Fixes geerlingguy#1: Final tweaks for the cluster-monitoring setup.

Author: geerlingguy

README.md

@@ -48,6 +48,22 @@ Once that's done, there will be variety of applications running on your cluster:
 | Wordpress | http://wordpress.10.0.100.74.nip.io/ | N/A |
 | Minecraft | (`kubectl get service -n minecraft`) | See EULA in [Minecraft chart repo](https://github.com/helm/charts/tree/master/stable/minecraft) |
 
+## Caveats
+
+They are a'plenty.
+
+First of all, the configurations in this repository were built for local demonstration purposes. There are some things that are insecure (like storing some database passwords in plain text), and other things that are just plain crazy (like trying to run all the above things on one tiny Pi-based cluster!).
+
+There are a few architectural decisions that were made that are great for 'day one' setup, but if you tried to flex K3s' muscle and drop/replace nodes while the cluster is running, you'd likely start running into some, shall we say, 'fun' problems.
+
+For example, the MariaDB PVCs are tied to the local node on which they were first deployed, and if you do something that results in the MariaDB Deployment to change nodes for the deployed Pod... you may run into warnings like `FailedScheduling: 3 node(s) had volume node affinity conflict.`
+
+Therefore, if you want to use this project as a base, and are planning on doing anything more than a local demo cluster, you are responsible for making changes to support a more production-ready setup, with better security and better configuration of volumes and multi-pod scalability.
+
+To do these things _correctly_ with Kubernetes takes a lot of work. It's usually _very_ easy—maybe deceptively easy—to get something working. It's harder to get it working reliably in an automated fashion when rebuilding the cluster from scratch (that's about the level where this repository is). And harder still is getting it working reliably with easy maintenance, fault-tolerance, and scalability.
+
+Kubernetes is no substitute for a thorough knowledge of system architecture and engineering!
+
 ## Resetting the cluster
 
 You'll likely want to blow away all the changes you've made in a cluster and start fresh every now and then. If you made a mistake, or something broke terribly, that problem goes away. Or, if you want to make sure you've automated the entire cluster build properly, it's best practice to rebuild a cluster frequently.

roles/cluster_monitoring/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 # The version of the cluster-monitoring repo to check out. See commits:
 # https://github.com/carlosedp/cluster-monitoring/commits/master
-cluster_monitoring_version: 4ddebeb
+cluster_monitoring_version: 5b75c81
 
 # Whether to force updating the cluster-monitoring repository. Set this to true
 # if you change the cluster_monitoring_version above.

roles/cluster_monitoring/tasks/main.yml

@@ -34,7 +34,7 @@
 
 - name: Find all the manifests in the manifests/setup directory.
   find:
-    paths: ~/cluster-monitoring/manifests
+    paths: ~/cluster-monitoring/manifests/setup
     file_type: file
     patterns: '*.yaml,*.yml'
   register: cluster_monitoring_setup_files
@@ -44,3 +44,16 @@
     src: "{{ item }}"
     state: present
   loop: "{{ cluster_monitoring_setup_files.files | sort(attribute='path') | map(attribute='path') | list }}"
+
+- name: Find all the manifests in the manifests directory.
+  find:
+    paths: ~/cluster-monitoring/manifests
+    file_type: file
+    patterns: '*.yaml,*.yml'
+  register: cluster_monitoring_files
+
+- name: Apply cluster-monitoring manifests.
+  k8s:
+    src: "{{ item }}"
+    state: present
+  loop: "{{ cluster_monitoring_files.files | sort(attribute='path') | map(attribute='path') | list }}"

roles/cluster_monitoring/templates/vars.jsonnet.j2

@@ -8,32 +8,32 @@
       // After deployment, run the create_gmail_auth.sh script from scripts dir.
       name: 'smtpRelay',
       enabled: false,
-      file: import 'smtp_relay.jsonnet',
+      file: import 'modules/smtp_relay.jsonnet',
     },
     {
       name: 'armExporter',
       enabled: true,
-      file: import 'arm_exporter.jsonnet',
+      file: import 'modules/arm_exporter.jsonnet',
     },
     {
       name: 'upsExporter',
       enabled: false,
-      file: import 'ups_exporter.jsonnet',
+      file: import 'modules/ups_exporter.jsonnet',
     },
     {
       name: 'metallbExporter',
       enabled: false,
-      file: import 'metallb.jsonnet',
+      file: import 'modules/metallb.jsonnet',
     },
     {
       name: 'traefikExporter',
       enabled: false,
-      file: import 'traefik.jsonnet',
+      file: import 'modules/traefik.jsonnet',
     },
     {
       name: 'elasticExporter',
       enabled: false,
-      file: import 'elasticsearch_exporter.jsonnet',
+      file: import 'modules/elasticsearch_exporter.jsonnet',
     },
   ],
 
@@ -62,4 +62,4 @@
   grafana: {
     from_address: 'myemail@example.com',
   },
-}
+}

roles/drupal/files/mariadb.yml

@@ -47,10 +47,10 @@ spec:
           resources:
             limits:
               cpu: '2'
-              memory: '768Mi'
+              memory: '512Mi'
             requests:
               cpu: '500m'
-              memory: '512Mi'
+              memory: '256Mi'
       volumes:
         - name: database
           persistentVolumeClaim:

roles/wordpress/templates/mariadb.yml

@@ -62,11 +62,11 @@ spec:
           mountPath: /var/lib/mariadb
         resources:
           limits:
-            cpu: '2'
-            memory: '768Mi'
+            cpu: '1'
+            memory: '512Mi'
           requests:
             cpu: '500m'
-            memory: '512Mi'
+            memory: '256Mi'
       volumes:
       - name: mariadb-persistent-storage
         persistentVolumeClaim: