From 643959ea2ffaea701cf422d3ec2161f20f6aaa5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Limpinho?= <53994778+TomasLimpinho@users.noreply.github.com> Date: Thu, 30 Apr 2026 14:55:25 +0100 Subject: [PATCH] uptimekuma for kubernetes --- playbook.yml | 6 +- roles/mariadb/files/docker-secrets.yaml | 9 + roles/mariadb/files/mariadb-configmap.yaml | 10 + roles/mariadb/files/mariadb-namespace.yaml | 4 + roles/mariadb/files/mariadb-nfs-csi.yaml | 11 + roles/mariadb/files/mariadb-pvcs.yaml | 31 +++ roles/mariadb/files/mariadb-secret.yaml | 11 + roles/mariadb/files/mariadb-service.yaml | 13 + roles/mariadb/files/mariadb-statefulset.yaml | 50 ++++ roles/mariadb/tasks/main.yml | 52 ++++ roles/mariadb/vars/main.yml | 4 + roles/soulseek/files/teste.txt | Bin 44978 -> 0 bytes roles/soulseek/files/testeq.txt | Bin 33034 -> 0 bytes roles/uptime-kuma/files/docker-secrets.yaml | 9 + .../uptime-kuma-configmap-monitorsscript.yaml | 230 ++++++++++++++++++ .../files/uptime-kuma-cronjob-monitors.yaml | 41 ++++ .../files/uptime-kuma-deployment.yaml | 46 ++++ .../files/uptime-kuma-monitors-secret.yaml | 10 + .../files/uptime-kuma-namespace.yaml | 4 + .../files/uptime-kuma-nfs-csi.yaml | 12 + roles/uptime-kuma/files/uptime-kuma-pvcs.yaml | 32 +++ .../uptime-kuma/files/uptime-kuma-secret.yaml | 10 + .../files/uptime-kuma-service.yaml | 13 + .../uptime-kuma-serviceaccount-monitors.yaml | 27 ++ roles/uptime-kuma/tasks/main.yml | 53 ++++ roles/uptime-kuma/vars/main.yml | 4 + 26 files changed, 691 insertions(+), 1 deletion(-) create mode 100644 roles/mariadb/files/docker-secrets.yaml create mode 100644 roles/mariadb/files/mariadb-configmap.yaml create mode 100644 roles/mariadb/files/mariadb-namespace.yaml create mode 100644 roles/mariadb/files/mariadb-nfs-csi.yaml create mode 100644 roles/mariadb/files/mariadb-pvcs.yaml create mode 100644 roles/mariadb/files/mariadb-secret.yaml create mode 100644 roles/mariadb/files/mariadb-service.yaml create mode 100644 roles/mariadb/files/mariadb-statefulset.yaml create mode 100644 roles/mariadb/tasks/main.yml create mode 100644 roles/mariadb/vars/main.yml delete mode 100644 roles/soulseek/files/teste.txt delete mode 100644 roles/soulseek/files/testeq.txt create mode 100644 roles/uptime-kuma/files/docker-secrets.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-deployment.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-namespace.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-pvcs.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-secret.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-service.yaml create mode 100644 roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml create mode 100644 roles/uptime-kuma/tasks/main.yml create mode 100644 roles/uptime-kuma/vars/main.yml diff --git a/playbook.yml b/playbook.yml index 5b36899..d5c7e7d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -43,5 +43,9 @@ - mangareader - bookshelf - shelfarr + - minecraft - lidarr - - minecraft \ No newline at end of file + - soulseek + - soularr + - mariadb + - uptime-kuma \ No newline at end of file diff --git a/roles/mariadb/files/docker-secrets.yaml b/roles/mariadb/files/docker-secrets.yaml new file mode 100644 index 0000000..d0d046b --- /dev/null +++ b/roles/mariadb/files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: mariadb +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/mariadb/files/mariadb-configmap.yaml b/roles/mariadb/files/mariadb-configmap.yaml new file mode 100644 index 0000000..f35f14b --- /dev/null +++ b/roles/mariadb/files/mariadb-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-config + namespace: mariadb +data: + my.cnf: | + [mysqld] + innodb_use_native_aio=0 + innodb_flush_method=fsync \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-namespace.yaml b/roles/mariadb/files/mariadb-namespace.yaml new file mode 100644 index 0000000..ba7b930 --- /dev/null +++ b/roles/mariadb/files/mariadb-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb diff --git a/roles/mariadb/files/mariadb-nfs-csi.yaml b/roles/mariadb/files/mariadb-nfs-csi.yaml new file mode 100644 index 0000000..354084c --- /dev/null +++ b/roles/mariadb/files/mariadb-nfs-csi.