help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistInP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistInP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistInP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistInP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30
+ type: counter
+ help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistOutNotifys
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34
+ type: counter
+ help: The total number of notifys sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistOutP2Exchgs
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistOutP2ExchgInvalids
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistOutP2ExchgRejects
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37
+ type: counter
+ help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pikeTunHistOutP2SaDelRequests
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38
+ type: counter
+ help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38
+ indexes:
+ - labelname: pikeTunHistIndex
+ type: gauge
+ - name: pipSecTunHistIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1
+ type: gauge
+ help: The index of the IPsec Phase-2 Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistTermReason
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2
+ type: gauge
+ help: The reason the IPsec Phase-2 Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: other
+ 2: normal
+ 3: operRequest
+ 4: peerDelRequest
+ 5: peerLost
+ 6: applicationInitiated
+ 7: xauthFailure
+ 8: seqNumRollOver
+ 9: checkPointReq
+ - name: pipSecTunHistActiveIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3
+ type: gauge
+ help: The index of the previously active IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistIkeTunnelIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4
+ type: gauge
+ help: The index of the associated IPsec Phase-1 Tunnel (pikeTunIndex in the pikeTunnelTable). - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistLocalAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5
+ type: OctetString
+ help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistRemoteAddr
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6
+ type: OctetString
+ help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistKeyType
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7
+ type: gauge
+ help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: ike
+ 2: manual
+ - name: pipSecTunHistEncapMode
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8
+ type: gauge
+ help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: tunnel
+ 2: transport
+ - name: pipSecTunHistLifeSize
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9
+ type: gauge
+ help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistLifeTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10
+ type: gauge
+ help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistStartTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11
+ type: gauge
+ help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistActiveTime
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12
+ type: gauge
+ help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistTotalRefreshes
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13
+ type: counter
+ help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInSaDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15
+ type: gauge
+ help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pipSecTunHistInSaEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16
+ type: gauge
+ help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pipSecTunHistInSaAhAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17
+ type: gauge
+ help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunHistInSaEspAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18
+ type: gauge
+ help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunHistOutSaDiffHellmanGrp
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20
+ type: gauge
+ help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: modp768
+ 3: modp1024
+ 4: modp1536
+ 5: modp2048
+ - name: pipSecTunHistOutSaEncryptAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21
+ type: gauge
+ help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: des
+ 3: des3
+ 4: aes
+ 9: "null"
+ - name: pipSecTunHistOutSaAhAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22
+ type: gauge
+ help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunHistOutSaEspAuthAlgo
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23
+ type: gauge
+ help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ enum_values:
+ 1: none
+ 2: hmacMd5
+ 3: hmacSha
+ 4: hmacSha2-256
+ 5: hmacSha2-384
+ 6: hmacSha2-512
+ - name: pipSecTunHistPmtu
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25
+ type: gauge
+ help: The Path MTU that was determined for this IPsec Phase-2 tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26
+ type: counter
+ help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32
+ type: counter
+ help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33
+ type: counter
+ help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInReplayDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34
+ type: counter
+ help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35
+ type: counter
+ help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36
+ type: counter
+ help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInDecrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37
+ type: counter
+ help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistInDecryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38
+ type: counter
+ help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutOctets
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39
+ type: counter
+ help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45
+ type: counter
+ help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutDropPkts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46
+ type: counter
+ help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutAuths
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47
+ type: counter
+ help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutAuthFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48
+ type: counter
+ help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutEncrypts
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49
+ type: counter
+ help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: pipSecTunHistOutEncryptFails
+ oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50
+ type: counter
+ help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50
+ indexes:
+ - labelname: pipSecTunHistIndex
+ type: gauge
+ - name: picoLoginSessionIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.1
+ type: gauge
+ help: Unique index for each login. - 1.3.6.1.4.1.119.2.3.84.4.1.1.1
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ - name: picoLoginSessionStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.2
+ type: gauge
+ help: Status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.2
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ enum_values:
+ 1: login
+ 2: logout
+ 3: fail
+ - name: picoLoginSessionPrivilege
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.3
+ type: gauge
+ help: User privilege of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.3
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ enum_values:
+ 1: administrator
+ 2: monitor
+ 3: operator
+ 4: unknown
+ - name: picoLoginSessionProcessMode
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.4
+ type: gauge
+ help: User process status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.4
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ enum_values:
+ 1: operation
+ 2: configure
+ - name: picoLoginSessionTerminalType
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.5
+ type: gauge
+ help: Terminal type of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.5
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ enum_values:
+ 1: unknown
+ 2: local
+ 3: remote
+ - name: picoLoginSessionPeerIpAddress
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.6
+ type: InetAddressIPv4
+ help: Peer ipv4 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.6
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ - name: picoLoginSessionPeerIpv6Address
+ oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.7
+ type: OctetString
+ help: Peer ipv6 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.7
+ indexes:
+ - labelname: picoLoginSessionIndex
+ type: gauge
+ - name: picoConfigType
+ oid: 1.3.6.1.4.1.119.2.3.84.5.1
+ type: gauge
+ help: Configuration type. - 1.3.6.1.4.1.119.2.3.84.5.1
+ enum_values:
+ 1: default-config
+ 2: startup-config
+ 3: license
+ - name: picoConfigEventType
+ oid: 1.3.6.1.4.1.119.2.3.84.5.2
+ type: gauge
+ help: Event type of configuration modified. - 1.3.6.1.4.1.119.2.3.84.5.2
+ enum_values:
+ 1: write
+ 2: erase
+ - name: picoExtIfInstalledSlot
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.1
+ type: gauge
+ help: The slot number in which the extension card was installed. - 1.3.6.1.4.1.119.2.3.84.6.1.1.1
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.2
+ type: gauge
+ help: A unique value for each extension card. - 1.3.6.1.4.1.119.2.3.84.6.1.1.2
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfDescr
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.3
+ type: DisplayString
+ help: A textual string containing information about the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.3
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfUpperLayer
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.4
+ type: gauge
+ help: Index of interface to upper layers. - 1.3.6.1.4.1.119.2.3.84.6.1.1.4
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfType
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.5
+ type: gauge
+ help: The type of interface,, distinguished according to the physical/link protocol(s) immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.5
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ enum_values:
+ 6: ethernet-csmacd
+ 62: fastEther
+ - name: picoExtIfSpeed
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.6
+ type: gauge
+ help: An estimate of the interface's current bandwidth in bits per second. - 1.3.6.1.4.1.119.2.3.84.6.1.1.6
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfDuplex
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.7
+ type: gauge
+ help: The current mode of this link. - 1.3.6.1.4.1.119.2.3.84.6.1.1.7
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ enum_values:
+ 1: halfduplex
+ 2: fullduplex
+ - name: picoExtIfEffectiveMtu
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.8
+ type: gauge
+ help: The size of the largest datagram which can be sent/received on the interface, specified in octets. - 1.3.6.1.4.1.119.2.3.84.6.1.1.8
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfPhysicalAddress
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.9
+ type: PhysAddress48
+ help: The interface's address at the protocol layer immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.9
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoExtIfAdminStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.10
+ type: gauge
+ help: The desired state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.10
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ enum_values:
+ 1: up
+ 2: down
+ 3: testing
+ - name: picoExtIfOperStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.11
+ type: gauge
+ help: The current operational state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.11
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ enum_values:
+ 1: up
+ 2: down
+ 3: testing
+ - name: picoExtIfLastChange
+ oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.12
+ type: gauge
+ help: The value of sysUpTime at the time the interface entered its current operational state. - 1.3.6.1.4.1.119.2.3.84.6.1.1.12
+ indexes:
+ - labelname: picoExtIfInstalledSlot
+ type: gauge
+ - labelname: picoExtIfIndex
+ type: gauge
+ - name: picoNetmonWatchgroupIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1
+ type: gauge
+ help: Unique index for each Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1
+ indexes:
+ - labelname: picoNetmonWatchgroupIndex
+ type: gauge
+ - name: picoNetmonWatchgroupName
+ oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2
+ type: DisplayString
+ help: Netmon Watchgroup Name. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2
+ indexes:
+ - labelname: picoNetmonWatchgroupIndex
+ type: gauge
+ - name: picoNetmonWatchgroupSequenceNumber
+ oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3
+ type: gauge
+ help: Netmon Watchgroup sequence number. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3
+ indexes:
+ - labelname: picoNetmonWatchgroupIndex
+ type: gauge
+ - name: picoNetmonWatchgroupStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4
+ type: gauge
+ help: Status of a Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4
+ indexes:
+ - labelname: picoNetmonWatchgroupIndex
+ type: gauge
+ enum_values:
+ 1: normal
+ 2: stand
+ 3: disable
+ - name: picoNetmonWatchgroupVarianceCounts
+ oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5
+ type: gauge
+ help: Netmon Watchgroup variance statistics. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5
+ indexes:
+ - labelname: picoNetmonWatchgroupIndex
+ type: gauge
+ - name: picoNgnIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1
+ type: gauge
+ help: The interface index value of the interface for which NGN is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ - name: picoNgnType
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2
+ type: gauge
+ help: 'The mode of the NGN service can be: standard(1) :NGN service is standard - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2'
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ enum_values:
+ 1: standard
+ 2: numbergate
+ - name: picoNgnIfType
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3
+ type: gauge
+ help: 'The type of the NGN interface can be: global(1) :NGN interface type is global - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3'
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ enum_values:
+ 1: global
+ 2: private
+ - name: picoNgnStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4
+ type: gauge
+ help: 'The state of the NGN SIP-UA register can be: notReady(1) :NGN service is not Ready - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4'
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ enum_values:
+ 1: notReady
+ 2: initializing
+ 3: registering
+ 4: registered
+ - name: picoNgnSipServerIpAddress
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5
+ type: InetAddressIPv4
+ help: The object of the SIP server address. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ - name: picoNgnSipUri
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6
+ type: DisplayString
+ help: The object of the SIP URI. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ - name: picoNgnUpTime
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7
+ type: gauge
+ help: The time elapsed since registered. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7
+ indexes:
+ - labelname: picoNgnIfIndex
+ type: gauge
+ - name: picoNgnVpnIfIndex
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1
+ type: gauge
+ help: The interface index value of the interface for which NGN binding is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ - name: picoNgnVpnStatus
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2
+ type: gauge
+ help: 'The state of the NGN SIP-UA session can be: disconnected(1):SIP session is disconnected - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2'
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ enum_values:
+ 1: disconnected
+ 2: connecting
+ 3: connected
+ - name: picoNgnVpnPeerAddress
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3
+ type: DisplayString
+ help: The object of the NGN peer address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ - name: picoNgnVpnBandwidth
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4
+ type: gauge
+ help: The object of the NGN session bandwidth. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ - name: picoNgnVpnUsedTime
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5
+ type: gauge
+ help: The time elapsed since this connected NGN session. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ - name: picoNgnVpnSbcIpAddress
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6
+ type: InetAddressIPv4
+ help: The object of the NGN session SBC address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ - name: picoNgnVpnSbcPort
+ oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7
+ type: gauge
+ help: The object of the NGN session SBC port. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7
+ indexes:
+ - labelname: picoNgnVpnIfIndex
+ type: gauge
+ retries: 3
+ timeout: 10s
diff --git a/k8s/argocdapps/tailscale/app.json5 b/k8s/apps/tailscale/app.json5
similarity index 100%
rename from k8s/argocdapps/tailscale/app.json5
rename to k8s/apps/tailscale/app.json5
diff --git a/k8s/argocdapps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet
similarity index 96%
rename from k8s/argocdapps/tailscale/deployment.jsonnet
rename to k8s/apps/tailscale/deployment.jsonnet
index 4c7b79d71..6f7e5e298 100644
--- a/k8s/argocdapps/tailscale/deployment.jsonnet
+++ b/k8s/apps/tailscale/deployment.jsonnet
@@ -24,7 +24,7 @@
(import '../../components/container.libsonnet') {
name: 'tailscale',
imagePullPolicy: 'IfNotPresent',
- image: 'ghcr.io/tailscale/tailscale:v1.76.1',
+ image: 'ghcr.io/tailscale/tailscale:v1.80.0',
env: [
{
name: 'TS_KUBE_SECRET',
@@ -64,7 +64,7 @@
},
resources: {
requests: {
- memory: '20Mi',
+ memory: '40Mi',
},
limits: {},
},
diff --git a/k8s/argocdapps/tailscale/external-secret.jsonnet b/k8s/apps/tailscale/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/tailscale/external-secret.jsonnet
rename to k8s/apps/tailscale/external-secret.jsonnet
diff --git a/k8s/argocdapps/tailscale/role.jsonnet b/k8s/apps/tailscale/role.jsonnet
similarity index 100%
rename from k8s/argocdapps/tailscale/role.jsonnet
rename to k8s/apps/tailscale/role.jsonnet
diff --git a/k8s/argocdapps/tailscale/rolebinding.jsonnet b/k8s/apps/tailscale/rolebinding.jsonnet
similarity index 100%
rename from k8s/argocdapps/tailscale/rolebinding.jsonnet
rename to k8s/apps/tailscale/rolebinding.jsonnet
diff --git a/k8s/argocdapps/tailscale/sa.jsonnet b/k8s/apps/tailscale/sa.jsonnet
similarity index 100%
rename from k8s/argocdapps/tailscale/sa.jsonnet
rename to k8s/apps/tailscale/sa.jsonnet
diff --git a/k8s/argocdapps/tempo/app.json5 b/k8s/apps/tempo/app.json5
similarity index 100%
rename from k8s/argocdapps/tempo/app.json5
rename to k8s/apps/tempo/app.json5
diff --git a/k8s/argocdapps/tempo/external-secret.jsonnet b/k8s/apps/tempo/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/tempo/external-secret.jsonnet
rename to k8s/apps/tempo/external-secret.jsonnet
diff --git a/k8s/argocdapps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet
similarity index 89%
rename from k8s/argocdapps/tempo/helm.jsonnet
rename to k8s/apps/tempo/helm.jsonnet
index 3e683989d..61b72c69f 100644
--- a/k8s/argocdapps/tempo/helm.jsonnet
+++ b/k8s/apps/tempo/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'tempo',
repoURL: 'https://grafana.github.io/helm-charts',
- targetRevision: '1.11.0',
+ targetRevision: '1.18.1',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/tempo/values.yaml b/k8s/apps/tempo/values.yaml
similarity index 94%
rename from k8s/argocdapps/tempo/values.yaml
rename to k8s/apps/tempo/values.yaml
index e3ca66a86..bfa3c7639 100644
--- a/k8s/argocdapps/tempo/values.yaml
+++ b/k8s/apps/tempo/values.yaml
@@ -1,7 +1,8 @@
tempo:
resources:
requests:
- memory: 300Mi
+ cpu: 5m
+ memory: 256Mi
limits:
memory: 4Gi
storage:
diff --git a/k8s/apps/ubuntu-test/app.json5 b/k8s/apps/ubuntu-test/app.json5
new file mode 100644
index 000000000..8b7c1b72b
--- /dev/null
+++ b/k8s/apps/ubuntu-test/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "ubuntu-test",
+ namespace: "default",
+}
diff --git a/k8s/apps/ubuntu-test/deployment.jsonnet b/k8s/apps/ubuntu-test/deployment.jsonnet
new file mode 100644
index 000000000..724cfd62c
--- /dev/null
+++ b/k8s/apps/ubuntu-test/deployment.jsonnet
@@ -0,0 +1,38 @@
+{
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ replicas: 1,
+ selector: {
+ matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ template: {
+ metadata: {
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ containers: [
+ (import '../../components/container.libsonnet') {
+ name: 'ubuntu-debug',
+ image: 'ghcr.io/cybozu/ubuntu-debug:24.04',
+ securityContext:: null,
+ command: ['sleep', 'infinity'],
+ resources: {
+ limits: {
+ memory: '100Mi',
+ },
+ requests: {
+ memory: '5Mi',
+ },
+ },
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/k8s/apps/wakatime-to-slack-profile/app.json5 b/k8s/apps/wakatime-to-slack-profile/app.json5
new file mode 100644
index 000000000..6a908b843
--- /dev/null
+++ b/k8s/apps/wakatime-to-slack-profile/app.json5
@@ -0,0 +1,4 @@
+{
+ name: "wakatime-to-slack-profile",
+ namespace: "wakatime-to-slack-profile",
+}
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/config/emoji.json b/k8s/apps/wakatime-to-slack-profile/config/emoji.json
similarity index 100%
rename from k8s/argocdapps/wakatime-to-slack-profile/config/emoji.json
rename to k8s/apps/wakatime-to-slack-profile/config/emoji.json
diff --git a/k8s/apps/wakatime-to-slack-profile/configmap.jsonnet b/k8s/apps/wakatime-to-slack-profile/configmap.jsonnet
new file mode 100644
index 000000000..f7c4f87eb
--- /dev/null
+++ b/k8s/apps/wakatime-to-slack-profile/configmap.jsonnet
@@ -0,0 +1,8 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name + '-emojis',
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'emoji.json': (importstr './config/emoji.json'),
+ },
+}
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/deployment.jsonnet b/k8s/apps/wakatime-to-slack-profile/deployment.jsonnet
similarity index 100%
rename from k8s/argocdapps/wakatime-to-slack-profile/deployment.jsonnet
rename to k8s/apps/wakatime-to-slack-profile/deployment.jsonnet
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/external-secret.jsonnet b/k8s/apps/wakatime-to-slack-profile/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/wakatime-to-slack-profile/external-secret.jsonnet
rename to k8s/apps/wakatime-to-slack-profile/external-secret.jsonnet
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/ingress.jsonnet b/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet
similarity index 95%
rename from k8s/argocdapps/wakatime-to-slack-profile/ingress.jsonnet
rename to k8s/apps/wakatime-to-slack-profile/ingress.jsonnet
index 4453a8a1b..d94050d1c 100644
--- a/k8s/argocdapps/wakatime-to-slack-profile/ingress.jsonnet
+++ b/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet
@@ -7,7 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'wakatime.walnuts.dev',
diff --git a/k8s/apps/wakatime-to-slack-profile/service.jsonnet b/k8s/apps/wakatime-to-slack-profile/service.jsonnet
new file mode 100644
index 000000000..528b7a599
--- /dev/null
+++ b/k8s/apps/wakatime-to-slack-profile/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'http',
+ port: 8080,
+ targetPort: 8080,
+ },
+ ],
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/app.json5 b/k8s/apps/walnuts-dev-www-redirect/app.json5
similarity index 100%
rename from k8s/argocdapps/walnuts-dev-www-redirect/app.json5
rename to k8s/apps/walnuts-dev-www-redirect/app.json5
diff --git a/k8s/argocdapps/blog/config/nginx.conf b/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf
similarity index 85%
rename from k8s/argocdapps/blog/config/nginx.conf
rename to k8s/apps/walnuts-dev-www-redirect/config/nginx.conf
index 0ded8adc3..f728ccc06 100644
--- a/k8s/argocdapps/blog/config/nginx.conf
+++ b/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf
@@ -1,6 +1,6 @@
user nginx;
worker_processes 1;
-error_log /var/log/nginx/error.log;
+error_log /dev/stderr;
events {
worker_connections 10240;
}
@@ -18,7 +18,7 @@ http {
'forwardedfor:$http_x_forwarded_for\t'
'request_time:$request_time';
- access_log /var/log/nginx/access.log main;
+ access_log /dev/stdout main;
include /etc/nginx/virtualhost/virtualhost.conf;
}
diff --git a/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf b/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf
new file mode 100644
index 000000000..8f27427c0
--- /dev/null
+++ b/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf
@@ -0,0 +1,18 @@
+server {
+ listen 8080 default_server;
+ server_name "";
+ proxy_redirect off;
+ location / {
+ rewrite ^(.*)$ https://walnuts.dev/ redirect;
+ }
+}
+
+server {
+ listen 8081 default_server;
+ server_name "";
+ location /healthz {
+ access_log off;
+ add_header 'Content-Type' 'application/json';
+ return 200 '{"status":"UP"}';
+ }
+}
diff --git a/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet b/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet
new file mode 100644
index 000000000..439a91c2d
--- /dev/null
+++ b/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet
@@ -0,0 +1,9 @@
+(import '../../components/configmap.libsonnet') {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ data: {
+ 'nginx.conf': (importstr './config/nginx.conf'),
+ 'virtualhost.conf': (importstr './config/virtualhost.conf'),
+ },
+}
diff --git a/k8s/argocdapps/blog/deployment.jsonnet b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet
similarity index 96%
rename from k8s/argocdapps/blog/deployment.jsonnet
rename to k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet
index 88abae67e..474f8e772 100644
--- a/k8s/argocdapps/blog/deployment.jsonnet
+++ b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet
@@ -23,7 +23,7 @@
containers: [
std.mergePatch((import '../../components/container.libsonnet') {
name: 'nginx',
- image: 'nginx:1.27.2',
+ image: 'nginx:1.27.3',
ports: [
{
containerPort: 8080,
@@ -31,8 +31,8 @@
],
livenessProbe: {
httpGet: {
- path: '/',
- port: 8080,
+ path: '/healthz',
+ port: 8081,
},
failureThreshold: 1,
initialDelaySeconds: 10,
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/ingress.jsonnet b/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet
similarity index 96%
rename from k8s/argocdapps/walnuts-dev-www-redirect/ingress.jsonnet
rename to k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet
index 671623323..5eeeed61a 100644
--- a/k8s/argocdapps/walnuts-dev-www-redirect/ingress.jsonnet
+++ b/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet
@@ -7,7 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'www.walnuts.dev',
diff --git a/k8s/apps/walnuts-dev-www-redirect/service.jsonnet b/k8s/apps/walnuts-dev-www-redirect/service.jsonnet
new file mode 100644
index 000000000..6bcff3ad2
--- /dev/null
+++ b/k8s/apps/walnuts-dev-www-redirect/service.jsonnet
@@ -0,0 +1,20 @@
+{
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ ports: [
+ {
+ protocol: 'TCP',
+ port: 8080,
+ targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort,
+ },
+ ],
+ type: 'ClusterIP',
+ },
+}
diff --git a/k8s/argocdapps/walnuts-dev/app.json5 b/k8s/apps/walnuts-dev/app.json5
similarity index 100%
rename from k8s/argocdapps/walnuts-dev/app.json5
rename to k8s/apps/walnuts-dev/app.json5
diff --git a/k8s/argocdapps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet
similarity index 74%
rename from k8s/argocdapps/walnuts-dev/deployment.jsonnet
rename to k8s/apps/walnuts-dev/deployment.jsonnet
index caf4b109c..f649a15c9 100644
--- a/k8s/argocdapps/walnuts-dev/deployment.jsonnet
+++ b/k8s/apps/walnuts-dev/deployment.jsonnet
@@ -17,15 +17,9 @@
},
spec: {
containers: [
- (import '../../components/container.libsonnet') {
+ std.mergePatch((import '../../components/container.libsonnet') {
name: 'walnuts-dev',
- securityContext: {
- readOnlyRootFilesystem: true,
- seccompProfile: {
- type: 'RuntimeDefault',
- },
- },
- image: 'ghcr.io/walnuts1018/walnuts.dev:149b65e8e64d96baedd360cec387ed8871648a2a-239',
+ image: 'ghcr.io/walnuts1018/walnuts.dev:31b13d8fd6ca944bcb1135607b6bb6702c567efd-387',
imagePullPolicy: 'IfNotPresent',
ports: [
{
@@ -35,11 +29,11 @@
resources: {
limits: {
cpu: '500m',
- memory: '200Mi',
+ memory: '512Mi',
},
requests: {
- cpu: '10m',
- memory: '50Mi',
+ cpu: '5m',
+ memory: '100Mi',
},
},
env: [
@@ -70,10 +64,36 @@
mountPath: '/app/.next/cache',
},
],
- },
+ }, {
+ securityContext: {
+ runAsNonRoot: true,
+ allowPrivilegeEscalation: false,
+ },
+ }),
],
priorityClassName: 'high',
affinity: {
+ podAntiAffinity: {
+ preferredDuringSchedulingIgnoredDuringExecution: [
+ {
+ weight: 100,
+ podAffinityTerm: {
+ labelSelector: {
+ matchExpressions: [
+ {
+ key: 'app',
+ operator: 'In',
+ values: [
+ (import 'app.json5').name,
+ ],
+ },
+ ],
+ },
+ topologyKey: 'kubernetes.io/hostname',
+ },
+ },
+ ],
+ },
nodeAffinity: {
preferredDuringSchedulingIgnoredDuringExecution: [
{
diff --git a/k8s/apps/walnuts-dev/hpa.jsonnet b/k8s/apps/walnuts-dev/hpa.jsonnet
new file mode 100644
index 000000000..5d7b87fd6
--- /dev/null
+++ b/k8s/apps/walnuts-dev/hpa.jsonnet
@@ -0,0 +1,40 @@
+{
+ apiVersion: 'autoscaling/v2',
+ kind: 'HorizontalPodAutoscaler',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ minReplicas: 2,
+ maxReplicas: 5,
+ metrics: [
+ {
+ resource: {
+ name: 'cpu',
+ target: {
+ averageUtilization: 100,
+ type: 'Utilization',
+ },
+ },
+ type: 'Resource',
+ },
+ {
+ resource: {
+ name: 'memory',
+ target: {
+ averageUtilization: 100,
+ type: 'Utilization',
+ },
+ },
+ type: 'Resource',
+ },
+ ],
+ scaleTargetRef: {
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ name: (import 'deployment.jsonnet').metadata.name,
+ },
+ },
+}
diff --git a/k8s/argocdapps/walnuts-dev/ingress.jsonnet b/k8s/apps/walnuts-dev/ingress.jsonnet
similarity index 95%
rename from k8s/argocdapps/walnuts-dev/ingress.jsonnet
rename to k8s/apps/walnuts-dev/ingress.jsonnet
index 696fa91f9..e95fc62f4 100644
--- a/k8s/argocdapps/walnuts-dev/ingress.jsonnet
+++ b/k8s/apps/walnuts-dev/ingress.jsonnet
@@ -7,7 +7,7 @@
labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
},
spec: {
- ingressClassName: 'nginx',
+ ingressClassName: 'cilium',
rules: [
{
host: 'walnuts.dev',
diff --git a/k8s/argocdapps/walnuts-dev/service.jsonnet b/k8s/apps/walnuts-dev/service.jsonnet
similarity index 100%
rename from k8s/argocdapps/walnuts-dev/service.jsonnet
rename to k8s/apps/walnuts-dev/service.jsonnet
diff --git a/k8s/argocdapps/zalando-psql-operator/app.json5 b/k8s/apps/zalando-psql-operator/app.json5
similarity index 100%
rename from k8s/argocdapps/zalando-psql-operator/app.json5
rename to k8s/apps/zalando-psql-operator/app.json5
diff --git a/k8s/argocdapps/zalando-psql-operator/external-secret.jsonnet b/k8s/apps/zalando-psql-operator/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/zalando-psql-operator/external-secret.jsonnet
rename to k8s/apps/zalando-psql-operator/external-secret.jsonnet
diff --git a/k8s/argocdapps/zalando-psql-operator/helm.jsonnet b/k8s/apps/zalando-psql-operator/helm.jsonnet
similarity index 90%
rename from k8s/argocdapps/zalando-psql-operator/helm.jsonnet
rename to k8s/apps/zalando-psql-operator/helm.jsonnet
index 702e86d2e..93ab99273 100644
--- a/k8s/argocdapps/zalando-psql-operator/helm.jsonnet
+++ b/k8s/apps/zalando-psql-operator/helm.jsonnet
@@ -3,6 +3,6 @@
namespace: (import 'app.json5').namespace,
chart: 'postgres-operator',
repoURL: 'https://opensource.zalando.com/postgres-operator/charts/postgres-operator',
- targetRevision: '1.13.0',
+ targetRevision: '1.14.0',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/argocdapps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml
similarity index 79%
rename from k8s/argocdapps/zalando-psql-operator/values.yaml
rename to k8s/apps/zalando-psql-operator/values.yaml
index ae30a0dde..39a3c70d9 100644
--- a/k8s/argocdapps/zalando-psql-operator/values.yaml
+++ b/k8s/apps/zalando-psql-operator/values.yaml
@@ -12,24 +12,26 @@ configKubernetes:
pod_antiaffinity_preferred_during_scheduling: true
# override topology key for pod anti affinity
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-nodeSelector:
- kubernetes.io/arch: amd64
+
+configUsers:
+ enable_password_rotation: false
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
- cpu: 10m
+ cpu: 1m
memory: 50Mi
configLogicalBackup:
+ logical_backup_docker_image: "ghcr.io/zalando/postgres-operator/logical-backup:v1.14.0" # TODO:https://github.com/walnuts1018/infra/issues/1315
logical_backup_s3_bucket: "zalando-backup"
logical_backup_s3_bucket_prefix: "spilo"
- logical_backup_s3_region: "ap-northeast-1"
+ # logical_backup_s3_region: "ap-northeast-1"
logical_backup_s3_endpoint: "https://minio.walnuts.dev/"
logical_backup_s3_sse: ""
# S3 retention time for stored backups for example "2 week" or "7 days"
- logical_backup_s3_retention_time: ""
+ logical_backup_s3_retention_time: "1 week"
# backup schedule in the cron format
logical_backup_schedule: "0 18 * * *"
logical_backup_cronjob_environment_secret: "zalando-minio"
diff --git a/k8s/argocdapps/zitadel/app.json5 b/k8s/apps/zitadel/app.json5
similarity index 100%
rename from k8s/argocdapps/zitadel/app.json5
rename to k8s/apps/zitadel/app.json5
diff --git a/k8s/argocdapps/zitadel/config/config.yaml b/k8s/apps/zitadel/config/config.yaml
similarity index 100%
rename from k8s/argocdapps/zitadel/config/config.yaml
rename to k8s/apps/zitadel/config/config.yaml
diff --git a/k8s/argocdapps/zitadel/configmap.jsonnet b/k8s/apps/zitadel/configmap.jsonnet
similarity index 100%
rename from k8s/argocdapps/zitadel/configmap.jsonnet
rename to k8s/apps/zitadel/configmap.jsonnet
diff --git a/k8s/argocdapps/zitadel/external-secret.jsonnet b/k8s/apps/zitadel/external-secret.jsonnet
similarity index 100%
rename from k8s/argocdapps/zitadel/external-secret.jsonnet
rename to k8s/apps/zitadel/external-secret.jsonnet
diff --git a/k8s/argocdapps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet
similarity index 88%
rename from k8s/argocdapps/zitadel/helm.jsonnet
rename to k8s/apps/zitadel/helm.jsonnet
index 70a993ea7..44f8abb33 100644
--- a/k8s/argocdapps/zitadel/helm.jsonnet
+++ b/k8s/apps/zitadel/helm.jsonnet
@@ -4,6 +4,6 @@
chart: 'zitadel',
repoURL: 'https://charts.zitadel.com',
- targetRevision: '8.5.0',
+ targetRevision: '8.11.3',
values: (importstr 'values.yaml'),
}
diff --git a/k8s/apps/zitadel/hpa.jsonnet b/k8s/apps/zitadel/hpa.jsonnet
new file mode 100644
index 000000000..929cc6129
--- /dev/null
+++ b/k8s/apps/zitadel/hpa.jsonnet
@@ -0,0 +1,30 @@
+{
+ apiVersion: 'autoscaling/v2',
+ kind: 'HorizontalPodAutoscaler',
+ metadata: {
+ name: (import 'app.json5').name,
+ namespace: (import 'app.json5').namespace,
+ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
+ },
+ spec: {
+ minReplicas: 2,
+ maxReplicas: 6,
+ metrics: [
+ {
+ resource: {
+ name: 'memory',
+ target: {
+ averageUtilization: 100,
+ type: 'Utilization',
+ },
+ },
+ type: 'Resource',
+ },
+ ],
+ scaleTargetRef: {
+ apiVersion: 'apps/v1',
+ kind: 'Deployment',
+ name: 'zitadel',
+ },
+ },
+}
diff --git a/k8s/argocdapps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml
similarity index 58%
rename from k8s/argocdapps/zitadel/values.yaml
rename to k8s/apps/zitadel/values.yaml
index a7f683bc3..2ee1514b5 100644
--- a/k8s/argocdapps/zitadel/values.yaml
+++ b/k8s/apps/zitadel/values.yaml
@@ -1,8 +1,17 @@
zitadel:
configmapConfig:
+ Log:
+ # Level: debug
+ Formatter:
+ Format: json
+ Tracing:
+ Type: otel
+ Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317
ExternalDomain: auth.walnuts.dev
TLS:
Enabled: false
+ # KeyPath: /etc/ssl/certs/tls.key
+ # CertPath: /etc/ssl/certs/tls.crt
ExternalPort: 443
ExternalSecure: true
masterkeySecretName: "zitadel"
@@ -11,24 +20,26 @@ zitadel:
replicaCount: 2
ingress:
enabled: true
- className: "nginx"
+ className: "cilium"
annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ cert-manager.io/cluster-issuer: 'letsencrypt-prod'
hosts:
- host: auth.walnuts.dev
paths:
- path: /
pathType: Prefix
-env:
-# - name: ZITADEL_LOG_LEVEL
-# value: "debug"
+ tls:
+ - secretName: zitadel-tls
+ hosts:
+ - auth.walnuts.dev
metrics:
enabled: true
serviceMonitor:
enabled: true
resources:
requests:
- memory: 128Mi
+ cpu: 5m
+ memory: 100Mi
limits:
memory: 512Mi
affinity:
@@ -48,5 +59,13 @@ affinity:
operator: NotIn
values:
- donut
-# image:
-# tag: v2.64.1 # {"$imagepolicy": "zitadel:zitadel:tag"}
+
+# extraVolumes:
+# - name: zitadel-tls
+# secret:
+# defaultMode: 420
+# secretName: zitadel-tls
+# extraVolumeMounts:
+# - name: zitadel-tls
+# mountPath: /etc/ssl/certs
+# readOnly: true
diff --git a/k8s/argocdapps/blog/config/virtualhost.conf b/k8s/argocdapps/blog/config/virtualhost.conf
deleted file mode 100644
index 939eeaeff..000000000
--- a/k8s/argocdapps/blog/config/virtualhost.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
- listen 8080 default_server;
- server_name "";
- proxy_redirect off;
- location / {
- rewrite ^(.*)$ https://walnuts.hatenablog.com/ redirect;
- }
-}
diff --git a/k8s/argocdapps/cilium/values.yaml b/k8s/argocdapps/cilium/values.yaml
deleted file mode 100644
index 5500866db..000000000
--- a/k8s/argocdapps/cilium/values.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-
-image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
-kubeProxyReplacement: true
-k8sServiceHost: 192.168.0.17
-k8sServicePort: 16443
-l2announcements:
- enabled: true
-bgpControlPlane:
- enabled: true
-k8sClientRateLimit:
- qps: 10
- burst: 20
-clustermesh:
- apiserver:
- tls:
- auto:
- enabled: true
- method: cronJob
-hubble:
- tls:
- enabled: true
- auto:
- enabled: true
- method: cronJob
- relay:
- enabled: true
- image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
- ui:
- enabled: true
- backend:
- image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
- frontend:
- image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
- metrics:
- enableOpenMetrics: true
- enabled:
- - dns
- - drop
- - tcp
- - flow
- - port-distribution
- - icmp
- - httpV2:exemplars=true
- serviceMonitor:
- enabled: true
-envoy:
- image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
-operator:
- image:
- useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
- tolerations: []
diff --git a/k8s/argocdapps/cloudflared/deployment.jsonnet b/k8s/argocdapps/cloudflared/deployment.jsonnet
deleted file mode 100644
index feef7e4b8..000000000
--- a/k8s/argocdapps/cloudflared/deployment.jsonnet
+++ /dev/null
@@ -1,104 +0,0 @@
-{
- apiVersion: 'apps/v1',
- kind: 'Deployment',
- metadata: {
- name: (import 'app.json5').name,
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- spec: {
- selector: {
- matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- replicas: 2,
- template: {
- metadata: {
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- spec: {
- securityContext: {
- sysctls: [
- {
- name: 'net.ipv4.ping_group_range',
- value: '0 2147483647',
- },
- ],
- },
- containers: [
- (import '../../components/container.libsonnet') {
- name: 'cloudflared',
- securityContext: {
- readOnlyRootFilesystem: true,
- },
- image: 'cloudflare/cloudflared:2024.10.1',
