shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new cluster

Browse Source
This commit is contained in:
auricom
2021-03-21 01:33:51 +01:00
parent 49718cb277
commit d527627d28
105 changed files with 1835 additions and 2181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
cluster/monitoring/blackbox-exporter.yaml
View File

@@ -17,10 +17,6 @@ spec:
namespace: flux-system
interval: 5m
values:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
allowIcmp: true
config:
modules:
@@ -46,27 +42,62 @@ spec:
release: prometheus
interval: 2m
scrapeTimeout: 30s
targets:
- name: truenas
url: truenas
module: icmp
- name: truenas-remote
url: truenas-remote
module: icmp
- name: borgbackup
url: 192.168.9.20
module: icmp
- name: postgresql
url: postgresql
module: icmp
- name: rpizw1
url: rpizw1
module: icmp
- name: k3os-server
url: k3os-server
module: icmp
- name: k3os-worker1
url: k3os-worker1
module: icmp
- name: k3os-worker2
url: k3os-worker2
module: icmp
- name: k3os-worker3
url: k3os-worker3
module: icmp
prometheusRule:
enabled: true
additionalLabels:
app: prometheus-operator
release: prometheus
rules:
- alert: HostDown
expr: probe_success == 0
for: 10m
labels:
severity: critical
annotations:
message: The host {{"{{ $labels.target }}"}} is currently unreachable
- alert: SlowResponseTime
annotations:
message: The response time for {{"{{ $labels.target }}"}} has been greater than 30 seconds for 5 minutes.
expr: probe_duration_seconds > 30
for: 15m
labels:
severity: warning
valuesFrom:
- kind: ConfigMap
name: "helmrelease-monitoring-blackbox-exporter"
optional: false
- alert: HostDown
expr: probe_success == 0
for: 10m
labels:
severity: critical
annotations:
message: The host {{"{{ $labels.target }}"}} is currently unreachable
- alert: SlowResponseTime
annotations:
message: The response time for {{"{{ $labels.target }}"}} has been greater than 30 seconds for 5 minutes.
expr: probe_duration_seconds > 30
for: 15m
labels:
severity: warning
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts:
- "blackbox.k3s.xpander.ovh"
tls:
- hosts:
- "blackbox.k3s.xpander.ovh"

10
cluster/monitoring/botkube.yaml
View File

@@ -26,14 +26,14 @@ spec:
settings:
clustername: k3s
resources:
- name: v1/pods # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form)
- name: v1/pods # Name of the resources e.g pod, deployment, ingress, etc. (Resource name must be in singular form)
namespaces:
include:
- all
ignore: # List of namespaces to be ignored (omitempty), used only with include: all
- longhorn-system # example : include [all], ignore [x,y,z]
ignore: # List of namespaces to be ignored (omitempty), used only with include: all
- longhorn-system # example : include [all], ignore [x,y,z]
- kube-system
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
events: # List of lifecycle events you want to receive, e.g create, update, delete, error OR all
- create
- delete
- name: v1/services
@@ -179,5 +179,5 @@ spec:
notiftype: short
valuesFrom:
- kind: ConfigMap
name: "helmrelease-monitoring-botkube"
name: botkube-helmrelease
optional: false

15
cluster/monitoring/goldilocks.yaml
View File

@@ -24,6 +24,15 @@ spec:
tag: v3.1.4
dashboard:
replicaCount: 1
valuesFrom:
- kind: ConfigMap
name: helmrelease-monitoring-goldilocks
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts:
- host: goldilocks.k3s.xpander.ovh
paths: ["/"]
tls:
- hosts:
- goldilocks.k3s.xpander.ovh

13
cluster/monitoring/healthchecks.yaml
View File

@@ -17,7 +17,6 @@ spec:
namespace: flux-system
interval: 5m
values:
image:
repository: linuxserver/healthchecks
tag: v1.19.0-ls79
@@ -59,7 +58,15 @@ spec:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
hosts:
- host: healthchecks.k3s.xpander.ovh
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- "healthchecks.k3s.xpander.ovh"
valuesFrom:
- kind: ConfigMap
name: helmrelease-monitoring-healthchecks
- kind: ConfigMap
name: healthchecks-helmrelease

6
cluster/monitoring/influxdb.yaml
View File

@@ -19,7 +19,9 @@ spec:
values:
service:
type: LoadBalancer
loadBalancerIP: 192.168.9.205
externalIPs:
- 192.168.169.107
externalTrafficPolicy: Local
persistence:
enabled: true
size: 30Gi
@@ -56,4 +58,4 @@ spec:
memory: 2Gi
cpu: 100m
limits:
memory: 4Gi
memory: 4Gi

