admin/airflow3-kub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ingress for monitoring

Browse Source
This commit is contained in:
Mohand Ou Idir Belfares
2026-06-08 15:22:55 +02:00
parent ac13ae5515
commit cad03104f7
4 changed files with 105 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/deploy.yml
+43 -5
View File
@@ -35,13 +35,14 @@ jobs:
helm repo add apache-airflow https://airflow.apache.org
helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
helm repo update
- name: Deploy Nginx
if: ${{ inputs.service == 'all' || inputs.service == 'nginx' }}
run: |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
@@ -53,7 +54,7 @@ jobs:
helm upgrade --install airflow apache-airflow/airflow \
--namespace airflow \
--create-namespace \
--values helm/airflow/values.yaml \
--values helm/airflow/values.yaml
- name: Deploy Keycloak PostgreSQL
if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' || inputs.service == 'keycloak-db' }}
@@ -74,14 +75,51 @@ jobs:
--create-namespace \
--values helm/keycloak/values.yaml \
--wait
- name: Create monitoring namespace
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f -
- name: Create oauth2-proxy secrets
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
kubectl create secret generic oauth2-proxy-prometheus \
-n monitoring \
--from-literal=client-id=prometheus \
--from-literal=client-secret="${{ secrets.PROMETHEUS_CLIENT_SECRET }}" \
--from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic oauth2-proxy-alertmanager \
-n monitoring \
--from-literal=client-id=alertmanager \
--from-literal=client-secret="${{ secrets.ALERTMANAGER_CLIENT_SECRET }}" \
--from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
--dry-run=client -o yaml | kubectl apply -f -
- name: Deploy Monitoring
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install monitoring prometheus-community/kube-prometheus-stack \
--namespace monitoring \
--create-namespace \
--values helm/monitoring/values.yaml \
--wait
- name: Deploy oauth2-proxy Prometheus
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm upgrade --install oauth2-proxy-prometheus \
oauth2-proxy/oauth2-proxy \
--namespace monitoring \
-f helm/monitoring/oauth2-proxy-prometheus.yaml \
--wait
- name: Deploy oauth2-proxy Alertmanager
if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
run: |
helm upgrade --install oauth2-proxy-alertmanager \
oauth2-proxy/oauth2-proxy \
--namespace monitoring \
-f helm/monitoring/oauth2-proxy-alertmanager.yaml \
--wait
helm/monitoring/oauth2-proxy-alertmanager.yaml
+19
View File
@@ -0,0 +1,19 @@
config:
existingSecret: oauth2-proxy-alertmanager
extraArgs:
provider: oidc
oidc-issuer-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm"
email-domain: "*"
insecure-oidc-allow-unverified-email: "true"
upstream: "http://monitoring-kube-prometheus-alertmanager.monitoring.svc.cluster.local:9093"
ingress:
enabled: true
className: nginx
hosts:
- alertmanager.13.140.150.2.nip.io
path: /
pathType: Prefix
helm/monitoring/oauth2-proxy-prometheus.yaml
+19
View File
@@ -0,0 +1,19 @@
config:
existingSecret: oauth2-proxy-prometheus
extraArgs:
provider: oidc
oidc-issuer-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm"
email-domain: "*"
insecure-oidc-allow-unverified-email: "true"
upstream: "http://monitoring-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090"
ingress:
enabled: true
className: nginx
hosts:
- prometheus.13.140.150.2.nip.io
path: /
pathType: Prefix
helm/monitoring/values.yaml
+24 -10
View File
@@ -1,5 +1,28 @@
grafana:
enabled: true
grafana.ini:
server:
root_url: http://grafana.13.140.150.2.nip.io
auth:
disable_login_form: false
oauth_auto_login: false
auth.generic_oauth:
enabled: true
name: Keycloak
allow_sign_up: true
client_id: grafana
client_secret: kvULFcvaeWLYzivg1eJFYT9s0Nj674Qr
scopes: openid email profile
auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth
token_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/token
api_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/userinfo
email_attribute_path: email
login_attribute_path: preferred_username
name_attribute_path: full_name
ingress:
enabled: true
ingressClassName: nginx
@@ -8,19 +31,10 @@ grafana:
prometheus:
enabled: true
ingress:
enabled: true
ingressClassName: nginx
hosts:
- prometheus.13.140.150.2.nip.io
prometheusSpec:
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
alertmanager:
enabled: true
ingress:
enabled: true
ingressClassName: nginx
hosts:
- alertmanager.13.140.150.2.nip.io