- imagePullPolicy: 'IfNotPresent',
- args: [
- '--no-autoupdate',
- '--metrics=0.0.0.0:60123',
- 'tunnel',
- 'run',
- ],
- env: [
- {
- name: 'TUNNEL_TOKEN',
- valueFrom: {
- secretKeyRef: {
- name: (import 'external-secret.jsonnet').metadata.name,
- key: 'cloudflared-token',
- },
- },
- },
- ],
- ports: [
- {
- containerPort: 60123,
- },
- ],
- livenessProbe: {
- httpGet: {
- path: '/ready',
- port: 60123,
- },
- failureThreshold: 1,
- initialDelaySeconds: 10,
- periodSeconds: 10,
- },
- resources: {
- requests: {
- memory: '32Mi',
- cpu: '10m',
- },
- limits: {
- memory: '512Mi',
- cpu: '100m',
- },
- },
- },
- ],
- affinity: {
- podAntiAffinity: {
- preferredDuringSchedulingIgnoredDuringExecution: [
- {
- weight: 10,
- podAffinityTerm: {
- labelSelector: {
- matchExpressions: [
- {
- key: 'app',
- operator: 'In',
- values: [
- 'cloudflared',
- ],
- },
- ],
- },
- topologyKey: 'kubernetes.io/hostname',
- },
- },
- ],
- },
- },
- },
- },
- },
-}
diff --git a/k8s/argocdapps/cloudflared/external-secret.jsonnet b/k8s/argocdapps/cloudflared/external-secret.jsonnet
deleted file mode 100644
index 4080d2391..000000000
--- a/k8s/argocdapps/cloudflared/external-secret.jsonnet
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- apiVersion: 'external-secrets.io/v1beta1',
- kind: 'ExternalSecret',
- metadata: {
- name: (import 'app.json5').name,
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- spec: {
- secretStoreRef: {
- name: 'onepassword',
- kind: 'ClusterSecretStore',
- },
- refreshInterval: '1m',
- target: {
- name: (import 'app.json5').name,
- },
- data: [
- {
- secretKey: 'cloudflared-token',
- remoteRef: {
- key: 'cloudflare',
- property: 'k8s-tunnel-token',
- },
- },
- ],
- },
-}
diff --git a/k8s/argocdapps/cloudflared/service-monitor.jsonnet b/k8s/argocdapps/cloudflared/service-monitor.jsonnet
deleted file mode 100644
index 207159362..000000000
--- a/k8s/argocdapps/cloudflared/service-monitor.jsonnet
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: (import 'app.json5').name,
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- spec: {
- endpoints: [
- {
- honorLabels: false,
- honorTimestamps: true,
- path: '/metrics',
- targetPort: 60123,
- },
- ],
- jobLabel: 'cloudflared',
- namespaceSelector: {
- matchNames: [
- (import 'app.json5').namespace,
- ],
- },
- selector: {
- matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- },
-}
diff --git a/k8s/argocdapps/code-server-knative/app.json5 b/k8s/argocdapps/code-server-knative/app.json5
deleted file mode 100644
index 755e3a333..000000000
--- a/k8s/argocdapps/code-server-knative/app.json5
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name: "code-server-knative",
- namespace: "code-server",
-}
diff --git a/k8s/argocdapps/code-server-knative/codeserver.jsonnet b/k8s/argocdapps/code-server-knative/codeserver.jsonnet
deleted file mode 100644
index c845bd71f..000000000
--- a/k8s/argocdapps/code-server-knative/codeserver.jsonnet
+++ /dev/null
@@ -1,52 +0,0 @@
-{
- apiVersion: 'cs.walnuts.dev/v1alpha2',
- kind: 'CodeServerDeployment',
- metadata: {
- labels: {
- 'app.kubernetes.io/name': 'codebox',
- },
- name: (import 'app.json5').name,
- },
- spec: {
- replicas: 1,
- template: {
- spec: {
- storageSize: '3Gi',
- storageClassName: 'local-path',
- initPlugins: {
- git: {
- repourl: 'github.com/walnuts1018/knative',
- branch: 'master',
- },
- copyDefaultConfig: {},
- copyHome: {},
- },
- envs: [
- {
- name: 'LANGUAGE_DEFAULT',
- value: 'ja',
- },
- ],
- image: 'ghcr.io/kmc-jp/code-server-images-golang:f66bb947f1dbfe0c07c8323ef45ebd32af0a72f4-54',
- imagePullSecrets: [
- {
- name: 'ghcr-login-secret',
- },
- ],
- domain: 'walnuts.dev',
- ingressClassName: 'nginx',
- resources: {
- limits: {
- memory: '4Gi',
- },
- requests: {
- memory: '512Mi',
- },
- },
- nodeSelector: {
- 'kubernetes.io/arch': 'amd64',
- },
- },
- },
- },
-}
diff --git a/k8s/argocdapps/code-server-operator/values.yaml b/k8s/argocdapps/code-server-operator/values.yaml
deleted file mode 100644
index 95a54656d..000000000
--- a/k8s/argocdapps/code-server-operator/values.yaml
+++ /dev/null
@@ -1 +0,0 @@
-fullnameOverride: code-server-operator
diff --git a/k8s/argocdapps/ingress-nginx/app.json5 b/k8s/argocdapps/ingress-nginx/app.json5
deleted file mode 100644
index d6b32bf10..000000000
--- a/k8s/argocdapps/ingress-nginx/app.json5
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name: "ingress-nginx",
- namespace: "ingress-nginx",
-}
diff --git a/k8s/argocdapps/ingress-nginx/values.yaml b/k8s/argocdapps/ingress-nginx/values.yaml
deleted file mode 100644
index 0d74f66ad..000000000
--- a/k8s/argocdapps/ingress-nginx/values.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-controller:
- config:
- use-forwarded-headers: true
- enable-opentelemetry: "true"
- opentelemetry-trust-incoming-span: "true"
- otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local"
- otel-service-name: "ingress-nginx"
- admissionWebhooks:
- patch:
- image:
- digest: "" # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81
- service:
- enabled: true
- loadBalancerIP: "192.168.0.128"
- loadBalancerSourceRanges: []
- enableHttp: false
- enableHttps: true
- type: LoadBalancer
- replicaCount: 3
- affinity:
- nodeAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 100
- preference:
- matchExpressions:
- - key: kubernetes.io/arch
- operator: In
- values:
- - amd64
- opentelemetry:
- enabled: true
- name: opentelemetry
- metrics:
- enabled: true
- serviceMonitor:
- enabled: true
diff --git a/k8s/argocdapps/loki/values.yaml b/k8s/argocdapps/loki/values.yaml
deleted file mode 100644
index 2c21d19da..000000000
--- a/k8s/argocdapps/loki/values.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
-deploymentMode: SimpleScalable
-loki:
- auth_enabled: false
- commonConfig:
- replication_factor: 1
- storage:
- type: s3
- bucketNames:
- chunks: "loki-chunks"
- ruler: "loki-ruler"
- admin: "loki-admin"
- s3:
- endpoint: "http://minio.minio.svc.cluster.local:9000"
- region: ap-northeast-1
- secretAccessKey: "${secretAccessKey}"
- accessKeyId: "${accessKeyId}"
- s3ForcePathStyle: true
- insecure: true
- http_config:
- insecure_skip_verify: true
- server:
- # "error": "HTTP 500 \"Internal Server Error\": rpc error: code = ResourceExhausted desc = grpc: received message larger than max (4840865 vs. 4194304)"
- # https://grafana.com/docs/loki/latest/configure/
- grpc_server_max_recv_msg_size: 104857600
- grpc_server_max_send_msg_size: 104857600
- schemaConfig:
- configs:
- - from: '2024-01-01'
- store: tsdb
- index:
- prefix: loki_index_
- period: 24h
- object_store: s3
- schema: v13
- ingester:
- chunk_encoding: snappy
- tracing:
- enabled: true
- querier:
- max_concurrent: 4
- limits_config:
- allow_structured_metadata: true
- retention_period: 336h
- ingestion_burst_size_mb: 100
- shard_streams:
- enabled: true
- desired_rate: 104857600 # 10MiB
- reject_old_samples: false
-write:
- replicas: 2
- autoscaling:
- enabled: true
- minReplicas: 1
- maxReplicas: 6
- targetCPUUtilizationPercentage: 700
- targetMemoryUtilizationPercentage: 200
- resources:
- requests:
- memory: 300Mi
- cpu: 100m
- limits:
- memory: 1Gi
- cpu: 1
- extraArgs: ["-config.expand-env=true"]
- extraEnvFrom:
- - secretRef:
- name: loki-minio
- persistence:
- volumeClaimsEnabled: false
- dataVolumeParameters:
- emptyDir: {}
-
-read:
- replicas: 2
- autoscaling:
- enabled: true
- minReplicas: 1
- maxReplicas: 6
- targetCPUUtilizationPercentage: 500
- targetMemoryUtilizationPercentage: 200
- resources:
- requests:
- memory: 200Mi
- cpu: 10m
- limits:
- memory: 1Gi
- cpu: 1
- extraArgs: ["-config.expand-env=true"]
- extraEnvFrom:
- - secretRef:
- name: loki-minio
-
-backend:
- replicas: 2
- autoscaling:
- enabled: true
- minReplicas: 2
- maxReplicas: 6
- targetCPUUtilizationPercentage: 800
- targetMemoryUtilizationPercentage: 200
- resources:
- requests:
- memory: 256Mi
- cpu: 10m
- limits:
- memory: 1Gi
- cpu: 100m
- extraArgs: ["-config.expand-env=true"]
- extraEnvFrom:
- - secretRef:
- name: loki-minio
- persistence:
- volumeClaimsEnabled: false
- dataVolumeParameters:
- emptyDir: {}
-
-singleBinary:
- replicas: 0
-
-sidecar:
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 50m
- memory: 50Mi
-chunksCache:
- allocatedMemory: 8192
- resources:
- requests:
- cpu: 50m
- memory: 300Mi
- limits:
- memory: 9830Mi
-resultsCache:
- allocatedMemory: 1024
- resources:
- requests:
- cpu: 50m
- memory: 50Mi
- limits:
- memory: 1229Mi
diff --git a/k8s/argocdapps/nginx-test/configmap.jsonnet b/k8s/argocdapps/nginx-test/configmap.jsonnet
deleted file mode 100644
index b852fae5f..000000000
--- a/k8s/argocdapps/nginx-test/configmap.jsonnet
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- apiVersion: 'v1',
- kind: 'ConfigMap',
- metadata: {
- name: (import 'app.json5').name,
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- data: {
- 'nginx.conf': (importstr './config/nginx.conf'),
- 'virtualhost.conf': (importstr './config/virtualhost.conf'),
- },
-}
diff --git a/k8s/argocdapps/redis-operator/helm.jsonnet b/k8s/argocdapps/redis-operator/helm.jsonnet
deleted file mode 100644
index c70608192..000000000
--- a/k8s/argocdapps/redis-operator/helm.jsonnet
+++ /dev/null
@@ -1,16 +0,0 @@
-std.mergePatch((import '../../components/helm.libsonnet') {
- name: (import 'app.json5').name,
- namespace: (import 'app.json5').namespace,
- chart: 'redis-operator',
- repoURL: 'https://ot-container-kit.github.io/helm-charts/',
- targetRevision: '0.18.3',
- values: (importstr 'values.yaml'),
-}, {
- spec: {
- syncPolicy: {
- syncOptions: [
- 'ServerSideApply=true',
- ],
- },
- },
-})
diff --git a/k8s/argocdapps/redis-operator/values.yaml b/k8s/argocdapps/redis-operator/values.yaml
deleted file mode 100644
index 5d90ffca3..000000000
--- a/k8s/argocdapps/redis-operator/values.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-resources:
