infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
238 Commits
9 Branches
0 Tags
3.5 MiB
Commit Graph

9 Commits (365334cea76ebff6e78f71fd4b1828f00462dda5)

Author SHA1 Message Date
Dustin 96928a2611 kitchen: Fix weather metrics API URI 
Apparently, I never bothered to check that the Kitchen HUD server was
actually fetching data from Victoria Metrics when I updated it before; I
only verified that the Unauthorized errors in the `vmselect` log
went away.  They did, but only because now the Kitchen server was
failing to contact `vmselect` at all.
 2024-02-21 08:01:35 -06:00
Dustin 94300ac502 kitchen: Use SealedSecret template for config 
The configuration file for the kitchen HUD server has credentials
embedded in it.  Until I get around to refactoring it to read these from
separate locations, we'll make use of the template feature of
SealedSecrets.  With this feature, fields can refer to the (decrypted)
value of other fields using Go template syntax.  This makes it possible
to have most of the `config.yaml` document unencrypted and easily
modifiable, while still protecting the secrets.
 2024-02-01 21:18:46 -06:00
Dustin a7450a8af2 kitchen: Fix Jenkins deployment role 
Since Jenkins jobs run in Kubernetes now, they can authenticate to the
Kubernetes API using a ServiceAccount and do not need a dedicated
User.
 2024-01-22 17:00:50 -06:00
Dustin 990204b2cf kitchen: Use Certifi TLS CA bundle for OpenSSL 
The MQTT client needs a trusted root CA bundle, which is not available
in the container image used by the *kitchen* server (it's based on
*pythonctnr* which literally *only* includes Python).  Fortunately, as
it uses OpenSSL under the hood, we can configure it to use the bundle
included with the *certifi* Python package via an environment variable.
 2024-01-22 16:57:38 -06:00
Dustin 0eb121b833 kitchen: Remove config.yml ConfigMap generator 
The `config.yml` document for *kitchen* contains several "secret" values
(e.g. passwords to Nextcloud, MQTT, etc.).  We don't want to commit
these to the Git repository, of course, but as long as Kustomize expects
to find the `config.yml` file, we won't be able to manage the
application with Argo CD.  Ultimately, *kitchen* needs to be modified to
be able to read secrets separately from config, but until then, we will
have to avoid managing `config.yml` with Kustomize.
 2023-10-14 22:01:26 -05:00
Dustin 53a057666a kitchen: Set instance label for Argo CD 
Argo CD wants every resource managed by an application to have that
application's name as the value of the `app.kubernetes.io/instance`
label.
 2023-10-14 21:45:01 -05:00
Dustin c5c63d2684 kitchen: Migrate to Sealed Secrets 2023-10-14 21:44:47 -05:00
Dustin 668b5bf5a9 kitchen: Allow Jenkins to restart deployment 
Jenkins is now allowed to restart the Deployment named *kitchen* in the
*kitchen* namespace.  It will do this after pushing a new container
image from a build of the *master* branch.
 2022-11-06 17:22:46 -06:00
Dustin de054bd68f kitchen: Add manifest for kitchen screen server 
I decided to run the kitchen screen service in Kubernetes rather than on
the Raspberry Pi in the kitchen.  This will hopefully make it a bit more
reliable and easier to update.  It will also make it easier to rebuild
the OS on the Pi, if it ever becomes necessary, since it really only
needs Firefox (and MQTTDPMS) now.
 2022-11-05 16:39:22 -05:00