Update alertmanager config

Add mailcatcher config
Fix Thanos ruler
2023-10-17 16:07:57 +02:00 · 2023-10-16 22:50:14 +02:00 · 2023-10-16 22:30:44 +02:00 · 2023-10-16 21:32:39 +02:00 · 2023-10-16 20:35:08 +02:00 · 2023-10-16 19:47:48 +02:00
43 changed files with 934 additions and 35 deletions
--- a/apps/user-demo.yaml
+++ b/apps/user-demo.yaml
@ -0,0 +1,21 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: <user>-demo
+  namespace: argocd
+spec:
+  destination:
+    namespace: <user>
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    repoURL: 'https://gitea.training.cluster.acend.ch/<user>/prometheus-training-lab-setup'
+    path: user-demo/
+    targetRevision: main
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - Replace=true
--- a/apps/user-prom-stack.yaml
+++ b/apps/user-prom-stack.yaml
@ -0,0 +1,21 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: <user>-prom-stack
+  namespace: argocd
+spec:
+  destination:
+    namespace: <user>-monitoring
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    repoURL: 'https://gitea.training.cluster.acend.ch/<user>/prometheus-training-lab-setup'
+    path: charts/user-monitoring/
+    targetRevision: main
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - Replace=true
--- a/charts/user-monitoring-demo/Chart.yaml
+++ b/charts/user-monitoring-demo/Chart.yaml
@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/charts/user-monitoring-demo/templates/demo-deploy.yaml
+++ b/charts/user-monitoring-demo/templates/demo-deploy.yaml
@ -16,6 +16,6 @@ spec:
    spec:
      containers:
      - image: quay.io/acend/example-web-python
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent
        name: example-web-python
      restartPolicy: Always
--- a/charts/user-monitoring-demo/values.yaml
+++ b/charts/user-monitoring-demo/values.yaml
@ -1 +1 @@
-user: user1
+user: userX # Replace me
--- a/charts/user-monitoring/Chart.yaml
+++ b/charts/user-monitoring/Chart.yaml
@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.2.6

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/charts/user-monitoring/templates/_user-am-config-mailcatcher.yaml
+++ b/charts/user-monitoring/templates/_user-am-config-mailcatcher.yaml
@ -0,0 +1,23 @@
+{{- define "alertmanager.config-mailcatcher" }}
+---
+apiVersion: monitoring.coreos.com/v1alpha1
+kind: AlertmanagerConfig
+metadata:
+  name: {{ .Values.user }}-mailcatcher
+  labels:
+    alertmanagerConfig: {{ .Values.user }}-alertmanager
+spec:
+  route:
+    groupBy: ['job']
+    groupWait: 30s
+    groupInterval: 5m
+    repeatInterval: 12h
+    receiver: 'mailcatcher'
+  receivers:
+    - name: 'mailcatcher'
+      emailConfigs:
+        - to: alert@localhost
+          from: prometheus-operator@localhost
+          smarthost: mailcatcher:1025
+          requireTLS: false
+{{- end }}
--- a/charts/user-monitoring/templates/_user-am-servicemonitor.yaml
+++ b/charts/user-monitoring/templates/_user-am-servicemonitor.yaml
@ -0,0 +1,21 @@
+{{- define "alertmanager.servicemonitor" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: mariadb
+  name: alertmanager
+spec:
+  endpoints:
+    - interval: 60s
+      port: web
+      scheme: http
+      path: /metrics
+  namespaceSelector:
+    matchNames:
+    - {{ .Values.user }}-monitoring
+  selector:
+    matchLabels:
+      operated-alertmanager: 'true'
+{{- end }}
--- a/charts/user-monitoring/templates/_user-am.yaml
+++ b/charts/user-monitoring/templates/_user-am.yaml
@ -0,0 +1,54 @@
+{{- define "alertmanager.alertmanager" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ .Values.user }}-alertmanager
+  name: {{ .Values.user }}-alertmanager
+spec:
+  alertmanagerConfigNamespaceSelector:
+    matchLabels:
+      user: {{ .Values.user }}-alertmanager
+  alertmanagerConfigSelector:
+    matchLabels:
+      alertmanagerConfig: {{ .Values.user }}-alertmanager
+  image: quay.io/prometheus/alertmanager:v0.25.0
+  replicas: 1
+  resources:
+    requests:
+      cpu: 10m
+      memory: 40Mi
+  storage:
+    volumeClaimTemplate:
+      spec:
+        resources:
+          requests:
+            storage: 100Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    haproxy.org/auth-secret: basic-auth
+    haproxy.org/auth-type: basic-auth
+    haproxy.org/auth-realm: Authentication Required
+  name: {{ .Values.user }}-alertmanager
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: {{ .Values.user }}-alertmanager.training.cluster.acend.ch
+    http:
+      paths:
+      - backend:
+          service:
+            name: alertmanager-operated
+            port:
+              number: 9093
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{ .Values.user }}-alertmanager.training.cluster.acend.ch
+    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-blackboxexporter-cm.yaml
+++ b/charts/user-monitoring/templates/_user-blackboxexporter-cm.yaml
@ -0,0 +1,39 @@
+{{- define  "blackboxexporter.cm" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: blackbox-exporter-config
+  labels:
+    app.kubernetes.io/name: blackbox-exporter
+data:
+  config.yml: |
+    modules:
+      http_2xx:
+        prober: http
+        timeout: 10s
+        http:
+          preferred_ip_protocol: "ip4"
+          tls_config:
+            insecure_skip_verify: true
+      http_3xx:
+        prober: http
+        timeout: 10s
+        http:
+          preferred_ip_protocol: "ip4"
+          follow_redirects: false
+          tls_config:
+            insecure_skip_verify: true
+          valid_status_codes: [300, 301, 302, 303, 304, 305, 306, 307, 308]
+      http_4xx:
+        prober: http
+        timeout: 10s
+        http:
+          preferred_ip_protocol: "ip4"
+          follow_redirects: false
+          tls_config:
+            insecure_skip_verify: true
+          valid_status_codes: [400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 421, 422, 423, 424, 425, 426, 428, 429, 431, 451, 418, 420, 444, 449, 499]
+      tcp_connect:
+        prober: tcp
+{{- end }}
--- a/charts/user-monitoring/templates/_user-blackboxexporter-deploy.yaml
+++ b/charts/user-monitoring/templates/_user-blackboxexporter-deploy.yaml
@ -0,0 +1,43 @@
+{{- define  "blackboxexporter.deploy" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: blackbox-exporter
+  name: blackbox-exporter
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: blackbox-exporter
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: blackbox-exporter
+    spec:
+      containers:
+        - name: blackbox-exporter
+          image: quay.io/prometheus/blackbox-exporter:v0.24.0
+          args:
+            - --config.file=/etc/blackbox_exporter/config.yml
+          ports:
+            - containerPort: 9115
+              name: http
+          volumeMounts:
+            - mountPath: /etc/blackbox_exporter/
+              name: blackbox-config
+          resources: {}
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+      volumes:
+        - name: blackbox-config
+          configMap:
+            defaultMode: 420
+            name: blackbox-exporter-config
+{{- end }}
--- a/charts/user-monitoring/templates/_user-blackboxexporter-svc.yaml
+++ b/charts/user-monitoring/templates/_user-blackboxexporter-svc.yaml
@ -0,0 +1,18 @@
+{{- define  "blackboxexporter.svc" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: blackbox
+  labels:
+    app.kubernetes.io/name: blackbox-exporter
+spec:
+  ports:
+    - name: http
+      port: 9115
+      protocol: TCP
+      targetPort: 9115
+  selector:
+    app.kubernetes.io/name: blackbox-exporter
+  type: ClusterIP
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-cm.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-cm.yaml
@ -0,0 +1,20 @@
+{{- define "grafana.dashboardprovider" }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: grafana-dashboardproviders
+  labels:
+    app.kubernetes.io/name: grafana
+data:
+  dashboardproviders.yaml: |
+    apiVersion: 1
+    providers:
+    - disableDeletion: false
+      editable: false
+      name: general
+      options:
+        path: /var/lib/grafana/dashboards/general
+      orgId: 1
+      type: file
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-datasource-secret.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-datasource-secret.yaml
@ -0,0 +1,24 @@
+{{- define "grafana.datasource" }}
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: grafana-datasources
+  labels:
