mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-26 20:13:31 +02:00
🔧 embed service monitors into helmreleases
This commit is contained in:
auricom
@@ -32,12 +32,15 @@ access_control:
|
|||||||
subject: ["group:admins", "group:users"]
|
subject: ["group:admins", "group:users"]
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
# Deny public resources
|
||||||
|
- domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
|
resources: ["^/metrics.*$"]
|
||||||
|
policy: deny
|
||||||
# Two factors auth for WAN
|
# Two factors auth for WAN
|
||||||
- domain:
|
- domain:
|
||||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
- "*.${SECRET_CLUSTER_DOMAIN}"
|
||||||
subject: ["group:admins", "group:users"]
|
subject: ["group:admins", "group:users"]
|
||||||
policy: two_factor
|
policy: two_factor
|
||||||
|
|
||||||
identity_providers:
|
identity_providers:
|
||||||
oidc:
|
oidc:
|
||||||
cors:
|
cors:
|
||||||
|
|||||||
@@ -47,6 +47,14 @@ spec:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 8080
|
port: 8080
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
|
endpoints:
|
||||||
|
- port: metrics
|
||||||
|
scheme: http
|
||||||
|
path: /metrics
|
||||||
|
interval: 1m
|
||||||
|
scrapeTimeout: 10s
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ namespace: default
|
|||||||
resources:
|
resources:
|
||||||
- secret.sops.yaml
|
- secret.sops.yaml
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
- service-monitor.yaml
|
|
||||||
patchesStrategicMerge:
|
patchesStrategicMerge:
|
||||||
- patches/env.yaml
|
- patches/env.yaml
|
||||||
- patches/postgres.yaml
|
- patches/postgres.yaml
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: &app authelia
|
|
||||||
namespace: default
|
|
||||||
labels: &labels
|
|
||||||
app.kubernetes.io/instance: *app
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
<<: *labels
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
scheme: http
|
|
||||||
path: /metrics
|
|
||||||
interval: 1m
|
|
||||||
scrapeTimeout: 10s
|
|
||||||
@@ -46,6 +46,8 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: *port
|
port: *port
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
|
|||||||
@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
- prometheus.yaml
|
- prometheus-rule.yaml
|
||||||
|
|||||||
@@ -1,24 +1,5 @@
|
|||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: &app zigbee2mqtt-exporter
|
|
||||||
namespace: default
|
|
||||||
labels: &labels
|
|
||||||
app.kubernetes.io/instance: *app
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
<<: *labels
|
|
||||||
endpoints:
|
|
||||||
- port: http
|
|
||||||
scheme: http
|
|
||||||
path: /metrics
|
|
||||||
interval: 1m
|
|
||||||
scrapeTimeout: 10s
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: PrometheusRule
|
kind: PrometheusRule
|
||||||
metadata:
|
metadata:
|
||||||
name: zigbee2mqtt-exporter
|
name: zigbee2mqtt-exporter
|
||||||
@@ -40,6 +40,8 @@ spec:
|
|||||||
websocket:
|
websocket:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 3000
|
port: 3000
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
probes:
|
probes:
|
||||||
liveness: &probes
|
liveness: &probes
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -35,6 +35,17 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 8080
|
port: 8080
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
|
endpoints:
|
||||||
|
- port: http
|
||||||
|
scheme: http
|
||||||
|
path: /metrics
|
||||||
|
interval: 1m
|
||||||
|
scrapeTimeout: 10s
|
||||||
|
relabelings:
|
||||||
|
- sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||||
|
targetLabel: node
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
affinity:
|
affinity:
|
||||||
|
|||||||
@@ -3,4 +3,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
- service-monitor.yaml
|
|
||||||
|
|||||||
@@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: &app intel-gpu-exporter
|
|
||||||
namespace: default
|
|
||||||
labels: &labels
|
|
||||||
app.kubernetes.io/instance: *app
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
<<: *labels
|
|
||||||
endpoints:
|
|
||||||
- port: http
|
|
||||||
interval: 1m
|
|
||||||
scrapeTimeout: 10s
|
|
||||||
path: /metrics
|
|
||||||
relabelings:
|
|
||||||
- sourceLabels: [__meta_kubernetes_pod_node_name]
|
|
||||||
targetLabel: node
|
|
||||||
@@ -32,6 +32,7 @@ spec:
|
|||||||
ND_LOGLEVEL: info
|
ND_LOGLEVEL: info
|
||||||
ND_MUSICFOLDER: /mnt/storage/music/Artistes
|
ND_MUSICFOLDER: /mnt/storage/music/Artistes
|
||||||
ND_PORT: &port 80
|
ND_PORT: &port 80
|
||||||
|
ND_PROMETHEUS_ENABLED: "true"
|
||||||
ND_REVERSEPROXYUSERHEADER: "Remote-User"
|
ND_REVERSEPROXYUSERHEADER: "Remote-User"
|
||||||
ND_REVERSEPROXYWHITELIST: "${NET_POD_CIDR}"
|
ND_REVERSEPROXYWHITELIST: "${NET_POD_CIDR}"
|
||||||
ND_SCANSCHEDULE: "@every 1h"
|
ND_SCANSCHEDULE: "@every 1h"
|
||||||
@@ -41,6 +42,8 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: *port
|
port: *port
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -48,6 +48,14 @@ spec:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 9749
|
port: 9749
|
||||||
|
monitor:
|
||||||
|
enabled: true
|
||||||
|
endpoints:
|
||||||
|
- port: metrics
|
||||||
|
scheme: http
|
||||||
|
path: /metrics
|
||||||
|
interval: 1m
|
||||||
|
scrapeTimeout: 10s
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -4,7 +4,6 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
- secret.sops.yaml
|
- secret.sops.yaml
|
||||||
- service-monitor.yaml
|
|
||||||
namespace: default
|
namespace: default
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: smtp-relay
|
- name: smtp-relay
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: &app smtp-relay
|
|
||||||
namespace: default
|
|
||||||
labels: &labels
|
|
||||||
app.kubernetes.io/instance: *app
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
<<: *labels
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
scheme: http
|
|
||||||
path: /metrics
|
|
||||||
interval: 1m
|
|
||||||
scrapeTimeout: 10s
|
|
||||||
@@ -3,3 +3,5 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- notifications
|
- notifications
|
||||||
- webhook
|
- webhook
|
||||||
|
- pod-monitor.yaml
|
||||||
|
- prometheus-rule.yaml
|
||||||
|
|||||||
19
cluster/core/flux-system/pod-monitor.yaml
Normal file
19
cluster/core/flux-system/pod-monitor.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: flux
|
||||||
|
spec:
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- flux-system
|
||||||
|
selector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app
|
||||||
|
operator: Exists
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http-prom
|
||||||
|
honorLabels: true
|
||||||
18
cluster/core/flux-system/prometheus-rule.yaml
Normal file
18
cluster/core/flux-system/prometheus-rule.yaml
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PrometheusRule
|
||||||
|
metadata:
|
||||||
|
name: flux
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
groups:
|
||||||
|
- name: flux.rules
|
||||||
|
rules:
|
||||||
|
- alert: FluxComponentAbsent
|
||||||
|
annotations:
|
||||||
|
summary: Flux component has disappeared from Prometheus target discovery.
|
||||||
|
expr: |
|
||||||
|
absent(up{job=~".*flux-system.*"} == 1)
|
||||||
|
for: 15m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
Reference in New Issue
Block a user