Skip to content
Snippets Groups Projects
Verified Commit fe548a10 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(unpoller): Add unpoller to infrastructure 

This patch adds an unpoller deployment to the infrastrcuture which
should allow to monitor the unifi infrastructure from the Kubernetes
cluster. The next step, once metrics are collected is to add dashboards
and define alerts. But one step after the other.

References:
https://unpoller.com/
parent c568973e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/k8s01/unpoller/deployment.yaml 0 → 100644
+ 47
0
View file @ fe548a10
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: unpoller
namespace: unpoller
labels:
app.kubernetes.io/name: unpoller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: unpoller
template:
metadata:
labels:
app.kubernetes.io/name: unpoller
spec:
containers:
- name: unpoller
image: ghcr.io/unpoller/unpoller:v2.9.4
resources:
requests:
cpu: 100m
memory: 64Mi
limits:
cpu: "1"
memory: 128Mi
envFrom:
- secretRef: unpoller
optional: false
ports:
- name: exporter
containerPort: 9130
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
runAsUser: 7067
runAsGroup: 7067
fsGroup: 7067
seccompProfile:
type: "RuntimeDefault"
\ No newline at end of file
apps/k8s01/unpoller/kustomization.yaml 0 → 100644
+ 12
0
View file @ fe548a10
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: unpoller
resources:
- namespace.yaml
- deployment.yaml
- podmonitor.yaml
- secret.yaml
- ../../../shared/resourcequotas/default.yaml
- ../../../shared/networkpolicies/allow-from-monitoring.yaml
patchesStrategicMerge:
- networkpolicy.yaml
\ No newline at end of file
apps/k8s01/unpoller/namespace.yaml 0 → 100644
+ 11
0
View file @ fe548a10
apiVersion: v1
kind: Namespace
metadata:
name: unpoller
labels:
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/audit-version: v1.27
pod-security.kubernetes.io/enforce-version: v1.26
pod-security.kubernetes.io/warn-version: v1.27
apps/k8s01/unpoller/networkpolicy.yaml 0 → 100644
+ 12
0
View file @ fe548a10
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-monitoring
spec:
podSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- unpoller
apps/k8s01/unpoller/podmonitor.yaml 0 → 100644
+ 14
0
View file @ fe548a10
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: unpoller
namespace: unpoller
labels:
app.kubernetes.io/name: unpoller
spec:
selector:
matchLabels:
app.kubernetes.io/name: unpoller
podMetricsEndpoints:
- port: exporter
\ No newline at end of file
apps/k8s01/unpoller/secret.yaml 0 → 100644
+ 65
0
View file @ fe548a10
apiVersion: v1
kind: Secret
metadata:
name: unpoller
namespace: unpoller
labels:
app.kubernetes.io/name: unpoller
stringData:
UP_INFLUXDB_DISABLE: ENC[AES256_GCM,data:GrtLpg==,iv:V2Oyf5/goHmXzraMq1jW02ILexmIiLuWb7I2Vs120Yg=,tag:NUkALMSphJeiKXgYJrx8ow==,type:str]
UP_UNIFI_DEFAULT_VERIFY_SSL: ENC[AES256_GCM,data:7IjaZw==,iv:D+bK8OJDnpLm9UqJM3dShy3NjKz7gJXELEETRSQ0ML4=,tag:pXePhFmaEgZV6pjzkfijLA==,type:str]
