Iac

iac/apps/fluent-bit/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: fluent-bit
+description: Fluent Bit log processor and forwarder
+type: application
+version: 1.0.0
+dependencies:
+  - name: fluent-bit
+    version: 0.43.0
+    repository: https://fluent.github.io/helm-charts

iac/apps/fluent-bit/values.yaml

@@ -0,0 +1,70 @@
+fluent-bit:
+  resources:
+    requests:
+      memory: "128Mi"
+      cpu: "100m"
+    limits:
+      memory: "256Mi"
+      cpu: "200m"
+
+  config:
+    service: |
+      [SERVICE]
+          Daemon Off
+          Flush 1
+          Log_Level info
+          Parsers_File parsers.conf
+          HTTP_Server On
+          HTTP_Listen 0.0.0.0
+          HTTP_Port 2020
+          Health_Check On
+
+    inputs: |
+      [INPUT]
+          Name tail
+          Path /var/log/containers/*.log
+          multiline.parser docker, cri
+          Tag kube.*
+          Mem_Buf_Limit 5MB
+          Skip_Long_Lines On
+
+    filters: |
+      [FILTER]
+          Name kubernetes
+          Match kube.*
+          Kube_URL https://kubernetes.default.svc:443
+          Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
+          Kube_Tag_Prefix kube.var.log.containers.
+          Merge_Log On
+          Keep_Log Off
+          K8S-Logging.Parser On
+          K8S-Logging.Exclude On
+
+      [FILTER]
+          Name nest
+          Match kube.*
+          Operation lift
+          Nested_under kubernetes
+          Add_prefix k8s_
+
+    outputs: |
+      [OUTPUT]
+          Name stdout
+          Match *
+
+      [OUTPUT]
+          Name forward
+          Match kube.*
+          Host otel-collector-opentelemetry-collector.otel-collector.svc.cluster.local
+          Port 8006
+          tls off
+
+  tolerations:
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoSchedule
+    - operator: "Exists"
+      effect: "NoExecute"
+    - operator: "Exists"
+      effect: "NoSchedule"

iac/apps/kong/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: kong
+description: Kong API Gateway
+type: application
+version: 1.0.0
+dependencies:
+  - name: kong
+    version: 2.38.0
+    repository: https://charts.konghq.com

iac/apps/kong/values.yaml

@@ -0,0 +1,50 @@
+kong:
+  env:
+    database: "off"
+    nginx_worker_processes: "2"
+    proxy_access_log: /dev/stdout
+    admin_access_log: /dev/stdout
+    admin_gui_access_log: /dev/stdout
+    portal_api_access_log: /dev/stdout
+    proxy_error_log: /dev/stderr
+    admin_error_log: /dev/stderr
+    admin_gui_error_log: /dev/stderr
+    portal_api_error_log: /dev/stderr
+
+  ingressController:
+    enabled: true
+    installCRDs: false
+    env:
+      feature_gates: GatewayAlpha=true
+
+  proxy:
+    enabled: true
+    type: LoadBalancer
+    annotations: {}
+    http:
+      enabled: true
+      servicePort: 80
+      containerPort: 8000
+    tls:
+      enabled: true
+      servicePort: 443
+      containerPort: 8443
+
+  admin:
+    enabled: true
+    type: ClusterIP
+    http:
+      enabled: true
+      servicePort: 8001
+      containerPort: 8001
+
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "250m"
+    limits:
+      memory: "512Mi"
+      cpu: "500m"
+
+  postgresql:
+    enabled: false

iac/apps/labapiserver/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: labapiserver
+description: Lab API Server - Go application
+type: application
+version: 1.0.0
+appVersion: "latest"

iac/apps/labapiserver/values.yaml

@@ -0,0 +1,113 @@
+replicaCount: 2
+
+image:
+  repository: ghcr.io/mvarshney/labapiserver
+  pullPolicy: IfNotPresent
+  tag: "latest"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  annotations:
+    vault.hashicorp.com/agent-inject: "true"
+    vault.hashicorp.com/role: "labapiserver"
+  name: ""
+
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8080"
+  prometheus.io/path: "/metrics"
+
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  fsGroup: 1000
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+  annotations: {}
+
+ingress:
+  enabled: true
+  className: "kong"
+  annotations:
+    konghq.com/strip-path: "true"
+    konghq.com/protocols: "http,https"
+  hosts:
+    - host: api.local
+      paths:
+        - path: /api
+          pathType: Prefix
+  tls: []
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 250m
+    memory: 256Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
+
+livenessProbe:
+  httpGet:
+    path: /healthz
+    port: 8080
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 3
+
+readinessProbe:
+  httpGet:
+    path: /readyz
+    port: 8080
+  initialDelaySeconds: 5
+  periodSeconds: 5
+  timeoutSeconds: 3
+  failureThreshold: 3
+
+env:
+  - name: PORT
+    value: "8080"
+  - name: LOG_LEVEL
+    value: "info"
+  - name: OTEL_EXPORTER_OTLP_ENDPOINT
+    value: "otel-collector-opentelemetry-collector.otel-collector.svc.cluster.local:4317"
+  - name: OTEL_SERVICE_NAME
+    value: "labapiserver"
+
+# Vault secrets - these will be injected by Vault agent
+vaultSecrets:
+  enabled: true
+  role: "labapiserver"
+  path: "secret/data/labapiserver"
+  secrets:
+    - key: "database_url"
+      envVar: "DATABASE_URL"
+    - key: "api_key"
+      envVar: "API_KEY"
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

iac/apps/otel-collector/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: otel-collector
+description: OpenTelemetry Collector deployment
+type: application
+version: 1.0.0
+dependencies:
+  - name: opentelemetry-collector
+    version: 0.80.0
+    repository: https://open-telemetry.github.io/opentelemetry-helm-charts

iac/apps/otel-collector/values.yaml

@@ -0,0 +1,82 @@
+opentelemetry-collector:
+  mode: deployment
+
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "100m"
+    limits:
+      memory: "512Mi"
+      cpu: "200m"
+
+  config:
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:4317
+          http:
+            endpoint: 0.0.0.0:4318
+
+      prometheus:
+        config:
+          scrape_configs:
+            - job_name: 'otel-collector'
+              scrape_interval: 10s
+              static_configs:
+                - targets: ['0.0.0.0:8888']
+
+    processors:
+      batch:
+        timeout: 10s
+        send_batch_size: 1024
+
+      memory_limiter:
+        check_interval: 1s
+        limit_mib: 400
+
+    exporters:
+      prometheus:
+        endpoint: "0.0.0.0:8889"
+
+      logging:
+        loglevel: info
+
+      otlp:
+        endpoint: "prometheus-kube-prometheus-prometheus.prometheus.svc.cluster.local:9090"
+        tls:
+          insecure: true
+
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [logging]
+
+        metrics:
+          receivers: [otlp, prometheus]
+          processors: [memory_limiter, batch]
+          exporters: [prometheus, logging]
+
+        logs:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [logging]
+
+  ports:
+    otlp:
+      enabled: true
+      containerPort: 4317
+      servicePort: 4317
+      protocol: TCP
+    otlp-http:
+      enabled: true
+      containerPort: 4318
+      servicePort: 4318
+      protocol: TCP
+    metrics:
+      enabled: true
+      containerPort: 8889
+      servicePort: 8889
+      protocol: TCP

iac/apps/prometheus/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: prometheus
+description: Prometheus monitoring stack
+type: application
+version: 1.0.0
+dependencies:
+  - name: kube-prometheus-stack
+    version: 55.5.0
+    repository: https://prometheus-community.github.io/helm-charts