Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / roles / kube_prometheus_stack / vars / main.yml
blob: 80a74cb8cebf5fe7f8f63d76a2cb4e495cff8d50 [file] [log] [blame]
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]1_kube_prometheus_stack_helm_values:
2 defaultRules:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]3 rules:
4 alertmanager: false
5 etcd: true
6 configReloaders: true
7 general: true
8 k8s: false
9 kubeApiserverAvailability: false
10 kubeApiserverBurnrate: false
11 kubeApiserverHistogram: false
12 kubeApiserverSlos: false
13 kubeControllerManager: false
14 kubelet: false
15 kubeProxy: false
16 kubePrometheusGeneral: true
17 kubePrometheusNodeRecording: true
18 kubernetesApps: false
19 kubernetesResources: false
20 kubernetesStorage: false
21 kubernetesSystem: false
22 kubeSchedulerAlerting: false
23 kubeSchedulerRecording: false
24 kubeStateMetrics: true
25 network: true
26 node: false
27 nodeExporterAlerting: false
28 nodeExporterRecording: false
29 prometheus: true
30 prometheusOperator: true
31 windows: false
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]32 disabled:
33 # NOTE(mnaser): https://github.com/prometheus-community/helm-charts/issues/144
34 # https://github.com/openshift/cluster-monitoring-operator/issues/248
35 etcdHighNumberOfFailedGRPCRequests: true
36 alertmanager:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]37 config:
38 route:
39 group_by:
40 - alertname
41 - severity
42 receiver: notifier
43 routes:
44 - receiver: "null"
45 matchers:
46 - alertname = "InfoInhibitor"
47 - receiver: heartbeat
48 group_wait: 0s
49 group_interval: 30s
50 repeat_interval: 15s
51 matchers:
52 - alertname = "Watchdog"
53 receivers:
54 - name: "null"
55 - name: notifier
56 - name: heartbeat
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]57 service:
58 additionalPorts:
59 - name: oauth2-proxy
60 port: 8081
61 targetPort: 8081
62 - name: oauth2-metrics
63 port: 8082
64 targetPort: 8082
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]65 serviceMonitor:
66 relabelings: &relabelings_instance_to_pod_name
67 - &relabeling_set_pod_name_to_instance
68 sourceLabels:
69 - __meta_kubernetes_pod_name
70 targetLabel: instance
71 - &relabeling_drop_all_kubernetes_labels
72 action: labeldrop
73 regex: ^(container|endpoint|namespace|pod|node|service)$
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]74 ingress:
75 enabled: true
76 servicePort: 8081
77 ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
Mohammed Naser8ba99752024-08-09 00:28:52 -0700[diff] [blame]78 annotations: "{{ kube_prometheus_stack_alertmanager_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]79 hosts:
80 - "{{ kube_prometheus_stack_alertmanager_host }}"
81 tls:
Michiel Piscaer3708ece2024-06-18 21:33:28 +0200[diff] [blame]82 - secretName: "{{ openstack_helm_ingress_secret_name | default('alertmanager-tls')}}"
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]83 hosts:
84 - "{{ kube_prometheus_stack_alertmanager_host }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]85 alertmanagerSpec:
86 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]87 registry: "{{ atmosphere_images['alertmanager'] | vexxhost.kubernetes.docker_image('domain') }}"
88 repository: "{{ atmosphere_images['alertmanager'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]89 tag: "{{ atmosphere_images['alertmanager'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]90 storage:
91 volumeClaimTemplate:
92 spec:
93 storageClassName: general
94 accessModes:
95 - ReadWriteOnce
96 resources:
97 requests:
98 storage: 40Gi
99 nodeSelector: &node_selector
100 openstack-control-plane: enabled
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]101 containers:
102 - name: oauth2-proxy
103 image: "{{ atmosphere_images['oauth2_proxy'] }}"
104 envFrom:
105 - secretRef:
106 name: "{{ kube_prometheus_stack_helm_release_name }}-alertmanager-oauth2-proxy"
107 resources:
108 limits:
109 cpu: 100m