UP_UNIFI_DEFAULT_URL: ENC[AES256_GCM,data:lwXt9gezxmMXVIV4hhHb+fAAUcCMQxl2ukah75i3AKXeFKjQzuo1,iv:BTp5QzuY4BcaSHDInS4cK/fkUBxLjfcAHxvKOHO3tUM=,tag:fanjdhFnbYJ+PjGNLAGSLw==,type:str]
UP_UNIFI_DEFAULT_USER: ENC[AES256_GCM,data:qlGyV2H4Puw=,iv:RPJ6QhKfcKfcLp1JJOCrRS2ZgY4iTnMEN+Xz7X6ZlRA=,tag:oO6YZTYXiQimHyT1bV+YNA==,type:str]
UP_UNIFI_DEFAULT_PASS: ENC[AES256_GCM,data:BTxto5YthceS4JHRhYHpAjS6JRGvoq1QCoc9Uhbbdykbl3+bchwn7Q==,iv:Rvw4E9JXpY9gz6WK20fe82Xpt3qhygmGYj0KHjmSrhI=,tag:ca44+V1qPj+2pRWsUcP+Rw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-12-14T23:06:10Z"
mac: ENC[AES256_GCM,data:Jy22qBWdn9UPleoxff2LEdXSzS0UBRWTafir9Sohb+cyiAgCQ2AUHkdoee1eBc6J1A6QEOGWkLrTPYZSF+f3FoPNQFnxEA5qHe0JdLspeO2mARBYCwh3Fj6aVTKwUtaa7wUgfJOnJUrdJmrxANcx5hc2zKlTf3Wz7nbYDS5vP04=,iv:0RabEjNsF3xUEFl/zAdfhm25cXViq2ZLbbufxHRgH0U=,tag:bAKb2gjl3w5nDW/OJEhOdQ==,type:str]
pgp:
- created_at: "2023-12-14T23:06:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcAQ//ZTChXz3XiVHA+PTtmYJWQX7b4Tu4DBlr53XRldUkxLJ1
Qbo45jCfKnjjdeKFTbZ1D8sIh1Nx61GatUQZUCIZJ67zJnXmYyG3pSZ5bg95zIEF
lK+qN4nI0OevQblH9bZrO9DvRxxYP1s2F/C+fToq9FqbzmzrdL4CTn0gV52PMVGK
MgtwOhskjvDCjZzWkHPMYrn1QEDXlF+LRdrSNBSjveExWmyJbU6l46Vsi58F9DSM
M2puHE97zX0Wil4MZ5Tu8wsTqv6RGtAeHabAqFP+2+0wpEX3s2E+4FbfDXEWQaWC
WPM2NlWQMNFK9vPzFF5rzlMEG0dZ+ldUYFhcGqfKrRthf9D42JsK2vgaPzQcj01J
HxCmvoFQcVTn+6RqxrOhG0GS9Wn0HDE4fT/WaRTgqxhMTvR9fzXAR73KewZAXJjk
8A/3lQSTzRM70RiDPNT7EuuOioEBrMs0Ma0oLa5ozr3bEd0zeq4DCer1rgMDT+1C
gAcfahg9fA7s+3bR2yu9ZqI4NIMsaHXV/IxJ7u0wSxusy3Lwm0/U3ccjYT+bW0it
yQeJr+4cxi2pBeT8SdgXnSTQtVWWk5lV3DGgrZwC6rnethSguCakO7iuotDwHDCe
y+BX/X4j+LebxZ/yh+yAWQmg3WwSRSTgeBPRZev+7GWuxpeNXOQUc6f+SnNUNfnS
UQFZp2cJhke+FzS7qt4HAsxxJpWRl259hN4zKhfhKauyhOsnKMZDhZqvQSLJO1fD
sqOrrFhg1lIHTKlHPPHHImJj2PgA4+4Lx4QyuPnFRc0j9w==
=sqer
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2023-12-14T23:06:09Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAArkN/49Xrq0PPuBZf09rp33veB3/BtMd2rPdHClLhtVBi
Zq7s3txTf1fGp4fxXWWn0/yLHzUH5E46BC5gyX+ciyaeQ0rVrXDg76JtGo6r8Eo9
4y9IzUGN4GEE/bGhQAOt2Ci86WPGnJjdUkCGUB8tyR5pBp1e8po0LDqzg6FIing9
YDIrh+ek86niVemqHOomPDQpRds5joqDIkkpnfihWvp+y7Mig0oh/Gug18UCjB1q
p40YFc2nb7s90oDuKKf+W9in45OQIbnneXgTkgxWORKQ3hRSBUYdqcVQH65h4KZJ
9AcXSmVnAiNoXJRJ5ZzGnJRs4Aj12g78nMnCG60p2uHC2ya5gCg9gCpDrcP+H+Qe
Up0T5+yj7IHmjUIt+sZRR3CijAwAwnPC782eoj0FHCfhDSWc+hFya/WHdV/o1CQG
qtLwI02pLSeHlKjnSQw/T8hrmfxl1XX+UVtJ/0kCjJn5OTp5XCiWiRUc7nWNJx18
9vUSMRXS8k7WqSZOLon++07tBF9jfrWl/iuOOdHKTVexcs0HJCEPyB1oqeM2sVt3
qYgW0k4gkVB1NW/W1ZcDoAcG5qqt4GfoTeWO12t3IFY3vQOiwRxn+1Poq4OHSufZ
rjZRhb7TA6BaIlWuBsyGhu9GNrRJPfjMjEWGnH8YqZ/I1fZZkam7Z6mud0A8EufU
aAEJAhAx/pV+k19CprasjNM12QfEdZvQ66KDr+v29u9er80FM7xN1yWyteeiZG2Q
wFfw+PMRHsWImVn+wTgP00hX67E8uyjuVVQgCW+t+e5JHWg5LVdyksM4rSaZSJmK
d+5XwUu9H5RS
=RQ6l
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
version: 3.7.3
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment