Removed docker swarm config

Added K8S config With big refactor
2025-10-20 13:51:45 +02:00
parent fa62c0b817
commit 0938338b99
40 changed files with 1147 additions and 1675 deletions
--- a/deploy/k8s/api-logger.yml
+++ b/deploy/k8s/api-logger.yml
@@ -0,0 +1,432 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-logger-loki
+  namespace: egommerce
+  labels:
+    app: api-logger-loki
+spec:
+  type: NodePort
+  selector:
+    app: api-logger-loki
+  ports:
+  - protocol: TCP
+    port: 3100
+    nodePort: 31401
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-logger-loki
+  namespace: egommerce
+  labels:
+    app: api-logger-loki
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-logger-loki
+  template:
+    metadata:
+      labels:
+        app: api-logger-loki
+    spec:
+      containers:
+      - name: api-logger-loki
+        image: git.ego.freeddns.org/egommerce/api-logger-loki:dev
+        imagePullPolicy: Always
+        args:
+          - "-config.file=/etc/loki/loki.yaml"
+        ports:
+        - containerPort: 3100
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: api-logger-promtail-ac
+  namespace: egommerce
+  labels:
+    app: api-logger-promtail-ac
+  annotations: {}
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: api-logger-promtail
+  namespace: egommerce
+  labels:
+    app: api-logger-promtail
+spec:
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      app: api-logger-promtail
+  # updateStrategy:
+  #   type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: api-logger-promtail
+      annotations:
+        prometheus.io/port: http-metrics
+        prometheus.io/scrape: "true"
+    spec:
+      serviceAccountName: api-logger-promtail-ac
+      automountServiceAccountToken: true
+      containers:
+      - name: api-logger-promtail
+        image: git.ego.freeddns.org/egommerce/api-logger-promtail:dev
+        imagePullPolicy: Always
+        env:
+        - name: HOSTNAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              divisor: '1'
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              divisor: '1'
+              resource: limits.memory
+        ports:
+          - name: promtail-http
+            containerPort: 3101
+        resources:
+          limits:
+            cpu: 100m
+            memory: 512Mi
+          requests:
+            cpu: 50m
+            memory: 128Mi
+        livenessProbe:
+          httpGet:
+            path: /ready
+            port: promtail-http
+          initialDelaySeconds: 45
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: promtail-http
+          initialDelaySeconds: 45
+        volumeMounts:
+        # - name: api-logger-promtail-config
+        #   mountPath: /etc/promtail
+        - name: api-logger-promtail-run
+          mountPath: /run/promtail
+        - name: api-logger-promtail-varlog
+          mountPath: /var/log
+          readOnly: true
+        - name: api-logger-promtail-docker
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: api-logger-promtail-tmp
+          mountPath: /tmp
+          subPath: tmp
+          readOnly: false
+        securityContext:
+          privileged: true
+          readOnlyRootFilesystem: true
+          runAsUser: 0
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+              - ALL
+      terminationGracePeriodSeconds: 60
+      volumes:
+        - name: api-logger-promtail-run
+          hostPath:
+            path: /run/promtail
+        - name: api-logger-promtail-varlog
+          hostPath:
+            path: /var/log
+        - name: api-logger-promtail-docker
+          hostPath:
+            path: /var/lib/docker/containers
+        - name: api-logger-promtail-tmp
+          emptyDir:
+            sizeLimit: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: api-logger-prometheus-pv
+  namespace: egommerce
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: api-logger-prometheus-pv
+  hostPath:
+    path: "/home/keedosn/.egommerce/prometheus"  # Ensure this path exists on the node
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: api-logger-prometheus-pvc
+  namespace: egommerce
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: api-logger-prometheus-pv
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: api-logger-prometheus
+  namespace: egommerce
+  labels:
+    name: api-logger-prometheus
+  annotations: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-logger-prometheus
+  namespace: egommerce
+  labels:
+    app: api-logger-prometheus
+spec:
+  type: NodePort
+  selector:
+    app: api-logger-prometheus
+  ports:
+  - name: api-logger-prometheus
+    protocol: TCP
+    port: 9090
+    nodePort: 31402
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-logger-prometheus
+  namespace: egommerce
+  labels:
+    app: api-logger-prometheus
+spec:
+  # revisionHistoryLimit: 1
+  # replicas: 1
+  selector:
+    matchLabels:
+      app: api-logger-prometheus
+  template:
+    metadata:
+      labels:
+        app: api-logger-prometheus
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: prometheus-http
+    spec:
