diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
| commit | 55229ad06ed229c859082bb34085f277af7d8bea (patch) | |
| tree | 4c530ca0bc8ff53cd3cdf3259a7c1a21814fdd3f /f3s | |
| parent | 8d55f785e6df35381a971adcc6ee5f8518eaac22 (diff) | |
| parent | 4d87a596c3188f07732a26a1cc4abb875289b969 (diff) | |
Merge branch 'master' of codeberg.org:snonux/conf
Diffstat (limited to 'f3s')
| -rw-r--r-- | f3s/AGENTS.md | 10 | ||||
| -rw-r--r-- | f3s/argocd/git-server-repo-creds.yaml | 29 | ||||
| -rw-r--r-- | f3s/prometheus/manifests/argocd-applications-dashboard.yaml | 401 |
3 files changed, 440 insertions, 0 deletions
diff --git a/f3s/AGENTS.md b/f3s/AGENTS.md index 5637ce3..2466100 100644 --- a/f3s/AGENTS.md +++ b/f3s/AGENTS.md @@ -1 +1,11 @@ Follow file:///home/paul/Notes/snippets/f3s/f3s.md +<<<<<<< HEAD +||||||| 7b4d629 +======= + +## Security Policy + +- **Never commit secrets to git.** This includes SSH private keys, API tokens, passwords, and any other sensitive credentials. +- Secrets must be deployed as Kubernetes Secrets directly via `kubectl create secret` or through a secrets management solution. +- If a secret is accidentally committed, it must be rotated immediately and pruned from git history using `git-filter-repo`. +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc diff --git a/f3s/argocd/git-server-repo-creds.yaml b/f3s/argocd/git-server-repo-creds.yaml index 54207bc..250bd5f 100644 --- a/f3s/argocd/git-server-repo-creds.yaml +++ b/f3s/argocd/git-server-repo-creds.yaml @@ -1,5 +1,6 @@ # ArgoCD Repository Credential for self-hosted git-server # This secret tells ArgoCD how to authenticate to the git-server via SSH +<<<<<<< HEAD apiVersion: v1 kind: Secret metadata: @@ -20,3 +21,31 @@ stringData: AAAEAbwYhRydHh8HlKI35Takf/1qCSvZmdJBzbngvz5Zv1bwhETlsgb/g5SaMPNJWJ/t4u K1n4Zbk+Sy6IyUEl+EcYAAAAEmFyZ29jZEBmM3MuY2x1c3RlcgECAw== -----END OPENSSH PRIVATE KEY----- +||||||| 7b4d629 +======= +# +# IMPORTANT: Do not commit the private key to git! +# Deploy this secret manually with: +# kubectl create secret generic git-server-repo-creds \ +# --namespace=cicd \ +# --from-literal=type=git \ +# --from-literal=url=ssh://git@git-server.cicd.svc.cluster.local \ +# --from-literal=insecure=true \ +# --from-file=sshPrivateKey=/path/to/your/private-key +# kubectl label secret git-server-repo-creds -n cicd argocd.argoproj.io/secret-type=repository +# +# Or use the template below with your key injected at deploy time: +apiVersion: v1 +kind: Secret +metadata: + name: git-server-repo-creds + namespace: cicd + labels: + argocd.argoproj.io/secret-type: repository +type: Opaque +stringData: + type: git + url: ssh://git@git-server.cicd.svc.cluster.local + insecure: "true" + # sshPrivateKey: <INJECT_AT_DEPLOY_TIME> +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc diff --git a/f3s/prometheus/manifests/argocd-applications-dashboard.yaml b/f3s/prometheus/manifests/argocd-applications-dashboard.yaml index 32da16e..0b747fb 100644 --- a/f3s/prometheus/manifests/argocd-applications-dashboard.yaml +++ b/f3s/prometheus/manifests/argocd-applications-dashboard.yaml @@ -193,6 +193,7 @@ data: } }, { +<<<<<<< HEAD "id": 5, "gridPos": { "h": 8, @@ -479,6 +480,406 @@ data: "w": 24, "x": 0, "y": 20 +||||||| 7b4d629 +======= + "id": 9, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 4 + }, + "type": "table", + "title": "Unhealthy Applications", + "description": "Lists applications that are not in Healthy state", + "targets": [ + { + "expr": "argocd_app_info{health_status!=\"Healthy\"}", + "refId": "A", + "format": "table", + "instant": true + } + ], + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "Value": true, + "instance": true, + "job": true, + "namespace": true, + "pod": true, + "repo": true, + "dest_server": true, + "sync_status": true + }, + "renameByName": { + "name": "Application", + "health_status": "Health", + "dest_namespace": "Namespace", + "project": "Project" + }, + "indexByName": { + "name": 0, + "health_status": 1, + "dest_namespace": 2, + "project": 3 + } + } + } + ], + "options": { + "showHeader": true, + "sortBy": [ + { + "desc": false, + "displayName": "Health" + } + ] + }, + "fieldConfig": { + "defaults": { + "noValue": "All applications