Add alertmanager istio config for metrics, metrics values reorg

charts/kubezero-metrics/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-metrics
 description: KubeZero Umbrella Chart for prometheus-operator
 type: application
-version: 0.3.0
+version: 0.3.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -16,7 +16,7 @@ dependencies:
     version: ">= 0.1.3"
     repository: https://zero-down-time.github.io/kubezero/
   - name: kube-prometheus-stack
-    version: 12.2.4
+    version: 12.3.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-adapter
     version: 2.7.1

charts/kubezero-metrics/templates/istio-authorization-policy.yaml

@@ -1,12 +1,13 @@
-{{- if .Values.grafana.istio.enabled }}
+{{- range $name, $service := .Values.istio }}
-{{- if .Values.grafana.istio.ipBlocks }}
+
+{{- if and $service.enabled $service.ipBlocks }}
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
-  name: grafana-deny-not-in-ipblocks
+  name: {{ $name }}-deny-not-in-ipblocks
   namespace: istio-system
   labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
   selector:
     matchLabels:
@@ -16,38 +17,10 @@ spec:
   - from:
     - source:
         notIpBlocks:
-        {{- with .Values.grafana.istio.ipBlocks }}
+        {{- toYaml $service.ipBlocks | nindent 8 }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
     to:
     - operation:
-        hosts: ["{{ .Values.grafana.istio.url }}"]
+        hosts: ["{{ $service.url }}"]
-{{- end }}
-{{- end }}
-{{- if .Values.prometheus.istio.enabled }}
-{{- if .Values.prometheus.istio.ipBlocks }}
 ---
-apiVersion: security.istio.io/v1beta1
-kind: AuthorizationPolicy
-metadata:
-  name: prometheus-deny-not-in-ipblocks
-  namespace: istio-system
-  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app: istio-ingressgateway
-  action: DENY
-  rules:
-  - from:
-    - source:
-        notIpBlocks:
-        {{- with .Values.prometheus.istio.ipBlocks }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
-    to:
-    - operation:
-        hosts: ["{{ .Values.prometheus.istio.url }}"]
 {{- end }}
 {{- end }}

charts/kubezero-metrics/templates/istio-service.yaml

@@ -1,37 +1,23 @@
-{{- if .Values.grafana.istio.enabled }}
+{{- range $name, $service := .Values.istio }}
+
+{{- if $service.enabled }}
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: grafana
+  name: {{ $name }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
   labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+{{ include "kubezero-lib.labels" $ | indent 4 }}
 spec:
   hosts:
-  - {{ .Values.grafana.istio.url }}
+  - {{ index $service.url }}
   gateways:
-  - {{ .Values.grafana.istio.gateway }}
+  - {{ index $service.gateway }}
   http:
   - route:
     - destination:
-        host: metrics-grafana
+        host: metrics-{{- $name }}
-{{- end }}
-{{- if .Values.prometheus.istio.enabled }}
 ---
-apiVersion: networking.istio.io/v1alpha3
+{{- end }}
-kind: VirtualService
+
-metadata:
-  name: prometheus
-  namespace: {{ .Release.Namespace }}
-  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
-spec:
-  hosts:
-  - {{ .Values.prometheus.istio.url }}
-  gateways:
-  - {{ .Values.prometheus.istio.gateway }}
-  http:
-  - route:
-    - destination:
-        host: metrics-kube-prometheus-st-prometheus
 {{- end }}

charts/kubezero-metrics/values.yaml

@@ -1,16 +1,3 @@
-grafana:
-  istio:
-    enabled: false
-    ipBlocks: []
-    url: ""
-    gateway: istio-ingress/ingressgateway
-
-prometheus:
-  istio:
-    enabled: false
-    url: ""
-    gateway: istio-ingress/ingressgateway
-
 kube-prometheus-stack:
   defaultRules:
     create: true
@@ -144,6 +131,8 @@ kube-prometheus-stack:
   # Todo
   alertmanager:
     enabled: false
+    alertmanagerSpec:
+      logFormat: json
 
 # Metrics adapter
 prometheus-adapter:
@@ -185,3 +174,22 @@ prometheus-adapter:
               resource: pod
         containerLabel: container
       window: 3m
+
+istio:
+  grafana:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway
+
+  prometheus:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway
+
+  alertmanager:
+    enabled: false
+    ipBlocks: []
+    url: ""
+    gateway: istio-ingress/ingressgateway

charts/kubezero/templates/metrics.yaml

@@ -1,18 +1,8 @@
 {{- define "metrics-values" }}
 
-{{- if .Values.metrics.istio.grafana.enabled }}
+{{- with .Values.metrics.istio }}
-grafana:
+istio:
-  istio:
+ {{- toYaml . | nindent 2 }}
-    {{- with .Values.metrics.istio.grafana }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}
-{{- if .Values.metrics.istio.prometheus.enabled }}
-prometheus:
-  istio:
-    {{- with .Values.metrics.istio.prometheus }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
 {{- end }}
 {{- if index .Values "metrics" "kube-prometheus-stack" }}
 kube-prometheus-stack:

docs/Upgrade.md

@@ -57,6 +57,9 @@ Ingress service interruption ends.
 
 # Changelog
 
+## Kubernetes 1.18
+https://sysdig.com/blog/whats-new-kubernetes-1-18/
+
 ## High level / Admin changes
 - ArgoCD is now optional and NOT required nor used during initial cluster bootstrap
 - the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on