110 memory: 300Mi
111 requests:
112 cpu: 100m
113 memory: 300Mi
114 livenessProbe:
115 httpGet:
116 port: oauth2-proxy
117 path: /ping
118 initialDelaySeconds: 0
119 timeoutSeconds: 1
120 readinessProbe:
121 httpGet:
122 port: oauth2-proxy
123 path: /ready
124 initialDelaySeconds: 0
125 timeoutSeconds: 5
126 successThreshold: 1
127 periodSeconds: 10
128 ports:
129 - containerPort: 8081
130 name: oauth2-proxy
131 protocol: TCP
132 - containerPort: 8082
133 name: oauth2-metrics
134 protocol: TCP
Michiel Piscaerf0836c22024-06-11 17:28:42 +0200[diff] [blame]135 volumeMounts:
136 - name: ca-certificates
137 mountPath: /etc/ssl/certs/ca-certificates.crt
138 readOnly: true
139 volumes:
140 - name: ca-certificates
141 hostPath:
142 path: "{{ defaults_ca_certificates_path }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]143 grafana:
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]144 adminPassword: "{{ kube_prometheus_stack_grafana_admin_password }}"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]145 extraSecretMounts:
146 - name: auth-generic-oauth-secret-mount
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]147 secretName: "{{ kube_prometheus_stack_helm_release_name }}-grafana-client-secret"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]148 defaultMode: "0440"
149 mountPath: /etc/secrets/auth_generic_oauth
150 readOnly: true
151 grafana.ini:
152 server:
153 root_url: https://{{ kube_prometheus_stack_grafana_host }}
154 auth:
Giovanni Tirloni27022ca2024-07-04 18:24:19 -0300[diff] [blame]155 oauth_allow_insecure_email_lookup: true
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]156 oauth_skip_org_role_update_sync: false
157 disable_login_form: true
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]158 signout_redirect_url: "{{ kube_prometheus_stack_keycloak_server_url }}/realms/{{ kube_prometheus_stack_keycloak_realm }}/protocol/openid-connect/logout?post_logout_redirect_uri=https://{{ kube_prometheus_stack_grafana_host }}/login"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]159 auth.generic_oauth:
160 enabled: true
161 name: Atmosphere
162 allow_sign_up: true
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]163 client_id: grafana
164 client_secret: "$__file{/etc/secrets/auth_generic_oauth/password}"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]165 scopes: openid email profile offline_access roles
166 email_attribute_path: email
167 login_attribute_path: username
168 name_attribute_path: full_name
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]169 auth_url: "{{ kube_prometheus_stack_keycloak_server_url }}/realms/{{ kube_prometheus_stack_keycloak_realm }}/protocol/openid-connect/auth"
170 token_url: "{{ kube_prometheus_stack_keycloak_server_url }}/realms/{{ kube_prometheus_stack_keycloak_realm }}/protocol/openid-connect/token"
171 api_url: "{{ kube_prometheus_stack_keycloak_server_url }}/realms/{{ kube_prometheus_stack_keycloak_realm }}/protocol/openid-connect/userinfo"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]172 tls_skip_verify_insecure: true
173 # yamllint disable-line rule:line-length
174 role_attribute_path: "contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || contains(resource_access.grafana.roles[*], 'viewer') && 'Viewer'"
175 role_attribute_strict: true
176 skip_org_role_sync: false
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]177 image:
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]178 registry: "{{ atmosphere_images['grafana'] | vexxhost.kubernetes.docker_image('domain') }}"
179 repository: "{{ atmosphere_images['grafana'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]180 tag: "{{ atmosphere_images['grafana'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]181 ingress:
182 enabled: true
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]183 ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
Mohammed Naser8ba99752024-08-09 00:28:52 -0700[diff] [blame]184 annotations: "{{ kube_prometheus_stack_grafana_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]185 hosts:
186 - "{{ kube_prometheus_stack_grafana_host }}"
187 tls:
Michiel Piscaer3708ece2024-06-18 21:33:28 +0200[diff] [blame]188 - secretName: "{{ openstack_helm_ingress_secret_name | default('grafana-tls')}}"
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]189 hosts:
190 - "{{ kube_prometheus_stack_grafana_host }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]191 sidecar:
192 image:
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]193 registry: "{{ atmosphere_images['grafana_sidecar'] | vexxhost.kubernetes.docker_image('domain') }}"
194 repository: "{{ atmosphere_images['grafana_sidecar'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]195 tag: "{{ atmosphere_images['grafana_sidecar'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]196 datasources:
197 defaultDatasourceEnabled: false
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000[diff] [blame]198 additionalDataSources:
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]199 - name: AlertManager
200 type: alertmanager
201 uid: alertmanager
202 url: '{% raw %}http://{{ printf "%s-alertmanager.%s" .Release.Name .Release.Namespace }}:9093{% endraw %}'
203 access: proxy
204 editable: false
205 jsonData:
206 implementation: prometheus
207 handleGrafanaManagedAlerts: true
208 - name: Prometheus
209 type: prometheus
210 uid: prometheus
211 url: '{% raw %}http://{{ printf "%s-prometheus.%s" .Release.Name .Release.Namespace }}:9090{% endraw %}'
212 access: proxy
213 isDefault: true
214 editable: false
215 jsonData:
216 timeInterval: 30s
217 alertmanagerUid: alertmanager
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000[diff] [blame]218 - name: Loki
219 type: loki
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]220 uid: loki
Mohammed Naser8a2c8fb2023-02-19 17:23:55 +0000[diff] [blame]221 access: proxy
222 url: http://loki-gateway
223 version: 1
224 editable: false
Mohammed Nasercc149682023-04-13 21:26:30 +0000[diff] [blame]225 jsonData:
226 alertmanagerUid: alertmanager
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]227 serviceMonitor:
228 relabelings: *relabelings_instance_to_pod_name
229 nodeSelector: *node_selector
230 kubeApiServer:
231 serviceMonitor:
232 relabelings: &relabelings_instance_to_node_name
233 - sourceLabels:
234 - __meta_kubernetes_pod_node_name
235 targetLabel: instance
236 - *relabeling_drop_all_kubernetes_labels
237 kubelet:
238 serviceMonitor:
239 cAdvisorRelabelings: &relabelings_kubelet
240 - sourceLabels:
241 - __metrics_path__
242 targetLabel: metrics_path
243 - sourceLabels:
244 - node
245 targetLabel: instance
246 - *relabeling_drop_all_kubernetes_labels
247 probesRelabelings: *relabelings_kubelet
248 relabelings: *relabelings_kubelet
249 kubeControllerManager:
250 serviceMonitor:
251 relabelings: *relabelings_instance_to_node_name
252 coreDns:
253 serviceMonitor:
254 relabelings: *relabelings_instance_to_pod_name
255 kubeEtcd:
256 service:
257 port: 2379
258 targetPort: 2379
259 serviceMonitor:
260 scheme: https
261 serverName: localhost
262 insecureSkipVerify: false
263 caFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/ca.crt
264 certFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/healthcheck-client.crt
265 keyFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/healthcheck-client.key
266 relabelings: *relabelings_instance_to_node_name
267 kubeScheduler:
268 service:
269 port: 10259
270 targetPort: 10259
271 serviceMonitor:
272 https: true
273 insecureSkipVerify: true
274 relabelings: *relabelings_instance_to_node_name
275 kubeProxy:
276 serviceMonitor:
277 relabelings: *relabelings_instance_to_node_name
278 kube-state-metrics:
279 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]280 registry: "{{ atmosphere_images['kube_state_metrics'] | vexxhost.kubernetes.docker_image('domain') }}"
281 repository: "{{ atmosphere_images['kube_state_metrics'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]282 tag: "{{ atmosphere_images['kube_state_metrics'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]283 prometheus:
284 monitor:
285 relabelings: *relabelings_instance_to_pod_name
286 nodeSelector: *node_selector
287 prometheus:
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]288 service:
289 additionalPorts:
290 - name: oauth2-proxy
291 port: 8081
292 targetPort: 8081
293 - name: oauth2-metrics
294 port: 8082
295 targetPort: 8082
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]296 serviceMonitor:
297 relabelings: *relabelings_instance_to_pod_name
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]298 ingress:
299 enabled: true
300 servicePort: 8081
301 ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
Mohammed Naser8ba99752024-08-09 00:28:52 -0700[diff] [blame]302 annotations: "{{ kube_prometheus_stack_prometheus_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]303 hosts:
304 - "{{ kube_prometheus_stack_prometheus_host }}"
305 tls:
Michiel Piscaer3708ece2024-06-18 21:33:28 +0200[diff] [blame]306 - secretName: "{{ openstack_helm_ingress_secret_name | default('prometheus-tls')}}"
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]307 hosts:
308 - "{{ kube_prometheus_stack_prometheus_host }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]309 prometheusSpec:
310 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]311 registry: "{{ atmosphere_images['prometheus'] | vexxhost.kubernetes.docker_image('domain') }}"
312 repository: "{{ atmosphere_images['prometheus'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]313 tag: "{{ atmosphere_images['prometheus'] | vexxhost.kubernetes.docker_image('tag') }}"
Yaguang Tang0bdfe942024-07-22 23:01:42 +0800[diff] [blame]314 storageSpec:
315 volumeClaimTemplate:
316 spec:
317 storageClassName: general
318 accessModes: ["ReadWriteOnce"]
319 resources:
320 requests:
321 storage: 100Gi
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]322 nodeSelector: *node_selector
323 secrets:
324 - kube-prometheus-stack-etcd-client-cert
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]325 containers:
Mohammed Naser2a165d32024-08-11 20:04:36 -0700[diff] [blame]326 - name: pod-tls-sidecar
327 image: "{{ atmosphere_images['pod_tls_sidecar'] }}"
328 args:
329 - --template=/config/certificate-template.yml
330 - --ca-path=/certs/ca.crt
331 - --cert-path=/certs/tls.crt
332 - --key-path=/certs/tls.key
333 env:
334 - name: POD_UID
335 valueFrom:
336 fieldRef:
337 fieldPath: metadata.uid
338 - name: POD_NAME
339 valueFrom:
340 fieldRef:
341 fieldPath: metadata.name
342 - name: POD_NAMESPACE
343 valueFrom:
344 fieldRef:
345 fieldPath: metadata.namespace
346 - name: POD_IP
347 valueFrom:
348 fieldRef:
349 fieldPath: status.podIP
350 volumeMounts:
351 - name: kube-prometheus-stack-prometheus-tls
352 mountPath: /config
353 - name: certs
354 mountPath: /certs
Mohammed Naser91e2fa02024-02-23 01:46:39 -0500[diff] [blame]355 - name: oauth2-proxy
356 image: "{{ atmosphere_images['oauth2_proxy'] }}"
357 envFrom:
358 - secretRef:
359 name: "{{ kube_prometheus_stack_helm_release_name }}-prometheus-oauth2-proxy"
360 resources:
361 limits:
362 cpu: 100m
363 memory: 300Mi
364 requests:
365 cpu: 100m
366 memory: 300Mi
367 livenessProbe:
368 httpGet:
369 port: oauth2-proxy
370 path: /ping
371 initialDelaySeconds: 0
372 timeoutSeconds: 1
373 readinessProbe:
374 httpGet:
375 port: oauth2-proxy
376 path: /ready
377 initialDelaySeconds: 0
378 timeoutSeconds: 5
379 successThreshold: 1
380 periodSeconds: 10
381 ports:
382 - containerPort: 8081
383 name: oauth2-proxy
384 protocol: TCP
385 - containerPort: 8082
386 name: oauth2-metrics
387 protocol: TCP
Michiel Piscaerf0836c22024-06-11 17:28:42 +0200[diff] [blame]388 volumeMounts:
389 - name: ca-certificates
390 mountPath: /etc/ssl/certs/ca-certificates.crt
391 readOnly: true
392 volumes:
393 - name: ca-certificates
394 hostPath:
395 path: "{{ defaults_ca_certificates_path }}"
Mohammed Naser2a165d32024-08-11 20:04:36 -0700[diff] [blame]396 - name: certs
397 emptyDir:
398 medium: Memory
399 - name: kube-prometheus-stack-prometheus-tls
400 configMap:
401 name: kube-prometheus-stack-prometheus-tls
402 volumeMounts:
403 - name: certs
404 mountPath: /certs
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]405 additionalServiceMonitors:
Mohammed Naser4569e9b2024-07-19 01:08:18 -0400[diff] [blame]406 - name: goldpinger
407 jobLabel: app.kubernetes.io/instance
408 selector:
409 matchLabels:
410 app.kubernetes.io/instance: goldpinger
411 app.kubernetes.io/name: goldpinger
412 endpoints:
413 - port: http
414 relabelings: *relabelings_instance_to_node_name
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]415 - name: ceph
416 jobLabel: application
417 namespaceSelector:
418 matchNames:
419 - openstack
420 selector:
421 matchLabels:
422 application: ceph
423 endpoints:
424 - port: metrics
425 honorLabels: true
426 relabelings:
427 - action: replace
428 regex: (.*)
429 replacement: ceph
430 targetLabel: cluster
431 - *relabeling_drop_all_kubernetes_labels
432 - name: coredns
433 jobLabel: app.kubernetes.io/name
434 namespaceSelector:
435 matchNames:
436 - openstack
437 selector:
438 matchLabels:
439 app.kubernetes.io/component: metrics
440 app.kubernetes.io/name: coredns
441 endpoints:
442 - port: metrics
443 relabelings:
444 - sourceLabels:
445 - __meta_kubernetes_pod_label_application
446 targetLabel: application
447 - *relabeling_set_pod_name_to_instance
448 - *relabeling_drop_all_kubernetes_labels
Yaguang Tang2ce13b72024-07-11 09:48:01 +0800[diff] [blame]449 - name: keycloak
450 jobLabel: application
451 namespaceSelector:
452 matchNames:
453 - auth-system
454 selector:
455 matchLabels:
456 app.kubernetes.io/component: metrics
457 app.kubernetes.io/name: keycloak
458 endpoints:
459 - port: http
460 relabelings: *relabelings_instance_to_pod_name
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]461 - name: memcached
462 jobLabel: application
463 namespaceSelector:
464 matchNames:
465 - openstack
466 selector:
467 matchLabels:
468 application: memcached
469 component: server
470 endpoints:
471 - port: metrics
472 relabelings: *relabelings_instance_to_pod_name
Mohammed Naser9118f672023-03-15 12:38:00 +0000[diff] [blame]473 - name: ingress-nginx-controller
474 jobLabel: app.kubernetes.io/instance
475 namespaceSelector:
476 matchNames:
477 - ingress-nginx
478 selector:
479 matchLabels:
480 app.kubernetes.io/component: controller
481 app.kubernetes.io/instance: ingress-nginx
482 app.kubernetes.io/name: ingress-nginx
483 endpoints:
484 - port: metrics
485 relabelings: *relabelings_instance_to_node_name
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]486 - name: openstack-exporter
487 jobLabel: jobLabel
488 namespaceSelector:
489 matchNames:
490 - openstack
491 selector:
492 matchLabels:
493 application: openstack-exporter
494 endpoints:
495 - port: metrics
496 interval: 1m
497 relabelings:
498 - action: replace
499 regex: (.*)
500 replacement: default
501 targetLabel: instance
502 scrapeTimeout: 30s
503 additionalPodMonitors:
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]504 - name: ipmi-exporter
505 jobLabel: job
506 selector:
507 matchLabels:
508 application: ipmi-exporter
509 podMetricsEndpoints:
510 - interval: 60s
511 port: metrics
512 relabelings: *relabelings_instance_to_node_name
Oleksandr Kozachenko947a84a2023-10-30 21:50:15 +0100[diff] [blame]513 - name: libvirt-exporter
514 jobLabel: job
Yaguang Tang1ca829c2024-07-06 01:12:32 +0800[diff] [blame]515 namespaceSelector:
516 matchNames:
517 - openstack
Oleksandr Kozachenko947a84a2023-10-30 21:50:15 +0100[diff] [blame]518 selector:
519 matchLabels:
520 application: libvirt
521 component: libvirt
522 podMetricsEndpoints:
523 - interval: 60s
524 port: metrics
525 relabelings: *relabelings_instance_to_node_name
