Mise en place d'ArgoCD : début du transfert des docker compose vers kubern8 ==> suppression du docker compose pour nginx (remplacer par nginx-proxy.yaml

config/alert_rules.yml

@@ -0,0 +1,10 @@
+groups:
+  - name: example
+    rules:
+      - alert: InstanceDown
+        expr: up == 0
+        for: 1m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Instance {{ $labels.instance }} est down"   

config/certs/localhost.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIUKk7EqWaBULDSrIddvgA/dHeKf4MwDQYJKoZIhvcNAQEL
+BQAwUjELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBUxvY2FsMQ4wDAYDVQQHDAVMb2Nh
+bDEPMA0GA1UECgwGRGV2T3BzMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjYwMTMx
+MTY0MzAwWhcNMjcwMTMxMTY0MzAwWjBSMQswCQYDVQQGEwJGUjEOMAwGA1UECAwF
+TG9jYWwxDjAMBgNVBAcMBUxvY2FsMQ8wDQYDVQQKDAZEZXZPcHMxEjAQBgNVBAMM
+CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyNd6vK
+AkTTjQ4pAnaYS5NG6wknWYGPooaY8s9iUuZNmbY/OBgTizzyH+epnw2zXSLYNI0C
+KCzhSG4uVGGndciFTDJJenI2hHUD0WAgXcSAqMYE+RT5it4QWYA/XiFUVm8FdI8n
+RTjWqH7K0FFDSdjTWyeVL2bzG+W2cROcAvSX6FSA2SkL1eyXlfSash5AMr5FJqWA
+2T+2D6CUW6j/GMPbOR9nhUC8IVDLyB2mUxEoT3AkrEzWs7ImDK0wivziePnv4QO0
+d3cMWgFEy6FVEleh9koG5JdvjAmQPs731ZpUFCYfxRCTwDnPoJpwtUA9+oSoUfQs
+uw17VO3FX+RtcxUCAwEAAaNTMFEwHQYDVR0OBBYEFLrD7TLNialEE0MOS9sdj4+U
+SURsMB8GA1UdIwQYMBaAFLrD7TLNialEE0MOS9sdj4+USURsMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFCZbZigG9CJ7Ku3QWkcOo0K8WAXP707
+v+D6ls4PjK+wz4F6Vy+GqwD0OTZv3M+qzBjq0xnflHaZ+NItFsYsvjvHVdxlqJOf
+y3+Zq7+GeUlPA0o6LjKYqjQzFxUfvL4f2YK9erD7Aw4A+eOcTNwVM765DmPxtmA6
+AT4KqGY6XmkNFfYM/kGOiijAgKMXb1NdJ2PgCsq1H4ioJ8luJZP0oUmwe3ZvSrvg
+qajXGyzYV+eL4FAJdTeLnsw5k2t6EzsnhPSOyMrFETrrwy83dPA31g4AugAqceCr
+g0/8Z95wxqWJZ9CQl/3hPu/da+mfvc0tppFDmkXuSYGE379Ut8orH74=
+-----END CERTIFICATE-----

config/certs/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDcjXerygJE040O
+KQJ2mEuTRusJJ1mBj6KGmPLPYlLmTZm2PzgYE4s88h/nqZ8Ns10i2DSNAigs4Uhu
+LlRhp3XIhUwySXpyNoR1A9FgIF3EgKjGBPkU+YreEFmAP14hVFZvBXSPJ0U41qh+
+ytBRQ0nY01snlS9m8xvltnETnAL0l+hUgNkpC9Xsl5X0mrIeQDK+RSalgNk/tg+g
+lFuo/xjD2zkfZ4VAvCFQy8gdplMRKE9wJKxM1rOyJgytMIr84nj57+EDtHd3DFoB
+RMuhVRJXofZKBuSXb4wJkD7O99WaVBQmH8UQk8A5z6CacLVAPfqEqFH0LLsNe1Tt
+xV/kbXMVAgMBAAECggEAGuekDWAVgkVnW+6bRxHhiEwasHFtLQ2zVyWR20QklkUp
+pu6T3nYF4o+r3jQWO9LhXfaPhJMaiQ0La6t5rjcCOo2uQ6Usi4HEi0zFrisMnUPP
+suZY51rguqG2dVtllX3HFICPHUZ+XoZrJBqEKqGhgNKZuFyt3WpzQQTOSwTZZHJo
+ktiwVvv7enfXr3VwG1AMh9xsdpAc6okcxe/deHM5kVL2Vxjc2FSzL7EFmP4aX+Wo
+wRMXIKS50CDiUK3XKSvaml6yU8V2RgUnhOUo6enqYNwisIQwgftpjm2xVPVNN1it
+LpXzF2IJoZTfXxVTb80LJmxr4PzezAxyoDs1kFbxIQKBgQDvE02cnlTvXt0Cdygq
+nlYxOvc80HSELXl482/Q0XVjadXCOTMjxvBiIVadSpjmXdBxPQTXWxlCs7RQmSOY
+ohFwp+6TGxYxkE7TdkKNmXsCsnc7Kev8SDnKEeuto5dYqQcqi7o47vNZOQMV2p87
+Ccv12jqC/qK86PH3ru3TzxXQtQKBgQDsKnsX+/yKHEzTwzebyPLz6jSQ/5PgwAmu
+aQuuVcxscjx8v8n19YH0LwK/N6PY+sfx1kznJhVCqgfTtTMIZp2lYFEgXBvZm1li
+91BpZpl1FkG2Y7KEp477pnpEWKBXIxSeYJo/kQP6sC+bxyMCoEqeMQj04ge/BBFD
+ivorIVN04QKBgC7X4Ggkmc3BD5rREByxo3/H5vOSgJH5ewiY4jrPH6oX7Zs9q+iB
+rU387ESrfiP9E79sTkuH/P4VyenU56Wbc8FYFiXas9GITfme/VFTVkfkAfqkryli
+WXhfZIdEO35SuCW89QL8xs+fnRwmFvbxZ3ZHiRlrnSVYmziFnPHYbJTVAoGAYxY7
+yUdfoO7YySyqI0G/tdk5LvEcsXrBVR0b2oyDFakkec7aRMk6OiKTS3lj1ID77RrV
+71HKL8s5N3laLRco458yypn60WVdrqlHYsG6dybccVMJLqFC25Dw0cZBl+3PE9hC
+P5NvkPnlL73wkYSBajf2oxBG4b0qJSWlav0zj+ECgYBwlnDlew3KHrinAwxC+8g/
+5BhluRTCBOH0pgZGGDL3EQKzoi6g+qohlIoTKihPjeo+PE5LjfzaENjL5RsoA45u
+YPflHsZdAVxvUarjt0GzxobcSGChWmxeQHID7rbY7F9E5bNGu/8tcOBdWD07T0sx
+34EXe/Hq5M88t+13+xvyDg==
+-----END PRIVATE KEY-----

config/nginx.conf

@@ -0,0 +1,61 @@
+# Nombre de processus worker (1 suffit pour un usage local)
+worker_processes 1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    sendfile on;
+    keepalive_timeout 65;
+
+    # === Résolution DNS dynamique (clé pour Kubernetes) ===
+    resolver 10.96.0.10 valid=5s ipv6=off;  # IP de CoreDNS
+    resolver_timeout 10s;
+
+    # === Backend : service Kubernetes (port 80, pas 8000) ===
+    upstream backend {
+        zone backend 64k;
+        server devops-app-service.devops-demo.svc.cluster.local:80 resolve;
+    }
+
+    # === REDIRECTION HTTP → HTTPS ===
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name localhost;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+
+    # === SERVEUR HTTPS ===
+    server {
+        listen 443 ssl;
+        server_name localhost;
+
+        ssl_certificate     /etc/nginx/certs/tls.crt;
+        ssl_certificate_key /etc/nginx/certs/tls.key;
+
+        add_header Strict-Transport-Security "max-age=31536000" always;
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;
+
+        location / {
+            proxy_pass http://backend;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Support WebSocket
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+    }
+}   

config/prometheus.yml

@@ -7,7 +7,7 @@ global:
 
 # Règles d'alerte
 rule_files:
-  # - "alerts.yml"
+  - '/etc/prometheus/alert_rules.yml'   
 
 # Configuration de scraping
 scrape_configs:
@@ -34,8 +34,7 @@ scrape_configs:
     metrics_path: /metrics
     scheme: http
 
-# Alerting (exemple)
-# alerting:
-#   alertmanagers:
-#     - static_configs:
-#         - targets: []
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets: ['localhost:9093']