337
cluster/monitoring/kube-prometheus-stack.yaml
View File

@@ -28,6 +28,33 @@ spec:
prometheusOperator:
createCustomResource: true
alertmanager:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts: [alert-manager.k3s.xpander.ovh]
tls:
- hosts:
- alert-manager.k3s.xpander.ovh
config:
global:
resolve_timeout: 5m
route:
receiver: "pushover"
routes:
- match:
alertname: Watchdog
receiver: "null"
- receiver: "pushover"
inhibit_rules:
- source_match:
severity: "critical"
target_match:
severity: "warning"
# Apply inhibition if the alertname is the same.
equal: ["alertname", "namespace"]
alertmanagerSpec:
storage:
volumeClaimTemplate:
@@ -39,19 +66,19 @@ spec:
nodeExporter:
serviceMonitor:
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
kubelet:
serviceMonitor:
metricRelabelings:
- action: replace
sourceLabels:
- node
targetLabel: instance
- action: replace
sourceLabels:
- node
targetLabel: instance
grafana:
dashboards:
default:
@@ -76,23 +103,23 @@ spec:
GF_DISABLE_SANITIZE_HTML: true
GF_PANELS_DISABLE_SANITIZE_HTML: true
plugins:
- natel-discrete-panel
- pr0ps-trackmap-panel
- grafana-piechart-panel
- vonage-status-panel
- https://github.com/panodata/grafana-map-panel/releases/download/0.9.0/grafana-map-panel-0.9.0.zip;grafana-worldmap-panel-ng
- natel-discrete-panel
- pr0ps-trackmap-panel
- grafana-piechart-panel
- vonage-status-panel
- https://github.com/panodata/grafana-map-panel/releases/download/0.9.0/grafana-map-panel-0.9.0.zip;grafana-worldmap-panel-ng
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
- name: "default"
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
sidecar:
datasources:
enabled: true
@@ -101,38 +128,40 @@ spec:
enabled: true
searchNamespace: ALL
additionalDataSources:
- name: Prometheus
type: prometheus
access: proxy
url: http://thanos-query-http:10902/
isDefault: true
- name: loki
type: loki
access: proxy
url: http://loki.logging.svc.cluster.local:3100/
- name: influxdb-pfsense
type: influxdb
acces: server
url: http://influxdb:8086/
database: pfsense
user: pfsense
- name: influxdb-rpi-os
type: influxdb
acces: server
url: http://influxdb:8086/
database: rpi-os
user: rpi-os
- name: influxdb-graphite
type: influxdb
database: graphite
acces: server
url: http://influxdb:8086/
- name: influxdb-home_assistant
type: influxdb
acces: server
url: http://influxdb:8086/
database: home_assistant
- name: Prometheus
type: prometheus
access: proxy
url: http://thanos-query-http:10902/
isDefault: true
- name: loki
type: loki
access: proxy
url: http://loki:3100/
- name: influxdb-pfsense
type: influxdb
acces: server
url: http://influxdb:8086/
database: pfsense
user: pfsense
- name: influxdb-rpi-os
type: influxdb
acces: server
url: http://influxdb:8086/
database: rpi-os
user: rpi-os
- name: influxdb-graphite
type: influxdb
database: graphite
acces: server
url: http://influxdb:8086/
- name: influxdb-home_assistant
type: influxdb
acces: server
url: http://influxdb:8086/
database: home_assistant
grafana.ini:
server:
root_url: https://grafana.k3s.xpander.ovh
paths:
data: /var/lib/grafana/data
logs: /var/log/grafana
@@ -146,6 +175,16 @@ spec:
url: https://grafana.net
smtp:
enabled: false
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts: [grafana.k3s.xpander.ovh]
tls:
- hosts:
- grafana.k3s.xpander.ovh
kubeEtcd:
enabled: false
kubeControllerManager:
@@ -155,6 +194,16 @@ spec:
kubeProxy:
enabled: false
prometheus:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts: [prometheus.k3s.xpander.ovh]
tls:
- hosts:
- prometheus.k3s.xpander.ovh
prometheusSpec:
replicas: 2
replicaExternalLabelName: "replica"
@@ -183,90 +232,100 @@ spec:
name: thanos
key: object-store.yaml
additionalScrapeConfigs:
# Example scrape config for probing ingresses via the Blackbox Exporter.
#
# The relabeling allows the actual ingress scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/probe`: Only probe ingresses that have a value of `true`
- job_name: 'kubernetes-ingresses'
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: ingress
relabel_configs:
- source_labels: [__meta_kubernetes_ingress_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels: [__meta_kubernetes_ingress_scheme, __address__, __meta_kubernetes_ingress_path]
regex: (.+);(.+);(.+)
replacement: ${1}://${2}${3}
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_ingress_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_ingress_name]
target_label: kubernetes_name
- job_name: 'kubernetes-services-http'
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: http
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
- job_name: 'kubernetes-services-tcp'
metrics_path: /probe
scrape_interval: 60s
params:
module: [tcp_connect]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: tcp
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
# Example scrape config for probing ingresses via the Blackbox Exporter.
#
# The relabeling allows the actual ingress scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/probe`: Only probe ingresses that have a value of `true`
- job_name: "kubernetes-ingresses"
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: ingress
relabel_configs:
- source_labels:
[__meta_kubernetes_ingress_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[
__meta_kubernetes_ingress_scheme,
__address__,
__meta_kubernetes_ingress_path,
]
regex: (.+);(.+);(.+)
replacement: ${1}://${2}${3}
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_ingress_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_ingress_name]
target_label: kubernetes_name
- job_name: "kubernetes-services-http"
metrics_path: /probe
scrape_interval: 60s
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: http
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
- job_name: "kubernetes-services-tcp"
metrics_path: /probe
scrape_interval: 60s
params:
module: [tcp_connect]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels:
[__meta_kubernetes_service_annotation_prometheus_io_protocol]
action: keep
regex: tcp
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox-exporter-prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
valuesFrom:
- kind: ConfigMap
name: helmrelease-monitoring-prometheus-stack
- kind: ConfigMap
name: prometheus-stack-helmrelease

