Sienna Meridian Satterwhite
3fc54c8851
28 alert rules across 9 PrometheusRule files covering infrastructure (Longhorn, cert-manager), data (PostgreSQL, OpenBao, OpenSearch), storage (SeaweedFS), devtools (Gitea), identity (Hydra, Kratos), media (LiveKit), and mesh (Linkerd golden signals for all services). Severity routing: critical alerts fire to Matrix + email, warnings to Matrix only (AlertManager config updated in separate commit).
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
# namespace: ory removed — all non-Helm resources already set namespace: ory
|
|
# explicitly, and the Helm charts use namespace: ory in their helmCharts spec.
|
|
# The kustomization-level transformer was incorrectly moving hydra-maester's
|
|
# enabledNamespaces Role (meant for lasuite) into the ory namespace, causing
|
|
# a duplicate-name conflict.
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- kratos-admin-deployment.yaml
|
|
# Hydra chart CRDs are not rendered by helm template; apply manually.
|
|
- hydra-oauth2client-crd.yaml
|
|
- vault-secrets.yaml
|
|
- ory-alertrules.yaml
|
|
- hydra-servicemonitor.yaml
|
|
- kratos-servicemonitor.yaml
|
|
|
|
patches:
|
|
# Set Kratos selfservice UI URLs (DOMAIN_SUFFIX substituted at apply time).
|
|
- path: kratos-selfservice-urls.yaml
|
|
|
|
# The hydra-maester sub-chart does not set .Release.Namespace in its Deployment template.
|
|
- patch: |
|
|
- op: add
|
|
path: /metadata/namespace
|
|
value: ory
|
|
target:
|
|
kind: Deployment
|
|
name: hydra-hydra-maester
|
|
|
|
helmCharts:
|
|
# helm repo add ory https://k8s.ory.sh/helm/charts
|
|
- name: kratos
|
|
repo: https://k8s.ory.sh/helm/charts
|
|
version: "0.60.1"
|
|
releaseName: kratos
|
|
namespace: ory
|
|
valuesFile: kratos-values.yaml
|
|
|
|
- name: hydra
|
|
repo: https://k8s.ory.sh/helm/charts
|
|
version: "0.60.1"
|
|
releaseName: hydra
|
|
namespace: ory
|
|
valuesFile: hydra-values.yaml
|