Add alertmanager istio config for metrics, metrics values reorg

2020-12-02 03:53:19 -08:00 · 2020-12-02 03:53:19 -08:00 · ee83391296
commit ee83391296
parent a9683c19f6
6 changed files with 47 additions and 87 deletions
--- a/charts/kubezero-metrics/Chart.yaml
+++ b/charts/kubezero-metrics/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-metrics
 description: KubeZero Umbrella Chart for prometheus-operator
 type: application
-version: 0.3.0
+version: 0.3.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -16,7 +16,7 @@ dependencies:
    version: ">= 0.1.3"
    repository: https://zero-down-time.github.io/kubezero/
  - name: kube-prometheus-stack
-    version: 12.2.4
+    version: 12.3.0
    repository: https://prometheus-community.github.io/helm-charts
  - name: prometheus-adapter
    version: 2.7.1
--- a/charts/kubezero-metrics/templates/istio-authorization-policy.yaml
+++ b/charts/kubezero-metrics/templates/istio-authorization-policy.yaml
@ -1,12 +1,13 @@
-{{- if .Values.grafana.istio.enabled }}
+{{- range $name, $service := .Values.istio }}
-{{- if .Values.grafana.istio.ipBlocks }}
+
 {{- if and $service.enabled $service.ipBlocks }}
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
-  name: grafana-deny-not-in-ipblocks
+  name: {{ $name }}-deny-not-in-ipblocks
  namespace: istio-system
  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
  selector:
    matchLabels:
@ -16,38 +17,10 @@ spec:
  - from:
    - source:
        notIpBlocks:
-        {{- with .Values.grafana.istio.ipBlocks }}
+        {{- toYaml $service.ipBlocks | nindent 8 }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
    to:
    - operation:
-        hosts: ["{{ .Values.grafana.istio.url }}"]
+        hosts: ["{{ $service.url }}"]
 {{- end }}
 {{- end }}
 {{- if .Values.prometheus.istio.enabled }}
 {{- if .Values.prometheus.istio.ipBlocks }}
 ---
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
  name: prometheus-deny-not-in-ipblocks
  namespace: istio-system
  labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
  selector:
    matchLabels:
      app: istio-ingressgateway
  action: DENY
  rules:
  - from:
    - source:
        notIpBlocks:
        {{- with .Values.prometheus.istio.ipBlocks }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
    to:
    - operation:
        hosts: ["{{ .Values.prometheus.istio.url }}"]
 {{- end }}
 {{- end }}
--- a/charts/kubezero-metrics/templates/istio-service.yaml
+++ b/charts/kubezero-metrics/templates/istio-service.yaml
@ -1,37 +1,23 @@
-{{- if .Values.grafana.istio.enabled }}
+{{- range $name, $service := .Values.istio }}
 {{- if $service.enabled }}
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: grafana
+  name: {{ $name }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
  hosts:
-  - {{ .Values.grafana.istio.url }}
+  - {{ index $service.url }}
  gateways:
-  - {{ .Values.grafana.istio.gateway }}
+  - {{ index $service.gateway }}
  http:
  - route:
    - destination:
-        host: metrics-grafana
+        host: metrics-{{- $name }}
 {{- end }}
 {{- if .Values.prometheus.istio.enabled }}
 ---
-apiVersion: networking.istio.io/v1alpha3
+{{- end }}
-kind: VirtualService
+
 metadata:
  name: prometheus
  namespace: {{ .Release.Namespace }}
  labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
  hosts:
  - {{ .Values.prometheus.istio.url }}
  gateways:
  - {{ .Values.prometheus.istio.gateway }}
  http:
  - route:
    - destination:
        host: metrics-kube-prometheus-st-prometheus
 {{- end }}
--- a/charts/kubezero-metrics/values.yaml
+++ b/charts/kubezero-metrics/values.yaml
@ -1,16 +1,3 @@
 grafana:
  istio:
    enabled: false
    ipBlocks: []
    url: ""
    gateway: istio-ingress/ingressgateway
 prometheus:
  istio:
    enabled: false
    url: ""
    gateway: istio-ingress/ingressgateway
 kube-prometheus-stack:
  defaultRules:
    create: true
@ -144,6 +131,8 @@ kube-prometheus-stack:
  # Todo
  alertmanager:
    enabled: false
    alertmanagerSpec:
      logFormat: json
 # Metrics adapter
 prometheus-adapter:
@ -185,3 +174,22 @@ prometheus-adapter:
              resource: pod
        containerLabel: container
      window: 3m
 istio:
  grafana:
    enabled: false
    ipBlocks: []
    url: ""
    gateway: istio-ingress/ingressgateway
  prometheus:
    enabled: false
    ipBlocks: []
    url: ""
    gateway: istio-ingress/ingressgateway
  alertmanager:
    enabled: false
    ipBlocks: []
    url: ""
    gateway: istio-ingress/ingressgateway
--- a/charts/kubezero/templates/metrics.yaml
+++ b/charts/kubezero/templates/metrics.yaml
@ -1,18 +1,8 @@
 {{- define "metrics-values" }}
-{{- if .Values.metrics.istio.grafana.enabled }}
+{{- with .Values.metrics.istio }}
-grafana:
+istio:
-  istio:
+ {{- toYaml . | nindent 2 }}
    {{- with .Values.metrics.istio.grafana }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
 {{- if .Values.metrics.istio.prometheus.enabled }}
 prometheus:
  istio:
    {{- with .Values.metrics.istio.prometheus }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
 {{- if index .Values "metrics" "kube-prometheus-stack" }}
 kube-prometheus-stack:
--- a/docs/Upgrade.md
+++ b/docs/Upgrade.md
@ -57,6 +57,9 @@ Ingress service interruption ends.
 # Changelog
 ## Kubernetes 1.18
 https://sysdig.com/blog/whats-new-kubernetes-1-18/
 ## High level / Admin changes
 - ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
 - the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on