healthy" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Health" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "type": "color-background" + } + }, + { + "id": "mappings", + "value": [ + { + "type": "value", + "options": { + "Progressing": { + "color": "yellow", + "text": "⟳ Progressing" + }, + "Degraded": { + "color": "red", + "text": "✗ Degraded" + }, + "Suspended": { + "color": "orange", + "text": "⏸ Suspended" + }, + "Missing": { + "color": "red", + "text": "? Missing" + }, + "Unknown": { + "color": "gray", + "text": "? Unknown" + } + } + } + ] + } + ] + } + ] + } + }, + { + "id": 5, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 10 + }, + "type": "table", + "title": "Application Status Overview", + "targets": [ + { + "expr": "argocd_app_info", + "refId": "A", + "format": "table", + "instant": true + } + ], + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "Value": true, + "instance": true, + "job": true, + "namespace": true, + "pod": true, + "repo": true, + "dest_server": true + }, + "renameByName": { + "name": "Application", + "health_status": "Health", + "sync_status": "Sync Status", + "dest_namespace": "Namespace", + "project": "Project" + } + } + } + ], + "options": { + "showHeader": true, + "sortBy": [ + { + "desc": false, + "displayName": "Application" + } + ] + }, + "fieldConfig": { + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Health" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "type": "color-background" + } + }, + { + "id": "mappings", + "value": [ + { + "type": "value", + "options": { + "Healthy": { + "color": "green", + "text": "✓ Healthy" + }, + "Progressing": { + "color": "yellow", + "text": "⟳ Progressing" + }, + "Degraded": { + "color": "red", + "text": "✗ Degraded" + }, + "Suspended": { + "color": "orange", + "text": "⏸ Suspended" + }, + "Missing": { + "color": "red", + "text": "? Missing" + }, + "Unknown": { + "color": "gray", + "text": "? Unknown" + } + } + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sync Status" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "type": "color-background" + } + }, + { + "id": "mappings", + "value": [ + { + "type": "value", + "options": { + "Synced": { + "color": "green", + "text": "✓ Synced" + }, + "OutOfSync": { + "color": "yellow", + "text": "⚠ Out of Sync" + }, + "Unknown": { + "color": "gray", + "text": "? Unknown" + } + } + } + ] + } + ] + } + ] + } + }, + { + "id": 6, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "type": "timeseries", + "title": "Application Health Status Over Time", + "targets": [ + { + "expr": "count(argocd_app_info{health_status=\"Healthy\"})", + "legendFormat": "Healthy", + "refId": "A" + }, + { + "expr": "count(argocd_app_info{health_status=\"Progressing\"})", + "legendFormat": "Progressing", + "refId": "B" + }, + { + "expr": "count(argocd_app_info{health_status=\"Degraded\"})", + "legendFormat": "Degraded", + "refId": "C" + }, + { + "expr": "count(argocd_app_info{health_status=~\"Suspended|Missing|Unknown\"})", + "legendFormat": "Other (Suspended/Missing/Unknown)", + "refId": "D" + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "fillOpacity": 10, + "showPoints": "never", + "spanNulls": true + }, + "color": { + "mode": "palette-classic" + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Healthy" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Degraded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Progressing" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + } + ] + }, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi" + } + } + }, + { + "id": 7, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "type": "timeseries", + "title": "Sync Operations", + "targets": [ + { + "expr": "rate(argocd_app_sync_total{phase=\"Succeeded\"}[5m])", + "legendFormat": "{{name}} - Succeeded", + "refId": "A" + }, + { + "expr": "rate(argocd_app_sync_total{phase=\"Error\"}[5m])", + "legendFormat": "{{name}} - Failed", + "refId": "B" + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "fillOpacity": 10, + "showPoints": "never" + }, + "unit": "ops" + } + }, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom" + } + } + }, + { + "id": 8, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 26 +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc }, "type": "alertlist", "title": "Active Alerts", |