From fe541efe79d95e27872110ea0b8e6caeb34f16c8 Mon Sep 17 00:00:00 2001 From: Raffael H Date: Thu, 10 Aug 2023 13:38:19 +0200 Subject: [PATCH] Add blackboxexporter, grafana, pushgateway and thanos --- charts/user-monitoring/Chart.yaml | 2 +- charts/user-monitoring/templates/user-am.yaml | 7 ++ .../templates/user-basic-auth-secret.yaml | 2 + .../templates/user-blackboxexporter-cm.yaml | 36 ++++++ .../user-blackboxexporter-deploy.yaml | 40 +++++++ .../templates/user-grafana-cm.yaml | 17 +++ .../user-grafana-datasource-secret.yaml | 18 +++ .../templates/user-grafana-deploy.yaml | 113 ++++++++++++++++++ .../templates/user-grafana-ingress.yaml | 25 ++++ .../templates/user-grafana-rolebinding.yaml | 13 ++ .../templates/user-grafana-sa.yaml | 6 + .../templates/user-grafana-svc.yaml | 15 +++ .../templates/user-prom-ingress.yaml | 2 + .../templates/user-prom-role.yaml | 2 + .../templates/user-prom-rolebinding.yaml | 2 + .../templates/user-prom-sa.yaml | 2 + .../templates/user-prometheus.yaml | 2 + .../templates/user-pushgateway-deploy.yaml | 30 +++++ .../user-pushgateway-servicemonitor.yaml | 15 +++ .../templates/user-pushgateway-svc.yaml | 15 +++ .../templates/user-thanos-query-deploy.yaml | 34 ++++++ .../templates/user-thanos-query-ingress.yaml | 27 +++++ .../templates/user-thanos-query-svc.yaml | 15 +++ .../templates/user-thanosruler-ingress.yaml | 25 ++++ .../templates/user-thanosruler.yaml | 15 +++ 25 files changed, 479 insertions(+), 1 deletion(-) create mode 100644 charts/user-monitoring/templates/user-am.yaml create mode 100644 charts/user-monitoring/templates/user-blackboxexporter-cm.yaml create mode 100644 charts/user-monitoring/templates/user-blackboxexporter-deploy.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-cm.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-datasource-secret.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-deploy.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-ingress.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-rolebinding.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-sa.yaml create mode 100644 charts/user-monitoring/templates/user-grafana-svc.yaml create mode 100644 charts/user-monitoring/templates/user-pushgateway-deploy.yaml create mode 100644 charts/user-monitoring/templates/user-pushgateway-servicemonitor.yaml create mode 100644 charts/user-monitoring/templates/user-pushgateway-svc.yaml create mode 100644 charts/user-monitoring/templates/user-thanos-query-deploy.yaml create mode 100644 charts/user-monitoring/templates/user-thanos-query-ingress.yaml create mode 100644 charts/user-monitoring/templates/user-thanos-query-svc.yaml create mode 100644 charts/user-monitoring/templates/user-thanosruler-ingress.yaml create mode 100644 charts/user-monitoring/templates/user-thanosruler.yaml diff --git a/charts/user-monitoring/Chart.yaml b/charts/user-monitoring/Chart.yaml index 61e3464..730d625 100644 --- a/charts/user-monitoring/Chart.yaml +++ b/charts/user-monitoring/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/user-monitoring/templates/user-am.yaml b/charts/user-monitoring/templates/user-am.yaml new file mode 100644 index 0000000..15ae475 --- /dev/null +++ b/charts/user-monitoring/templates/user-am.yaml @@ -0,0 +1,7 @@ +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + labels: + app.kubernetes.io/name: {{ .Values.user }}-am + name: {{ .Values.user }}-am +spec: {} diff --git a/charts/user-monitoring/templates/user-basic-auth-secret.yaml b/charts/user-monitoring/templates/user-basic-auth-secret.yaml index bd33500..f4085a0 100644 --- a/charts/user-monitoring/templates/user-basic-auth-secret.yaml +++ b/charts/user-monitoring/templates/user-basic-auth-secret.yaml @@ -4,4 +4,6 @@ data: {{ .Values.user }}: JDEkSzNRZUlsOHAkZVZZb1h2RERNWk40b3RJT2tBc3AwLw== # $(openssl passwd -1 admin) kind: Secret metadata: + labels: + app.kubernetes.io/name: basic-auth name: basic-auth \ No newline at end of file diff --git a/charts/user-monitoring/templates/user-blackboxexporter-cm.yaml b/charts/user-monitoring/templates/user-blackboxexporter-cm.yaml new file mode 100644 index 0000000..d7d3190 --- /dev/null +++ b/charts/user-monitoring/templates/user-blackboxexporter-cm.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: blackbox-exporter-config + labels: + app.kubernetes.io/name: blackbox-exporter +data: + config.yml: | + modules: + http_2xx: + prober: http + timeout: 10s + http: + preferred_ip_protocol: "ip4" + tls_config: + insecure_skip_verify: true + http_3xx: + prober: http + timeout: 10s + http: + preferred_ip_protocol: "ip4" + follow_redirects: false + tls_config: + insecure_skip_verify: true + valid_status_codes: [300, 301, 302, 303, 304, 305, 306, 307, 308] + http_4xx: + prober: http + timeout: 10s + http: + preferred_ip_protocol: "ip4" + follow_redirects: false + tls_config: + insecure_skip_verify: true + valid_status_codes: [400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 421, 422, 423, 424, 425, 426, 428, 429, 431, 451, 418, 420, 444, 449, 499] + tcp_connect: + prober: tcp diff --git a/charts/user-monitoring/templates/user-blackboxexporter-deploy.yaml b/charts/user-monitoring/templates/user-blackboxexporter-deploy.yaml new file mode 100644 index 0000000..0599888 --- /dev/null +++ b/charts/user-monitoring/templates/user-blackboxexporter-deploy.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + name: blackbox-exporter +spec: + selector: + matchLabels: + app.kubernetes.io/name: blackbox-exporter + template: + metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + spec: + containers: + - name: blackbox-exporter + image: quay.io/prometheus/blackbox-exporter:v0.24.0 + args: + - --config.file=/etc/blackbox_exporter/config.yml + ports: + - containerPort: 9115 + name: http + volumeMounts: + - mountPath: /etc/blackbox_exporter/ + name: blackbox-config + resources: {} + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + volumes: + - name: blackbox-config + configMap: + defaultMode: 420 + name: blackbox-exporter-config diff --git a/charts/user-monitoring/templates/user-grafana-cm.yaml b/charts/user-monitoring/templates/user-grafana-cm.yaml new file mode 100644 index 0000000..d7d1871 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-cm.yaml @@ -0,0 +1,17 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: grafana-dashboardproviders + labels: + app.kubernetes.io/name: grafana +data: + dashboardproviders.yaml: | + apiVersion: 1 + providers: + - disableDeletion: false + editable: false + name: general + options: + path: /var/lib/grafana/dashboards/general + orgId: 1 + type: file diff --git a/charts/user-monitoring/templates/user-grafana-datasource-secret.yaml b/charts/user-monitoring/templates/user-grafana-datasource-secret.yaml new file mode 100644 index 0000000..21becb8 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-datasource-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: grafana-datasources + labels: + app.kubernetes.io/name: grafana + datasource: "true" +stringData: + dashboardproviders.yaml: | + apiVersion: 1 + datasources: + - name: thanos-querier + access: proxy + editable: false + type: prometheus + url: http://thanos-query.{{ .Values.user }}-monitoring.svc.cluster.local:10902 + version: 1 diff --git a/charts/user-monitoring/templates/user-grafana-deploy.yaml b/charts/user-monitoring/templates/user-grafana-deploy.yaml new file mode 100644 index 0000000..5714c39 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-deploy.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: grafana + name: grafana +spec: + selector: + matchLabels: + app.kubernetes.io/name: grafana + template: + metadata: + labels: + app.kubernetes.io/name: grafana + spec: + serviceAccount: grafana + serviceAccountName: grafana + initContainers: + - name: grafana-sc-datasources + env: + - name: METHOD + value: LIST + - name: LABEL + value: datasource + - name: LABEL_VALUE + value: "true" + - name: FOLDER + value: /etc/grafana/provisioning/datasources + - name: RESOURCE + value: secret + image: quay.io/kiwigrid/k8s-sidecar:1.25.0 + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 50m + memory: 32Mi + volumeMounts: + - mountPath: /etc/grafana/provisioning/datasources + name: datasource-volume + containers: + - name: grafana-sc-dashboard + env: + - name: LABEL + value: dashboard + - name: LABEL_VALUE + value: "true" + - name: FOLDER + value: /var/lib/grafana/dashboards/general + - name: RESOURCE + value: configmap + image: quay.io/kiwigrid/k8s-sidecar:1.25.0 + resources: + limits: + cpu: 1 + memory: 128Mi + requests: + cpu: 50m + memory: 32Mi + volumeMounts: + - mountPath: /var/lib/grafana/dashboards/general + name: dashboard-volume + - name: grafana + env: + - name: GF_ANALYTICS_REPORTING_ENABLED + value: "false" + - name: TZ + value: "Europe/Zurich" + image: grafana/grafana:10.0.3 + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + ports: + - containerPort: 3000 + name: grafana-http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /etc/grafana/provisioning/dashboards/ + name: grafana-dashboardproviders + - mountPath: /var/lib/grafana/data + name: grafana-volume + - mountPath: /var/lib/grafana/dashboards/general + name: dashboard-volume + - mountPath: /etc/grafana/provisioning/datasources/ + name: datasource-volume + volumes: + - name: grafana-dashboardproviders + configMap: + defaultMode: 420 + name: grafana-dashboardproviders + - emptyDir: {} + name: grafana-volume + - emptyDir: {} + name: dashboard-volume + - emptyDir: {} + name: datasource-volume \ No newline at end of file diff --git a/charts/user-monitoring/templates/user-grafana-ingress.yaml b/charts/user-monitoring/templates/user-grafana-ingress.yaml new file mode 100644 index 0000000..f1be4c6 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + haproxy.org/auth-secret: basic-auth + haproxy.org/auth-type: basic-auth + haproxy.org/auth-realm: Authentication Required + name: grafana +spec: + ingressClassName: haproxy + rules: + - host: {{ .Values.user }}-grafana.training.cluster.acend.ch + http: + paths: + - backend: + service: + name: grafana + port: + number: 3000 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - {{ .Values.user }}-grafana.training.cluster.acend.ch + secretName: acend-wildcard diff --git a/charts/user-monitoring/templates/user-grafana-rolebinding.yaml b/charts/user-monitoring/templates/user-grafana-rolebinding.yaml new file mode 100644 index 0000000..9ae0ed3 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: grafana + name: grafana +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-prometheus-stack-grafana-clusterrole +subjects: +- kind: ServiceAccount + name: grafana diff --git a/charts/user-monitoring/templates/user-grafana-sa.yaml b/charts/user-monitoring/templates/user-grafana-sa.yaml new file mode 100644 index 0000000..480ae36 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-sa.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: grafana + name: grafana diff --git a/charts/user-monitoring/templates/user-grafana-svc.yaml b/charts/user-monitoring/templates/user-grafana-svc.yaml new file mode 100644 index 0000000..3f7e113 --- /dev/null +++ b/charts/user-monitoring/templates/user-grafana-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: grafana + labels: + app.kubernetes.io/name: grafana +spec: + ports: + - name: http + port: 3000 + protocol: TCP + targetPort: 3000 + selector: + app.kubernetes.io/name: grafana + type: ClusterIP diff --git a/charts/user-monitoring/templates/user-prom-ingress.yaml b/charts/user-monitoring/templates/user-prom-ingress.yaml index eca6f1b..e47d8ff 100644 --- a/charts/user-monitoring/templates/user-prom-ingress.yaml +++ b/charts/user-monitoring/templates/user-prom-ingress.yaml @@ -5,6 +5,8 @@ metadata: haproxy.org/auth-secret: basic-auth haproxy.org/auth-type: basic-auth haproxy.org/auth-realm: Authentication Required + labels: + app.kubernetes.io/name: {{ .Values.user }}-prometheus name: {{ .Values.user }}-prometheus spec: ingressClassName: haproxy diff --git a/charts/user-monitoring/templates/user-prom-role.yaml b/charts/user-monitoring/templates/user-prom-role.yaml index a14f2eb..3728082 100644 --- a/charts/user-monitoring/templates/user-prom-role.yaml +++ b/charts/user-monitoring/templates/user-prom-role.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/name: {{ .Values.user }}-prometheus name: prometheus-{{ .Values.user }} rules: - apiGroups: [""] diff --git a/charts/user-monitoring/templates/user-prom-rolebinding.yaml b/charts/user-monitoring/templates/user-prom-rolebinding.yaml index 58f5705..d9031c9 100644 --- a/charts/user-monitoring/templates/user-prom-rolebinding.yaml +++ b/charts/user-monitoring/templates/user-prom-rolebinding.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/name: prometheus name: prometheus roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/user-monitoring/templates/user-prom-sa.yaml b/charts/user-monitoring/templates/user-prom-sa.yaml index a6d6505..7496030 100644 --- a/charts/user-monitoring/templates/user-prom-sa.yaml +++ b/charts/user-monitoring/templates/user-prom-sa.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/name: prometheus-{{ .Values.user }} name: prometheus-{{ .Values.user }} diff --git a/charts/user-monitoring/templates/user-prometheus.yaml b/charts/user-monitoring/templates/user-prometheus.yaml index 2887843..f4c13b0 100644 --- a/charts/user-monitoring/templates/user-prometheus.yaml +++ b/charts/user-monitoring/templates/user-prometheus.yaml @@ -1,6 +1,8 @@ apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: + labels: + app.kubernetes.io/name: prometheus name: prometheus spec: scrapeInterval: 10s diff --git a/charts/user-monitoring/templates/user-pushgateway-deploy.yaml b/charts/user-monitoring/templates/user-pushgateway-deploy.yaml new file mode 100644 index 0000000..cbf08bd --- /dev/null +++ b/charts/user-monitoring/templates/user-pushgateway-deploy.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: pushgateway + name: pushgateway +spec: + selector: + matchLabels: + app.kubernetes.io/name: pushgateway + template: + metadata: + labels: + app.kubernetes.io/name: pushgateway + spec: + containers: + - name: pushgateway + image: quay.io/prometheus/pushgateway:v1.6.0 + ports: + - containerPort: 9091 + name: web + resources: {} + livenessProbe: + httpGet: + path: /-/healthy + port: web + readinessProbe: + httpGet: + path: /-/ready + port: web diff --git a/charts/user-monitoring/templates/user-pushgateway-servicemonitor.yaml b/charts/user-monitoring/templates/user-pushgateway-servicemonitor.yaml new file mode 100644 index 0000000..99cd881 --- /dev/null +++ b/charts/user-monitoring/templates/user-pushgateway-servicemonitor.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/name: pushgateway + name: pushgateway +spec: + endpoints: + - interval: 30s + port: web + honorLabels: true + namespaceSelector: {} + selector: + matchLabels: + app.kubernetes.io/name: pushgateway diff --git a/charts/user-monitoring/templates/user-pushgateway-svc.yaml b/charts/user-monitoring/templates/user-pushgateway-svc.yaml new file mode 100644 index 0000000..697d6f2 --- /dev/null +++ b/charts/user-monitoring/templates/user-pushgateway-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: pushgateway + labels: + app.kubernetes.io/name: pushgateway +spec: + ports: + - name: http + port: 9091 + protocol: TCP + targetPort: 9091 + selector: + app.kubernetes.io/name: pushgateway + type: ClusterIP diff --git a/charts/user-monitoring/templates/user-thanos-query-deploy.yaml b/charts/user-monitoring/templates/user-thanos-query-deploy.yaml new file mode 100644 index 0000000..4e8f1bd --- /dev/null +++ b/charts/user-monitoring/templates/user-thanos-query-deploy.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: thanos-query + name: thanos-query + namespace: {{ .Values.user }}-monitoring +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: thanos-query + template: + metadata: + labels: + app.kubernetes.io/name: thanos-query + spec: + containers: + - args: + - query + - --log.level=debug + - --query.replica-label=prometheus_replica + - --query.replica-label=thanos_ruler_replica + - --endpoint=prometheus-operated.{{ .Values.user }}-monitoring.svc.cluster.local:10901 + - --endpoint=thanos-ruler-operated.{{ .Values.user }}-monitoring.svc.cluster.local:10901 + - --endpoint=prometheus-operated.monitoring.svc.cluster.local:10901 + - --store.unhealthy-timeout=3d + image: quay.io/thanos/thanos:v0.25.1 + name: thanos-query + ports: + - containerPort: 10902 + name: http + - containerPort: 10901 + name: grpc \ No newline at end of file diff --git a/charts/user-monitoring/templates/user-thanos-query-ingress.yaml b/charts/user-monitoring/templates/user-thanos-query-ingress.yaml new file mode 100644 index 0000000..e88de68 --- /dev/null +++ b/charts/user-monitoring/templates/user-thanos-query-ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + haproxy.org/auth-secret: basic-auth + haproxy.org/auth-type: basic-auth + haproxy.org/auth-realm: Authentication Required + labels: + app.kubernetes.io/name: {{ .Values.user }}-thanos + name: {{ .Values.user }}-thanos +spec: + ingressClassName: haproxy + rules: + - host: {{ .Values.user }}-thanos-query.training.cluster.acend.ch + http: + paths: + - backend: + service: + name: thanos-query + port: + number: 10902 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - {{ .Values.user }}-thanos-query.training.cluster.acend.ch + secretName: acend-wildcard diff --git a/charts/user-monitoring/templates/user-thanos-query-svc.yaml b/charts/user-monitoring/templates/user-thanos-query-svc.yaml new file mode 100644 index 0000000..8f3f3ab --- /dev/null +++ b/charts/user-monitoring/templates/user-thanos-query-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: thanos-query + labels: + app.kubernetes.io/name: thanos-query +spec: + ports: + - name: http + port: 10902 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: thanos-query + type: ClusterIP diff --git a/charts/user-monitoring/templates/user-thanosruler-ingress.yaml b/charts/user-monitoring/templates/user-thanosruler-ingress.yaml new file mode 100644 index 0000000..1fa226a --- /dev/null +++ b/charts/user-monitoring/templates/user-thanosruler-ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + haproxy.org/auth-secret: basic-auth + haproxy.org/auth-type: basic-auth + haproxy.org/auth-realm: Authentication Required + name: user1-thanos-ruler +spec: + ingressClassName: haproxy + rules: + - host: user1-thanos-ruler.training.cluster.acend.ch + http: + paths: + - backend: + service: + name: thanos-ruler-operated + port: + number: 10902 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - user1-thanos-ruler.training.cluster.acend.ch + secretName: acend-wildcard diff --git a/charts/user-monitoring/templates/user-thanosruler.yaml b/charts/user-monitoring/templates/user-thanosruler.yaml new file mode 100644 index 0000000..3adec0b --- /dev/null +++ b/charts/user-monitoring/templates/user-thanosruler.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ThanosRuler +metadata: + labels: + app.kubernetes.io/name: thanos-ruler + name: thanos-ruler +spec: + alertQueryUrl: {{ .Values.user }}-thanos-query.training.cluster.acend.ch + evaluationInterval: 10s + queryEndpoints: + - thanos-query.{{ .Values.user }}-monitoring.svc.cluster.local:10902 + ruleSelector: {} + ruleNamespaceSelector: + matchLabels: + user: {{ .Values.user }} \ No newline at end of file