imfreedom/k8s-cluster

Remove the wasdead bot as it's being retired

2021-01-15, Gary Kramlich
4e5cc0ed6a50
Remove the wasdead bot as it's being retired
# this manifest sets up an ingress using hub to the kube-prometheus stack which
# was applied directly from the manifests in github.com/coreos/kube-prometheus.
#
# It uses https://github.com/thomseddon/traefik-forward-auth to do OIDC based
# logins against our JetBrains Hub instance.
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: common-headers
namespace: monitoring
spec:
headers:
customResponseHeaders:
X-Frame-Options: SAMEORIGIN
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: strip-prefixes
namespace: monitoring
spec:
stripPrefix:
forceSlash: false
prefixes:
- "/alertmanager"
- "/grafana"
- "/prometheus"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: hub-forward-auth
namespace: monitoring
spec:
forwardAuth:
address: http://traefik-forward-auth.monitoring:4181
trustForwardHeader: true
authResponseHeaders:
- X-Forwarded-User
- Authorization
- Set-Cookie
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: common
namespace: monitoring
spec:
chain:
middlewares:
- name: hub-forward-auth
- name: strip-prefixes
- name: common-headers
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: monitoring
namespace: monitoring
spec:
entryPoints:
- https
routes:
- match: Host(`monitoring.imfreedom.org`) && PathPrefix(`/alertmanager`)
kind: Rule
services:
- name: alertmanager-main
port: 9093
middlewares:
- name: common
- match: Host(`monitoring.imfreedom.org`) && PathPrefix(`/grafana`)
kind: Rule
services:
- name: grafana
port: 3000
middlewares:
- name: common
- match: Host(`monitoring.imfreedom.org`) && PathPrefix(`/prometheus`)
kind: Rule
services:
- name: prometheus-k8s
port: 9090
middlewares:
- name: common
- match: Host(`monitoring.imfreedom.org`) && PathPrefix(`/_oauth`)
kind: Rule
services:
- name: traefik-forward-auth
port: 4181
middlewares:
- name: common
tls:
secretName: monitoring-tls
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
namespace: imfreedom
name: monitoring-tls
spec:
secretName: monitoring-tls
issuerRef:
name: letsencrypt
commonName: monitoring.imfreedom.org
dnsNames:
- monitoring.imfreedom.org
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
namespace: monitoring
name: traefik-forward-auth
spec:
minAvailable: 1
selector:
matchLabels:
app: traefik-forward-auth
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: monitoring
name: traefik-forward-auth
labels:
app: traefik-forward-auth
spec:
replicas: 1
selector:
matchLabels:
app: traefik-forward-auth
template:
metadata:
labels:
app: traefik-forward-auth
spec:
containers:
- args:
- --default-provider=oidc
env:
- name: PROVIDERS_OIDC_ISSUER_URL
value: https://hub.imfreedom.org/hub
- name: PROVIDERS_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: monitoring
key: client_id
- name: PROVIDERS_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: monitoring
key: client_secret
- name: SECRET
valueFrom:
secretKeyRef:
name: monitoring
key: cookie_secret
image: thomseddon/traefik-forward-auth:2
imagePullPolicy: Always
name: traefik-forward-auth
ports:
- containerPort: 4181
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
namespace: monitoring
name: traefik-forward-auth
labels:
app: traefik-forward-auth
spec:
ports:
- name: http
port: 4181
protocol: TCP
targetPort: 4181
selector:
app: traefik-forward-auth
---