Add alertmanager istio config for metrics, metrics values reorg
This commit is contained in:
parent
a9683c19f6
commit
ee83391296
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-metrics
|
name: kubezero-metrics
|
||||||
description: KubeZero Umbrella Chart for prometheus-operator
|
description: KubeZero Umbrella Chart for prometheus-operator
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.0
|
version: 0.3.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -16,7 +16,7 @@ dependencies:
|
|||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: kube-prometheus-stack
|
- name: kube-prometheus-stack
|
||||||
version: 12.2.4
|
version: 12.3.0
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
- name: prometheus-adapter
|
- name: prometheus-adapter
|
||||||
version: 2.7.1
|
version: 2.7.1
|
||||||
|
@ -1,12 +1,13 @@
|
|||||||
{{- if .Values.grafana.istio.enabled }}
|
{{- range $name, $service := .Values.istio }}
|
||||||
{{- if .Values.grafana.istio.ipBlocks }}
|
|
||||||
|
{{- if and $service.enabled $service.ipBlocks }}
|
||||||
apiVersion: security.istio.io/v1beta1
|
apiVersion: security.istio.io/v1beta1
|
||||||
kind: AuthorizationPolicy
|
kind: AuthorizationPolicy
|
||||||
metadata:
|
metadata:
|
||||||
name: grafana-deny-not-in-ipblocks
|
name: {{ $name }}-deny-not-in-ipblocks
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
labels:
|
labels:
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
{{ include "kubezero-lib.labels" $ | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
@ -16,38 +17,10 @@ spec:
|
|||||||
- from:
|
- from:
|
||||||
- source:
|
- source:
|
||||||
notIpBlocks:
|
notIpBlocks:
|
||||||
{{- with .Values.grafana.istio.ipBlocks }}
|
{{- toYaml $service.ipBlocks | nindent 8 }}
|
||||||
{{- . | toYaml | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
to:
|
to:
|
||||||
- operation:
|
- operation:
|
||||||
hosts: ["{{ .Values.grafana.istio.url }}"]
|
hosts: ["{{ $service.url }}"]
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.prometheus.istio.enabled }}
|
|
||||||
{{- if .Values.prometheus.istio.ipBlocks }}
|
|
||||||
---
|
---
|
||||||
apiVersion: security.istio.io/v1beta1
|
|
||||||
kind: AuthorizationPolicy
|
|
||||||
metadata:
|
|
||||||
name: prometheus-deny-not-in-ipblocks
|
|
||||||
namespace: istio-system
|
|
||||||
labels:
|
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: istio-ingressgateway
|
|
||||||
action: DENY
|
|
||||||
rules:
|
|
||||||
- from:
|
|
||||||
- source:
|
|
||||||
notIpBlocks:
|
|
||||||
{{- with .Values.prometheus.istio.ipBlocks }}
|
|
||||||
{{- . | toYaml | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
to:
|
|
||||||
- operation:
|
|
||||||
hosts: ["{{ .Values.prometheus.istio.url }}"]
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,37 +1,23 @@
|
|||||||
{{- if .Values.grafana.istio.enabled }}
|
{{- range $name, $service := .Values.istio }}
|
||||||
|
|
||||||
|
{{- if $service.enabled }}
|
||||||
apiVersion: networking.istio.io/v1alpha3
|
apiVersion: networking.istio.io/v1alpha3
|
||||||
kind: VirtualService
|
kind: VirtualService
|
||||||
metadata:
|
metadata:
|
||||||
name: grafana
|
name: {{ $name }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ $.Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
{{ include "kubezero-lib.labels" $ | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
hosts:
|
hosts:
|
||||||
- {{ .Values.grafana.istio.url }}
|
- {{ index $service.url }}
|
||||||
gateways:
|
gateways:
|
||||||
- {{ .Values.grafana.istio.gateway }}
|
- {{ index $service.gateway }}
|
||||||
http:
|
http:
|
||||||
