shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new gitops template

Browse Source
This commit is contained in:
auricom
2021-04-13 10:34:08 +02:00
parent 67c4d6a855
commit a95f32b44d
335 changed files with 3131 additions and 3650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
cluster/apps/monitoring/blackbox-exporter/helm-release.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: blackbox-exporter
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://prometheus-community.github.io/helm-charts
chart: prometheus-blackbox-exporter
version: 4.10.4
sourceRef:
kind: HelmRepository
name: prometheus-community-charts
namespace: flux-system
interval: 5m
values:
allowIcmp: true
config:
modules:
icmp:
prober: icmp
timeout: 30s
icmp:
preferred_ip_protocol: "ip4"
http_2xx:
prober: http
timeout: 30s
http:
valid_http_versions: ["HTTP/1.0", "HTTP/1.1", "HTTP/2.0"]
no_follow_redirects: false
preferred_ip_protocol: "ip4"
tcp_connect:
prober: tcp
timeout: 30s
serviceMonitor:
enabled: true
defaults:
labels:
release: prometheus
interval: 2m
scrapeTimeout: 30s
targets:
- name: truenas
url: truenas
module: icmp
- name: truenas-remote
url: truenas-remote
module: icmp
- name: borgbackup
url: borgbackup
module: icmp
- name: postgresql
url: postgresql
module: icmp
- name: mariadb
url: mariadb
module: icmp
- name: k3s-server
url: k3s-server
module: icmp
- name: k3s-worker1
url: k3s-worker1
module: icmp
- name: k3s-worker2
url: k3s-worker2
module: icmp
- name: k3s-worker3
url: k3s-worker3
module: icmp
prometheusRule:
enabled: true
additionalLabels:
app: prometheus-operator
release: prometheus
rules:
- alert: HostDown
expr: probe_success == 0
for: 10m
labels:
severity: critical
annotations:
message: The host {{"{{ $labels.target }}"}} is currently unreachable
- alert: SlowResponseTime
annotations:
message: The response time for {{"{{ $labels.target }}"}} has been greater than 30 seconds for 5 minutes.
expr: probe_duration_seconds > 30
for: 15m
labels:
severity: warning
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
hosts:
- "blackbox.${SECRET_CLUSTER_DOMAIN}"
tls:
- hosts:
- "blackbox.${SECRET_CLUSTER_DOMAIN}"

5
cluster/apps/monitoring/blackbox-exporter/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

182
cluster/apps/monitoring/botkube/helm-release.yaml Normal file
View File

@@ -0,0 +1,182 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: botkube
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://infracloudio.github.io/charts
chart: botkube
version: v0.12.0
sourceRef:
kind: HelmRepository
name: infracloudio-charts
namespace: flux-system
interval: 5m
values:
image:
repository: infracloudio/botkube
tag: v0.12.0
serviceMonitor:
enabled: true
config:
settings:
clustername: k3s
resources:
- name: v1/pods # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form)
namespaces:
include:
- all
ignore: # List of namespaces to be ignored (omitempty), used only with include: all
- longhorn-system # example : include [all], ignore [x,y,z]
- kube-system
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
- create
- delete
- name: v1/services
namespaces:
include:
- all
events:
- create
- delete
- error
- name: apps/v1/deployments
namespaces:
include:
- all
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- name: apps/v1/statefulsets
namespaces:
include:
- all
events:
- create
- update
- delete
- error
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- name: networking.k8s.io/v1beta1/ingresses
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/nodes
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/namespaces
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/persistentvolumes
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/persistentvolumeclaims
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/secrets
namespaces:
include:
- all
events:
- create
- delete
- error
- name: v1/configmaps
namespaces:
include:
- all
ignore:
- rook-ceph
events:
- delete
- error
- name: apps/v1/daemonsets
namespaces:
include:
- all
events:
- create
- delete
- error
- update
updateSetting:
includeDiff: true
fields:
- spec.template.spec.containers[*].image
- name: rbac.authorization.k8s.io/v1/roles
namespaces:
include:
- all
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/rolebindings
namespaces:
include:
- all
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/clusterroles
namespaces:
include:
- all
events:
- create
- delete
- error
- name: rbac.authorization.k8s.io/v1/clusterrolebindings
namespaces:
include:
- all
events:
- create
- delete
- error
recommendations: true
communications:
discord:
enabled: true
notiftype: short
channel: ${SECRET_BOTKUBE_DISCORD_CHANNEL}
botid: ${SECRET_BOTKUBE_DISCORD_BOTID}
token: ${SECRET_BOTKUBE_DISCORD_TOKEN}

5
cluster/apps/monitoring/botkube/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

80
cluster/apps/monitoring/healthchecks/helm-release.yaml Normal file
View File

@@ -0,0 +1,80 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: healthchecks
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://k8s-at-home.com/charts/
chart: healthchecks
version: 2.2.0
sourceRef:
kind: HelmRepository
name: k8s-at-home-charts
namespace: flux-system
interval: 5m
values:
image:
repository: linuxserver/healthchecks
tag: v1.19.0-ls79
pullPolicy: IfNotPresent
controllerType: deployment
strategy:
type: Recreate
resources: {}
env:
SECRET_KEY: ${SECRET_HEALTHECKS_SECRET_KEY}
REGENERATE_SETTINGS: "True"
EMAIL_USE_TLS: "True"
ALLOWED_HOSTS: "*"
DB: postgres
DB_HOST: postgresql
DB_PORT: 5432
DB_NAME: healthchecks
DB_USER: healthchecks
DB_PASSWORD: ${SECRET_HEALTHCHECKS_DB_PASSWORD}
SUPERUSER_EMAIL: ${SECRET_HEALTHCHECKS_SUPERUSER_EMAIL}
SUPERUSER_PASSWORD: ${SECRET_HEALTHCHECKS_SUPERUSER_PASSWORD}
DISCORD_CLIENT_ID: ${SECRET_HEALTHCHECKS_DISCORD_CLIENT_ID}
DISCORD_CLIENT_SECRET: ${SECRET_HEALTHCHECKS_DISCORD_CLIENT_SECRET}
SITE_ROOT: "https://healthchecks.${SECRET_CLUSTER_DOMAIN}"
SITE_NAME: "Homelab HealthChecks"
service:
port:
port: 8000
annotations:
prometheus.io/probe: "true"
prometheus.io/protocol: http
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
persistence:
config:
enabled: false
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
hosts:
- host: healthchecks.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- "healthchecks.${SECRET_CLUSTER_DOMAIN}"

5
cluster/apps/monitoring/healthchecks/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

172
cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json Normal file
View File

@@ -0,0 +1,172 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": 23,
"links": [],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"decimals": 0,
"description": "",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 2,
"legend": {
"alignAsTable": true,
"avg": true,
"current": false,
"hideEmpty": false,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "avg by (kubernetes_node) (\r\n node_hwmon_temp_celsius{chip=\"platform_coretemp_0\"}\r\n )",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{kubernetes_node}}",
"refId": "A"
}
],
"thresholds": [
{
"colorMode": "warning",
"fill": true,
"line": true,
"op": "gt",
"value": 80,
"yaxis": "left"
},
{
"colorMode": "critical",
"fill": true,
"line": true,
"op": "gt",
"value": 90,
"yaxis": "left"
}
],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Nodes Temperatures",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"transformations": [],
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"decimals": 0,
"format": "celsius",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "celsius",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"schemaVersion": 25,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
]
},
"timezone": "",
"title": "Kubernetes / Custom metrics",
"uid": "sn-bOoWMz",
"version": 5
}

2123
cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/longhorn.json Normal file
View File

File diff suppressed because it is too large Load Diff

310
cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml Normal file
View File