+    app.kubernetes.io/name: grafana
+    datasource: "true"
+stringData:
+  dashboardproviders.yaml: |
+    apiVersion: 1
+    datasources:
+      - name: thanos-querier
+        access: proxy
+        editable: false
+        type: prometheus
+        url: http://thanos-query:10902
+        version: 1
+      {{- if .Values.grafana.datasources }}
+      {{- toYaml .Values.grafana.datasources | nindent 6 }} 
+      {{- end }}
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-deploy.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-deploy.yaml
@ -0,0 +1,116 @@
+{{- define "grafana.deploy" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+  name: grafana
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: grafana
+    spec:
+      serviceAccount: grafana
+      serviceAccountName: grafana
+      initContainers:
+        - name: grafana-sc-datasources
+          env:
+          - name: METHOD
+            value: LIST
+          - name: LABEL
+            value: datasource
+          - name: LABEL_VALUE
+            value: "true"
+          - name: FOLDER
+            value: /etc/grafana/provisioning/datasources
+          - name: RESOURCE
+            value: secret
+          image: quay.io/kiwigrid/k8s-sidecar:1.25.0
+          resources:
+            limits:
+              cpu: 200m
+              memory: 128Mi
+            requests:
+              cpu: 50m
+              memory: 32Mi
+          volumeMounts:
+          - mountPath: /etc/grafana/provisioning/datasources
+            name: datasource-volume
+      containers:
+        - name: grafana-sc-dashboard
+          env:
+            - name: LABEL
+              value: dashboard
+            - name: LABEL_VALUE
+              value: "true"
+            - name: FOLDER
+              value: /var/lib/grafana/dashboards/general
+            - name: RESOURCE
+              value: configmap
+          image: quay.io/kiwigrid/k8s-sidecar:1.25.0
+          resources:
+            limits:
+              cpu: 1
+              memory: 128Mi
+            requests:
+              cpu: 50m
+              memory: 32Mi
+          volumeMounts:
+            - mountPath: /var/lib/grafana/dashboards/general
+              name: dashboard-volume
+        - name: grafana
+          env:
+            - name: GF_ANALYTICS_REPORTING_ENABLED
+              value: "false"
+            - name: TZ
+              value: "Europe/Zurich"
+          image: grafana/grafana:10.0.3
+          livenessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /api/health
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 30
+          ports:
+            - containerPort: 3000
+              name: grafana-http
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /api/health
+              port: 3000
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          volumeMounts:
+            - mountPath: /etc/grafana/provisioning/dashboards/
+              name: grafana-dashboardproviders
+            - mountPath: /var/lib/grafana/data
+              name: grafana-volume
+            - mountPath: /var/lib/grafana/dashboards/general
+              name: dashboard-volume
+            - mountPath: /etc/grafana/provisioning/datasources/
+              name: datasource-volume
+      volumes:
+        - name: grafana-dashboardproviders
+          configMap:
+            defaultMode: 420
+            name: grafana-dashboardproviders
+        - emptyDir: {}
+          name: grafana-volume
+        - emptyDir: {}
+          name: dashboard-volume
+        - emptyDir: {}
+          name: datasource-volume
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-ingress.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-ingress.yaml
@ -0,0 +1,28 @@
+{{- define "grafana.ingress" }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    haproxy.org/auth-secret: basic-auth
+    haproxy.org/auth-type: basic-auth
+    haproxy.org/auth-realm: Authentication Required
+  name: grafana
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: {{ .Values.user }}-grafana.training.cluster.acend.ch
+    http:
+      paths:
+      - backend:
+          service:
+            name: grafana
+            port:
+              number: 3000
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{ .Values.user }}-grafana.training.cluster.acend.ch
+    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-rolebinding.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-rolebinding.yaml
@ -0,0 +1,16 @@
+{{- define "grafana.rolebinding" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+  name: grafana
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-prometheus-stack-grafana-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: grafana
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-sa.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-sa.yaml
@ -0,0 +1,9 @@
+{{- define "grafana.sa" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+  name: grafana
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-servicemonitor.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-servicemonitor.yaml
@ -0,0 +1,23 @@
+{{- define "grafana.servicemonitor" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: grafana-monitor
+spec:
+  endpoints:
+    - basicAuth:
+        password:
+          name: basic-auth
+          key: {{ .Values.user }}
+        username:
+          name: basic-auth
+          key: grafana_user
+      interval: 60s
+      port: http
+      scheme: http
+      path: /metrics
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
+{{- end }}
--- a/charts/user-monitoring/templates/_user-grafana-svc.yaml
+++ b/charts/user-monitoring/templates/_user-grafana-svc.yaml
@ -0,0 +1,18 @@
+{{- define "grafana.svc" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  labels:
+    app.kubernetes.io/name: grafana
+spec:
+  ports:
+    - name: http
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app.kubernetes.io/name: grafana
+  type: ClusterIP
+{{- end }}
--- a/charts/user-monitoring/templates/_user-mailcatcher-deploy.yaml
+++ b/charts/user-monitoring/templates/_user-mailcatcher-deploy.yaml
@ -0,0 +1,28 @@
+{{- define "mailcatcher.deploy" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: mailcatcher
+  name: mailcatcher
+  namespace: {{ .Values.user }}-monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mailcatcher
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: mailcatcher
+    spec:
+      containers:
+      - image: sj26/mailcatcher:v0.9.0
+        name: mailcatcher
+        ports:
+        - containerPort: 1080
+          name: http
+        - containerPort: 1025
+          name: smtp
+{{- end }}
--- a/charts/user-monitoring/templates/_user-mailcatcher-ingress.yaml
+++ b/charts/user-monitoring/templates/_user-mailcatcher-ingress.yaml
@ -0,0 +1,30 @@
+{{- define "mailcatcher.ingress" }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    haproxy.org/auth-secret: basic-auth
+    haproxy.org/auth-type: basic-auth
+    haproxy.org/auth-realm: Authentication Required
+  labels:
+    app.kubernetes.io/name: {{ .Values.user }}-mailcatcher
+  name: {{ .Values.user }}-mailcatcher
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: {{ .Values.user }}-mailcatcher.training.cluster.acend.ch
+    http:
+      paths:
+      - backend:
+          service:
+            name: mailcatcher
+            port:
+              number: 1080
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{ .Values.user }}-mailcatcher.training.cluster.acend.ch
+    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-mailcatcher-svc.yaml
+++ b/charts/user-monitoring/templates/_user-mailcatcher-svc.yaml
@ -0,0 +1,22 @@
+{{- define "mailcatcher.svc" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mailcatcher
+  labels:
+    app.kubernetes.io/name: mailcatcher
+spec:
+  ports:
+  - name: http
+    port: 1080
+    protocol: TCP
+    targetPort: http
+  - name: smtp
+    port: 1025
+    protocol: TCP
+    targetPort: smtp
+  selector:
+    app.kubernetes.io/name: mailcatcher
+  type: ClusterIP
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prom-ingress.yaml
+++ b/charts/user-monitoring/templates/_user-prom-ingress.yaml
@ -1,3 +1,5 @@
+{{- define "prometheus.ingress" }}
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@ -5,6 +7,8 @@ metadata:
    haproxy.org/auth-secret: basic-auth
    haproxy.org/auth-type: basic-auth
    haproxy.org/auth-realm: Authentication Required
+  labels:
+    app.kubernetes.io/name: {{ .Values.user }}-prometheus
  name: {{ .Values.user }}-prometheus
 spec:
  ingressClassName: haproxy
@ -23,3 +27,4 @@ spec:
  - hosts:
    - {{ .Values.user }}-prometheus.training.cluster.acend.ch
    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prom-role.yaml
+++ b/charts/user-monitoring/templates/_user-prom-role.yaml
@ -1,6 +1,10 @@
+{{- define "prometheus.role" }}
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
+  labels:
+    app.kubernetes.io/name: {{ .Values.user }}-prometheus
  name: prometheus-{{ .Values.user }}
 rules:
 - apiGroups: [""]
@ -18,3 +22,4 @@ rules:
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prom-rolebinding.yaml
+++ b/charts/user-monitoring/templates/_user-prom-rolebinding.yaml
@ -1,6 +1,10 @@
+{{- define "prometheus.rolebinding" }}
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
  name: prometheus
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -9,3 +13,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: prometheus-{{ .Values.user }}
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prom-sa.yaml
+++ b/charts/user-monitoring/templates/_user-prom-sa.yaml
@ -0,0 +1,9 @@
+{{- define "prometheus.sa" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus-{{ .Values.user }}
+  name: prometheus-{{ .Values.user }}
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prometheus-servicemonitor.yaml
+++ b/charts/user-monitoring/templates/_user-prometheus-servicemonitor.yaml
@ -0,0 +1,20 @@
+{{- define "prometheus.servicemonitor" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    user: {{ .Values.user }}
+  name: {{ .Values.user }}-prometheus-servicemonitor
+spec:
+  endpoints:
+  - path: /metrics
+    port: web
+  namespaceSelector:
+    matchNames:
+    - {{ .Values.user }}-monitoring
+  selector:
+    matchLabels:
+      operated-prometheus: 'true'
+{{- end }}
--- a/charts/user-monitoring/templates/_user-prometheus.yaml
+++ b/charts/user-monitoring/templates/_user-prometheus.yaml
@ -1,9 +1,17 @@
+{{- define "prometheus.prometheus" }}
+---
 apiVersion: monitoring.coreos.com/v1
 kind: Prometheus
 metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
  name: prometheus
 spec:
-  scrapeInterval: 10s
+  {{- if .Values.query.enabled }}
+  thanos:
+    image: quay.io/thanos/thanos:v0.32.3
+  {{- end }}
+  scrapeInterval: 60s
  serviceAccountName: prometheus-{{ .Values.user }}
  serviceMonitorNamespaceSelector:
    matchLabels:
@ -20,10 +28,7 @@ spec:
  resources:
    requests:
      memory: 400Mi
-<<<<<<< HEAD
-  enableAdminAPI: false
-=======
  enableAdminAPI: true
  externalLabels:
    monitoring: {{ .Values.user }}
->>>>>>> 2acef0e (Update prometheus config)
+{{- end }}
--- a/charts/user-monitoring/templates/_user-pushgateway-deploy.yaml
+++ b/charts/user-monitoring/templates/_user-pushgateway-deploy.yaml
@ -0,0 +1,33 @@
+{{- define "pushgateway.deploy" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: pushgateway
+  name: pushgateway
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pushgateway
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pushgateway
+    spec:
+      containers:
+        - name: pushgateway
+          image: quay.io/prometheus/pushgateway:v1.6.0
+          ports:
+            - containerPort: 9091
+              name: web
+          resources: {}
+          livenessProbe:
+            httpGet:
+              path: /-/healthy
+              port: web
+          readinessProbe:
+            httpGet:
+              path: /-/ready
+              port: web
+{{- end }}
--- a/charts/user-monitoring/templates/_user-pushgateway-servicemonitor.yaml
+++ b/charts/user-monitoring/templates/_user-pushgateway-servicemonitor.yaml
@ -0,0 +1,18 @@
+{{- define "pushgateway.servicemonitor" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: pushgateway
+  name: pushgateway
+spec:
+  endpoints:
+    - interval: 30s
+      port: http
+      honorLabels: true
+  namespaceSelector: {}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pushgateway
+{{- end }}
--- a/charts/user-monitoring/templates/_user-pushgateway-svc.yaml
+++ b/charts/user-monitoring/templates/_user-pushgateway-svc.yaml
@ -0,0 +1,18 @@
+{{- define "pushgateway.svc" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pushgateway
+  labels:
+    app.kubernetes.io/name: pushgateway
+spec:
+  ports:
+    - name: http
+      port: 9091
+      protocol: TCP
+      targetPort: 9091
+  selector:
+    app.kubernetes.io/name: pushgateway
+  type: ClusterIP
+{{- end }}
--- a/charts/user-monitoring/templates/_user-thanos-query-deploy.yaml
+++ b/charts/user-monitoring/templates/_user-thanos-query-deploy.yaml
@ -0,0 +1,39 @@
+{{- define "query.deploy" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: thanos-query
+  name: thanos-query
+  namespace: {{ .Values.user }}-monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: thanos-query
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: thanos-query
+    spec:
+      containers:
+      - args:
+        - query
+        - --log.level=debug
+        - --query.replica-label=prometheus_replica
+        - --query.replica-label=thanos_ruler_replica
+        - --endpoint=prometheus-operated.{{ .Values.user }}-monitoring.svc.cluster.local:10901
+        - --endpoint=thanos-ruler-operated.{{ .Values.user }}-monitoring.svc.cluster.local:10901
+        - --store=dnssrv+prometheus-operated.{{ .Values.user }}-monitoring.svc.cluster.local
+        - --store=dnssrv+_web._tcp.prometheus-operated.{{ .Values.user }}-monitoring.svc.cluster.local
+        - --store=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
+        - --store.unhealthy-timeout=3d
+        image: quay.io/thanos/thanos:v0.32.3
+        name: thanos-query
+        ports:
+        - containerPort: 10902
+          name: http
+        - containerPort: 10901
+          name: grpc
+{{- end }}
--- a/charts/user-monitoring/templates/_user-thanos-query-ingress.yaml
+++ b/charts/user-monitoring/templates/_user-thanos-query-ingress.yaml
@ -0,0 +1,30 @@
+{{- define "query.ingress" }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    haproxy.org/auth-secret: basic-auth
+    haproxy.org/auth-type: basic-auth
+    haproxy.org/auth-realm: Authentication Required
+  labels:
+    app.kubernetes.io/name: {{ .Values.user }}-thanos
+  name: {{ .Values.user }}-thanos
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: {{ .Values.user }}-thanos-query.training.cluster.acend.ch
+    http:
+      paths:
+      - backend:
+          service:
+            name: thanos-query
+            port:
+              number: 10902
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{ .Values.user }}-thanos-query.training.cluster.acend.ch
+    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-thanos-query-svc.yaml
+++ b/charts/user-monitoring/templates/_user-thanos-query-svc.yaml
@ -0,0 +1,18 @@
+{{- define "query.svc" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: thanos-query
+  labels:
+    app.kubernetes.io/name: thanos-query
+spec:
+  ports:
+  - name: http
+    port: 10902
+    protocol: TCP
+    targetPort: http
+  selector:
+    app.kubernetes.io/name: thanos-query
+  type: ClusterIP
+{{- end }}
--- a/charts/user-monitoring/templates/_user-thanosruler-ingress.yaml
+++ b/charts/user-monitoring/templates/_user-thanosruler-ingress.yaml
@ -0,0 +1,28 @@
+{{- define "ruler.ingress" }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    haproxy.org/auth-secret: basic-auth
+    haproxy.org/auth-type: basic-auth
+    haproxy.org/auth-realm: Authentication Required
+  name: {{ .Values.user }}-thanos-ruler
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: {{ .Values.user }}-thanos-ruler.training.cluster.acend.ch
+    http:
+      paths:
+      - backend:
+          service:
+            name: thanos-ruler-operated
+            port:
+              number: 10902
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{ .Values.user }}-thanos-ruler.training.cluster.acend.ch
+    secretName: acend-wildcard
+{{- end }}
--- a/charts/user-monitoring/templates/_user-thanosruler.yaml
+++ b/charts/user-monitoring/templates/_user-thanosruler.yaml
@ -0,0 +1,32 @@
+{{- define "ruler.ruler" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ThanosRuler
+metadata:
+  labels:
+    app.kubernetes.io/name: thanos-ruler
+  name: thanos-ruler
+spec:
+  image: quay.io/thanos/thanos:v0.28.1
+  evaluationInterval: 10s