Rico Lind206f5d2024-04-03 05:11:29 +0800[diff] [blame]526 - name: openstack-database-exporter
527 jobLabel: job
528 namespaceSelector:
529 matchNames:
530 - openstack
531 selector:
532 matchLabels:
533 application: openstack-database-exporter
534 podMetricsEndpoints:
535 - interval: 60s
536 port: metrics
537 relabelings: *relabelings_instance_to_pod_name
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]538 - name: percona-xtradb-pxc
539 jobLabel: app.kubernetes.io/component
540 namespaceSelector:
541 matchNames:
542 - openstack
543 selector:
544 matchLabels:
545 app.kubernetes.io/component: pxc
546 app.kubernetes.io/instance: percona-xtradb
547 podMetricsEndpoints:
548 - port: metrics
549 relabelings: *relabelings_instance_to_pod_name
550 - name: rabbitmq
551 jobLabel: app.kubernetes.io/component
552 namespaceSelector:
553 matchNames:
554 - openstack
555 selector:
556 matchLabels:
557 app.kubernetes.io/component: rabbitmq
558 podMetricsEndpoints:
559 - port: prometheus
560 relabelings: *relabelings_instance_to_pod_name
561 prometheusOperator:
562 admissionWebhooks:
563 patch:
564 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]565 registry: "{{ atmosphere_images['prometheus_operator_kube_webhook_certgen'] | vexxhost.kubernetes.docker_image('domain') }}"
566 repository: "{{ atmosphere_images['prometheus_operator_kube_webhook_certgen'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]567 tag: "{{ atmosphere_images['prometheus_operator_kube_webhook_certgen'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]568 nodeSelector: *node_selector
569 serviceMonitor:
570 relabelings: *relabelings_instance_to_pod_name
571 nodeSelector: *node_selector
572 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]573 registry: "{{ atmosphere_images['prometheus_operator'] | vexxhost.kubernetes.docker_image('domain') }}"
574 repository: "{{ atmosphere_images['prometheus_operator'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]575 tag: "{{ atmosphere_images['prometheus_operator'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]576 prometheusConfigReloader:
577 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]578 registry: "{{ atmosphere_images['prometheus_config_reloader'] | vexxhost.kubernetes.docker_image('domain') }}"
579 repository: "{{ atmosphere_images['prometheus_config_reloader'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]580 tag: "{{ atmosphere_images['prometheus_config_reloader'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]581 prometheus-node-exporter:
582 image:
Mohammed Naser5b49cbb2023-08-30 16:16:37 -0400[diff] [blame]583 registry: "{{ atmosphere_images['prometheus_node_exporter'] | vexxhost.kubernetes.docker_image('domain') }}"
584 repository: "{{ atmosphere_images['prometheus_node_exporter'] | vexxhost.kubernetes.docker_image('path') }}"
Mohammed Naser31171f42023-03-19 00:10:46 +0000[diff] [blame]585 tag: "{{ atmosphere_images['prometheus_node_exporter'] | vexxhost.kubernetes.docker_image('tag') }}"
Mohammed Naser2a165d32024-08-11 20:04:36 -0700[diff] [blame]586 prometheus:
587 monitor:
588 scheme: https
589 tlsConfig:
590 caFile: /certs/ca.crt
591 certFile: /certs/tls.crt
592 keyFile: /certs/tls.key
593 relabelings: *relabelings_instance_to_node_name
594 serviceAccount:
595 automountServiceAccountToken: true
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]596 extraArgs:
597 - --collector.diskstats.ignored-devices=^(ram|loop|nbd|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$
598 - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|fuse.squashfuse_ll|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
599 - --collector.filesystem.mount-points-exclude=^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+|var/lib/kubelet/plugins/kubernetes.io/csi/.+|run/containerd/.+)($|/)
Mohammed Naser7ae2b652023-06-20 13:33:57 -0400[diff] [blame]600 - --collector.netclass.ignored-devices=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$
601 - --collector.netdev.device-exclude=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$
Mohammed Naser4569e9b2024-07-19 01:08:18 -0400[diff] [blame]602 - --collector.processes
603 - --collector.systemd
Yaguang Tange1862732024-08-01 08:19:34 +0800[diff] [blame]604 - --collector.stat.softirq
Mohammed Naser2a165d32024-08-11 20:04:36 -0700[diff] [blame]605 - --web.config.file=/config/node-exporter.yml
606 configmaps:
607 - name: kube-prometheus-stack-node-exporter
608 mountPath: /config
609 sidecars:
610 - name: pod-tls-sidecar
611 image: "{{ atmosphere_images['pod_tls_sidecar'] }}"
612 args:
613 - --template=/config/certificate-template.yml
614 - --ca-path=/certs/ca.crt
615 - --cert-path=/certs/tls.crt
616 - --key-path=/certs/tls.key
617 env:
618 - name: POD_UID
619 valueFrom:
620 fieldRef:
621 fieldPath: metadata.uid
622 - name: POD_NAME
623 valueFrom:
624 fieldRef:
625 fieldPath: metadata.name
626 - name: POD_NAMESPACE
627 valueFrom:
628 fieldRef:
629 fieldPath: metadata.namespace
630 - name: POD_IP
631 valueFrom:
632 fieldRef:
633 fieldPath: status.podIP
634 volumeMounts:
635 - name: kube-prometheus-stack-node-exporter
636 mountPath: /config
637 sidecarVolumeMount:
638 - name: certs
639 mountPath: /certs
640 livenessProbe:
641 httpGet:
642 scheme: https
643 readinessProbe:
644 httpGet:
645 scheme: https
646 extraManifests:
647 - |
648 apiVersion: v1
649 kind: ConfigMap
650 metadata:
651 name: kube-prometheus-stack-node-exporter
652 data:
653 node-exporter.yml: |
654 {{ kube_prometheus_stack_node_exporter_config | to_nice_yaml | indent(4) }}
655 certificate-template.yml: |
656 {{ kube_prometheus_stack_node_exporter_tls_template | to_nice_yaml | indent(4) }}
Mohammed Naser273d3ca2023-01-29 22:28:54 +0000[diff] [blame]657 additionalPrometheusRulesMap: "{{ lookup('vexxhost.atmosphere.jsonnet', 'jsonnet/rules.jsonnet') }}"
Mohammed Naser2a165d32024-08-11 20:04:36 -0700[diff] [blame]658 extraManifests:
659 - apiVersion: rbac.authorization.k8s.io/v1
660 kind: Role
661 metadata:
662 name: "{{ kube_prometheus_stack_helm_release_name }}-pod-tls-sidecar"
663 namespace: "{{ kube_prometheus_stack_helm_release_namespace }}"
664 rules:
665 - apiGroups:
666 - cert-manager.io
667 verbs:
668 - get
669 - list
670 - create
671 - watch
672 resources:
673 - certificates
674 - apiGroups:
675 - ""
676 verbs:
677 - get
678 - list
679 - patch
680 - watch
681 resources:
682 - secrets
683 - apiVersion: rbac.authorization.k8s.io/v1
684 kind: RoleBinding
685 metadata:
686 name: "{{ kube_prometheus_stack_helm_release_name }}-pod-tls-sidecar"
687 namespace: "{{ kube_prometheus_stack_helm_release_namespace }}"
688 roleRef:
689 apiGroup: rbac.authorization.k8s.io
690 kind: Role
691 name: "{{ kube_prometheus_stack_helm_release_name }}-pod-tls-sidecar"
692 subjects:
693 - kind: ServiceAccount
694 name: "{{ kube_prometheus_stack_helm_release_name }}-prometheus-node-exporter"
695 namespace: "{{ kube_prometheus_stack_helm_release_namespace }}"
696 - kind: ServiceAccount
697 name: "{{ kube_prometheus_stack_helm_release_name }}-prometheus"
698 namespace: "{{ kube_prometheus_stack_helm_release_namespace }}"
699 - apiVersion: v1
700 kind: ConfigMap
701 metadata:
702 name: "{{ kube_prometheus_stack_helm_release_name }}-prometheus-tls"
703 data:
704 certificate-template.yml: |
705 {{ kube_prometheus_stack_prometheus_tls_template | to_nice_yaml }}
706
707_kube_prometheus_stack_tls_template:
708 apiVersion: cert-manager.io/v1
709 kind: Certificate
710 metadata:
711 name: "{{ '{{`{{ .PodInfo.Name }}`}}' ~ '-tls' }}"
712 namespace: "{{ '{{`{{ .PodInfo.Namespace }}`}}' }}"
713 spec:
714 commonName: "{{ '{{`{{ .Hostname }}`}}' }}"
715 dnsNames:
716 - "{{ '{{`{{ .Hostname }}`}}' }}"
717 - "{{ '{{`{{ .FQDN }}`}}' }}"
718 ipAddresses:
719 - "{{ '{{`{{ .PodInfo.IP }}`}}' }}"
720 issuerRef:
721 kind: ClusterIssuer
722 name: kube-prometheus-stack
723 usages:
724 - client auth
725 - server auth
726 secretName: "{{ '{{`{{ .PodInfo.Name }}`}}' ~ '-tls' }}"