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: mariadb-nfs-csi + namespace: mariadb +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-pvcs.yaml b/roles/mariadb/files/mariadb-pvcs.yaml new file mode 100644 index 0000000..199596a --- /dev/null +++ b/roles/mariadb/files/mariadb-pvcs.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mariadb-pv-0 + namespace: mariadb +spec: + capacity: + storage: 50Gi + storageClassName: mariadb-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-data-mariadb-statefulset-0 + namespace: mariadb +spec: + storageClassName: mariadb-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: mariadb-pv-0 + resources: + requests: + storage: 50Gi +--- + diff --git a/roles/mariadb/files/mariadb-secret.yaml b/roles/mariadb/files/mariadb-secret.yaml new file mode 100644 index 0000000..f7e26d7 --- /dev/null +++ b/roles/mariadb/files/mariadb-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret + namespace: mariadb +type: Opaque +data: + MARIADB_ROOT_PASSWORD: TUFSSUFEQl9ST09UX1BBU1NXT1JE + MARIADB_DATABASE: TUFSSUFEQl9EQVRBQkFTRQ== + MARIADB_USER: TUFSSUFEQl9VU0VS + MARIADB_PASSWORD: TUFSSUFEQl9QQVNTV09SRA== \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-service.yaml b/roles/mariadb/files/mariadb-service.yaml new file mode 100644 index 0000000..4075623 --- /dev/null +++ b/roles/mariadb/files/mariadb-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb-service + namespace: mariadb +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + app: mariadb-statefulset + type: LoadBalancer + loadBalancerIP: 10.240.0.102 \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-statefulset.yaml b/roles/mariadb/files/mariadb-statefulset.yaml new file mode 100644 index 0000000..0c84345 --- /dev/null +++ b/roles/mariadb/files/mariadb-statefulset.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mariadb-statefulset + namespace: mariadb +spec: + serviceName: "mariadb-statefulset" + replicas: 1 + selector: + matchLabels: + app: mariadb-statefulset + template: + metadata: + labels: + app: mariadb-statefulset + spec: + imagePullSecrets: + - name: regcred + containers: + - name: mariadb-statefulset + image: mariadb:11 + ports: + - containerPort: 3306 + envFrom: + - secretRef: + name: mariadb-secret + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb-data + - mountPath: /etc/mysql/conf.d/my.cnf + name: mariadb-config + subPath: my.cnf + volumes: + - name: mariadb-config + configMap: + name: mariadb-config + + volumeClaimTemplates: + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: mariadb-data + namespace: mariadb + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi + diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml new file mode 100644 index 0000000..2b15a9e --- /dev/null +++ b/roles/mariadb/tasks/main.yml @@ -0,0 +1,52 @@ +- name: Remover o diretório /tmp/mariadb/kubernetes-files + ansible.builtin.file: + path: /tmp/mariadb/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/mariadb/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/mariadb/kubernetes-files + owner: fenix + group: root + mode: '0644' + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/mariadb/kubernetes-files/files + register: resultado_ls + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/mariadb/kubernetes-files/files/docker-secrets.yaml" } + - { id: "iac.ansible.mariadb.secret", dest: "/tmp/mariadb/kubernetes-files/files/mariadb-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + +- name: Aplicar o mariadb + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/mariadb/kubernetes-files/files/mariadb-namespace.yaml + kubectl apply -f /tmp/mariadb/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config + diff --git a/roles/mariadb/vars/main.yml b/roles/mariadb/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/mariadb/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file diff --git a/roles/soulseek/files/teste.txt b/roles/soulseek/files/teste.txt deleted file mode 100644 index 6b87330866752462c396702a584ea7d86d923792..