--- # ConfigMap - non-sensitive application settings apiVersion: v1 kind: ConfigMap metadata: name: xormon-config namespace: xormon data: # DB_HOST matches the timescaledb Service name in this namespace DB_HOST: "timescaledb" DB_PORT: "5432" DB_DATABASE: "xormon" DB_USERNAME: "postgres" XORMON_PORT: "8080" XORMON_LOG_LEVEL: "info" APP_PORT: "8080" APP_TIMEZONE: "Europe/Prague" APP_SECRET: "xorux4you" # change to your own value --- # Secret - password must match db-secret.password in timescaledb.yaml apiVersion: v1 kind: Secret metadata: name: xormon-secret namespace: xormon type: Opaque stringData: DB_PASSWORD: "CHANGE_ME" # must match db-secret.password in timescaledb.yaml # XORMON_LICENSE_KEY: "..." --- # ServiceAccount required to assign anyuid SCC in OpenShift # After applying run: # oc adm policy add-scc-to-user anyuid -z xormon -n xormon apiVersion: v1 kind: ServiceAccount metadata: name: xormon namespace: xormon --- # PersistentVolumeClaim for XorMon data apiVersion: v1 kind: PersistentVolumeClaim metadata: name: xormon-data namespace: xormon spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi # storageClassName: standard # adjust for your cluster --- # XorMon Deployment apiVersion: apps/v1 kind: Deployment metadata: name: xormon namespace: xormon labels: app: xormon spec: replicas: 1 # stateful application - do not run multiple replicas simultaneously selector: matchLabels: app: xormon strategy: type: Recreate # required due to RWO PVC template: metadata: labels: app: xormon spec: serviceAccountName: xormon containers: - name: xormon image: xorux/xormon-ng:2.2.50 # update to the desired version imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8080 protocol: TCP - name: http-agent containerPort: 8162 protocol: TCP envFrom: - configMapRef: name: xormon-config - secretRef: name: xormon-secret volumeMounts: - name: xormon-data mountPath: /app/server-nest/files resources: requests: cpu: "1" memory: "2Gi" limits: cpu: "4" memory: "8Gi" # livenessProbe: # httpGet: # path: / # port: http # initialDelaySeconds: 60 # periodSeconds: 30 # failureThreshold: 3 # readinessProbe: # httpGet: # path: / # port: http # initialDelaySeconds: 30 # periodSeconds: 10 volumes: - name: xormon-data persistentVolumeClaim: claimName: xormon-data securityContext: fsGroup: 1001 --- # Internal service for XorMon UI/API apiVersion: v1 kind: Service metadata: name: xormon namespace: xormon spec: type: ClusterIP selector: app: xormon ports: - name: http port: 8080 targetPort: http protocol: TCP --- # Internal service for agents apiVersion: v1 kind: Service metadata: name: xormon-agent namespace: xormon spec: type: ClusterIP selector: app: xormon ports: - name: http-agent port: 8162 targetPort: http-agent protocol: TCP --- # Route for external access (OpenShift) - TLS passthrough # XorMon listens on HTTPS (port 8080); the router forwards TLS directly to the pod apiVersion: route.openshift.io/v1 kind: Route metadata: name: xormon namespace: xormon spec: # host: xormon.apps.cluster.example.com # optional; OpenShift assigns automatically to: kind: Service name: xormon port: targetPort: http tls: termination: passthrough --- # Route for agents (optional - only if agents connect from outside the cluster) # apiVersion: route.openshift.io/v1 # kind: Route # metadata: # name: xormon-agent # namespace: xormon # spec: # to: # kind: Service # name: xormon-agent # port: # targetPort: http-agent # tls: # termination: edge # insecureEdgeTerminationPolicy: Redirect