diff --git a/argocd/kafka-demo-app.yml b/argocd/kafka-demo-app.yml new file mode 100644 index 0000000..5999c89 --- /dev/null +++ b/argocd/kafka-demo-app.yml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kafka-demo + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DEIN-REPO/devops-infra.git + targetRevision: main + path: kafka-demo + destination: + server: https://kubernetes.default.svc + namespace: kafka-demo + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/monitoring-logging-app.yml b/argocd/monitoring-logging-app.yml new file mode 100644 index 0000000..29a5c99 --- /dev/null +++ b/argocd/monitoring-logging-app.yml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: monitoring-logging + namespace: argocd +spec: + project: default + source: + repoURL: https://grafana.github.io/helm-charts + targetRevision: main + chart: loki-stack + helm: + releaseName: loki-stack + destination: + server: https://kubernetes.default.svc + namespace: monitoring-logging + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/platform-root.yml b/argocd/platform-root.yml new file mode 100644 index 0000000..1747342 --- /dev/null +++ b/argocd/platform-root.yml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: platform-root + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DEIN-REPO/devops-infra.git + targetRevision: main + path: argocd + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argocd/prometheus-app.yml b/argocd/prometheus-app.yml new file mode 100644 index 0000000..7702746 --- /dev/null +++ b/argocd/prometheus-app.yml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prometheus + namespace: argocd +spec: + project: default + source: + repoURL: https://prometheus-community.github.io/helm-charts + targetRevision: main + chart: kube-prometheus-stack + helm: + releaseName: prometheus-stack + valueFiles: + - prometheus/prometheus-values.yml + destination: + server: https://kubernetes.default.svc + namespace: prometheus + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/strimzi-operator-app.yml b/argocd/strimzi-operator-app.yml new file mode 100644 index 0000000..726c789 --- /dev/null +++ b/argocd/strimzi-operator-app.yml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: strimzi-operator + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DEIN-REPO/devops-infra.git + targetRevision: main + path: strimzi-operator + destination: + server: https://kubernetes.default.svc + namespace: strimzi-operator + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/kafka-demo/kafka-demo.yml b/kafka-demo/kafka-demo.yml new file mode 100644 index 0000000..b3f340c --- /dev/null +++ b/kafka-demo/kafka-demo.yml @@ -0,0 +1,23 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: Kafka +metadata: + name: kafka-demo + namespace: kafka-demo +spec: + kafka: + version: 4.1.1 + replicas: 1 + listeners: + - name: plain + port: 9092 + type: internal + tls: false + - name: external + port: 9094 + type: nodeport + tls: false + storage: + type: ephemeral + entityOperator: + topicOperator: {} + userOperator: {} diff --git a/kafka-demo/namespace.yml b/kafka-demo/namespace.yml new file mode 100644 index 0000000..73ae82e --- /dev/null +++ b/kafka-demo/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kafka-demo diff --git a/kafka-demo/topics/topic-orders.yml b/kafka-demo/topics/topic-orders.yml new file mode 100644 index 0000000..31fa819 --- /dev/null +++ b/kafka-demo/topics/topic-orders.yml @@ -0,0 +1,10 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: orders + namespace: kafka-demo + labels: + strimzi.io/cluster: kafka-demo +spec: + partitions: 3 + replicas: 1 diff --git a/kafka-demo/topics/topic-payments.yml b/kafka-demo/topics/topic-payments.yml new file mode 100644 index 0000000..9502281 --- /dev/null +++ b/kafka-demo/topics/topic-payments.yml @@ -0,0 +1,10 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: payments + namespace: kafka-demo + labels: + strimzi.io/cluster: kafka-demo +spec: + partitions: 3 + replicas: 1 diff --git a/kafka-demo/users/user-app-orders.yml b/kafka-demo/users/user-app-orders.yml new file mode 100644 index 0000000..510f041 --- /dev/null +++ b/kafka-demo/users/user-app-orders.yml @@ -0,0 +1,21 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: app-orders + namespace: kafka-demo + labels: + strimzi.io/cluster: kafka-demo +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: topic + name: orders + operation: Read + - resource: + type: topic + name: orders + operation: Write diff --git a/kafka-demo/users/user-app-payments.yml b/kafka-demo/users/user-app-payments.yml new file mode 100644 index 0000000..5b731f0 --- /dev/null +++ b/kafka-demo/users/user-app-payments.yml @@ -0,0 +1,21 @@ +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: app-payments + namespace: kafka-demo + labels: + strimzi.io/cluster: kafka-demo +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: topic + name: payments + operation: Read + - resource: + type: topic + name: payments + operation: Write diff --git a/prometheus/alert-rules.yml b/prometheus/alert-rules.yml new file mode 100644 index 0000000..b89182b --- /dev/null +++ b/prometheus/alert-rules.yml @@ -0,0 +1,26 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: kafka-alerts + namespace: prometheus +spec: + groups: + - name: kafka.rules + rules: + - alert: KafkaBrokerDown + expr: up{job="kafka"} == 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Kafka broker is down" + description: "No Kafka broker responding for more than 1 minute." + + - alert: KafkaConsumerLagHigh + expr: kafka_consumer_lag > 1000 + for: 5m + labels: + severity: warning + annotations: + summary: "High consumer lag" + description: "Consumer lag exceeds 1000 messages for 5 minutes." diff --git a/prometheus/alertmanager-configmap.yml b/prometheus/alertmanager-configmap.yml new file mode 100644 index 0000000..9bc0cf8 --- /dev/null +++ b/prometheus/alertmanager-configmap.yml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alertmanager-config + namespace: prometheus +data: + alertmanager.yml: | + global: + resolve_timeout: 5m + smtp_smarthost: 'mail.example.com:587' + smtp_from: 'alertmanager@example.com' + smtp_auth_username: 'alertmanager@example.com' + smtp_auth_password: 'DEIN_PASSWORT' + smtp_require_tls: true + + route: + receiver: 'default' + group_by: ['alertname', 'severity'] + group_wait: 30s + group_interval: 5m + repeat_interval: 3h + routes: + - match: + severity: critical + receiver: 'sms' + - match: + severity: warning + receiver: 'email' + - match: + severity: info + receiver: 'default' + + receivers: + - name: 'default' + webhook_configs: + - url: 'https://outlook.office.com/webhook/DEIN_TEAMS_WEBHOOK' + + - name: 'email' + email_configs: + - to: 'ops@example.com' + send_resolved: true + + - name: 'sms' + webhook_configs: + - url: 'https://api.twilio.com/2010-04-01/Accounts/DEIN_ACCOUNT_SID/Messages.json' + http_config: + basic_auth: + username: 'DEIN_ACCOUNT_SID' + password: 'DEIN_AUTH_TOKEN' + send_resolved: true + + inhibit_rules: + - source_match: + severity: critical + target_match: + severity: warning + equal: ['alertname'] diff --git a/prometheus/prometheus-values.yml b/prometheus/prometheus-values.yml new file mode 100644 index 0000000..76f2259 --- /dev/null +++ b/prometheus/prometheus-values.yml @@ -0,0 +1,17 @@ +grafana: + enabled: true + adminPassword: "admin" + service: + type: ClusterIP + dashboardsProvider: + enabled: true + +alertmanager: + enabled: true + configMapOverrideName: alertmanager-config + +prometheus: + prometheusSpec: + retention: 15d + scrapeInterval: 30s + evaluationInterval: 30s diff --git a/strimzi-operator/namespace.yml b/strimzi-operator/namespace.yml new file mode 100644 index 0000000..3a6bdaf --- /dev/null +++ b/strimzi-operator/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: strimzi-operator diff --git a/strimzi-operator/strimzi-operator-deployment.yml b/strimzi-operator/strimzi-operator-deployment.yml new file mode 100644 index 0000000..3394b0b --- /dev/null +++ b/strimzi-operator/strimzi-operator-deployment.yml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: strimzi-cluster-operator + namespace: strimzi-operator +spec: + replicas: 1 + selector: + matchLabels: + name: strimzi-cluster-operator + template: + metadata: + labels: + name: strimzi-cluster-operator + spec: + serviceAccountName: strimzi-cluster-operator + containers: + - name: strimzi-cluster-operator + image: quay.io/strimzi/operator:0.50.1 + args: + - /opt/strimzi/bin/cluster_operator_run.sh + env: + - name: STRIMZI_NAMESPACE + value: kafka-demo