Add alertmanager istio config for metrics, metrics values reorg

2020-12-02 03:53:19 -08:00 · 2020-12-02 03:53:19 -08:00 · ee83391296
commit ee83391296
parent a9683c19f6
6 changed files with 47 additions and 87 deletions
--- a/charts/kubezero-metrics/Chart.yaml
+++ b/charts/kubezero-metrics/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-metrics
 description: KubeZero Umbrella Chart for prometheus-operator
 type: application
-version: 0.3.0
+version: 0.3.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -16,7 +16,7 @@ dependencies:
    version: ">= 0.1.3"
    repository: https://zero-down-time.github.io/kubezero/
  - name: kube-prometheus-stack
-    version: 12.2.4
+    version: 12.3.0
    repository: https://prometheus-community.github.io/helm-charts
  - name: prometheus-adapter
    version: 2.7.1
--- a/charts/kubezero-metrics/templates/istio-authorization-policy.yaml
+++ b/charts/kubezero-metrics/templates/istio-authorization-policy.yaml
@ -1,12 +1,13 @@
-{{- if .Values.grafana.istio.enabled }}
-{{- if .Values.grafana.istio.ipBlocks }}
+{{- range $name, $service := .Values.istio }}
+
+{{- if and $service.enabled $service.ipBlocks }}
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
-  name: grafana-deny-not-in-ipblocks
+  name: {{ $name }}-deny-not-in-ipblocks
  namespace: istio-system
  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
  selector:
    matchLabels:
@ -16,38 +17,10 @@ spec:
  - from:
    - source:
        notIpBlocks:
-        {{- with .Values.grafana.istio.ipBlocks }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
+        {{- toYaml $service.ipBlocks | nindent 8 }}
    to:
    - operation:
-        hosts: ["{{ .Values.grafana.istio.url }}"]
-{{- end }}
-{{- end }}
-{{- if .Values.prometheus.istio.enabled }}
-{{- if .Values.prometheus.istio.ipBlocks }}
+        hosts: ["{{ $service.url }}"]
 ---
-apiVersion: security.istio.io/v1beta1
-kind: AuthorizationPolicy
-metadata:
-  name: prometheus-deny-not-in-ipblocks
-  namespace: istio-system
-  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app: istio-ingressgateway
-  action: DENY
-  rules:
-  - from:
-    - source:
-        notIpBlocks:
-        {{- with .Values.prometheus.istio.ipBlocks }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
-    to:
-    - operation:
-        hosts: ["{{ .Values.prometheus.istio.url }}"]
 {{- end }}
 {{- end }}
--- a/charts/kubezero-metrics/templates/istio-service.yaml
+++ b/charts/kubezero-metrics/templates/istio-service.yaml
@ -1,37 +1,23 @@
-{{- if .Values.grafana.istio.enabled }}
+{{- range $name, $service := .Values.istio }}
+
+{{- if $service.enabled }}
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: grafana
-  namespace: {{ .Release.Namespace }}
+  name: {{ $name }}
+  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
  hosts:
-  - {{ .Values.grafana.istio.url }}
+  - {{ index $service.url }}
  gateways:
-  - {{ .Values.grafana.istio.gateway }}
+  - {{ index $service.gateway }}
  http:
  - route:
    - destination:
-        host: metrics-grafana
-{{- end }}
-{{- if .Values.prometheus.istio.enabled }}
+        host: metrics-{{- $name }}
 ---
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: prometheus
-  namespace: {{ .Release.Namespace }}
-  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
-spec:
-  hosts:
-  - {{ .Values.prometheus.istio.url }}
-  gateways:
-  - {{ .Values.prometheus.istio.gateway }}
-  http:
-  - route:
-    - destination:
-        host: metrics-kube-prometheus-st-prometheus
+{{- end }}
+
 {{- end }}
--- a/charts/kubezero-metrics/values.yaml
+++ b/charts/kubezero-metrics/values.yaml
@ -1,16 +1,3 @@
-grafana:
-  istio:
-    enabled: false
-    ipBlocks: []
-    url: ""
-    gateway: istio-ingress/ingressgateway
-
-prometheus:
-  istio:
-    enabled: false
-    url: ""
-    gateway: istio-ingress/ingressgateway
-
 kube-prometheus-stack:
  defaultRules:
    create: true
@ -144,6 +131,8 @@ kube-prometheus-stack:
  # Todo
  alertmanager:
    enabled: false
+    alertmanagerSpec:
+      logFormat: json

 # Metrics adapter
 prometheus-adapter:
@ -185,3 +174,22 @@ prometheus-adapter:
              resource: pod
        containerLabel: container
      window: 3m
+
+istio:
+  grafana:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway
+
+  prometheus:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway
+
+  alertmanager:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway
--- a/charts/kubezero/templates/metrics.yaml
+++ b/charts/kubezero/templates/metrics.yaml
@ -1,18 +1,8 @@
 {{- define "metrics-values" }}

-{{- if .Values.metrics.istio.grafana.enabled }}
-grafana:
-  istio:
-    {{- with .Values.metrics.istio.grafana }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}
-{{- if .Values.metrics.istio.prometheus.enabled }}
-prometheus:
-  istio:
-    {{- with .Values.metrics.istio.prometheus }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
+{{- with .Values.metrics.istio }}
+istio:
+ {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- if index .Values "metrics" "kube-prometheus-stack" }}
 kube-prometheus-stack:
--- a/docs/Upgrade.md
+++ b/docs/Upgrade.md
@ -57,6 +57,9 @@ Ingress service interruption ends.

 # Changelog

+## Kubernetes 1.18
+https://sysdig.com/blog/whats-new-kubernetes-1-18/
+
 ## High level / Admin changes
 - ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
 - the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on