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 44978 zcmeI5OK%+4mB%aF0QnBRF(4xrN%1KP$b*t)TZk+XqUB&L7y@6C81rR5M9avR$b5yY zW-+^2&1R5A5@hd1KEZ5eHG_dMn8jrNzk7IGx2tYf-+r>mG#c!#uC6-wyzjZ^oLl_c z|NX2O?&~MTkB1ELXGM3It>SgDUz``a#hKm@i&j@0y2I?9FP&kwicgEpVn_J3ii=`T zSiaHGcg0_e|1AEc_^0BJ`nFZPYrwk>yCoQBdL0+1#l2!yuh*B5&jo9y*e;HW1D*X^ z;~o@uiuoG!I?Uc_uHG>!n81A&WP2zo4@GOMcq@LMi26NIip=-L<1?K*)jRw=*Dw3w z*nXcc=EQ~N;P@Ulix=6nAy*3&FT`$;E@f*_Q5|*Kb?8e^W>A z>k5PXIN)?%e4{f<0Rr!H8sko}5=MM2ybc4tdx8n%Zv<(%c&WcdL4rR1{<-+aAN_an zzq(>WS3}4B;;ATqR6Hp@F4lGYSg)5leq1~+9t!{G`sIPne=40fY|iwFcI=A!V;z|$ zYz6MLiZ#J%iAVdoieEQ{*G@R|MjSiS@sV^Cexjvtl&iOObfBXPLEQ>Ghto0E-xvR? z-=FC0Zh+_G|3YWKEB;pemp(rfpMZ6)cb6N#_o~V0dTj5r8nF)fRN4>EFZ8*sF^=>) zy~G+m|E2gJjeTF(ye|aqV=(+W+<7RRuz?xft_a;#i=oeBmTd8&8pH1YC5Pdn;%I)`_kjiEeBO@4KaUbQulgJ37witAOK$emM!cWFCfV zPA>h7!`u`!u6rj4txGuAkK0i@B(A~I7;|68hx&y7oHsi?)(CqV!+e)h*wR_90(bXw zh9&bGn^nAoSZb~{xYDZev8{T-wkK_Ye#S8J_ zNK!Eid0l*|bIiN11pQpl@n(L7%iTD7FHnnZA#<+Z)=^7;=*V30fsU~?emD8I%2U;eKL1&-KHdme|s&e%o{$EuBNVE)E%+zpdDB{vA|ow9VQ=QJv6GI6b#|Ye$c3| zbc6<%JaPI*g~^`0gyYaYa-F+#(sQ^yeq5Lf?n=t{^qLKGcK!wNSibvRi!bpH3&GlX z&)2~!m!4__r2V-(0yA2DlzG8l*54hy_bZE!Dms=L2g^GXFU{*RBfZs_GtzU$zSH;E z8={YuiAfx|Xxc%DPfny?_X6baitmfxD>D4P`19p^>j$2o5itb2xsPR;dAE97#S3(un8yHI3yuYI6?$8NI+-P2uxw*`l_K$CQB#L{cD+q_FLroZYvo&+yLgpb`HX+|qYE#qx|uWA@`2(+5d^RfK1 zY0T$=Q{^~S$Uf`&T;;!GGpsA&H8x`&CiYw@UN>R#QQ)tyU~E>5c}`Rb<*e?AXrXsj zM+Z7npOf2HF+h9yg9N)_R@H_Ffl6j-DBaWe`{G)&e48jWo)fvo{`qdPs@U+Z@-OpU zpD{{uH39(^x!RCv0f0gpYNDgZ!15K`w)v#sC@HN2qc+4q_t)t4fN6IvQ8dkDo zvv-1BV=c@V?e^?Y9BN9(i8af=m@BEftK1<~_5%OuslX_Kqd!wQpBc+Fy6Sa7?^K6s4^SL~g#dl=7$?se2S7sgYg5|n_ z+CaPi>JMtwTf|yRV6wguN0mInFQW!kYb!7Z4`oj0t*9WQl$kM$Hx=W_^ zsOvcJZ%1QUZW*u73`bUiG0jusVO!GKMd33i9?yy6Rs5?oyF|(2kh3(nWlp-Yl$$)w z{lLlXf*FsM&C>t7kfz zR}v{04?`^J+2=GTxUY);Bgwx#gVH>96E7Z1Z>Vav&+uq4u{au&!rbp_9yf)%-`U%E zZXr3|rpm1cvH-Fh=wI&qo1(cl-`QyvOYx+?*(-%3)ix~5Vz2JfsYY5G!R9SOv)nv> zniZ6i>aV>b z$vj<+kz!a?jY)Mhq+p~ZuyN_*sJfwdr8JlsTo2>ft&DE@m3pzwhgNlk|1lSv@Gc?Y z9ZJ4pJ)P#h*f&&p+8*7du!!%jazyWLc2t$XsOx#JV9i9QSK0kU34>d9cP9`&dXG?L{> ziL-3HUTCgr2i+&#y#sMEadZ26HYFRI8L&Mfj&@nbT3^M(vVLfY<$1^omw82tW$GEI zY9|METD&Gb8}NzyUdx+VKCwNkoYr5s$~f(H-&pTsYw3*&>H%QqF&^4Q1)vl3s(z+& zlxQ9_V|UiAWBTt|Nt0MgQX7FQUT^D1bBUhdR(n>kDibWiH8if!L3IkRr|QO_(`xYTPN1b*@+GXctmltN%V!=w%aSUubzRbjMV5n#!m4<|Ts|x+trvqHOtaL(khk*4!|HFhL>n{^ zae2?A_41Dvi zB2lYZct2jQF6U5SyF_MXN2~{IWlWD8)>+oM%f2vVFwF61#kVbucPQV=IwZCzi<=y$ z7#mw(9Eexvy5o*~p0D|GtSg5v{o^%S?zlhnOl*of)*Vfa6%TLU7UTu3LmH2S{sD=V z5|L1=_-T()E%#l#5UjXoFg1%44SNQ|^EQ?b#G=XHl=M*D!Sb!%7DuZyI{%5TC2qDn z2=f_!Hol(hA!E_a#SCM4llrLE$5d(+u*lzFpX>_2Ld^y^7vo`FA@I$jr8t*G^^Dot zvz}NEmhR_$Rwz464BK7BEpU<83LDGs@Xpa@%a8a<)j4h%Ds+LF%4Xn`9`(Q@A?D?} z9>o5ec;;Jir_B3ph*ICTWd4R(fUYz0PR57+t*LWY3mQu7i?`;T+8XltM&F1Wsdn4l zt`n>mtd|viLhfG)L-zRKu}pu7x$syPCsXsx#eJnV(=_95ei1$z?jE7@9j?WDRJ>Ek zDROM9^s>tc31N>uI;){o`PTmF*bzpjVW#)GHMo1eFmIjXRk|F{Ugu#CD?L(URue~fwi^VC$Lm?-!y3nZlFvZZJ+!Rd%2>$OZ)WdQ zmFN$}{w=;r=j&KOmE+lbTUM9()nYJaXCPP)3Ep`xVA?)9*E2F%6>_k2%L0L}DY6dq z?6967Qm)^L54Ks-tDk-bDzj4iptE+)P^s%dBDt<&B-7%dX zDyHe4icT2jMFmR=*9j->v49hx3qKJvWsN%o+!)M(psITK0FM^55rZ@bRW4ks;e9N?S6m=SIJ;L z4;jm+x_cNh!y1Y7E%RzSf4awJ&aK$1l(7!0AMBSn#=8qxIeE7SJ)XzGwz^$eX5q^H z^0opdlJ)K<`htloeQj9HJKa)Lb0ELNb3A;Vi03Q&eJnykCicQJuE^$(q-Wm>@*5p5 z>5h3}PT%Oa`ei}a9O!RHaF+Cr$2b+ut2(=+t9bSZSupnIEGRPshxZjHtmxM_As!+U zWR4=H!h5j}nb94rmS%JftEXKZ;f08`@V~ZBfq!^5YFzQIbjy-1gb0h7;&$=#%d1lS zYKO}=Tl3*h%XOWvajomso{-YZYVPLh%JtR~vTQ`{^HVJec9gP^VR)2LXvu}7b}Uar z)b>uE=dC=0MF9JvVNUOF6nl)quK=CO;nc4X#a*Y_XPjEXQ}w8JO||5@X~}}tD_==+$MPVo zCw8x59h1tHs%>p=n1(Cx{O!#P6r~-HR-L}IFHIvcN-6a z1vL@x)utLy@5mi3x4c?d-&rxP&Xjr0`=$#EeO1|;{ZqPkdU+(h)1#GC-S*o&4Tuds>F~P7~D+qj%c57uUe+cvoYRY40@M z8}w9rU3pl&(=Lx@A3Xft>AZ0tiC*9PGRofR6gJ)gOn(#qmBTwR-i4WGa(btUy1tNR z#1g#vn1KIHK}6WkoApy8rTmU+qsDg5#Itdk_n7v%GUxQt=h|EM=vDN$_ScD< zYa8`_Sfw^y*FM+SPU1PXr0lx(xpt?l_deG=nD+Fv+-zzmnB&W)cEX_h%H^hIQ}a17 zIoZ^FoUbOEntpZzk@G@N`P6(mN10C@6pQZp)baBxm4jq=9=n0o73Z>_bF|NI=vN!+ zYs0$Fn$#?$X;Kaaqsc<%k6+KTS>(vGd~HRSdPYINPjDCqUbzupj&$nW$*W(1 zc%uEFS;&}s@w%sO7t<`{IG*4T%Oj4j>+%?G7BYX_abzJoVbh!~nv5)@;a-34Kr`-> znd##HU6bjGJwv(Dn`T6&84=r?oHswZHpPCe)TZm45oxCEI%h-imKL?(H3jyfYU2p0WjLC|PpisQwPr@^^|xWa4V4m}jb%?0o6$FWs`|d}q@LN!vjwPj zvK#p7cVxvDaq}e1b8N;fTlRYMB&)06zk9P~>-%?`B|KcKT@HN;%U8Zf;bu#=o7E0i zro_!F^2JxZ@8o97G|yTGd0LOnr&qs!=w{2Yn{5sv!DU57s}r!NG?rkTsj07J({;eP zG1dVGi|L!Go8&rR-uh{Db-=vw>y@ri*8xY3S8kp&ClgfXPA_%9xC%JK1U<&tfcSkR(pL;2EnfsHo=`P26 z&>x+<7s2$g-rdkFiAk+#)@!p@FBSVgMMx@tPlZY4>UW6Lb&UKT&&^)as}~((KSQ;K zG6}NbIkD{dTkVUQct$Pjozv?1w0ho4^*m)8r8ZsX>UlF|*SUJ$Oj&=`^X@Qvub!u1 zj<l>+TxlBRvv?xXf%o)JMqMij304k#Fv1t zz={PsR%{RpKaKD<&OPVc^S-Cb|M~a# z!e~F=3Ev(u#P5Z{Fni%y*a^pBGaTu6FZ2fDFc@ZczMKuS7w(29;i>TJg_E!?ET3!d z%kby$xA5!m%kX>swH`iiz`G8+Cm2WiybOn7DNO0}>=g2`U|kCvVL$BZ=w}*tH_U|D z8uU8M?lf2L7#B?7-j8#;Co1-4;wBzZRtV@QJ>CL4rQMzY0J9)<43(bj1T*4IMYb zJyE_AR>S*YP5XEB`9%A7!lQ6o_&?H_TRMJMGH=)%X^V7hiu#w@Gf7yF-06j7!Rm=e zJGzRqPlVUgc;vY_cBK7%$te6pO5rG1Z)k5?!VztQxZeEc8i z=$GL?;qThMD?S11Sie4RobM{h$a<>pQyQ@j`B2gi&rh`7&=~vr9G+qgpZ^s8sj+Vg zn`gnW{6+Y!jzGhSwp-dl|FNWOGhT6iJi+o%5RuYm?EVmb{8mphyek}#V=(+I-nl27 z(1B|@w;|l02-_cO>sPw&yFC3N{7jHO(3mCYx+R>CMIX}Y zS72?o;?+p_lKz5g$n8PAenWdbeUbC&@Q(K3CFf5f2YS-pX>njy8fsf?1J^wfHOTL? zC|_vLigYt~eP4GMItG^5lAUPlUkUCg`G7{Fr#l+asDe^70Iuvr>R)KD%oC@7T$pT2 z3LJ;>$aU^cOGe=K#p8mmFKCvR^qGn_d3YSQ#Az%BQnaHFGK%$oBFkyB@Jv$0r|lRw zYFf}dhFM_j%!WSLnnTSx`hnyPKPsLTU4A0T-;8u^L`u;b_sVtKjLkiG82EneYu4y3X8Ep*$wQwn2P3YJCx%ZMqOUydKJ4|7r5`E4(Q)w#K+5t!`{ zWf4}hqs$8ayuLH~9hQ>!Dl(R%2F*Jy_@fim$lC~TD&w=D? zDMJ1-d=-8n&;M2UbmvP+#=hv-j*@W@$8Lhv1anoq z!51>~z}*&Hv;V25aNG4H(WMmIrV-$jOFmq}18)irl$!=LbHZW!wuv)G(PtYqM0UvF zD{c2mymd&v%|X1cd&wotcf%dLN>9Av$dM=_F52k~cTM*n=zjA+2hl#F=WaQGZk`dY zINy+to@hgYb9_%J`KlssRb5Qsj$%GcUh@*WCJOdNEk1c)bV0=V6Y>OPrBtk6K9eez}o2Vqu~ zhFg(JaI(w<+fcRXRbDqyYCK1(Q~SIS78M&VD8HT^FpnwhDz0mSNi=j4={Ko(9Ow8* z@k~m2&NAlg$=QC)X>J3l9*bC%kYdyX&w0kI=jmy>yFFK$p?qETsctE-ZZ^kcJb0LL z-UpwoRybXn^(OkP{?t<*T8{9LDBxj5vG`}rSydK4l*Sw=C!i`pO_2H@I*crszbMJx<9yL_^d^{wUi~uaC?2BWJmhLU-n0?MOLVFt8&3aXO zyHQb$k(0xBl}A31OgBeRxjP@pQdxXQ#7_OzVn5!fMDxRZ)4~D6Z!|2j=78<3=Lfm_sM5WPvfGnK*dI6!{Cldg@Et@} z*i-T%iyO>RV_|!e*?z1d?n+wAc?x(`Y4#bVibKuP;M%H2^DH-6nwyc68v&0;WKOMV zBjQWFJWs%)i=)s z^72x}e?@a%uAnrJ-NcJKk{ed7${rpGCKgBHbC~;G&Ew`|%WHkj1v)F6!>{KJI2fE)Y99EmhPLn~IO{;Pc?PZPf zhN2?YBKYDV7f(NfEapRDdl0L($RW2I3kF*U;$q_F zaz2}z8}kh49uY@*E>o$m;$c-kbj#{IRE3MWqQx@x3RHEao^@KRCTsHWiThX&vwC8= zs+^Z!xXL)?b>CF(Q*G%+1?vG|=P@4AMRoNo=vDd5)hLlXXh!d>8^dC6k40?8ax?WH za>du%hLK#NC%9Fv3RdR?nRE#~)Li%q9aQJ=x)<}2WkD`h)4I#GRmgpPlIr-1>f`3= z@{(NTb``?=SqM1_)-)rw8oQx6vDN$T6xe-dN&Z>2SJvfHd1{NFWg@J^(8~k1bn~nU zdw2%aG@48`xz4vb^=0VT>tjLm5vpFTNyE0K)2VK=pVHfW?@L8FL>Q@cIqU8!UAfrA zWw?6nhf(Ie3+XJ~N^z}1sQaQKt7y~PQe8Rzf9-8)!v~94JvJ^ZYO&tpQL$~OPW|9; z^MFQEhe$g(%GQAxnk<%HIa`Y%zg>^M;z+uA-u@1!&?x?Y>2j(|LK@i@@hJSDx>1da zEQTGFCk-bP-uqXM=fEU?rU}Exve-*nZz{)Z!{L>a)j~F1V?4??yG%q=bRnEqR?FQ6 zaHP6Il6JiGN}aD)qaJw_aW&5Bo;2yTdS`dFrB9U=tq1zt(cYCeukJdA5=kBTxa!SX3q`bhp3hm6YdM%d~f7mMEaC1@T1X8*#TSB%)?qQLi zdmXE&Ik%if`j6-zp4as^^j(%8rqji7dPn<4FUP0@SOn?ktNqPsKV@CR>NwjP%G7DM z0k``fs&Lq*KRa}mYUNow8NFF!F|Hds1ZK$&~ zSUQkCiBjx6!&FH)$}Cj7_@Nk24c%8_w?FGvZ^vs_#gB9i8rfl1ZRNsxK`pOrBS~#2 zuxA0Lq)lW6mLH?7=xDLpP3MfQU!$pQ^{LJHQ{vltv<_4HC3nF3nO0f!8CgEBVT_6|!{aqx?zmO-dTfq6-Xm@GUi*vHLhF;pDj|PBB3~jN>V@xioYfyo zUhclj|Wv8o_CZ9P~<8FW!oEY=h}s@;@*=ZOT1p3NuX)v&ec z_0$j52=69Pyme6yG-t!S}^hR^oeCz^w% z`*HUSMW2abyQ$~}4I{!r$J+OKx6v}Il6b!A9Je|Z{KZ?DA3o?P2ObaMo!v$ha*$eZ z^!f{Nr>Oot5T*WfirE|d0KI2apNtQ~Ytz}iEl4O4FxHx1R@j)I*ZPb2ku`6-+hu~R z!8%%zC+7WyFzo4CESAYHkrx)rqGeV-+v2`h^P|nUn_YyDhP%h<{0-OACsn*($tiMd ztMt;v%nYHAJ~}zkqHOE%bUYPChtb#j>NU7~)v#T*<7;(oEPI`k1qS9vpGNKU=hu*V z=VBhiBHpk*2b*(r-{9r?BhEAP1-|}F9kC_0(eb3t%=q5vh-5lFR$HV-X{#p%huh*r zr_M)$nCf*tS4E4MlWA?=kMTIYqdYAzC9NoGg?M%M?I+@z$M-ztcvJV9_E>g1BU!P& zo$JD5R%fA_XDE60fexa%@XlMmYpq*Env+M3t;mv@%yyz?PQ0BwYUX4k$h_t{Q)AD| zPL`x0|JO7#P}N1!=5*gA&JA?|YcU zTzXe(CRcChQ0=BS{ZlKDW=BOdOvGSW1N8y-=N`S0uaJ*f9FFHBFY`RYDrDv>S(l~5 z8sBNTNxtH}q$`T?ELJV*;heSng~%2N)`dl6vmG%lkIwasOkI*y4EoK1z_Se0?dWt|0>jQ75bQO0Jv2SXhwQ{2M!5Get6vN!= zVbR%i7N+eYYL}+eLl)A++X(&={wkWuqsT@)PNPEH=G`9ECw#8P>e`FQU5g>t1&2%l zS)Gcq_?fnOY2(cTZEHi#l)bC!J8x9Dr>Yd|0&9vcSGBhse^+8%pZ8d>`oF5G_U(A2 z7k;8^AL-}^y7I$#{=R;x&)dChAIA4$+>Xa?$E)t^KC0F9Cp=Kxdox0WtE>S$(j6<> zTWy&IHB*K*k|o>Pg*`hrIInS-sZ}ZR1S$vUFFAns=TLR93JLkjQ;mmi4Z5mRr35m})357JprPUdx$YSs3N;`CkF9o}@}H5M#i(J^P)1#?1`WJmI6L&5S|b`R&UX;jkEH#$(mh6_Ahc3s$C4c|Y# zD#xiZT>i3336`{|hInPjI>znoFdvh2xtEJ|OJf+l_;Yr`t@j4aTCEX6ovg=d#|F6vTN#wjb~@H=SvK16h-8`J*{`l^2@LaYzZZF?`RZl#EkK#%ED3E=HkN!rSB)FJ&c0ao;@evo3%0 zQt>OjB+s?oQsjCfFEkFj!n3njmP@4W-;Xs0h_r6KQ|?5K8A5z576K=kO% zi%)Zxc4e$SXdF@PMS36Bl6l9%rS}=9_Zf$jTx^ECC@GmNTavHP7i%xJ)-!z7|6=>~ zy^@$xRqyS(r>K94=f^t%4;+NGE0=u5|53r}cGK8i~?|@6vbvr7OmR zJ@{ppKD`cf@B3QpsJirhKAQD>^j-Sx#$6G;{+!h~yYzF|c&|C#K>U{v?_2mhdY;MY z(x)<7wbaeHPiB{Xjt=h|sz0TCQT^Slj}sU2-*vilb`m>QXJrzo!K&Yo#B`%&wnj_Q z<>P%TSjFg$Na&Gs$z=FltGboET>>URE;uAs@A z4SO<}b+B%osn>Nq)TBPN=)Sw`<-}85_Hx?$-v;;axiqB_Kp{=vV-*9^~t#o(IZD7iI>&*e}Vv1bkEJI2=a?CtB%6X+eM3clDnQy|V* z(s#NRXVk*ZF&uHQCFG?&vGJ<@reSx%zyJvZC8%-0@d*&&H;? zDmn=jUB`VAYljx$@J6t<)hefE5^HZfCudQ6+b8y&8mqmf+SM#q7h7%b$EQL63(NT@ ABLDyZ diff --git a/roles/uptime-kuma/files/docker-secrets.yaml b/roles/uptime-kuma/files/docker-secrets.yaml new file mode 100644 index 0000000..3911417 --- /dev/null +++ b/roles/uptime-kuma/files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: monitoring +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml b/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml new file mode 100644 index 0000000..b615e3c --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml @@ -0,0 +1,230 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: uptime-kuma-sync-script + namespace: monitoring +data: + sync.py: | + import subprocess + import sys + import time + import inspect + import types + + subprocess.run([sys.executable, "-m", "pip", "install", "uptime-kuma-api-v2", "--quiet"], check=True) + + subprocess.run([ + "bash", "-c", + "curl -LO https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl && " + "chmod +x kubectl && mv kubectl /usr/local/bin/kubectl" + ], check=True) + + from uptime_kuma_api import UptimeKumaApi, MonitorType + import os + + # ============================================================ + # CONFIGURAÇÃO + # ============================================================ + NOTIFICATION_IDS = [1] + FIXED_TAGS = ["k8s", "IAC"] + STATUS_PAGE_SLUG = "fenix" + STATUS_PAGE_TITLE = "Fenix IAC" + # ============================================================ + + UPTIME_KUMA_URL = os.environ["UPTIME_KUMA_URL"] + USERNAME = os.environ["USERNAME"] + PASSWORD = os.environ["PASSWORD"] + + print("==> A autenticar no Uptime Kuma...") + api = UptimeKumaApi(UPTIME_KUMA_URL) + api.login(USERNAME, PASSWORD) + print("==> Autenticado com sucesso") + + # ── Monkey-patch _build_status_page_data ───────────────────── + original_build = api._build_status_page_data.__func__ + + def patched_build(self, **kwargs): + result = original_build(self, **kwargs) + print(f" [DEBUG] type(result): {type(result)}") + print(f" [DEBUG] result: {result}") + slug, data, icon, public_group_list = result + data.pop("googleAnalyticsId", None) + return (slug, data, icon, public_group_list) + + api._build_status_page_data = types.MethodType(patched_build, api) + print("==> Patch aplicado ao _build_status_page_data") + + # ── Tags ───────────────────────────────────────────────────── + print("==> A sincronizar tags...") + existing_tags = {t["name"]: t["id"] for t in api.get_tags()} + + def ensure_tag(name, color="#0099ff"): + if name not in existing_tags: + print(f" [TAG] A criar tag '{name}'...") + result = api.add_tag(name=name, color=color) + existing_tags[name] = result["id"] + return existing_tags[name] + + ensure_tag("k8s", color="#326CE5") + ensure_tag("IAC", color="#7B42BC") + + # ── Monitores existentes ────────────────────────────────────── + print("==> A obter monitores existentes...") + existing_monitors = api.get_monitors() + existing_names = {m["name"] for m in existing_monitors} + print(f" {len(existing_names)} monitores existentes") + + # ── Garantir grupo fenix ────────────────────────────────────── + print("==> A verificar grupo 'fenix'...") + fenix_group_id = None + for m in existing_monitors: + if m["name"] == "fenix" and m["type"] == "group": + fenix_group_id = m["id"] + print(f" [OK] Grupo 'fenix' já existe (ID: {fenix_group_id})") + break + + if fenix_group_id is None: + print(" [CRIAR] A criar grupo 'fenix'...") + group = api.add_monitor(type=MonitorType.GROUP, name="fenix") + fenix_group_id = group["monitorID"] + print(f" [OK] Grupo 'fenix' criado (ID: {fenix_group_id})") + + # ── Services do cluster ─────────────────────────────────────── + print("==> A listar Services do cluster...") + result = subprocess.run( + [ + "kubectl", "get", "svc", "-A", "--no-headers", + "-o", "custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,PORT:.spec.ports[0].port,TYPE:.spec.type" + ], + capture_output=True, text=True + ) + + services = [] + for line in result.stdout.strip().split("\n"): + parts = line.split() + if len(parts) < 3: + continue + namespace, name, port = parts[0], parts[1], parts[2] + if name == "kubernetes" or port == "": + continue + services.append((namespace, name, port)) + + print(f" {len(services)} services encontrados") + + # ── Criar monitores ─────────────────────────────────────────── + created = 0 + skipped = 0 + + for namespace, name, port in services: + monitor_name = f"{namespace}/{name}" + hostname = f"{name}.{namespace}.svc.cluster.local" + + if monitor_name in existing_names: + print(f" [SKIP] {monitor_name}") + skipped += 1 + continue + + print(f" [CRIAR] {monitor_name} ({hostname}:{port})") + try: + ensure_tag(namespace, color="#10B981") + + monitor = api.add_monitor( + type=MonitorType.PORT, + name=monitor_name, + hostname=hostname, + port=int(port), + interval=60, + retryInterval=60, + maxretries=3, + parent=fenix_group_id, + notificationIDList={str(nid): True for nid in NOTIFICATION_IDS}, + ) + + monitor_id = monitor["monitorID"] + + api.add_monitor_tag(tag_id=existing_tags["k8s"], monitor_id=monitor_id) + api.add_monitor_tag(tag_id=existing_tags["IAC"], monitor_id=monitor_id) + api.add_monitor_tag(tag_id=existing_tags[namespace], monitor_id=monitor_id) + + print(f" [OK] {monitor_name} criado com tags e notificações") + created += 1 + + except Exception as e: + print(f" [ERRO] {monitor_name}: {e}") + + # ── Refrescar lista de monitores após criação ───────────────── + existing_monitors = api.get_monitors() + + # ── Status Page ─────────────────────────────────────────────── + print("==> A atualizar status page...") + + try: + existing_pages = api.get_status_pages() + page_exists = any(p["slug"] == STATUS_PAGE_SLUG for p in existing_pages) + + if not page_exists: + print(f" [CRIAR] A criar status page '{STATUS_PAGE_SLUG}'...") + api.add_status_page(STATUS_PAGE_SLUG, STATUS_PAGE_TITLE) + time.sleep(5) + print(f" [OK] Status page criada") + + current = api.get_status_page(STATUS_PAGE_SLUG) + + all_fenix_monitor_ids = [m["id"] for m in existing_monitors if m.get("parent") == fenix_group_id] + + existing_in_page = [] + for group in current.get("publicGroupList", []): + for mon in group.get("monitorList", []): + existing_in_page.append(mon["id"]) + + missing_ids = [mid for mid in all_fenix_monitor_ids if mid not in existing_in_page] + + print(f" [DEBUG] all_fenix_monitor_ids: {all_fenix_monitor_ids}") + print(f" [DEBUG] missing_ids: {missing_ids}") + + if not missing_ids: + print(f" [SKIP] Todos os monitores já estão na status page") + else: + public_group_list = current.get("publicGroupList", []) + + if public_group_list: + for mid in missing_ids: + public_group_list[0]["monitorList"].append({"id": mid}) + else: + public_group_list = [ + { + "name": "Fenix IAC K8s", + "weight": 1, + "monitorList": [{"id": mid} for mid in all_fenix_monitor_ids], + } + ] + + print(f" [DEBUG] publicGroupList: {public_group_list}") + + api.save_status_page( + slug=STATUS_PAGE_SLUG, + id=current["id"], + title=current.get("title", STATUS_PAGE_TITLE), + description=current.get("description"), + theme=current.get("theme", "auto"), + published=current.get("published", True), + showTags=current.get("showTags", True), + domainNameList=current.get("domainNameList", []), + customCSS=current.get("customCSS") or "", + footerText=current.get("footerText"), + showPoweredBy=current.get("showPoweredBy", True), + showCertificateExpiry=current.get("showCertificateExpiry", False), + icon=current.get("icon", "/icon.svg"), + publicGroupList=public_group_list, + ) + + print(f" [OK] Status page atualizada — {len(missing_ids)} monitores adicionados") + print(f" URL: {UPTIME_KUMA_URL}/status/{STATUS_PAGE_SLUG}") + + except Exception as e: + print(f" [ERRO] Status page: {e}") + import traceback + traceback.print_exc() + + print(f"==> Sync concluído — {created} criados, {skipped} ignorados") + api.disconnect() \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml b/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml new file mode 100644 index 0000000..cfb7234 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: uptime-kuma-sync + namespace: monitoring +spec: + schedule: "0 * * * *" # cada hora + jobTemplate: + spec: + template: + spec: + serviceAccountName: uptime-kuma-sync + restartPolicy: OnFailure + containers: + - name: sync + image: python:3.12-slim + command: ["bash", "-c", "apt-get update -q && apt-get install -y -q curl && curl -LO https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/ && python /scripts/sync.py"] + env: + - name: USERNAME + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: USERNAME + - name: PASSWORD + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: PASSWORD + - name: UPTIME_KUMA_URL + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: UPTIME_KUMA_URL + volumeMounts: + - name: script + mountPath: /scripts + volumes: + - name: script + configMap: + name: uptime-kuma-sync-script + defaultMode: 0755 \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-deployment.yaml b/roles/uptime-kuma/files/uptime-kuma-deployment.yaml new file mode 100644 index 0000000..ee40830 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: uptime-kuma + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + app: uptime-kuma + strategy: + type: Recreate # necessário — SQLite não suporta múltiplas réplicas + template: + metadata: + labels: + app: uptime-kuma + spec: + imagePullSecrets: + - name: regcred + containers: + - name: uptime-kuma + image: louislam/uptime-kuma:2.2.1 + ports: + - containerPort: 3001 + name: http + env: + - name: UPTIME_KUMA_DB_TYPE + value: mariadb + - name: UPTIME_KUMA_DB_HOSTNAME + value: "mariadb-service.mariadb.svc.cluster.local" + - name: UPTIME_KUMA_DB_PORT + value: "3306" + envFrom: + - secretRef: + name: uptime-kuma-mariadb-secret + volumeMounts: + - name: data + mountPath: /app/data + volumes: + - name: data + persistentVolumeClaim: + claimName: uptime-kuma-data-pvc + + + + diff --git a/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml b/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml new file mode 100644 index 0000000..e6a17b3 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uptime-kuma-api-secret + namespace: monitoring +type: Opaque +data: + USERNAME: VVNFUk5BTUU= + PASSWORD: UEFTU1dPUkQ= + UPTIME_KUMA_URL: VVBUSU1FX0tVTUFfVVJM diff --git a/roles/uptime-kuma/files/uptime-kuma-namespace.yaml b/roles/uptime-kuma/files/uptime-kuma-namespace.yaml new file mode 100644 index 0000000..d325236 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring diff --git a/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml b/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml new file mode 100644 index 0000000..4dc41ab --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: uptime-kuma-nfs-csi + namespace: monitoring +provisioner: nfs.csi.k8s.io +parameters: + mountOptions: "nolock,soft,intr" + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/uptime-kuma/data +allowVolumeExpansion: true +reclaimPolicy: Retain diff --git a/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml b/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml new file mode 100644 index 0000000..de8031e --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: uptime-kuma-data-pv + namespace: monitoring +spec: + capacity: + storage: 60Gi + storageClassName: uptime-kuma-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + mountOptions: + - nolock + - nfsvers=3 + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/uptime-kuma/data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: uptime-kuma-data-pvc + namespace: monitoring +spec: + storageClassName: uptime-kuma-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: uptime-kuma-data-pv + resources: + requests: + storage: 60Gi \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-secret.yaml b/roles/uptime-kuma/files/uptime-kuma-secret.yaml new file mode 100644 index 0000000..5da44bc --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uptime-kuma-mariadb-secret + namespace: monitoring +type: Opaque +data: + UPTIME_KUMA_DB_NAME: TUFSSUFEQl9EQVRBQkFTRQ== + UPTIME_KUMA_DB_USERNAME: TUFSSUFEQl9VU0VS + UPTIME_KUMA_DB_PASSWORD: TUFSSUFEQl9QQVNTV09SRA== \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-service.yaml b/roles/uptime-kuma/files/uptime-kuma-service.yaml new file mode 100644 index 0000000..0054415 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: uptime-kuma + namespace: monitoring +spec: + selector: + app: uptime-kuma + ports: + - port: 3001 + targetPort: http + name: http + type: ClusterIP \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml b/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml new file mode 100644 index 0000000..64b1d79 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: uptime-kuma-sync + namespace: monitoring +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: uptime-kuma-sync +rules: + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: uptime-kuma-sync +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: uptime-kuma-sync +subjects: + - kind: ServiceAccount + name: uptime-kuma-sync + namespace: monitoring \ No newline at end of file diff --git a/roles/uptime-kuma/tasks/main.yml b/roles/uptime-kuma/tasks/main.yml new file mode 100644 index 0000000..41cba67 --- /dev/null +++ b/roles/uptime-kuma/tasks/main.yml @@ -0,0 +1,53 @@ +- name: Remover o diretório /tmp/monitoring/uptime-kuma/kubernetes-files + ansible.builtin.file: + path: /tmp/monitoring/uptime-kuma/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/monitoring/uptime-kuma/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/monitoring/uptime-kuma/kubernetes-files + owner: fenix + group: root + mode: '0644' + + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/monitoring/uptime-kuma/kubernetes-files/files + register: resultado_ls + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/monitoring/uptime-kuma/files/docker-secrets.yaml" } + - { id: "iac.ansible.uptimekuma.mariadbsecret", dest: "/tmp/monitoring/uptime-kuma/files/uptime-kuma-secret.yaml" } + - { id: "iac.ansible.uptimekuma.monitorssecret", dest: "/tmp/monitoring/uptime-kuma/files/uptime-kuma-monitors-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/monitoring/uptime-kuma/kubernetes-files/files/uptime-kuma-namespace.yaml + kubectl apply -f /tmp/monitoring/uptime-kuma/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/uptime-kuma/vars/main.yml b/roles/uptime-kuma/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/uptime-kuma/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file