9
cluster/monitoring/kubernetes-dashboard.yaml
View File

@@ -21,7 +21,8 @@ spec:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
valuesFrom:
- kind: ConfigMap
name: "helmrelease-monitoring-kubernetes-dashboard"
optional: false
hosts: ["kubernetes-dashboard.k3s.xpander.ovh"]
paths: ["/"]
tls:
- hosts:
- "kubernetes-dashboard.k3s.xpander.ovh"

32
cluster/monitoring/loki-stack.yaml
View File

@@ -46,19 +46,19 @@ spec:
# You can use a headless k8s service for all distributor,
# ingester and querier components.
join_members:
- loki-stack-headless:7946
- loki-stack-headless:7946
# max_join_backoff: 1m
# max_join_retries: 10
# min_join_backoff: 1s
schema_config:
configs:
- from: 2020-05-15
store: boltdb-shipper
object_store: s3
schema: v11
index:
prefix: index_
period: 24h
- from: 2020-05-15
store: boltdb-shipper
object_store: s3
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /data/loki/index
@@ -70,10 +70,10 @@ spec:
reject_old_samples: true
reject_old_samples_max_age: 168h
extraPorts:
- port: 7956
protocol: TCP
name: loki-gossip-ring
targetPort: 7946
- port: 7956
protocol: TCP
name: loki-gossip-ring
targetPort: 7946
serviceMonitor:
enabled: true
podAnnotations:
@@ -143,7 +143,9 @@ spec:
enabled: true
type: LoadBalancer
port: 1514
loadBalancerIP: 192.168.9.208
externalIPs:
- 192.168.169.109
externalTrafficPolicy: Local
valuesFrom:
- kind: ConfigMap
name: helmrelease-monitoring-loki-stack
- kind: ConfigMap
name: loki-stack-helmrelease

65
cluster/monitoring/syslog-ng.yaml
View File

@@ -24,35 +24,36 @@ spec:
app.kubernetes.io/name: syslog-ng
spec:
containers:
- image: balabit/syslog-ng:3.29.1
imagePullPolicy: Always
name: syslog-ng
# securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1001
ports:
- containerPort: 514
name: pfsense-syslog
volumeMounts:
- name: config
mountPath: /etc/syslog-ng/syslog-ng.conf
subPath: syslog-ng.conf
livenessProbe:
exec:
command:
- cat
- image: balabit/syslog-ng:3.29.1
imagePullPolicy: Always
name:
syslog-ng
# securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1001
ports:
- containerPort: 514
name: pfsense-syslog
volumeMounts:
- name: config
mountPath: /etc/syslog-ng/syslog-ng.conf
subPath: syslog-ng.conf
livenessProbe:
exec:
command:
- cat
volumes:
- name: config
configMap:
name: syslog-ng-config
- name: config
configMap:
name: syslog-ng-config
dnsConfig:
options:
- name: ndots
value: "1"
- name: ndots
value: "1"
---
apiVersion: v1
kind: ConfigMap
@@ -89,12 +90,14 @@ metadata:
namespace: monitoring
spec:
ports:
- name: pfsense-syslog
port: 514
protocol: UDP
targetPort: 514
- name: pfsense-syslog
port: 514
protocol: UDP
targetPort: 514
selector:
app.kubernetes.io/instance: syslog-ng
app.kubernetes.io/name: syslog-ng
type: LoadBalancer
loadBalancerIP: 192.168.9.202
externalIPs:
- 192.168.169.108
externalTrafficPolicy: Local

14
cluster/monitoring/thanos.yaml
View File

@@ -18,6 +18,16 @@ spec:
interval: 5m
values:
query:
http:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.auth.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.k3s.xpander.ovh/"
hosts: ["thanos.k3s.xpander.ovh"]
tls:
- hosts: ["thanos.k3s.xpander.ovh"]
replicaCount: 3
replicaLabels:
- replica
@@ -37,5 +47,5 @@ spec:
enable: false
part_size: 0
valuesFrom:
- kind: ConfigMap
name: helmrelease-monitoring-thanos
- kind: ConfigMap
name: thanos-helmrelease