+  queryEndpoints:
+  - dnssrv+_http._tcp.thanos-query:10902
+  ruleSelector: {}
+  ruleNamespaceSelector:
+    matchLabels:
+      user: {{ .Values.user }}
+  alertmanagersConfig:
+    key: alertmanager-configs.yaml
+    name: thanosruler-alertmanager-config
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: thanosruler-alertmanager-config
+stringData:
+  alertmanager-configs.yaml: |-
+    alertmanagers:
+    - static_configs:
+      - "dnssrv+_web._tcp.alertmanager-operated.{{ .Values.user }}-monitoring.svc.cluster.local"
+      api_version: v2
+{{- end }}
--- a/charts/user-monitoring/templates/monitoring.yaml
+++ b/charts/user-monitoring/templates/monitoring.yaml
@ -0,0 +1,58 @@
+# alertmanager
+
+{{- if .Values.alertmanager.enabled }}
+  {{- template "alertmanager.alertmanager" . }}
+  {{- template "alertmanager.servicemonitor" . }}
+  {{- template "alertmanager.config-mailcatcher" . }}
+  {{- template "mailcatcher.deploy" . }}
+  {{- template "mailcatcher.svc" . }}
+  {{- template "mailcatcher.ingress" . }} 
+{{- end }}
+
+# blackboxexporter
+{{- if .Values.blackboxexporter.enabled }}
+  {{- template "blackboxexporter.cm" . }}
+  {{- template "blackboxexporter.deploy" . }}
+  {{- template "blackboxexporter.svc" . }}
+{{- end }}
+
+# grafana
+{{- if .Values.grafana.enabled }}
+  {{- template "grafana.datasource" . }}
+  {{- template "grafana.dashboardprovider" . }}
+  {{- template "grafana.rolebinding" . }}
+  {{- template "grafana.svc" . }}
+  {{- template "grafana.sa" . }}
+  {{- template "grafana.deploy" . }}
+  {{- template "grafana.servicemonitor" . }}
+  {{- template "grafana.ingress" . }}
+{{- end }}
+
+# prometheus
+{{- if .Values.prometheus.enabled }}
+  {{- template "prometheus.ingress" . }}
+  {{- template "prometheus.prometheus" . }}
+  {{- template "prometheus.servicemonitor" . }}
+  {{- template "prometheus.role" . }}
+  {{- template "prometheus.rolebinding" . }}
+  {{- template "prometheus.sa" . }}
+{{- end }}
+
+{{- if .Values.pushgateway.enabled }}
+  {{- template "pushgateway.deploy" . }}
+  {{- template "pushgateway.servicemonitor" . }}
+  {{- template "pushgateway.svc" . }}
+{{- end }}
+
+# thanos-ruler
+{{- if .Values.ruler.enabled }}
+  {{- template "ruler.ruler" . }}
+  {{- template "ruler.ingress" . }}
+{{- end }}
+
+# thanos-query
+{{- if .Values.query.enabled }}
+  {{- template "query.deploy" . }}
+  {{- template "query.ingress" . }}
+  {{- template "query.svc" . }}
+{{- end }}
--- a/charts/user-monitoring/templates/user-basic-auth-secret.yaml
+++ b/charts/user-monitoring/templates/user-basic-auth-secret.yaml
@ -2,6 +2,9 @@ apiVersion: v1
 data:
  admin: JDEkSzNRZUlsOHAkZVZZb1h2RERNWk40b3RJT2tBc3AwLw== # $(openssl passwd -1 admin)
  {{ .Values.user }}: JDEkSzNRZUlsOHAkZVZZb1h2RERNWk40b3RJT2tBc3AwLw== # $(openssl passwd -1 admin)
+  grafana_user: {{ .Values.user | b64enc }}
 kind: Secret
 metadata:
+  labels:
+    app.kubernetes.io/name: basic-auth
  name: basic-auth
--- a/charts/user-monitoring/templates/user-prom-role.yaml
+++ b/charts/user-monitoring/templates/user-prom-role.yaml
@ -1,20 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: prometheus-{{ .Values.user }}
-rules:
- apiGroups: [""]
-  resources:
-  - services
-  - endpoints
-  - pods
-  verbs: ["get", "list", "watch"]
- apiGroups: [""]
-  resources:
-  - configmaps
-  verbs: ["get"]
- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs: ["get", "list", "watch"]
--- a/charts/user-monitoring/templates/user-prom-sa.yaml
+++ b/charts/user-monitoring/templates/user-prom-sa.yaml
@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus-{{ .Values.user }}
-
--- a/charts/user-monitoring/values.yaml
+++ b/charts/user-monitoring/values.yaml
@ -1 +1,22 @@
-user: user1
+user: <user> # Replace me
+# prometheus
+prometheus:
+  enabled: false
+# thanos-query
+query:
+  enabled: false
+# grafana
+grafana:
+  enabled: false
+# blackboxexporter
+blackboxexporter:
+  enabled: false
+# pushgateway
+pushgateway:
+  enabled: false
+# alertmanager
+alertmanager:
+  enabled: false
+# thanos-ruler
+ruler:
+  enabled: false
--- a/user-demo/README.md
+++ b/user-demo/README.md
@ -0,0 +1,3 @@
+# Readme
+
+This is the location for the user demo app.
Author	SHA1	Message	Date
Raffael H	e0af833bff	Update alertmanager config	2023-10-17 16:07:57 +02:00
Thomas Philipona	7c36030329	Add mailcatcher config	2023-10-16 22:50:14 +02:00
Thomas Philipona	226156b36a	Fix Thanos ruler	2023-10-16 22:30:44 +02:00
Thomas Philipona	c2f4139315	Update AM config	2023-10-16 21:32:39 +02:00
Thomas Philipona	9e1610443f	Fix am	2023-10-16 20:35:08 +02:00
Thomas Philipona	530acdb363	add AM resources	2023-10-16 19:47:48 +02:00
Thomas Philipona	d5ebb49393	Merge pull request #1 from acend/add/mailcatcher Add mailcatcher templates	2023-10-16 19:44:20 +02:00
Raffael H	a747f04036	Update thanos sidecar and store config	2023-10-16 13:51:48 +02:00
Thomas Philipona	1afef4726f	don't pull always	2023-10-15 18:35:36 +02:00
Thomas Philipona	b52f889da1	Reorder values	2023-10-15 12:48:36 +02:00
Thomas Philipona	e47ae75947	Fix blackbox svc name	2023-10-15 12:24:00 +02:00
Thomas Philipona	753c3dd95f	Add Grafana service monitor and simplify datasource	2023-10-14 13:00:47 +02:00
Thomas Philipona	628f64b1e8	Remove Grafana Datasource	2023-10-14 11:59:06 +02:00
Thomas Philipona	a88b2af56d	Initial values.yaml default	2023-10-14 11:56:47 +02:00
Thomas Philipona	faecd0aa8d	Add Prometheus Service Monitor	2023-10-14 11:44:56 +02:00
madchr1st	909ac9b911	Add mailcatcher templates	2023-10-13 15:26:01 +00:00
Raffael H	905d5a2d09	Add blackboxexporter	2023-10-12 18:21:37 +02:00
Raffael H	0ad1aae355	Fix thanos version and store	2023-10-12 18:09:34 +02:00
Thomas Philipona	dbb0cc23da	Fix layout	2023-10-12 12:20:48 +02:00
Thomas Philipona	73c8c6435f	Update Scrape interval	2023-10-12 11:36:53 +02:00
Thomas Philipona	7385c2af41	Remove User Value from Argo App	2023-10-12 10:04:05 +02:00
Thomas Philipona	4482493d5f	Fixes Argo App Setup	2023-10-12 09:26:43 +02:00
Raffael H	00ba693670	Change structure of argo applications	2023-10-11 15:26:13 +02:00
Raffael H	3fc8e332ea	Bump Chart version	2023-10-11 12:30:58 +02:00
Raffael H	c58fbd2334	Add username to basic auth secret	2023-10-11 12:28:49 +02:00
Raffael H	4df31ddaf6	Add argo applications	2023-10-11 12:00:19 +02:00
Raffael H	9b00f330b3	Update grafana datasource to be dynamically added	2023-10-10 14:14:10 +02:00
Raffael H	7bf01de75f	Bump Chart version	2023-10-05 13:51:08 +02:00
Raffael H	9687f504e1	Update charts with placeholders	2023-10-05 13:47:03 +02:00
Raffael H	8e43add4da	Add basic auth secret to setup	2023-08-10 16:07:42 +02:00
Raffael H	7a01cc94b6	Add separators to named templates	2023-08-10 15:29:04 +02:00
Raffael H	01fe8162c3	Release version 0.2.0 - this time really	2023-08-10 14:52:03 +02:00
Raffael H	68df02b47a	Release version 0.2.0	2023-08-10 14:49:17 +02:00
Raffael H	d6a569fa0a	Update port name in servicemonitor pushgateway	2023-08-10 13:47:08 +02:00
Raffael H	fe541efe79	Add blackboxexporter, grafana, pushgateway and thanos	2023-08-10 13:38:19 +02:00
Raffael H	b563303559	Resolve conflict	2023-08-10 10:30:04 +02:00