+      serviceAccountName: api-logger-prometheus
+      automountServiceAccountToken: true
+      securityContext:
+        runAsGroup: 10001
+        runAsUser: 10001
+        runAsNonRoot: true
+      containers:
+      - name: api-logger-prometheus
+        image: git.ego.freeddns.org/egommerce/api-logger-prometheus:dev
+        imagePullPolicy: Always
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                divisor: '1'
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                divisor: '1'
+                resource: limits.memory
+        args:
+          # - '--storage.tsdb.retention.time=15d'
+          - '--config.file=/etc/prometheus/prometheus.yml'
+          - '--storage.tsdb.path=/prometheus/data/'
+          # - '--web.console.libraries=/etc/prometheus/console_libraries'
+          # - '--web.console.templates=/etc/prometheus/consoles'
+          # - '--enable-feature=concurrent-rule-eval,promql-experimental-functions,exemplar-storage,promql-per-step-stats,native-histograms'
+          # - '--web.enable-remote-write-receiver'
+          # - '--web.enable-otlp-receiver'
+          # - '--web.enable-lifecycle'
+          - '--log.level=info'
+          # - '--log.format=json'
+        ports:
+          - name: prometheus-http
+            containerPort: 9090
+        # livenessProbe:
+        #   httpGet:
+        #     path: /-/healthy
+        #     port: prometheus-http
+        # readinessProbe:
+        #   httpGet:
+        #     path: /-/ready
+        #     port: prometheus-http
+        resources:
+          limits:
+            cpu: 150m
+            memory: 894Mi
+          requests:
+            cpu: 100m
+            memory: 512Mi
+        volumeMounts:
+          # - name: config-volume
+          #   mountPath: /etc/prometheus
+          # - name: config-volume
+          #   mountPath: /etc/config/alerting_rules.yml
+          #   subPath: alerting_rules.yml
+          - name: api-logger-prometheus-storage
+            mountPath: /prometheus/data
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: false #true DEFAULT !!!
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+              - ALL
+      volumes:
+        - name: api-logger-prometheus-storage
+          persistentVolumeClaim:
+            claimName: api-logger-prometheus-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-logger-grafana
+  namespace: egommerce
+  labels:
+    app: api-logger-grafana
+spec:
+  type: NodePort
+  selector:
+    app: api-logger-grafana
+  ports:
+  - name: api-logger-grafana-api
+    protocol: TCP
+    port: 3000
+    nodePort: 31400
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: api-logger-grafana-pv
+  namespace: egommerce
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: api-logger-grafana-pv
+  hostPath:
+    path: "/home/keedosn/.egommerce/grafana"  # Ensure this path exists on the node
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: api-logger-grafana-pvc
+  namespace: egommerce
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: api-logger-grafana-pv
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-logger-grafana
+  namespace: egommerce
+  labels:
+    app: api-logger-grafana
+spec:
+  revisionHistoryLimit: 1
+  replicas: 1
+  selector:
+    matchLabels:
+        app: api-logger-grafana
+  template:
+    metadata:
+      labels:
+        app: api-logger-grafana
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "3000"
+        filter.by.port.name: "true"
+    spec:
+      automountServiceAccountToken: false
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 65534
+        runAsUser: 65534
+      initContainers:
+        - name: curl
+          image: curlimages/curl:latest
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - |
+              which curl
+          volumeMounts:
+            - name: api-logger-grafana-storage
+              mountPath: /var/lib/grafana
+              subPath: grafana
+      containers:
+      - name: api-logger-grafana
+        image: git.ego.freeddns.org/egommerce/api-logger-grafana:dev
+        imagePullPolicy: Always
+        env:
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              divisor: '1'
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              divisor: '1'
+              resource: limits.memory
+        ports:
+        - containerPort: 3000
+        resources:
+          limits:
+            cpu: 100m
+            memory: 768Mi
+          requests:
+            cpu: 50m
+            memory: 512Mi
+        volumeMounts:
+          - name: api-logger-grafana-storage
+            mountPath: /var/lib/grafana
+            subPath: grafana
+          - name: api-logger-grafana-storage
+            mountPath: /var/lib/grafana/dashboards
+            subPath: dashboards
+          - name: api-logger-grafana-storage
+            mountPath: /tmp
+            subPath: tmp
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+              - ALL
+      volumes:
+        - name: api-logger-grafana-storage
+          persistentVolumeClaim:
+            claimName: api-logger-grafana-pvc