---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kube-prometheus-stack
namespace: monitoring
spec:
interval: 30m
chart:
spec:
chart: kube-prometheus-stack
version: 67.0.0
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: flux-system
interval: 5m
maxHistory: 2
install:
createNamespace: true
crds: CreateReplace
remediation:
retries: 3
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: openebs
namespace: openebs-system
- name: thanos
namespace: monitoring
values:
###
### Component values
###
kubeApiServer:
enabled: true
serviceMonitor:
metricRelabelings:
- action: replace
sourceLabels:
- node
targetLabel: instance
kubeProxy:
enabled: false
kubeControllerManager:
enabled: false
kubeEtcd:
enabled: false
kubeScheduler:
enabled: false
kubeStateMetrics:
metricLabelsAllowlist:
- "persistentvolumeclaims=[*]"
prometheus:
monitor:
enabled: true
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
grafana:
enabled: false
forceDeployDashboards: true
prometheus-node-exporter:
resources:
requests:
cpu: 23m
memory: 64M
limits:
memory: 64M
prometheus:
monitor:
enabled: true
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
###
### Prometheus operator values
###
prometheusOperator:
prometheusConfigReloader:
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
cpu: 300m
memory: 100Mi
###
### Prometheus instance values
###
prometheus:
ingress:
enabled: true
pathType: Prefix
ingressClassName: "nginx"
annotations:
# nginx.ingress.kubernetes.io/auth-method: GET
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/appName: "Prometheus"
hajimari.io/icon: simple-icons:prometheus
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Prometheus
gethomepage.dev/description: Systems and service monitoring system.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: prometheus.png
gethomepage.dev/pod-selector: >-
app in (
prometheus-kube-prometheus-stack-prometheus
)
hosts: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"]
tls:
- hosts:
- "prometheus.${SECRET_EXTERNAL_DOMAIN}"
prometheusSpec:
podMetadata:
annotations:
secret.reloader.stakater.com/reload: &secret thanos-objstore-config
replicas: 2
replicaExternalLabelName: replica
scrapeInterval: 1m # Must match interval in Grafana Helm chart
podMonitorSelector: &selector
matchLabels: null
probeSelector: *selector
ruleSelector: *selector
scrapeConfigSelector: *selector
serviceMonitorSelector: *selector
retention: 2d
retentionSize: 15GB
enableAdminAPI: true
walCompression: true
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: "rook-ceph-block"
resources:
requests:
storage: 20Gi
thanos:
image: quay.io/thanos/thanos:${THANOS_VERSION}
version: "${THANOS_VERSION#v}"
objectStorageConfig:
existingSecret:
name: *secret
key: config
thanosService:
enabled: true
thanosServiceMonitor:
enabled: true
alertmanager:
config:
global:
resolve_timeout: 5m
receivers:
- name: "null"
- name: "pushover"
pushover_configs:
- user_key: ${SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY}
token: ${SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN}
send_resolved: true
html: true
priority: |-
{{ if eq .Status "firing" }}1{{ else }}0{{ end }}
url_title: View in Alert Manager
title: |-
[{{ .Status | toUpper -}}
{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{- end -}}
] {{ .CommonLabels.alertname }}
message: |-
{{- range .Alerts }}
{{- if ne .Labels.severity "" }}
Severity: {{ .Labels.severity }}
{{- else }}
Severity: N/A
{{- end }}
{{- if ne .Annotations.description "" }}
Description: {{ .Annotations.description }}
{{- else if ne .Annotations.summary "" }}
Summary: {{ .Annotations.summary }}
{{- else if ne .Annotations.message "" }}
Message: {{ .Annotations.message }}
{{- else }}
Description: N/A
{{- end }}
{{- if gt (len .Labels.SortedPairs) 0 }}
Details:
{{- range .Labels.SortedPairs }}
• {{ .Name }}: {{ .Value }}
{{- end }}
{{- end }}
{{- end }}
route:
receiver: "pushover"
routes:
- receiver: "null"
matchers:
- alertname =~ "InfoInhibitor|Watchdog|RebootScheduled"
- receiver: "pushover"
matchers:
- severity = "critical"
continue: true
inhibit_rules:
- source_matchers:
- severity = "critical"
target_matchers:
- severity = "warning"
equal: ["alertname", "namespace"]
alertmanagerSpec:
replicas: 1
podAntiAffinity: hard
storage:
volumeClaimTemplate:
spec:
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi
ingress:
enabled: true
pathType: Prefix
ingressClassName: "nginx"
annotations:
# nginx.ingress.kubernetes.io/auth-method: GET
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/appName: "Alert Manager"
hajimari.io/icon: mdi:alert-decagram-outline
gethomepage.dev/enabled: "true"
gethomepage.dev/name: Alert-Manager
gethomepage.dev/description: Handles alerts sent by Prometheus.
gethomepage.dev/group: Infrastructure
gethomepage.dev/icon: alertmanager.png
gethomepage.dev/pod-selector: >-
app in (
alertmanager-kube-prometheus-stack-alertmanager
)
hosts: ["alert-manager.${SECRET_EXTERNAL_DOMAIN}"]
tls:
- hosts:
- "alert-manager.${SECRET_EXTERNAL_DOMAIN}"
prometheus:
monitor:
enabled: true
relabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node