- route:
|
- route:
|
||||||
- destination:
|
- destination:
|
||||||
host: metrics-grafana
|
host: metrics-{{- $name }}
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.prometheus.istio.enabled }}
|
|
||||||
---
|
---
|
||||||
apiVersion: networking.istio.io/v1alpha3
|
{{- end }}
|
||||||
kind: VirtualService
|
|
||||||
metadata:
|
|
||||||
name: prometheus
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels:
|
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
||||||
spec:
|
|
||||||
hosts:
|
|
||||||
- {{ .Values.prometheus.istio.url }}
|
|
||||||
gateways:
|
|
||||||
- {{ .Values.prometheus.istio.gateway }}
|
|
||||||
http:
|
|
||||||
- route:
|
|
||||||
- destination:
|
|
||||||
host: metrics-kube-prometheus-st-prometheus
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,16 +1,3 @@
|
|||||||
grafana:
|
|
||||||
istio:
|
|
||||||
enabled: false
|
|
||||||
ipBlocks: []
|
|
||||||
url: ""
|
|
||||||
gateway: istio-ingress/ingressgateway
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
istio:
|
|
||||||
enabled: false
|
|
||||||
url: ""
|
|
||||||
gateway: istio-ingress/ingressgateway
|
|
||||||
|
|
||||||
kube-prometheus-stack:
|
kube-prometheus-stack:
|
||||||
defaultRules:
|
defaultRules:
|
||||||
create: true
|
create: true
|
||||||
@ -144,6 +131,8 @@ kube-prometheus-stack:
|
|||||||
# Todo
|
# Todo
|
||||||
alertmanager:
|
alertmanager:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
alertmanagerSpec:
|
||||||
|
logFormat: json
|
||||||
|
|
||||||
# Metrics adapter
|
# Metrics adapter
|
||||||
prometheus-adapter:
|
prometheus-adapter:
|
||||||
@ -185,3 +174,22 @@ prometheus-adapter:
|
|||||||
resource: pod
|
resource: pod
|
||||||
containerLabel: container
|
containerLabel: container
|
||||||
window: 3m
|
window: 3m
|
||||||
|
|
||||||
|
istio:
|
||||||
|
grafana:
|
||||||
|
enabled: false
|
||||||
|
ipBlocks: []
|
||||||
|
url: ""
|
||||||
|
gateway: istio-ingress/ingressgateway
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
enabled: false
|
||||||
|
ipBlocks: []
|
||||||
|
url: ""
|
||||||
|
gateway: istio-ingress/ingressgateway
|
||||||
|
|
||||||
|
alertmanager:
|
||||||
|
enabled: false
|
||||||
|
ipBlocks: []
|
||||||
|
url: ""
|
||||||
|
gateway: istio-ingress/ingressgateway
|
||||||
|
@ -1,18 +1,8 @@
|
|||||||
{{- define "metrics-values" }}
|
{{- define "metrics-values" }}
|
||||||
|
|
||||||
{{- if .Values.metrics.istio.grafana.enabled }}
|
{{- with .Values.metrics.istio }}
|
||||||
grafana:
|
istio:
|
||||||
istio:
|
{{- toYaml . | nindent 2 }}
|
||||||
{{- with .Values.metrics.istio.grafana }}
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.metrics.istio.prometheus.enabled }}
|
|
||||||
prometheus:
|
|
||||||
istio:
|
|
||||||
{{- with .Values.metrics.istio.prometheus }}
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if index .Values "metrics" "kube-prometheus-stack" }}
|
{{- if index .Values "metrics" "kube-prometheus-stack" }}
|
||||||
kube-prometheus-stack:
|
kube-prometheus-stack:
|
||||||
|
@ -57,6 +57,9 @@ Ingress service interruption ends.
|
|||||||
|
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## Kubernetes 1.18
|
||||||
|
https://sysdig.com/blog/whats-new-kubernetes-1-18/
|
||||||
|
|
||||||
## High level / Admin changes
|
## High level / Admin changes
|
||||||
- ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
|
- ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
|
||||||
- the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on
|
- the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on
|
||||||
|
Loading…
Reference in New Issue
Block a user