d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

Browse Source 
- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements
This commit is contained in:
defiQUG
2025-12-12 18:01:35 -08:00
parent e01131efaf
commit 9daf1fd378
968 changed files with 160890 additions and 1092 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
gitops/apps/api/application.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sankofa-api
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/sankofa/phoenix-sankofa-cloud
targetRevision: main
path: gitops/apps/api
destination:
server: https://kubernetes.default.svc
namespace: sankofa
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

14
gitops/apps/api/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- manifests/deployment.yaml
- manifests/service.yaml
- manifests/configmap.yaml
namespace: sankofa
commonLabels:
app: sankofa-api
part-of: sankofa-phoenix

10
gitops/apps/api/manifests/configmap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sankofa-api-config
namespace: sankofa
data:
PORT: "4000"
NODE_ENV: "production"
LOG_LEVEL: "info"

90
gitops/apps/api/manifests/deployment.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sankofa-api
namespace: sankofa
labels:
app: sankofa-api
spec:
replicas: 3
selector:
matchLabels:
app: sankofa-api
template:
metadata:
labels:
app: sankofa-api
spec:
containers:
- name: api
image: sankofa-api:latest
ports:
- containerPort: 4000
name: http
env:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: sankofa-db-credentials
key: host
- name: DB_PORT
value: "5432"
- name: DB_NAME
valueFrom:
secretKeyRef:
name: sankofa-db-credentials
key: database
- name: DB_USER
valueFrom:
secretKeyRef:
name: sankofa-db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: sankofa-db-credentials
key: password
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: sankofa-api-secrets
key: jwt-secret
- name: NODE_ENV
value: "production"
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 2000m
memory: 2Gi
livenessProbe:
httpGet:
path: /health
port: 4000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: 4000
initialDelaySeconds: 10
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: sankofa-api
namespace: sankofa
labels:
app: sankofa-api
spec:
type: ClusterIP
ports:
- port: 4000
targetPort: 4000
protocol: TCP
name: http
selector:
app: sankofa-api

19
gitops/apps/api/manifests/service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: sankofa-api
namespace: sankofa
spec:
type: ClusterIP
ports:
- port: 4000
targetPort: 4000
protocol: TCP
name: http
- port: 4001
targetPort: 4001
protocol: TCP
name: websocket
selector:
app: sankofa-api

27
gitops/apps/argocd/application.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sankofa-phoenix
namespace: argocd
spec:
project: default
source:
repoURL: ${GIT_REPO_URL:-https://github.com/YOUR_ORG/sankofa-phoenix}
targetRevision: ${GIT_BRANCH:-main}
path: gitops/apps
destination:
server: https://kubernetes.default.svc
namespace: sankofa
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

2
gitops/apps/argocd/root-application.yaml
View File

@@ -8,7 +8,7 @@ metadata:
spec:
project: default
source:
repoURL: https://github.com/yourorg/hybrid-cloud-gitops
repoURL: https://github.com/sankofa/Sankofa
targetRevision: main
path: gitops/apps
destination:

21
gitops/apps/frontend/application.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sankofa-frontend
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/sankofa/phoenix-sankofa-cloud
targetRevision: main
path: gitops/apps/frontend
destination:
server: https://kubernetes.default.svc
namespace: sankofa
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

10
gitops/apps/frontend/manifests/configmap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sankofa-frontend-config
namespace: sankofa
data:
NEXT_PUBLIC_GRAPHQL_ENDPOINT: "http://sankofa-api:4000/graphql"
NEXT_PUBLIC_APP_URL: "https://sankofa.nexus"
NODE_ENV: "production"

86
gitops/apps/frontend/manifests/deployment.yaml Normal file
View File

@@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sankofa-frontend
namespace: sankofa
labels:
app: sankofa-frontend
spec:
replicas: 2
selector:
matchLabels:
app: sankofa-frontend
template:
metadata:
labels:
app: sankofa-frontend
spec:
containers:
- name: frontend
image: sankofa-frontend:latest
ports:
- containerPort: 3000
name: http
env:
- name: NEXT_PUBLIC_GRAPHQL_ENDPOINT
valueFrom:
configMapKeyRef:
name: sankofa-frontend-config
key: graphql-endpoint
- name: NODE_ENV
value: "production"
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 10
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: sankofa-frontend
namespace: sankofa
labels:
app: sankofa-frontend
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app: sankofa-frontend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sankofa-frontend
namespace: sankofa
spec:
rules:
- host: sankofa.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sankofa-frontend
port:
number: 3000