@@ -0,0 +1,310 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kube-prometheus-stack
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
version: 14.6.2
sourceRef:
kind: HelmRepository
name: prometheus-community-charts
namespace: flux-system
interval: 5m
timeout: 20m
values:
server:
resources:
requests:
memory: 1500Mi
cpu: 200m
limits:
memory: 2000Mi
prometheusOperator:
createCustomResource: true
alertmanager:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
tls:
- hosts:
- alert-manager.${SECRET_CLUSTER_DOMAIN}
config:
global:
resolve_timeout: 5m
receivers:
- name: "null"
- name: "pushover"
pushover_configs:
- user_key: ${SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY}
token: ${SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN}
route:
receiver: "pushover"
routes:
- match:
alertname: Watchdog
receiver: "null"
- receiver: "pushover"
inhibit_rules:
- source_match:
severity: "critical"
target_match:
severity: "warning"
# Apply inhibition if the alertname is the same.
equal: ["alertname", "namespace"]
alertmanagerSpec:
storage:
volumeClaimTemplate:
spec:
storageClassName: longhorn
resources:
requests:
storage: 10Gi
nodeExporter:
serviceMonitor:
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
kubelet:
serviceMonitor:
metricRelabelings:
- action: replace
sourceLabels:
- node
targetLabel: instance
grafana:
adminPassword: ${SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD}
dashboards:
default:
kubernetes-custom:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json
datasource: Prometheus
longhorn:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/longhorn.json
datasource: Prometheus
deploymentStrategy:
type: Recreate
persistence:
enabled: false
env:
GF_EXPLORE_ENABLED: true
GF_DISABLE_SANITIZE_HTML: true
GF_PANELS_DISABLE_SANITIZE_HTML: true
plugins:
- natel-discrete-panel
- pr0ps-trackmap-panel
- grafana-piechart-panel
- vonage-status-panel
- grafana-worldmap-panel
- grafana-clock-panel
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: "default"
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
sidecar:
datasources:
enabled: true
defaultDatasourceEnabled: false
dashboards:
enabled: true
searchNamespace: ALL
additionalDataSources:
- name: Prometheus
type: prometheus
access: proxy
url: http://thanos-query-http:10902/
isDefault: true
grafana.ini:
server:
root_url: https://grafana.${SECRET_CLUSTER_DOMAIN}
paths:
data: /var/lib/grafana/data
logs: /var/log/grafana
plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning
analytics:
check_for_updates: true
log:
mode: console
grafana_net:
url: https://grafana.net
smtp:
enabled: false
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
tls:
- hosts:
- grafana.${SECRET_CLUSTER_DOMAIN}
kubeEtcd:
enabled: false
kubeControllerManager:
enabled: false
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
prometheus:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
tls:
- hosts:
- prometheus.${SECRET_CLUSTER_DOMAIN}
prometheusSpec:
replicas: 2
replicaExternalLabelName: "replica"
ruleSelector: {}
ruleNamespaceSelector: {}
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelector: {}
serviceMonitorNamespaceSelector: {}
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelector: {}
podMonitorNamespaceSelector: {}
podMonitorSelectorNilUsesHelmValues: false
retention: 6h
enableAdminAPI: true
walCompression: true
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: longhorn
resources:
requests:
storage: 10Gi
thanos:
image: quay.io/thanos/thanos:v0.18.0
objectStorageConfig:
name: thanos
key: object-store.yaml
additionalScrapeConfigs:
- job_name: "opnsense"
scrape_interval: 60s
metrics_path: "/metrics"
static_configs:
- targets: ["opnsense.${SECRET_CLUSTER_DOMAIN_ROOT}:9273"]
labels:
app: "opnsense"
# Example scrape config for probing ingresses via the Blackbox Exporter.
#
# The relabeling allows the actual ingress scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/probe`: Only probe ingresses that have a value of `true`
- job_name: "kubernetes-ingresses"
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: ingress
relabel_configs:
- source_labels:
[__meta_kubernetes_ingress_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[
__meta_kubernetes_ingress_scheme,
__address__,
__meta_kubernetes_ingress_path,
]
regex: (.+);(.+);(.+)
replacement: ${1}://${2}${3}
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_ingress_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_ingress_name]
target_label: kubernetes_name
- job_name: "kubernetes-services-http"
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: http
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
- job_name: "kubernetes-services-tcp"
metrics_path: /probe
scrape_interval: 60s
params:
module: [tcp_connect]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: tcp
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name

5
cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

9
cluster/apps/monitoring/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- blackbox-exporter
- botkube
- healthchecks
- kube-prometheus-stack
- loki-stack
- thanos

151
cluster/apps/monitoring/loki-stack/helm-release.yaml Normal file
View File

@@ -0,0 +1,151 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: loki-stack
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://grafana.github.io/loki/charts
chart: loki-stack
version: 2.1.2
sourceRef:
kind: HelmRepository
name: grafana-loki-charts
namespace: flux-system
interval: 5m
values:
loki:
replicas: 3
persistence:
enabled: false
config:
auth_enabled: false
server:
http_listen_port: 3100
distributor:
ring:
kvstore:
store: memberlist
ingester:
lifecycler:
ring:
kvstore:
store: memberlist
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 5m
chunk_retain_period: 30s
memberlist:
abort_if_cluster_join_fails: false
# Expose this port on all distributor, ingester
# and querier replicas.
bind_port: 7946
# You can use a headless k8s service for all distributor,
# ingester and querier components.
join_members:
- loki-stack-headless:7946
# max_join_backoff: 1m
# max_join_retries: 10
# min_join_backoff: 1s
schema_config:
configs:
- from: 2020-05-15
store: boltdb-shipper
object_store: s3
schema: v11
index:
prefix: index_
period: 24h
storage_config:
aws:
s3: https://${SECRET_MINIO_ACCESS_KEY}:${SECRET_MINIO_SECRET_KEY}@${SECRET_MINIO_ENDPOINT}/loki
s3forcepathstyle: true
boltdb_shipper:
active_index_directory: /data/loki/index
cache_location: /data/loki/index_cache
resync_interval: 5s
shared_store: s3
limits_config:
enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h
extraPorts:
- port: 7956
protocol: TCP
name: loki-gossip-ring
targetPort: 7946
serviceMonitor:
enabled: true
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "http-metrics"
promtail:
serviceMonitor:
enabled: true
extraScrapeConfigs:
pipeline_stages:
- job_name: pfsense
syslog:
listen_address: 0.0.0.0:1514
idle_timeout: 60s
label_structured_data: false
labels:
job: "syslog"
host: pfsense
relabel_configs:
- source_labels: ["__syslog_message_severity"]
target_label: "severity"
#- source_labels: ['__syslog_message_facility']
# target_label: 'facility'
- source_labels: ["__syslog_message_app_name"]
target_label: "app_name"
pipeline_stages:
- match:
selector: '{app_name="filterlog"}'
stages:
- regex:
expression: '(?P<pfsense_fw_rule>\d*?),(?P<pfsense_fw_subrule>\d*?),(?P<pfsense_fw_anchor>\d*?),(?P<pfsense_fw_tracker>\d*?),(?P<pfsense_fw_interface>igb.{1,5}?),(?P<pfsense_fw_reason>\w*?),(?P<pfsense_fw_action>\w*?),(?P<pfsense_fw_direction>\w*?),(?P<pfsense_fw_ip_version>4{1}?),(?P<pfsense_fw_tos>\w*?),(?P<pfsense_fw_ecn>\w*?),(?P<pfsense_fw_ttl>\w*?),(?P<pfsense_fw_id>\w*?),(?P<pfsense_fw_offset>\w*?),(?P<pfsense_fw_flag>\w*?),(?P<pfsense_fw_protocol_id>\d*?),(?P<pfsense_fw_protocol_text>\w*?),(?P<pfsense_fw_length>\d*?),(?P<pfsense_fw_source_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P<pfsense_fw_destination_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P<pfsense_fw_source_port>\d+?),(?P<pfsense_fw_destination_port>\d+?),(?P<pfsense_fw_data_length>\d+?)'
# ipv6 // ,(?P<pfsense_fw_ip_version>6{1}?),(?P<pfsense_fw_lass>\w*?),(?P<pfsense_fw_flow_label>\w*?),(?P<pfsense_fw_hop_limit>\w*?),(?P<pfsense_fw_protocol_text>\w*?),(?P<pfsense_fw_protocol_id>\d*?),
- labels:
pfsense_fw_rule: ""
#pfsense_fw_subrule: ''
#pfsense_fw_anchor: ''
pfsense_fw_tracker: ""
pfsense_fw_interface: ""
pfsense_fw_reason: ""
pfsense_fw_action: ""
pfsense_fw_direction: ""
#pfsense_fw_ip_version: ''
#pfsense_fw_tos: ''
#pfsense_fw_ecn: ''
#pfsense_fw_ttl: ''
#pfsense_fw_id: ''
#pfsense_fw_offset: ''
#pfsense_fw_flag: ''
pfsense_fw_protocol_id: ""
pfsense_fw_protocol_text: ""
#pfsense_fw_length: ''
pfsense_fw_source_address: ""
pfsense_fw_destination_address: ""
pfsense_fw_source_port: ""
pfsense_fw_destination_port: ""
#pfsense_fw_data_length: ''
# - metrics:
# lines_total:
# type: Counter
# description: "pfsense firewall : total number of log lines"
# prefix: pfsense_firewall_
# match_all: true
# count_entry_bytes: true
# config:
# action: add
syslogService:
enabled: true
type: LoadBalancer
port: 1514
externalIPs:
- ${CLUSTER_LB_LOKI_SYSLOG}
externalTrafficPolicy: Local

4
cluster/apps/monitoring/loki-stack/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

53
cluster/apps/monitoring/thanos/helm-release.yaml Normal file
View File

@@ -0,0 +1,53 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: thanos
namespace: monitoring
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://kubernetes-charts.banzaicloud.com
chart: thanos
version: 0.4.2
sourceRef:
kind: HelmRepository
name: banzaicloud-charts
namespace: flux-system
interval: 5m
values:
query:
http:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
hosts: ["thanos.${SECRET_CLUSTER_DOMAIN}"]
tls:
- hosts: ["thanos.${SECRET_CLUSTER_DOMAIN}"]
replicaCount: 3
replicaLabels:
- replica
compact:
retentionResolution1h: 5y
objstore:
type: S3
config:
bucket: "thanos"
region: "us-east-1"
endpoint: ${SECRET_MINIO_ENDPOINT}
access_key: ${SECRET_MINIO_ACCESS_KEY}
secret_key: ${SECRET_MINIO_SECRET_KEY}
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0

4
cluster/apps/monitoring/thanos/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml