Add alertmanager istio config for metrics, metrics values reorg

This commit is contained in:
Stefan Reimer 2020-12-02 03:53:19 -08:00
parent a9683c19f6
commit ee83391296
6 changed files with 47 additions and 87 deletions

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-metrics name: kubezero-metrics
description: KubeZero Umbrella Chart for prometheus-operator description: KubeZero Umbrella Chart for prometheus-operator
type: application type: application
version: 0.3.0 version: 0.3.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -16,7 +16,7 @@ dependencies:
version: ">= 0.1.3" version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/ repository: https://zero-down-time.github.io/kubezero/
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 12.2.4 version: 12.3.0
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-adapter - name: prometheus-adapter
version: 2.7.1 version: 2.7.1

View File

@ -1,12 +1,13 @@
{{- if .Values.grafana.istio.enabled }} {{- range $name, $service := .Values.istio }}
{{- if .Values.grafana.istio.ipBlocks }}
{{- if and $service.enabled $service.ipBlocks }}
apiVersion: security.istio.io/v1beta1 apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy kind: AuthorizationPolicy
metadata: metadata:
name: grafana-deny-not-in-ipblocks name: {{ $name }}-deny-not-in-ipblocks
namespace: istio-system namespace: istio-system
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{ include "kubezero-lib.labels" $ | indent 4 }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -16,38 +17,10 @@ spec:
- from: - from:
- source: - source:
notIpBlocks: notIpBlocks:
{{- with .Values.grafana.istio.ipBlocks }} {{- toYaml $service.ipBlocks | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to: to:
- operation: - operation:
hosts: ["{{ .Values.grafana.istio.url }}"] hosts: ["{{ $service.url }}"]
{{- end }}
{{- end }}
{{- if .Values.prometheus.istio.enabled }}
{{- if .Values.prometheus.istio.ipBlocks }}
--- ---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: prometheus-deny-not-in-ipblocks
namespace: istio-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- with .Values.prometheus.istio.ipBlocks }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to:
- operation:
hosts: ["{{ .Values.prometheus.istio.url }}"]
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -1,37 +1,23 @@
{{- if .Values.grafana.istio.enabled }} {{- range $name, $service := .Values.istio }}
{{- if $service.enabled }}
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: VirtualService kind: VirtualService
metadata: metadata:
name: grafana name: {{ $name }}
namespace: {{ .Release.Namespace }} namespace: {{ $.Release.Namespace }}
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{ include "kubezero-lib.labels" $ | indent 4 }}
spec: spec:
hosts: hosts:
- {{ .Values.grafana.istio.url }} - {{ index $service.url }}
gateways: gateways:
- {{ .Values.grafana.istio.gateway }} - {{ index $service.gateway }}
http: http:
- route: - route:
- destination: - destination:
host: metrics-grafana host: metrics-{{- $name }}
{{- end }}
{{- if .Values.prometheus.istio.enabled }}
--- ---
apiVersion: networking.istio.io/v1alpha3 {{- end }}
kind: VirtualService
metadata:
name: prometheus
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
hosts:
- {{ .Values.prometheus.istio.url }}
gateways:
- {{ .Values.prometheus.istio.gateway }}
http:
- route:
- destination:
host: metrics-kube-prometheus-st-prometheus
{{- end }} {{- end }}

View File

@ -1,16 +1,3 @@
grafana:
istio:
enabled: false
ipBlocks: []
url: ""
gateway: istio-ingress/ingressgateway
prometheus:
istio:
enabled: false
url: ""
gateway: istio-ingress/ingressgateway
kube-prometheus-stack: kube-prometheus-stack:
defaultRules: defaultRules:
create: true create: true
@ -144,6 +131,8 @@ kube-prometheus-stack:
# Todo # Todo
alertmanager: alertmanager:
enabled: false enabled: false
alertmanagerSpec:
logFormat: json
# Metrics adapter # Metrics adapter
prometheus-adapter: prometheus-adapter:
@ -185,3 +174,22 @@ prometheus-adapter:
resource: pod resource: pod
containerLabel: container containerLabel: container
window: 3m window: 3m
istio:
grafana:
enabled: false
ipBlocks: []
url: ""
gateway: istio-ingress/ingressgateway
prometheus:
enabled: false
ipBlocks: []
url: ""
gateway: istio-ingress/ingressgateway
alertmanager:
enabled: false
ipBlocks: []
url: ""
gateway: istio-ingress/ingressgateway

View File

@ -1,18 +1,8 @@
{{- define "metrics-values" }} {{- define "metrics-values" }}
{{- if .Values.metrics.istio.grafana.enabled }} {{- with .Values.metrics.istio }}
grafana: istio:
istio: {{- toYaml . | nindent 2 }}
{{- with .Values.metrics.istio.grafana }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.istio.prometheus.enabled }}
prometheus:
istio:
{{- with .Values.metrics.istio.prometheus }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
{{- if index .Values "metrics" "kube-prometheus-stack" }} {{- if index .Values "metrics" "kube-prometheus-stack" }}
kube-prometheus-stack: kube-prometheus-stack:

View File

@ -57,6 +57,9 @@ Ingress service interruption ends.
# Changelog # Changelog
## Kubernetes 1.18
https://sysdig.com/blog/whats-new-kubernetes-1-18/
## High level / Admin changes ## High level / Admin changes
- ArgoCD is now optional and NOT required nor used during initial cluster bootstrap - ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
- the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on - the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on