diff --git a/apps/base/iot/kustomization.yaml b/apps/base/iot/kustomization.yaml index f07431890f90e5a48bb586f1d725d6b0547d4437..649199c83bbeeb013d3247e3f3ad84c9a9acc6d8 100644 --- a/apps/base/iot/kustomization.yaml +++ b/apps/base/iot/kustomization.yaml @@ -4,6 +4,7 @@ namespace: iot resources: - namespace.yaml - shelly-exporter.yaml +- shelly-ht-monitor.yaml - ../../../shared/networkpolicies/allow-from-monitoring.yaml patchesStrategicMerge: - networkpolicy.yaml diff --git a/apps/base/iot/shelly-ht-monitor.yaml b/apps/base/iot/shelly-ht-monitor.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3ae63585b27f95cc850b668f35d993504f086024 --- /dev/null +++ b/apps/base/iot/shelly-ht-monitor.yaml @@ -0,0 +1,79 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shelly-ht-monitor + labels: + app.kubernetes.io/name: shelly-ht-monitor +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: shelly-ht-monitor + template: + metadata: + labels: + app.kubernetes.io/name: shelly-ht-monitor + spec: + containers: + - name: shelly-ht-monitor + image: ghcr.io/lesuisse/shelly-ht-action-prometheus:0.2.0 + env: + - name: SENSOR_PASSWORD + valueFrom: + secretKeyRef: + name: shelly-ht-monitor + key: sensor-password + optional: false + ports: + - name: metrics + containerPort: 17796 + protocol: TCP + - name: webhook + containerPort: 17795 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 256Mi + automountServiceAccountToken: false +--- +apiVersion: v1 +kind: Service +metadata: + name: shelly-ht-monitor + labels: + app.kubernetes.io/name: shelly-ht-monitor + annotations: + metallb.universe.tf/allow-shared-ip: "dns" +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: shelly-ht-monitor + ports: + - name: metrics + protocol: TCP + port: 8080 + targetPort: 17796 + - name: webhook + protocol: TCP + port: 80 + targetPort: 17795 +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: shelly-ht-monitor + labels: + app.kubernetes.io/name: shelly-ht-monitor +spec: + endpoints: + - path: /metrics + port: metrics + scheme: http + selector: + matchLabels: + app.kubernetes.io/name: shelly-ht-monitor diff --git a/apps/k8s01/iot/kustomization.yaml b/apps/k8s01/iot/kustomization.yaml index a6378a6d5f9b6620dfb66a4777025a8d74c3d3fd..b66bcfa2a2ffd343a138ce8bf86351a144d51fa5 100644 --- a/apps/k8s01/iot/kustomization.yaml +++ b/apps/k8s01/iot/kustomization.yaml @@ -7,3 +7,4 @@ resources: - oauth2.yaml - rainer.yaml - shelly.yaml +- shelly-ht-monitor.yaml diff --git a/apps/k8s01/iot/shelly-ht-monitor.yaml b/apps/k8s01/iot/shelly-ht-monitor.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a0d4fce15817cff1ff63e11e94a25084bba90999 --- /dev/null +++ b/apps/k8s01/iot/shelly-ht-monitor.yaml @@ -0,0 +1,138 @@ +apiVersion: v1 +kind: Secret +metadata: + name: shelly-ht-monitor + labels: + app.kubernetes.io/name: shelly-ht-monitor +stringData: + sensor-password: ENC[AES256_GCM,data:70Ol0OJsxUTBeBbrTIrcZvY8fWlWTlPxVLUFz1ECukdbnKHoT2M8VA==,iv:Vmeb6yqlMvWBOnj2ZKzAgfpOSS/ilSvINV/kDHIDsEY=,tag:Psna3eZidH6PHKHT1W2P/g==,type:str] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-10-20T15:52:58Z" + mac: ENC[AES256_GCM,data:8rdosZC8qGQbMEcUzJZa49cyUn5VwvHP/RcB8I35ymjfmZbrKcgz7V84upgkLSJeXyLLcR0MJE0ntCEbiX6jZFHBDu8/IyDOR6vzkxVI5C/l5NZJSyJ49/lmBF5QfnQkRhVl0pU4BnbeEjvJEY2nErbGx79z6G7lkb9x9apmghI=,iv:R74Bop4a1Y45NKGTNyN9K7QYy3WUHpRSE/Cvp6xa23c=,tag:TYdKxFVC1ahzXy0ITvy4YA==,type:str] + pgp: + - created_at: "2022-10-20T15:52:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcAQ/9EnDqZdYKhK9kXBXztgsfSGA/LOxXFc9inV9VhPurQchP + GnTDbUJPBeYCEVe23p3hHkHdG6GrHegSIbcmpH7ffbZyQO+hkhdduok6b2P+u22n + F6M3b35CRo4Ngsmb4EYAHIISafQgcsdzgbJtwwE2nRyF3seTpcbgEj/L7wSoNyUn + EMGD/L/RuOPNGhrbpP+FXlU+LmAjcrV8KyLesRUcRFpsKiYYajhHdliJuWCVtOjD + JlnNvffgh9rERLtMDPhNxxPZyNHIa4RD8sJKwL9bNaMG+rj1VzSw+kPpdKGBVgAJ + e6j4nl/5YIP1zDsPF8xSTY/RoN3IJE5oRwW5+q+uDWuzjSPXOJDJQh+iUorh6iqh + UM5u/r/O8+Th0RdEpB97Xd/W3skBkBWgyMjUPzYgD6Cfp3+Nwh16PmpI7ADUpM+z + GaqqfXkBuLvZQQGtKpe22mqAMuC2OflHoRe+OtS5QAaal17PMXYnM5WpciFaZaia + L8MEwkw63462WDm7GSLTDnpdIKWXp7mHicJBF2evGf5uxp4CrfyZbqYkxv03fixx + 0FzVeIcfM0CZppDZ8SxNv3ZbUQkuNNU+Lknv7k5d5ra4YReT202MnoLAmsPtuIGs + OQTWAbr4wkVVdqaooB/hr5Y3eBn57LA0j2X4uu4tAwWRPtx5sswIZSlTkkVlqcTS + UQGVTbjw+1kNqZ8bcuDOWFzuxqtU0/8InewfSD+yD/D26ABSLTwh+sihgXOJzcl5 + hLkD6IVDRcsZ71aeoj0s4oyUMlmS7vIL18Uh26gJNJsLbQ== + =tKDO + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-10-20T15:52:57Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ/+IZPzWroUvUvRDfm+Wzp0YLg6rSB4rCew/hgpVE5273tw + 3fW84WI/F0qOf4NjBU4BS7X+gXk6jY7x7f0pNGtOil+z8csGLV2WymAXWfArHPvS + gyxLD+4rqn/w9Y4MkIJ01lDm14PGrSZARSbKGKgpf1KX+UuhhNleXi1kTRNkS6A6 + wl22be9ZHAznII57vkTwu0yroFdIYbjjUGP+FhqrCMi8Q9sTE82TxvGjCezt9M2e + bxoCvuQkX0lrGWgVu6ByFfCcgThwb74bSJXdj1ZgLd3LV+xh3oAYW8lTynEb7FhX + Lt5X/aEArBJdmAzpRNcLssxwEQEFAmnCLgAziH2w6Y6ZmGemOTYRiHgyjKxSrBY6 + 95kh1w3I2GRq4wsS0WnjUqNjiGk8L7SFOeAd4i4SZSYGVGaiyBzRWXpvIzW+5PD8 + Hxfb7rScmsYRNEuFqzougQWsixbPu78bjk/RWv4Yej6MGSaVpHpL6cTKs8nFsRxQ + D0tKfEfLgwf5AJYPgCxTDyJ0aHKVRDL2x2ukHDijc8bRkQlFc2hGophjC8ayiINI + VuEnKe7U7yahQGY2BiXf3loScVPEaVwr3J9RuVsh8eNVbN9Rg+tYRk8Krb+QH/oS + Rv+QmQUD+GvRhEeM/LiiT4UV/Tvkhg1U8njaU4ED06Asl6E2+kM7a8YfI52M6ArU + aAEJAhBZ1VOlCqHZl43St8NDDEWxhlgpmnvpnes/yZlMBV/T57H73ZuaNpdzB3T1 + oIG4NSZ0X5DSR3MIaUnlXwV62t36XUDruT38iTA8Uze7Kp1lsHFbeRyRakZCrRAZ + Wh+gxd8wxxUr + =xvSe + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$ + version: 3.7.3 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: shelly-ht-monitor + labels: + app.kubernetes.io/name: shelly-ht-monitor + annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.30.0/24 +spec: + rules: + - host: ENC[AES256_GCM,data:y7cTHrFYMZHJYLwDr+HEXe75/124v6ehMPDqL+ZOYOMey2lQt5Zs2Ew=,iv:g0huzL8+V1lU0FV77XsdNwFcH1Dar0TKqu9ki/Aa98M=,tag:k82WuTvKGp7rA4cI52Wb0w==,type:str] + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: shelly-ht-monitor + port: + number: 80 + tls: + - hosts: + - ENC[AES256_GCM,data:ZwgwgOLJIvp76/DHShRBAbkqWujGkoq8OXNHEyqv+wD74uvIdIOuq9I=,iv:UgXGojEpd/XeukGQWat5woC5HXKwihAinP64LLqg49E=,tag:za44NuBYdZ8DdP9eGGg4rA==,type:str] + secretName: ingress-iot-tls +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-10-20T15:52:58Z" + mac: ENC[AES256_GCM,data:8rdosZC8qGQbMEcUzJZa49cyUn5VwvHP/RcB8I35ymjfmZbrKcgz7V84upgkLSJeXyLLcR0MJE0ntCEbiX6jZFHBDu8/IyDOR6vzkxVI5C/l5NZJSyJ49/lmBF5QfnQkRhVl0pU4BnbeEjvJEY2nErbGx79z6G7lkb9x9apmghI=,iv:R74Bop4a1Y45NKGTNyN9K7QYy3WUHpRSE/Cvp6xa23c=,tag:TYdKxFVC1ahzXy0ITvy4YA==,type:str] + pgp: + - created_at: "2022-10-20T15:52:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcAQ/9EnDqZdYKhK9kXBXztgsfSGA/LOxXFc9inV9VhPurQchP + GnTDbUJPBeYCEVe23p3hHkHdG6GrHegSIbcmpH7ffbZyQO+hkhdduok6b2P+u22n + F6M3b35CRo4Ngsmb4EYAHIISafQgcsdzgbJtwwE2nRyF3seTpcbgEj/L7wSoNyUn + EMGD/L/RuOPNGhrbpP+FXlU+LmAjcrV8KyLesRUcRFpsKiYYajhHdliJuWCVtOjD + JlnNvffgh9rERLtMDPhNxxPZyNHIa4RD8sJKwL9bNaMG+rj1VzSw+kPpdKGBVgAJ + e6j4nl/5YIP1zDsPF8xSTY/RoN3IJE5oRwW5+q+uDWuzjSPXOJDJQh+iUorh6iqh + UM5u/r/O8+Th0RdEpB97Xd/W3skBkBWgyMjUPzYgD6Cfp3+Nwh16PmpI7ADUpM+z + GaqqfXkBuLvZQQGtKpe22mqAMuC2OflHoRe+OtS5QAaal17PMXYnM5WpciFaZaia + L8MEwkw63462WDm7GSLTDnpdIKWXp7mHicJBF2evGf5uxp4CrfyZbqYkxv03fixx + 0FzVeIcfM0CZppDZ8SxNv3ZbUQkuNNU+Lknv7k5d5ra4YReT202MnoLAmsPtuIGs + OQTWAbr4wkVVdqaooB/hr5Y3eBn57LA0j2X4uu4tAwWRPtx5sswIZSlTkkVlqcTS + UQGVTbjw+1kNqZ8bcuDOWFzuxqtU0/8InewfSD+yD/D26ABSLTwh+sihgXOJzcl5 + hLkD6IVDRcsZ71aeoj0s4oyUMlmS7vIL18Uh26gJNJsLbQ== + =tKDO + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-10-20T15:52:57Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ/+IZPzWroUvUvRDfm+Wzp0YLg6rSB4rCew/hgpVE5273tw + 3fW84WI/F0qOf4NjBU4BS7X+gXk6jY7x7f0pNGtOil+z8csGLV2WymAXWfArHPvS + gyxLD+4rqn/w9Y4MkIJ01lDm14PGrSZARSbKGKgpf1KX+UuhhNleXi1kTRNkS6A6 + wl22be9ZHAznII57vkTwu0yroFdIYbjjUGP+FhqrCMi8Q9sTE82TxvGjCezt9M2e + bxoCvuQkX0lrGWgVu6ByFfCcgThwb74bSJXdj1ZgLd3LV+xh3oAYW8lTynEb7FhX + Lt5X/aEArBJdmAzpRNcLssxwEQEFAmnCLgAziH2w6Y6ZmGemOTYRiHgyjKxSrBY6 + 95kh1w3I2GRq4wsS0WnjUqNjiGk8L7SFOeAd4i4SZSYGVGaiyBzRWXpvIzW+5PD8 + Hxfb7rScmsYRNEuFqzougQWsixbPu78bjk/RWv4Yej6MGSaVpHpL6cTKs8nFsRxQ + D0tKfEfLgwf5AJYPgCxTDyJ0aHKVRDL2x2ukHDijc8bRkQlFc2hGophjC8ayiINI + VuEnKe7U7yahQGY2BiXf3loScVPEaVwr3J9RuVsh8eNVbN9Rg+tYRk8Krb+QH/oS + Rv+QmQUD+GvRhEeM/LiiT4UV/Tvkhg1U8njaU4ED06Asl6E2+kM7a8YfI52M6ArU + aAEJAhBZ1VOlCqHZl43St8NDDEWxhlgpmnvpnes/yZlMBV/T57H73ZuaNpdzB3T1 + oIG4NSZ0X5DSR3MIaUnlXwV62t36XUDruT38iTA8Uze7Kp1lsHFbeRyRakZCrRAZ + Wh+gxd8wxxUr + =xvSe + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$ + version: 3.7.3