21
gitops/apps/keycloak/application.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keycloak
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/sankofa/sankofa-phoenix-gitops
targetRevision: main
path: gitops/apps/keycloak
destination:
server: https://kubernetes.default.svc
namespace: keycloak
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

132
gitops/apps/keycloak/deployment.yaml Normal file
View File

@@ -0,0 +1,132 @@
apiVersion: v1
kind: Secret
metadata:
name: keycloak-credentials
namespace: keycloak
type: Opaque
stringData:
username: admin
password: ${KEYCLOAK_ADMIN_PASSWORD:-change-me}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:23.0
args:
- start
- --optimized
- --db=postgres
- --db-url-host=keycloak-postgres
- --db-url-port=5432
- --db-username=$(DB_USERNAME)
- --db-password=$(DB_PASSWORD)
- --db-url-database=keycloak
- --http-relative-path=/
- --proxy-headers=xforwarded
- --hostname-strict=false
- --hostname-strict-https=false
env:
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: keycloak-credentials
key: username
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-credentials
key: password
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-credentials
key: password
- name: KEYCLOAK_MULTI_REALM
value: "true"
ports:
- containerPort: 8080
name: http
- containerPort: 8443
name: https
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: keycloak
spec:
selector:
app: keycloak
ports:
- port: 8080
targetPort: 8080
name: http
- port: 8443
targetPort: 8443
name: https
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- keycloak.sankofa.nexus
secretName: keycloak-tls
rules:
- host: keycloak.sankofa.nexus
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8080

87
gitops/apps/keycloak/keycloak-clients.yaml Normal file
View File

@@ -0,0 +1,87 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-client-config
namespace: keycloak
data:
# Client configuration script for Keycloak
configure-clients.sh: |
#!/bin/bash
# Configure Keycloak clients via REST API
# This should be run after Keycloak is deployed
KEYCLOAK_URL="${KEYCLOAK_URL:-http://localhost:8080}"
ADMIN_USER="${KEYCLOAK_ADMIN:-admin}"
ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-admin}"
REALM="${REALM:-master}"
# Get admin token
TOKEN=$(curl -s -X POST "${KEYCLOAK_URL}/realms/${REALM}/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=${ADMIN_USER}" \
-d "password=${ADMIN_PASSWORD}" \
-d "grant_type=password" \
-d "client_id=admin-cli" | jq -r '.access_token')
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
echo "Failed to get admin token"
exit 1
fi
# Create sankofa-api client (confidential)
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"clientId": "sankofa-api",
"name": "Sankofa API Client",
"description": "GraphQL API backend client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "'${SANKOFA_API_CLIENT_SECRET:-generate-me}'",
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicClient": false,
"protocol": "openid-connect",
"attributes": {
"access.token.lifespan": "300",
"client.secret.creation.time": "'$(date +%s)'"
}
}'
# Create portal-client (confidential)
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"clientId": "portal-client",
"name": "Sankofa Portal Client",
"description": "Portal frontend client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "'${PORTAL_CLIENT_SECRET:-generate-me}'",
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"protocol": "openid-connect",
"redirectUris": [
"http://localhost:3000/*",
"https://portal.sankofa.nexus/*",
"https://*.sankofa.nexus/*"
],
"webOrigins": [
"http://localhost:3000",
"https://portal.sankofa.nexus",
"https://*.sankofa.nexus"
],
"attributes": {
"access.token.lifespan": "1800"
}
}'
echo "Keycloak clients configured successfully"

8
gitops/apps/keycloak/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: keycloak
labels:
app: keycloak
component: identity

90
gitops/apps/keycloak/postgres.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: v1
kind: Secret
metadata:
name: keycloak-db-credentials
namespace: keycloak
type: Opaque
stringData:
username: keycloak
password: ${KEYCLOAK_DB_PASSWORD:-change-me}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-db-config
namespace: keycloak
data:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak-postgres
namespace: keycloak
spec:
serviceName: keycloak-postgres
replicas: 1
selector:
matchLabels:
app: keycloak-postgres
template:
metadata:
labels:
app: keycloak-postgres
spec:
containers:
- name: postgres
image: postgres:15-alpine
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: keycloak-db-config
key: POSTGRES_DB
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: keycloak-db-config
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-credentials
key: password
ports:
- containerPort: 5432
name: postgres
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-postgres
namespace: keycloak
spec:
selector:
app: keycloak-postgres
ports:
- port: 5432
targetPort: 5432
name: postgres
clusterIP: None

207
gitops/apps/monitoring/alert-rules.yaml Normal file
View File

@@ -0,0 +1,207 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: sankofa-alerts
namespace: monitoring
labels:
app: sankofa
prometheus: kube-prometheus
role: alert-rules
spec:
groups:
- name: api
interval: 30s
rules:
# API High Error Rate
- alert: APIHighErrorRate
expr: |
sum(rate(http_requests_total{job="api",status=~"5.."}[5m]))
/
sum(rate(http_requests_total{job="api"}[5m])) > 0.05
for: 5m
labels:
severity: critical
annotations:
summary: "API error rate is above 5%"
description: "API error rate is {{ $value | humanizePercentage }} for the last 5 minutes"
# API High Latency
- alert: APIHighLatency
expr: |
histogram_quantile(0.95,
sum(rate(http_request_duration_seconds_bucket{job="api"}[5m])) by (le)
) > 0.5
for: 5m
labels:
severity: warning
annotations:
summary: "API p95 latency is above 500ms"
description: "API p95 latency is {{ $value }}s"
# API Down
- alert: APIDown
expr: up{job="api"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "API is down"
description: "API service has been down for more than 1 minute"
- name: portal
interval: 30s
rules:
# Portal High Error Rate
- alert: PortalHighErrorRate
expr: |
sum(rate(http_requests_total{job="portal",status=~"5.."}[5m]))
/
sum(rate(http_requests_total{job="portal"}[5m])) > 0.05
for: 5m
labels:
severity: critical
annotations:
summary: "Portal error rate is above 5%"
description: "Portal error rate is {{ $value | humanizePercentage }}"
# Portal Down
- alert: PortalDown
expr: up{job="portal"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Portal is down"
description: "Portal service has been down for more than 1 minute"
- name: database
interval: 30s
rules:
# Database High Connection Count
- alert: DatabaseHighConnections
expr: |
pg_stat_database_numbackends{datname="sankofa"} > 80
for: 5m
labels:
severity: warning
annotations:
summary: "Database connection count is high"
description: "Database has {{ $value }} active connections"
# Database Slow Queries
- alert: DatabaseSlowQueries
expr: |
pg_stat_activity_count{state="active"} > 10
for: 5m
labels:
severity: warning
annotations:
summary: "Database has slow queries"
description: "Database has {{ $value }} active queries running for more than 5 minutes"
# Database Down
- alert: DatabaseDown
expr: pg_up == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Database is down"
description: "PostgreSQL database is not responding"
- name: keycloak
interval: 30s
rules:
# Keycloak Down
- alert: KeycloakDown
expr: up{job="keycloak"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Keycloak is down"
description: "Keycloak authentication service is down"
# Keycloak High Authentication Failures
- alert: KeycloakHighAuthFailures
expr: |
sum(rate(keycloak_login_failures_total[5m])) > 10
for: 5m
labels:
severity: warning
annotations:
summary: "High authentication failure rate"
description: "Keycloak has {{ $value }} authentication failures per second"
- name: infrastructure
interval: 30s
rules:
# High CPU Usage
- alert: HighCPUUsage
expr: |
(1 - avg(rate(container_cpu_usage_seconds_total{container!="POD"}[5m]))) < 0.1
for: 10m
labels:
severity: warning
annotations:
summary: "High CPU usage"
description: "CPU usage is above 90% for 10 minutes"
# High Memory Usage
- alert: HighMemoryUsage
expr: |
(1 - (container_memory_working_set_bytes{container!="POD"} / container_spec_memory_limit_bytes)) < 0.1
for: 10m
labels:
severity: warning
annotations:
summary: "High memory usage"
description: "Memory usage is above 90% for 10 minutes"
# Pod CrashLooping
- alert: PodCrashLooping
expr: |
rate(kube_pod_container_status_restarts_total[15m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: "Pod is crash looping"
description: "Pod {{ $labels.pod }} in namespace {{ $labels.namespace }} is crash looping"
# Disk Space Low
- alert: DiskSpaceLow
expr: |
(node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"}) < 0.1
for: 5m
labels:
severity: warning
annotations:
summary: "Disk space is low"
description: "Disk space is below 10% on {{ $labels.instance }}"
- name: backups
interval: 1h
rules:
# Backup Failed
- alert: BackupFailed
expr: |
time() - backup_last_success_timestamp > 86400
for: 1h
labels:
severity: critical
annotations:
summary: "Backup has not run in 24 hours"
description: "Last successful backup was more than 24 hours ago"
# Backup Too Old
- alert: BackupTooOld
expr: |
time() - backup_last_success_timestamp > 172800
for: 1h
labels:
severity: critical
annotations:
summary: "Backup is more than 48 hours old"
description: "Last successful backup was {{ $value }} seconds ago"