- limits:
- cpu: 500m
- memory: 500Mi
- requests:
- cpu: 500m
- memory: 500Mi
-
-redisOperator:
- extraArgs:
- - "-zap-log-level=debug"
diff --git a/k8s/argocdapps/samba-backup/configmap.jsonnet b/k8s/argocdapps/samba-backup/configmap.jsonnet
deleted file mode 100644
index fca1b3fd7..000000000
--- a/k8s/argocdapps/samba-backup/configmap.jsonnet
+++ /dev/null
@@ -1,11 +0,0 @@
-std.mergePatch((import '../../components/configmap.libsonnet') {
- name: (import 'app.json5').name + '-script',
- data: {
- 'backup.sh': (importstr './config/backup.sh'),
- },
-}, {
- metadata: {
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
-})
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/app.json5 b/k8s/argocdapps/wakatime-to-slack-profile/app.json5
deleted file mode 100644
index fac24c6d6..000000000
--- a/k8s/argocdapps/wakatime-to-slack-profile/app.json5
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- name: "wakatime-to-slack-profile",
- namespace: "default",
-}
diff --git a/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet b/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet
deleted file mode 100644
index 158afd804..000000000
--- a/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet
+++ /dev/null
@@ -1,11 +0,0 @@
-std.mergePatch((import '../../components/configmap.libsonnet') {
- name: (import 'app.json5').name + '-emojis',
- data: {
- 'emoji.json': (importstr './config/emoji.json'),
- },
-}, {
- metadata: {
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
-})
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/config/virtualhost.conf b/k8s/argocdapps/walnuts-dev-www-redirect/config/virtualhost.conf
deleted file mode 100644
index 76f9c7d69..000000000
--- a/k8s/argocdapps/walnuts-dev-www-redirect/config/virtualhost.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
- listen 8080 default_server;
- server_name "";
- proxy_redirect off;
- location / {
- rewrite ^(.*)$ https://walnuts.dev/ redirect;
- }
-}
diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/configmap.jsonnet b/k8s/argocdapps/walnuts-dev-www-redirect/configmap.jsonnet
deleted file mode 100644
index 6bfc25600..000000000
--- a/k8s/argocdapps/walnuts-dev-www-redirect/configmap.jsonnet
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- apiVersion: 'v1',
- kind: 'ConfigMap',
- metadata: {
- name: (import 'app.json5').name + '-' + std.md5(std.toString($.data))[0:6],
- namespace: (import 'app.json5').namespace,
- labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name },
- },
- data: {
- 'nginx.conf': (importstr './config/nginx.conf'),
- 'virtualhost.conf': (importstr './config/virtualhost.conf'),
- },
-}
diff --git a/k8s/components/configmap.libsonnet b/k8s/components/configmap.libsonnet
index 73f8c496d..607c28d95 100644
--- a/k8s/components/configmap.libsonnet
+++ b/k8s/components/configmap.libsonnet
@@ -1,8 +1,13 @@
{
name:: error 'name is required',
+ namespace:: error 'namespace is required',
+ labels:: {},
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: $.name + '-' + std.md5(std.toString($.data))[0:6],
+ namespace: $.namespace,
+ labels: $.labels,
},
+ data: {},
}
diff --git a/k8s/components/external-secret.libsonnet b/k8s/components/external-secret.libsonnet
index 46a146495..2e51659f6 100644
--- a/k8s/components/external-secret.libsonnet
+++ b/k8s/components/external-secret.libsonnet
@@ -1,11 +1,13 @@
{
name:: error 'name is required',
+ namespace:: '',
use_suffix:: true,
data:: error 'data is required',
apiVersion: 'external-secrets.io/v1beta1',
kind: 'ExternalSecret',
metadata: {
name: $.name + if $.use_suffix then '-' + std.md5(std.toString($.data) + { spec: { target: { name: null } } })[0:6] else '',
+ [if !($.namespace == '') then 'namespace']: $.namespace,
},
spec: {
secretStoreRef: {
diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet
index a6567dfc1..3b5714da7 100644
--- a/k8s/components/helm.libsonnet
+++ b/k8s/components/helm.libsonnet
@@ -1,8 +1,9 @@
{
name:: error 'name is required',
namespace:: error 'namespace is required',
- chart:: error 'chart is required',
- repoURL:: error 'repoURL is required',
+ ociChartURL:: '',
+ chart:: '',
+ repoURL:: '',
targetRevision:: error 'targetRevision is required',
values:: '',
valuesObject:: null,
@@ -24,10 +25,22 @@
selfHeal: true,
prune: true,
},
+ syncOptions: [
+ 'ServerSideApply=true',
+ 'FailOnSharedResource=true',
+ ],
},
source: {
- chart: $.chart,
- repoURL: $.repoURL,
+ local useOCI = !std.isEmpty($.ociChartURL),
+ local splitedOCIChartURL = std.splitLimitR($.ociChartURL, '/', 1),
+ local argoChart = if useOCI then splitedOCIChartURL[1] else $.chart,
+ local argoRepoURL = if useOCI then splitedOCIChartURL[0] else $.repoURL,
+
+ assert !std.isEmpty(argoChart) : 'ociChartURL or chart is required',
+ assert !std.isEmpty(argoRepoURL) : 'ociChartURL or repoURL is required',
+
+ chart: argoChart,
+ repoURL: argoRepoURL,
targetRevision: $.targetRevision,
helm: {
releaseName: $.name,
diff --git a/k8s/components/oauth2-proxy/external-secret.libsonnet b/k8s/components/oauth2-proxy/external-secret.libsonnet
index 110d6b144..7ea8aa88e 100644
--- a/k8s/components/oauth2-proxy/external-secret.libsonnet
+++ b/k8s/components/oauth2-proxy/external-secret.libsonnet
@@ -14,7 +14,7 @@
},
refreshInterval: '1m',
target: {
- name: $.name,
+ name: $.metadata.name,
},
data: [
{
diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet
index 3f7ecfd21..0800de6de 100644
--- a/k8s/components/oauth2-proxy/helm.libsonnet
+++ b/k8s/components/oauth2-proxy/helm.libsonnet
@@ -4,18 +4,19 @@
domain:: error 'domain is required',
secret_name:: error 'secret_name is required',
redis_name:: error 'redis_name is required',
+ valuesObjectOverride:: {},
name: error 'name is required',
namespace: error 'namespace is required',
chart: 'oauth2-proxy',
repoURL: 'https://oauth2-proxy.github.io/manifests',
- targetRevision: '7.7.28',
+ targetRevision: '7.10.2',
values: '',
- valuesObject: (import 'values.libsonnet') {
+ valuesObject: std.mergePatch((import 'values.libsonnet') {
upstream: $.upstream,
allowed_groups: $.allowed_groups,
domain: $.domain,
secret_name: $.secret_name,
redis_name: $.redis_name,
- },
+ }, $.valuesObjectOverride),
}
diff --git a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet
index 5666f861e..ec6fdf171 100644
--- a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet
+++ b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet
@@ -1,42 +1,43 @@
-{
- app:: {
- name:: error 'name is required',
- namespace:: error 'namespace is required',
- },
- domain:: error 'domain is required',
- upstream:: error 'upstream is required',
- oidc:: {
- secret:: {
- onepassword_item_name:: error 'onepassword_item_name is required',
- },
- allowed_group:: error 'allowed_group is required',
- },
-
- secret_name:: $.app.name + '-oauth2-proxy',
+// {
+// app:: {
+// name:: error 'name is required',
+// namespace:: error 'namespace is required',
+// },
+// domain:: error 'domain is required',
+// upstream:: error 'upstream is required',
+// oidc:: {
+// secret:: {
+// onepassword_item_name:: error 'onepassword_item_name is required',
+// },
+// allowed_group:: error 'allowed_group is required',
+// },
+// valuesObject:: {},
+// }
- redis:: (import './redis.libsonnet') {
- name: $.app.name + '-oauth2-proxy-redis',
- secret_name: $.secret_name,
- },
+function(config, valuesObject={})
+ local secret_name = config.app.name + '-oauth2-proxy' + '-' + std.md5(std.toString(config.oidc.secret))[0:6];
+ local redis = (import './redis.libsonnet') {
+ name: config.app.name + '-oauth2-proxy-redis',
+ secret_name: secret_name,
+ };
- apiVersion: 'v1',
- kind: 'List',
- items: [
+ [
(import './external-secret.libsonnet') {
- name: $.secret_name,
- onepassword_item_name: $.oidc.secret.onepassword_item_name,
+ name: secret_name,
+ onepassword_item_name: config.oidc.secret.onepassword_item_name,
},
(import './helm.libsonnet') {
- name: $.app.name + '-oauth2-proxy',
- namespace: $.app.namespace,
+ name: config.app.name + '-oauth2-proxy',
+ namespace: config.app.namespace,
+
+ upstream: config.upstream,
+ allowed_groups: config.oidc.allowed_group,
+ domain: config.domain,
+ secret_name: secret_name,
+ redis_name: redis.name,
- upstream: $.upstream,
- allowed_groups: $.oidc.allowed_group,
- domain: $.domain,
- secret_name: $.secret_name,
- redis_name: $.redis.name,
+ valuesObjectOverride: valuesObject,
},
- $.redis.items[0],
- $.redis.items[1],
- ],
-}
+ redis.items[0],
+ redis.items[1],
+ ]
diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet
index f931d9b75..23e9b8b91 100644
--- a/k8s/components/oauth2-proxy/redis.libsonnet
+++ b/k8s/components/oauth2-proxy/redis.libsonnet
@@ -18,6 +18,16 @@
name: $.secret_name,
key: 'redis-password',
},
+ resources: {
+ requests: {
+ cpu: '4m',
+ memory: '4Mi',
+ },
+ limits: {
+ cpu: '100m',
+ memory: '128Mi',
+ },
+ },
},
storage: {
volumeClaimTemplate: {
@@ -58,12 +68,22 @@
downAfterMilliseconds: '30000',
},
kubernetesConfig: {
- image: 'quay.io/opstree/redis-sentinel:v7.0.12',
+ image: 'quay.io/opstree/redis-sentinel:v7.2.7',
imagePullPolicy: 'IfNotPresent',
redisSecret: {
name: $.secret_name,
key: 'redis-password',
},
+ resources: {
+ requests: {
+ cpu: '4m',
+ memory: '4Mi',
+ },
+ limits: {
+ cpu: '100m',
+ memory: '128Mi',
+ },
+ },
},
podSecurityContext: {
fsGroup: 1000,
diff --git a/k8s/components/oauth2-proxy/values.libsonnet b/k8s/components/oauth2-proxy/values.libsonnet
index 57d302643..8deeaa930 100644
--- a/k8s/components/oauth2-proxy/values.libsonnet
+++ b/k8s/components/oauth2-proxy/values.libsonnet
@@ -14,10 +14,11 @@
'redirect-url': 'https://%s/oauth2/callback' % $.domain,
'oidc-issuer-url': 'https://auth.walnuts.dev',
'skip-provider-button': true,
+ 'code-challenge-method': 'S256',
},
ingress: {
enabled: true,
- className: 'nginx',
+ className: 'cilium',
path: '/',
pathType: 'Prefix',
hosts: [
@@ -41,4 +42,14 @@
metrics: {
enabled: true,
},
+ resources: {
+ limits: {
+ cpu: '100m',
+ memory: '128Mi',
+ },
+ requests: {
+ cpu: '1m',
+ memory: '5Mi',
+ },
+ },
}
diff --git a/k8s/init/readme.md b/k8s/init/readme.md
index 197f9c20f..9b577b008 100644
--- a/k8s/init/readme.md
+++ b/k8s/init/readme.md
@@ -8,6 +8,20 @@
- [zsh&dotfile](https://github.com/walnuts1018/dotfiles)
+## ラズパイのみ
+
+```bash
+sudo su
+rpi-eeprom-update -a
+echo -n "dtoverlay=cma,cma-64
+dtoverlay=disable-bt
+dtoverlay=disable-wifi
+dtparam=watchdog=on
+" >> /boot/firmware/config.txt"
+
+exit
+```
+
## Timezone
```bash
@@ -343,17 +357,6 @@ sudo apt-get update
sudo apt-get install helm
```
-## fluxcd
-
-```bash
-curl -s https://fluxcd.io/install.sh | sudo bash
-# echo "[[ /usr/bin/flux ]] && source <(flux completion zsh)" >> ~/.zshrc
-```
-
-```bash
-flux bootstrap github --owner=walnuts1018 --repository=infra --branch=deploy --path=./k8s/_flux/kurumi/ --components-extra=image-reflector-controller,image-automation-controller --reconcile --ssh-key-algorithm=ed25519 --read-write-key=true
-```
-
## labels
```bash
@@ -365,3 +368,15 @@ kubectl label nodes peach walnuts.dev/ondemand=true
```shell
helm install onepassword-connect -n onepassword --create-namespace 1password/connect --set-literal connect.credentials="$(op read "op://kurumi/kurumi Credentials File/1password-credentials.json")" --set operator.create=true --set operator.token.value="$(op item get mhc7wnb4oe3kevaiubx3cxz7du --reveal --fields label=credential)"
```
+
+## MaxPods
+
+```shell
+kubectl -n kube-system edit cm kubelet-config
+```
+
+下を追記
+
+```yaml
+maxPods: 250
+```
diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5
index 7be54879d..24afbf637 100644
--- a/k8s/namespaces/namespaces.json5
+++ b/k8s/namespaces/namespaces.json5
@@ -1 +1 @@
-["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","walnuts-dev","zitadel"]
+["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","openclarity","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"]
diff --git a/k8s/utils/get-endpoint-from-service.libsonnet b/k8s/utils/get-endpoint-from-service.libsonnet
new file mode 100644
index 000000000..86c5a4501
--- /dev/null
+++ b/k8s/utils/get-endpoint-from-service.libsonnet
@@ -0,0 +1 @@
+function(service) '%s.%s.svc.cluster.local' % [service.metadata.name, service.metadata.namespace]
diff --git a/renovate.json5 b/renovate.json5
index 6b0d47172..06a68e4eb 100644
--- a/renovate.json5
+++ b/renovate.json5
@@ -1,22 +1,28 @@
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
- extends: ["config:recommended"],
+ extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.6.0"],
dependencyDashboard: true,
timezone: "Asia/Tokyo",
- minimumReleaseAge: "8 days",
- flux: {
- enabled: false,
- },
kubernetes: {
- fileMatch: ["k8s/.+\\.yaml$"],
+ fileMatch: [
+ "k8s/.+\\.jsonnet$",
+ "k8s/.+\\.libsonnet$",
+ "k8s/.+\\.yaml$",
+ "k8s/.+\\.yml$",
+ ],
},
argocd: {
- fileMatch: ["k8s/_argocd/applications/.+\\.yaml$"],
+ fileMatch: ["k8s/_argocd/.+\\.yaml$"],
},
customManagers: [
{
customType: "regex",
- fileMatch: ["^k8s/.*/helm.jsonnet$"],
+ fileMatch: [
+ "^k8s/.*/helm.jsonnet$",
+ "^k8s/.*/helm.libsonnet$",
+ "^k8s/.*/helm.yaml$",
+ "^k8s/.*/helm.yml$",
+ ],
matchStringsStrategy: "combination",
matchStrings: [
"chart:\\s+[\"']?(?[a-z0-9-]+)[\"']",
@@ -25,6 +31,21 @@
],
datasourceTemplate: "helm",
},
+ {
+ customType: "regex",
+ fileMatch: [
+ "^k8s/.*/helm.jsonnet$",
+ "^k8s/.*/helm.libsonnet$",
+ "^k8s/.*/helm.yaml$",
+ "^k8s/.*/helm.yml$",
+ ],
+ matchStringsStrategy: "combination",
+ matchStrings: [
+ "ociChartURL:\\s+[\"']?(?\\S+)[\"']",
+ "targetRevision:\\s+[\"']?(?\\S+)[\"']",
+ ],
+ datasourceTemplate: "docker",
+ },
{
customType: "regex",
fileMatch: "^k8s/apps/.*/kustomization.yaml$",
@@ -39,21 +60,42 @@
],
packageRules: [
{
- matchUpdateTypes: ["patch"],
matchDatasources: ["helm"],
- matchCurrentVersion: "!/^0/",
- automerge: true,
+ minimumReleaseAge: "3 days",
},
{
matchUpdateTypes: ["patch"],
- matchDatasources: ["github-tags"],
+ matchDatasources: ["github-tags", "helm", "docker"],
matchCurrentVersion: "!/^0/",
automerge: true,
},
{
- matchManagers: ["kubernetes"],
- matchDatasources: ["docker"],
- enabled: false,
+ matchPackageNames: ["aquaproj/aqua-registry", "terraform", "renovate/renovate"],
+ automerge: true,
+ },
+ {
+ matchPackageNames: [
+ "ghcr.io/walnuts1018/2024-ac-hacking",
+ "ghcr.io/walnuts1018/2024-ac-hacking-front",
+ "ghcr.io/walnuts1018/walnuts.dev",
+ "ghcr.io/walnuts1018/http-dump",
+ "ghcr.io/walnuts1018/mucaron-backend",
+ "ghcr.io/walnuts1018/mucaron-frontend",
+ ],
+ versioning: "regex:^[a-f0-9]+-(?[0-9]+)$",
+ },
+ {
+ matchPackageNames: [
+ "ghcr.io/kmc-jp/oekaki-dengon-game-back",
+ "ghcr.io/kmc-jp/oekaki-dengon-game-front",
+ "ghcr.io/walnuts1018/openchokin-back",
+ "ghcr.io/walnuts1018/openchokin-front",
+ ],
+ versioning: "regex:^v0\\.0\\.0-[a-f0-9]+-(?[0-9]+)$",
+ },
+ {
+ matchPackageNames: ["photoprism/photoprism"],
+ versioning: "regex:^(?[0-9]{2})(?[0-9]{2})(?[0-9]{2})$",
},
],
internalChecksFilter: "none",
diff --git a/.github/scripts/infrautil/.gitignore b/scripts/infrautil/.gitignore
similarity index 100%
rename from .github/scripts/infrautil/.gitignore
rename to scripts/infrautil/.gitignore
diff --git a/scripts/infrautil/go.mod b/scripts/infrautil/go.mod
new file mode 100644
index 000000000..92bf765af
--- /dev/null
+++ b/scripts/infrautil/go.mod
@@ -0,0 +1,158 @@
+module github.com/walnuts1018/infra/scripts/infrautil
+
+go 1.23.4
+
+require (
+ github.com/go-playground/validator/v10 v10.24.0
+ github.com/google/go-jsonnet v0.20.0
+ github.com/google/subcommands v1.2.0
+ github.com/phsym/console-slog v0.3.1
+ github.com/pkg/errors v0.9.1
+ github.com/sters/yaml-diff v1.4.1
+ github.com/yosuke-furukawa/json5 v0.1.1
+ golang.org/x/sync v0.10.0
+ gopkg.in/yaml.v3 v3.0.1
+ helm.sh/helm/v3 v3.17.0
+ sigs.k8s.io/yaml v1.4.0
+)
+
+require (
+ dario.cat/mergo v1.0.1 // indirect
+ github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
+ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
+ github.com/BurntSushi/toml v1.4.0 // indirect
+ github.com/MakeNowJust/heredoc v1.0.0 // indirect
+ github.com/Masterminds/goutils v1.1.1 // indirect
+ github.com/Masterminds/semver/v3 v3.3.1 // indirect
+ github.com/Masterminds/sprig/v3 v3.3.0 // indirect
+ github.com/Masterminds/squirrel v1.5.4 // indirect
+ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+ github.com/beorn7/perks v1.0.1 // indirect
+ github.com/blang/semver/v4 v4.0.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
+ github.com/chai2010/gettext-go v1.0.3 // indirect
+ github.com/containerd/containerd v1.7.25 // indirect
+ github.com/containerd/errdefs v1.0.0 // indirect
+ github.com/containerd/log v0.1.0 // indirect
+ github.com/containerd/platforms v0.2.1 // indirect
+ github.com/cyphar/filepath-securejoin v0.4.0 // indirect
+ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ github.com/distribution/reference v0.6.0 // indirect
+ github.com/docker/cli v27.5.0+incompatible // indirect
+ github.com/docker/distribution v2.8.3+incompatible // indirect
+ github.com/docker/docker v27.5.0+incompatible // indirect
+ github.com/docker/docker-credential-helpers v0.8.2 // indirect
+ github.com/docker/go-connections v0.5.0 // indirect
+ github.com/docker/go-metrics v0.0.1 // indirect
+ github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+ github.com/evanphx/json-patch v5.9.0+incompatible // indirect
+ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
+ github.com/fatih/color v1.18.0 // indirect
+ github.com/felixge/httpsnoop v1.0.4 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+ github.com/go-errors/errors v1.5.1 // indirect
+ github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
+ github.com/go-logr/stdr v1.2.2 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.0 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
+ github.com/go-playground/locales v0.14.1 // indirect
+ github.com/go-playground/universal-translator v0.18.1 // indirect
+ github.com/gobwas/glob v0.2.3 // indirect
+ github.com/goccy/go-yaml v1.15.13 // indirect
+ github.com/gogo/protobuf v1.3.2 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
+ github.com/google/btree v1.1.3 // indirect
+ github.com/google/gnostic-models v0.6.9 // indirect
+ github.com/google/go-cmp v0.6.0 // indirect
+ github.com/google/gofuzz v1.2.0 // indirect
+ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+ github.com/google/uuid v1.6.0 // indirect
+ github.com/gorilla/mux v1.8.1 // indirect
+ github.com/gorilla/websocket v1.5.3 // indirect
+ github.com/gosuri/uitable v0.0.4 // indirect
+ github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+ github.com/hashicorp/errwrap v1.1.0 // indirect
+ github.com/hashicorp/go-multierror v1.1.1 // indirect
+ github.com/huandu/xstrings v1.5.0 // indirect
+ github.com/inconshreveable/mousetrap v1.1.0 // indirect
+ github.com/jmoiron/sqlx v1.4.0 // indirect
+ github.com/josharian/intern v1.0.0 // indirect
+ github.com/json-iterator/go v1.1.12 // indirect
+ github.com/klauspost/compress v1.17.11 // indirect
+ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+ github.com/leodido/go-urn v1.4.0 // indirect
+ github.com/lib/pq v1.10.9 // indirect
+ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+ github.com/mailru/easyjson v0.9.0 // indirect
+ github.com/mattn/go-colorable v0.1.14 // indirect
+ github.com/mattn/go-isatty v0.0.20 // indirect
+ github.com/mattn/go-runewidth v0.0.16 // indirect
+ github.com/mitchellh/copystructure v1.2.0 // indirect
+ github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+ github.com/mitchellh/reflectwalk v1.0.2 // indirect
+ github.com/moby/locker v1.0.1 // indirect
+ github.com/moby/spdystream v0.5.0 // indirect
+ github.com/moby/term v0.5.2 // indirect
+ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+ github.com/modern-go/reflect2 v1.0.2 // indirect
+ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+ github.com/opencontainers/go-digest v1.0.0 // indirect
+ github.com/opencontainers/image-spec v1.1.0 // indirect
+ github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+ github.com/prometheus/client_golang v1.20.5 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.61.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
+ github.com/rivo/uniseg v0.4.7 // indirect
+ github.com/rubenv/sql-migrate v1.7.1 // indirect
+ github.com/russross/blackfriday/v2 v2.1.0 // indirect
+ github.com/shopspring/decimal v1.4.0 // indirect
+ github.com/sirupsen/logrus v1.9.3 // indirect
+ github.com/spf13/cast v1.7.1 // indirect
+ github.com/spf13/cobra v1.8.1 // indirect
+ github.com/spf13/pflag v1.0.5 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
+ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+ github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+ github.com/xlab/treeprint v1.2.0 // indirect
+ go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
+ go.opentelemetry.io/otel v1.33.0 // indirect
+ go.opentelemetry.io/otel/metric v1.33.0 // indirect
+ go.opentelemetry.io/otel/trace v1.33.0 // indirect
+ golang.org/x/crypto v0.32.0 // indirect
+ golang.org/x/net v0.34.0 // indirect
+ golang.org/x/oauth2 v0.25.0 // indirect
+ golang.org/x/sys v0.29.0 // indirect
+ golang.org/x/term v0.28.0 // indirect
+ golang.org/x/text v0.21.0 // indirect
+ golang.org/x/time v0.9.0 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect
+ google.golang.org/grpc v1.69.4 // indirect
+ google.golang.org/protobuf v1.36.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+ gopkg.in/inf.v0 v0.9.1 // indirect
+ k8s.io/api v0.32.0 // indirect
+ k8s.io/apiextensions-apiserver v0.32.0 // indirect
+ k8s.io/apimachinery v0.32.0 // indirect
+ k8s.io/apiserver v0.32.0 // indirect
+ k8s.io/cli-runtime v0.32.0 // indirect
+ k8s.io/client-go v0.32.0 // indirect
+ k8s.io/component-base v0.32.0 // indirect
+ k8s.io/klog/v2 v2.130.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+ k8s.io/kubectl v0.32.0 // indirect
+ k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+ oras.land/oras-go v1.2.6 // indirect
+ sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+ sigs.k8s.io/kustomize/api v0.18.0 // indirect
+ sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
+)
diff --git a/scripts/infrautil/go.sum b/scripts/infrautil/go.sum
new file mode 100644
index 000000000..2b3e79d89
--- /dev/null
+++ b/scripts/infrautil/go.sum
@@ -0,0 +1,526 @@
+dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
+dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
+github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
+github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
+github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
+github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
+github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
+github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
+github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
+github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
+github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
+github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
+github.com/containerd/containerd v1.7.25 h1:khEQOAXOEJalRO228yzVsuASLH42vT7DIo9Ss+9SMFQ=
+github.com/containerd/containerd v1.7.25/go.mod h1:tWfHzVI0azhw4CT2vaIjsb2CoV4LJ9PrMPaULAr21Ok=
+github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
+github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/cyphar/filepath-securejoin v0.4.0 h1:PioTG9TBRSApBpYGnDU8HC+miIsX8vitBH9LGNNMoLQ=
+github.com/cyphar/filepath-securejoin v0.4.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic=
+github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM=
+github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v27.5.0+incompatible h1:um++2NcQtGRTz5eEgO6aJimo6/JxrTXC941hd05JO6U=
+github.com/docker/docker v27.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
+github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
+github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
+github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
+github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
+github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
+github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
+github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
+github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
+github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
+github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
+github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/goccy/go-yaml v1.15.13 h1:Xd87Yddmr2rC1SLLTm2MNDcTjeO/GYo0JGiww6gSTDg=
+github.com/goccy/go-yaml v1.15.13/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g=
+github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
+github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
+github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
+github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
+github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
+github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
+github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
+github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
+github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
+github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
+github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
+github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
+github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
+github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
+github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
+github.com/phsym/console-slog v0.3.1 h1:Fuzcrjr40xTc004S9Kni8XfNsk+qrptQmyR+wZw9/7A=
+github.com/phsym/console-slog v0.3.1/go.mod h1:oJskjp/X6e6c0mGpfP8ELkfKUsrkDifYRAqJQgmdDS0=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
+github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
+github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ=
+github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
+github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
+github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
+github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY=
+github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
+github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
+github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
+github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/sters/yaml-diff v1.4.1 h1:0W3jnFKCu8/DV7nh2aXSDA2VVfxfHu2+qdh81CuFmZo=
+github.com/sters/yaml-diff v1.4.1/go.mod h1:K286Xp2z+aGkok7z9k3zXcq0ZsrDaDp7/wyGwFjM9Y8=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
+github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/yosuke-furukawa/json5 v0.1.1 h1:0F9mNwTvOuDNH243hoPqvf+dxa5QsKnZzU20uNsh3ZI=
+github.com/yosuke-furukawa/json5 v0.1.1/go.mod h1:sw49aWDqNdRJ6DYUtIQiaA3xyj2IL9tjeNYmX2ixwcU=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
+go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
+go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
+go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w=
+go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
+go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
+go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
+go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
+go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
+go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
+go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
+go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
+go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
+golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U=
+google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4=
+google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A=
+google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
+google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
+google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+helm.sh/helm/v3 v3.17.0 h1:DUD4AGdNVn7PSTYfxe1gmQG7s18QeWv/4jI9TubnhT0=
+helm.sh/helm/v3 v3.17.0/go.mod h1:Mo7eGyKPPHlS0Ml67W8z/lbkox/gD9Xt1XpD6bxvZZA=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
+k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs=
+k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag=
+k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c=
+k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU=
+k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
+k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw=
+k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk=
+oras.land/oras-go v1.2.6/go.mod h1:OVPc1PegSEe/K8YiLfosrlqlqTN9PUyFvOw5Y9gwrT8=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
+sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
+sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=
+sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/scripts/infrautil/helmSnapshotCmd.go b/scripts/infrautil/helmSnapshotCmd.go
new file mode 100644
index 000000000..4d6eff53a
--- /dev/null
+++ b/scripts/infrautil/helmSnapshotCmd.go
@@ -0,0 +1,146 @@
+package main
+
+import (
+ "context"
+ "errors"
+ "flag"
+ "fmt"
+ "io"
+ "io/fs"
+ "log/slog"
+ "net/url"
+ "os"
+ "path/filepath"
+
+ "github.com/google/subcommands"
+ "github.com/walnuts1018/infra/scripts/infrautil/lib"
+ "golang.org/x/sync/errgroup"
+)
+
+type helmSnapshotCmd struct {
+ appSnapshotDir string
+ outFileDir string
+}
+
+func (*helmSnapshotCmd) Name() string { return "helm-snapshot" }
+func (*helmSnapshotCmd) Synopsis() string { return "create snapshot" }
+func (*helmSnapshotCmd) Usage() string {
+ return `helm-snapshot -d -o