2
gitops/apps/monitoring/application.yaml
View File

@@ -40,7 +40,7 @@ spec:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- grafana.yourdomain.com
- grafana.sankofa.nexus
persistence:
enabled: true
size: 10Gi

81
gitops/apps/monitoring/backup-cronjob.yaml Normal file
View File

@@ -0,0 +1,81 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: postgres-backup
namespace: api
spec:
schedule: "0 2 * * *" # Daily at 2 AM
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
spec:
containers:
- name: postgres-backup
image: postgres:14-alpine
command:
- /bin/bash
- -c
- |
set -e
BACKUP_DIR="/backups/postgres"
DB_NAME="${DB_NAME:-sankofa}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="${BACKUP_DIR}/${DB_NAME}_${TIMESTAMP}.sql"
mkdir -p "$BACKUP_DIR"
echo "Starting backup..."
pg_dump -h "$DB_HOST" -p "$DB_PORT" -U "$DB_USER" -d "$DB_NAME" \
-F p -f "$BACKUP_FILE"
echo "Compressing backup..."
gzip "$BACKUP_FILE"
echo "Cleaning up backups older than 7 days..."
find "$BACKUP_DIR" -name "${DB_NAME}_*.sql.gz" -type f -mtime +7 -delete
echo "Backup completed: ${BACKUP_FILE}.gz"
env:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: db-credentials
key: host
- name: DB_PORT
value: "5432"
- name: DB_USER
valueFrom:
secretKeyRef:
name: db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
- name: DB_NAME
value: "sankofa"
volumeMounts:
- name: backup-storage
mountPath: /backups
restartPolicy: OnFailure
volumes:
- name: backup-storage
persistentVolumeClaim:
claimName: postgres-backup-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-backup-pvc
namespace: api
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: standard

35
gitops/apps/monitoring/grafana-dashboards.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboards
namespace: monitoring
labels:
grafana_dashboard: "1"
data:
sankofa-overview.json: |
{
"dashboard": {
"title": "Sankofa Phoenix Overview",
"panels": [
{
"title": "API Request Rate",
"targets": [
{
"expr": "rate(http_requests_total[5m])",
"legendFormat": "{{method}} {{status}}"
}
]
},
{
"title": "Database Connections",
"targets": [
{
"expr": "pg_stat_database_numbackends",
"legendFormat": "{{datname}}"
}
]
}
]
}
}

50
gitops/apps/monitoring/prometheus-config.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: monitoring
data:
prometheus.yml: |
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'sankofa-api'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- sankofa
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: sankofa-api
- source_labels: [__meta_kubernetes_pod_ip]
action: replace
target_label: __address__
replacement: $1:4000
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_scrape
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_pod_annotation_prometheus_io_port
target_label: __address__

2
gitops/apps/portal/application.yaml
View File

@@ -8,7 +8,7 @@ metadata:
spec:
project: default
source:
repoURL: https://github.com/yourorg/hybrid-cloud-gitops
repoURL: https://github.com/sankofa/Sankofa
targetRevision: main
path: gitops/apps/portal/manifests
destination:

10
gitops/apps/portal/manifests/deployment.yaml
View File

@@ -79,10 +79,10 @@ metadata:
name: portal-config
namespace: portal
data:
keycloak-url: "https://keycloak.yourdomain.com"
keycloak-url: "https://keycloak.sankofa.nexus"
crossplane-api-url: "https://crossplane-api.crossplane-system.svc.cluster.local"
argocd-url: "https://argocd.yourdomain.com"
grafana-url: "https://grafana.yourdomain.com"
argocd-url: "https://argocd.sankofa.nexus"
grafana-url: "https://grafana.sankofa.nexus"
loki-url: "https://loki.monitoring.svc.cluster.local:3100"
---
apiVersion: networking.k8s.io/v1
@@ -97,10 +97,10 @@ spec:
ingressClassName: nginx
tls:
- hosts:
- portal.yourdomain.com
- portal.sankofa.nexus
secretName: portal-tls
rules:
- host: portal.yourdomain.com
- host: portal.sankofa.nexus
http:
paths:
- path: /

2
gitops/apps/rancher/application.yaml
View File

@@ -14,7 +14,7 @@ spec:
helm:
releaseName: rancher
values: |
hostname: rancher.yourdomain.com
hostname: rancher.sankofa.nexus
replicas: 3
ingress:
enabled: true

2
gitops/apps/vault/application.yaml
View File

@@ -32,7 +32,7 @@ spec:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: vault.yourdomain.com
- host: vault.sankofa.nexus
paths:
- /
ui: