Release V2.19.3 #41
|
@ -8,3 +8,4 @@
|
||||||
|
|
||||||
# Breaks Helm V3 dependencies in Argo
|
# Breaks Helm V3 dependencies in Argo
|
||||||
Chart.lock
|
Chart.lock
|
||||||
|
kubezero-repo.???
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
*.sh
|
||||||
|
*.md
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubeadm
|
name: kubeadm
|
||||||
description: KubeZero Kubeadm golden config
|
description: KubeZero Kubeadm golden config
|
||||||
type: application
|
type: application
|
||||||
version: 1.19.9
|
version: 1.20.0
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -42,6 +42,7 @@ apiServer:
|
||||||
audit-log-maxage: "7"
|
audit-log-maxage: "7"
|
||||||
audit-log-maxsize: "100"
|
audit-log-maxsize: "100"
|
||||||
audit-log-maxbackup: "3"
|
audit-log-maxbackup: "3"
|
||||||
|
audit-log-compress: "true"
|
||||||
tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
|
tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
|
||||||
admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml
|
admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml
|
||||||
{{- if eq .Values.platform "aws" }}
|
{{- if eq .Values.platform "aws" }}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
|
||||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
kind: KubeletConfiguration
|
kind: KubeletConfiguration
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -22,14 +23,15 @@ featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform"
|
||||||
podsPerCore: 20
|
podsPerCore: 20
|
||||||
# cpuCFSQuotaPeriod: 10ms
|
# cpuCFSQuotaPeriod: 10ms
|
||||||
# Basic OS on Ubuntu 20.04 incl. crio
|
# Basic OS on Ubuntu 20.04 incl. crio
|
||||||
#systemReserved:
|
systemReserved:
|
||||||
# memory: 256Mi
|
memory: 256Mi
|
||||||
# This should be dynamic based on number of maxpods and available cores
|
ephemeral-storage: "2Gi"
|
||||||
# https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#memory_cpu
|
# kubelet memory should be static as runc,conmon are added to each pod's cgroup
|
||||||
# Below are default minimal for 2 cores and minimum kubelet
|
|
||||||
kubeReserved:
|
kubeReserved:
|
||||||
cpu: 70m
|
cpu: 70m
|
||||||
# memory: 128Mi
|
memory: 128Mi
|
||||||
# Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems
|
# Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems
|
||||||
evictionHard:
|
#evictionHard:
|
||||||
memory.available: "484Mi"
|
# memory.available: "484Mi"
|
||||||
|
imageGCLowThresholdPercent: 70
|
||||||
|
kernelMemcgNotification: true
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
# aws-iam-authenticator
|
||||||
|
- https://github.com/kubernetes-sigs/aws-iam-authenticator
|
|
@ -2,17 +2,14 @@
|
||||||
Feature gates for all control plane components
|
Feature gates for all control plane components
|
||||||
*/ -}}
|
*/ -}}
|
||||||
{{- define "kubeadm.featuregates" -}}
|
{{- define "kubeadm.featuregates" -}}
|
||||||
{{- $gates := dict "DefaultPodTopologySpread" "true" "CustomCPUCFSQuotaPeriod" "true" "GenericEphemeralVolume" "true" }}
|
{{- $gates := list "CustomCPUCFSQuotaPeriod" "GenericEphemeralVolume" "CSIMigrationAWSComplete" "CSIMigrationAzureDiskComplete" "CSIMigrationAzureFileComplete" "CSIMigrationGCEComplete" "CSIMigrationOpenStackComplete" "CSIMigrationvSphereComplete" }}
|
||||||
{{- if eq .platform "aws" }}
|
|
||||||
{{- $gates = merge $gates ( dict "CSIMigrationAWS" "true" "CSIMigrationAWSComplete" "true") }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if eq .return "csv" }}
|
{{- if eq .return "csv" }}
|
||||||
{{- range $key, $val := $gates }}
|
{{- range $key := $gates }}
|
||||||
{{- $key }}={{- $val }},
|
{{- $key }}=true,
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- range $key, $val := $gates }}
|
{{- range $key := $gates }}
|
||||||
{{ $key }}: {{ $val }}
|
{{ $key }}: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Create IAM role for ECR read-only access
|
||||||
|
- Attach managed policy: `AmazonEC2ContainerRegistryReadOnly`
|
||||||
|
|
||||||
|
# Create secret for IAM user for ecr-renew
|
||||||
|
`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>
|
||||||
|
|
||||||
|
# Resources
|
||||||
|
- https://github.com/nabsul/k8s-ecr-login-renew
|
|
@ -0,0 +1,40 @@
|
||||||
|
apiVersion: batch/v1beta1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
namespace: kube-system
|
||||||
|
name: ecr-renew
|
||||||
|
labels:
|
||||||
|
app: ecr-renew
|
||||||
|
spec:
|
||||||
|
schedule: "0 */6 * * *"
|
||||||
|
successfulJobsHistoryLimit: 3
|
||||||
|
failedJobsHistoryLimit: 5
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
serviceAccountName: ecr-renew
|
||||||
|
containers:
|
||||||
|
- name: ecr-renew
|
||||||
|
image: nabsul/k8s-ecr-login-renew:v1.4
|
||||||
|
env:
|
||||||
|
- name: DOCKER_SECRET_NAME
|
||||||
|
value: ecr-login
|
||||||
|
- name: TARGET_NAMESPACE
|
||||||
|
value: "*"
|
||||||
|
- name: AWS_REGION
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ecr-renew-cred
|
||||||
|
key: AWS_REGION
|
||||||
|
- name: AWS_ACCESS_KEY_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ecr-renew-cred
|
||||||
|
key: AWS_ACCESS_KEY_ID
|
||||||
|
- name: AWS_SECRET_ACCESS_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ecr-renew-cred
|
||||||
|
key: AWS_SECRET_ACCESS_KEY
|
|
@ -0,0 +1,31 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
namespace: kube-system
|
||||||
|
name: ecr-renew
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: ecr-renew
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["secrets"]
|
||||||
|
verbs: ["create", "update", "get", "delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["namespaces"]
|
||||||
|
verbs: ["get", "list"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
namespace: kube-system
|
||||||
|
name: ecr-renew
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: ecr-renew
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: ecr-renew
|
||||||
|
namespace: kube-system
|
|
@ -3,5 +3,5 @@ spec:
|
||||||
- name: etcd
|
- name: etcd
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 250m
|
cpu: 200m
|
||||||
memory: 192Mi
|
memory: 192Mi
|
||||||
|
|
|
@ -3,5 +3,5 @@ spec:
|
||||||
- name: kube-apiserver
|
- name: kube-apiserver
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 250m
|
cpu: 200m
|
||||||
memory: 1Gi
|
memory: 1Gi
|
||||||
|
|
|
@ -3,5 +3,5 @@ spec:
|
||||||
- name: kube-controller-manager
|
- name: kube-controller-manager
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 200m
|
cpu: 100m
|
||||||
memory: 128Mi
|
memory: 128Mi
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: node.k8s.io/v1
|
||||||
|
kind: RuntimeClass
|
||||||
|
metadata:
|
||||||
|
name: crio
|
||||||
|
handler: runc
|
||||||
|
overhead:
|
||||||
|
podFixed:
|
||||||
|
memory: 16Mi
|
|
@ -13,5 +13,4 @@ systemd: true
|
||||||
protectKernelDefaults: true
|
protectKernelDefaults: true
|
||||||
|
|
||||||
WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
WorkerIamRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
|
||||||
KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
|
|
|
@ -2,8 +2,8 @@ apiVersion: v2
|
||||||
name: kubezero-istio-ingress
|
name: kubezero-istio-ingress
|
||||||
description: KubeZero Umbrella Chart for Istio based Ingress
|
description: KubeZero Umbrella Chart for Istio based Ingress
|
||||||
type: application
|
type: application
|
||||||
version: 0.5.1
|
version: 0.5.2
|
||||||
appVersion: 1.9.2
|
appVersion: 1.9.3
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -16,9 +16,9 @@ dependencies:
|
||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: istio-ingress
|
- name: istio-ingress
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
condition: istio-ingress.enabled
|
condition: istio-ingress.enabled
|
||||||
- name: istio-private-ingress
|
- name: istio-private-ingress
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
condition: istio-private-ingress.enabled
|
condition: istio-private-ingress.enabled
|
||||||
kubeVersion: ">= 1.18.0"
|
kubeVersion: ">= 1.18.0"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-ingress
|
name: istio-ingress
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -174,7 +174,7 @@ global:
|
||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
|
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.9.2
|
tag: 1.9.3
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-private-ingress
|
name: istio-private-ingress
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -174,7 +174,7 @@ global:
|
||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
|
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.9.2
|
tag: 1.9.3
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Make sure these values match kuberzero-istio !!!
|
# Make sure these values match kuberzero-istio !!!
|
||||||
global:
|
global:
|
||||||
#hub: docker.io/istio
|
#hub: docker.io/istio
|
||||||
#tag: 1.9.0
|
#tag: 1.9.3
|
||||||
|
|
||||||
logAsJson: true
|
logAsJson: true
|
||||||
jwtPolicy: first-party-jwt
|
jwtPolicy: first-party-jwt
|
||||||
|
@ -23,10 +23,11 @@ istio-ingress:
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
|
cpu: 50m
|
||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
limits:
|
limits:
|
||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
memory: 256Mi
|
memory: 512Mi
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
podAntiAffinityLabelSelector:
|
podAntiAffinityLabelSelector:
|
||||||
- key: app
|
- key: app
|
||||||
|
@ -37,7 +38,6 @@ istio-ingress:
|
||||||
env:
|
env:
|
||||||
TERMINATION_DRAIN_DURATION_SECONDS: '"60"'
|
TERMINATION_DRAIN_DURATION_SECONDS: '"60"'
|
||||||
# ISTIO_META_HTTP10: '"1"'
|
# ISTIO_META_HTTP10: '"1"'
|
||||||
|
|
||||||
# The node selector is normally the list of nodeports, see CloudBender
|
# The node selector is normally the list of nodeports, see CloudBender
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node.kubernetes.io/ingress.public: "30080_30443"
|
node.kubernetes.io/ingress.public: "30080_30443"
|
||||||
|
@ -87,11 +87,11 @@ istio-private-ingress:
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 50m
|
||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
limits:
|
limits:
|
||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
memory: 256Mi
|
memory: 512Mi
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
podAntiAffinityLabelSelector:
|
podAntiAffinityLabelSelector:
|
||||||
- key: app
|
- key: app
|
||||||
|
@ -102,7 +102,6 @@ istio-private-ingress:
|
||||||
env:
|
env:
|
||||||
TERMINATION_DRAIN_DURATION_SECONDS: '"60"'
|
TERMINATION_DRAIN_DURATION_SECONDS: '"60"'
|
||||||
# ISTIO_META_HTTP10: '"1"'
|
# ISTIO_META_HTTP10: '"1"'
|
||||||
|
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node.kubernetes.io/ingress.private: "31080_31443"
|
node.kubernetes.io/ingress.private: "31080_31443"
|
||||||
#nodeSelector: "31080_31443_31671_31672_31224"
|
#nodeSelector: "31080_31443_31671_31672_31224"
|
||||||
|
|
|
@ -2,8 +2,8 @@ apiVersion: v2
|
||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.5.1
|
version: 0.5.3
|
||||||
appVersion: 1.9.2
|
appVersion: 1.9.3
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -16,7 +16,7 @@ dependencies:
|
||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: base
|
- name: base
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
- name: istio-discovery
|
- name: istio-discovery
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
kubeVersion: ">= 1.18.0"
|
kubeVersion: ">= 1.18.0"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: base
|
name: base
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio cluster resources and CRDs
|
description: Helm chart for deploying Istio cluster resources and CRDs
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-discovery
|
name: istio-discovery
|
||||||
version: 1.9.2
|
version: 1.9.3
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for istio control plane
|
description: Helm chart for istio control plane
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -232,7 +232,7 @@ global:
|
||||||
# Dev builds from prow are on gcr.io
|
# Dev builds from prow are on gcr.io
|
||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
# Default tag for Istio images.
|
# Default tag for Istio images.
|
||||||
tag: 1.9.2
|
tag: 1.9.3
|
||||||
|
|
||||||
# Specify image pull policy if default behavior isn't desired.
|
# Specify image pull policy if default behavior isn't desired.
|
||||||
# Default behavior: latest images will be Always else IfNotPresent.
|
# Default behavior: latest images will be Always else IfNotPresent.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
export ISTIO_VERSION=1.9.2
|
export ISTIO_VERSION=1.9.3
|
||||||
|
|
||||||
if [ ! -d istio-$ISTIO_VERSION ]; then
|
if [ ! -d istio-$ISTIO_VERSION ]; then
|
||||||
NAME="istio-$ISTIO_VERSION"
|
NAME="istio-$ISTIO_VERSION"
|
||||||
|
|
|
@ -35,6 +35,10 @@ istio-discovery:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
meshConfig:
|
meshConfig:
|
||||||
|
defaultConfig:
|
||||||
|
terminationDrainDuration: 60s
|
||||||
|
# proxyMetadata:
|
||||||
|
# ISTIO_META_HTTP10: '"1"'
|
||||||
accessLogFile: /dev/stdout
|
accessLogFile: /dev/stdout
|
||||||
accessLogEncoding: 'JSON'
|
accessLogEncoding: 'JSON'
|
||||||
h2UpgradePolicy: 'DO_NOT_UPGRADE'
|
h2UpgradePolicy: 'DO_NOT_UPGRADE'
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-metrics
|
name: kubezero-metrics
|
||||||
description: KubeZero Umbrella Chart for prometheus-operator
|
description: KubeZero Umbrella Chart for prometheus-operator
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.4
|
version: 0.3.5
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -16,7 +16,7 @@ dependencies:
|
||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: kube-prometheus-stack
|
- name: kube-prometheus-stack
|
||||||
version: 14.3.0
|
version: 14.9.0
|
||||||
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
||||||
# repository: https://prometheus-community.github.io/helm-charts
|
# repository: https://prometheus-community.github.io/helm-charts
|
||||||
- name: prometheus-adapter
|
- name: prometheus-adapter
|
||||||
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
diff -turN charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml charts/kube-prometheus-stack.zdt/templates/prometheus/rules-1.14/etcd.yaml
|
||||||
|
--- charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml 2021-04-14 22:13:29.000000000 +0200
|
||||||
|
+++ charts/kube-prometheus-stack.zdt/templates/prometheus/rules-1.14/etcd.yaml 2021-04-15 14:43:03.074281889 +0200
|
||||||
|
@@ -54,34 +54,6 @@
|
||||||
|
{{- if .Values.defaultRules.additionalRuleLabels }}
|
||||||
|
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
- - alert: etcdHighNumberOfFailedGRPCRequests
|
||||||
|
- annotations:
|
||||||
|
- message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
|
||||||
|
- expr: |-
|
||||||
|
- 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
||||||
|
- /
|
||||||
|
- sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
||||||
|
- > 1
|
||||||
|
- for: 10m
|
||||||
|
- labels:
|
||||||
|
- severity: warning
|
||||||
|
-{{- if .Values.defaultRules.additionalRuleLabels }}
|
||||||
|
-{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
||||||
|
-{{- end }}
|
||||||
|
- - alert: etcdHighNumberOfFailedGRPCRequests
|
||||||
|
- annotations:
|
||||||
|
- message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
|
||||||
|
- expr: |-
|
||||||
|
- 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
||||||
|
- /
|
||||||
|
- sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
||||||
|
- > 5
|
||||||
|
- for: 5m
|
||||||
|
- labels:
|
||||||
|
- severity: critical
|
||||||
|
-{{- if .Values.defaultRules.additionalRuleLabels }}
|
||||||
|
-{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
||||||
|
-{{- end }}
|
||||||
|
- alert: etcdGRPCRequestsSlow
|
||||||
|
annotations:
|
||||||
|
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
|
||||||
|
diff -turN charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml charts/kube-prometheus-stack.zdt/templates/prometheus/rules-1.14/node-exporter.yaml
|
||||||
|
--- charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml 2021-04-14 22:13:29.000000000 +0200
|
||||||
|
+++ charts/kube-prometheus-stack.zdt/templates/prometheus/rules-1.14/node-exporter.yaml 2021-04-15 14:49:41.614282790 +0200
|
||||||
|
@@ -30,7 +30,7 @@
|
||||||
|
summary: Filesystem is predicted to run out of space within the next 24 hours.
|
||||||
|
expr: |-
|
||||||
|
(
|
||||||
|
- node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40
|
||||||
|
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 25
|
||||||
|
and
|
||||||
|
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
|
||||||
|
and
|
||||||
|
@@ -48,7 +48,7 @@
|
||||||
|
summary: Filesystem is predicted to run out of space within the next 4 hours.
|
||||||
|
expr: |-
|
||||||
|
(
|
||||||
|
- node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15
|
||||||
|
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 10
|
||||||
|
and
|
||||||
|
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
|
||||||
|
and
|
||||||
|
@@ -259,4 +259,4 @@
|
||||||
|
{{- if .Values.defaultRules.additionalRuleLabels }}
|
||||||
|
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
-{{- end }}
|
||||||
|
\ No newline at end of file
|
||||||
|
+{{- end }}
|
|
@ -15,11 +15,11 @@ dependencies:
|
||||||
- condition: nodeExporter.enabled
|
- condition: nodeExporter.enabled
|
||||||
name: prometheus-node-exporter
|
name: prometheus-node-exporter
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
version: 1.16.*
|
version: 1.17.*
|
||||||
- condition: grafana.enabled
|
- condition: grafana.enabled
|
||||||
name: grafana
|
name: grafana
|
||||||
repository: https://grafana.github.io/helm-charts
|
repository: https://grafana.github.io/helm-charts
|
||||||
version: 6.6.*
|
version: 6.7.*
|
||||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
|
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
|
||||||
home: https://github.com/prometheus-operator/kube-prometheus
|
home: https://github.com/prometheus-operator/kube-prometheus
|
||||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||||
|
@ -44,4 +44,4 @@ sources:
|
||||||
- https://github.com/prometheus-community/helm-charts
|
- https://github.com/prometheus-community/helm-charts
|
||||||
- https://github.com/prometheus-operator/kube-prometheus
|
- https://github.com/prometheus-operator/kube-prometheus
|
||||||
type: application
|
type: application
|
||||||
version: 14.3.0
|
version: 14.9.0
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 7.4.3
|
appVersion: 7.5.3
|
||||||
description: The leading tool for querying and visualizing time series and metrics.
|
description: The leading tool for querying and visualizing time series and metrics.
|
||||||
home: https://grafana.net
|
home: https://grafana.net
|
||||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||||
|
@ -19,4 +19,4 @@ name: grafana
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/grafana/grafana
|
- https://github.com/grafana/grafana
|
||||||
type: application
|
type: application
|
||||||
version: 6.6.3
|
version: 6.7.4
|
||||||
|
|
|
@ -59,8 +59,8 @@ This version requires Helm >= 3.1.0.
|
||||||
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
|
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
|
||||||
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
||||||
| `image.repository` | Image repository | `grafana/grafana` |
|
| `image.repository` | Image repository | `grafana/grafana` |
|
||||||
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.3` |
|
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` |
|
||||||
| `image.sha` | Image sha (optional) | `16dc29783ec7d4a23fa19207507586344c6797023604347eb3e8ea5ae431e181` |
|
| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
|
||||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||||
| `image.pullSecrets` | Image pull secrets | `{}` |
|
| `image.pullSecrets` | Image pull secrets | `{}` |
|
||||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
| `service.type` | Kubernetes service type | `ClusterIP` |
|
||||||
|
@ -242,6 +242,9 @@ ingress:
|
||||||
|
|
||||||
### Example of extraVolumeMounts
|
### Example of extraVolumeMounts
|
||||||
|
|
||||||
|
Volume can be type persistentVolumeClaim or hostPath but not both at same time.
|
||||||
|
If none existingClaim or hostPath argument is givent then type is emptyDir.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- extraVolumeMounts:
|
- extraVolumeMounts:
|
||||||
- name: plugins
|
- name: plugins
|
||||||
|
@ -249,6 +252,10 @@ ingress:
|
||||||
subPath: configs/grafana/plugins
|
subPath: configs/grafana/plugins
|
||||||
existingClaim: existing-grafana-claim
|
existingClaim: existing-grafana-claim
|
||||||
readOnly: false
|
readOnly: false
|
||||||
|
- name: dashboards
|
||||||
|
mountPath: /var/lib/grafana/dashboards
|
||||||
|
hostPath: /usr/shared/grafana/dashboards
|
||||||
|
readOnly: false
|
||||||
```
|
```
|
||||||
|
|
||||||
## Import dashboards
|
## Import dashboards
|
||||||
|
|
|
@ -479,8 +479,15 @@ volumes:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range .Values.extraVolumeMounts }}
|
{{- range .Values.extraVolumeMounts }}
|
||||||
- name: {{ .name }}
|
- name: {{ .name }}
|
||||||
|
{{- if .existingClaim }}
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ .existingClaim }}
|
claimName: {{ .existingClaim }}
|
||||||
|
{{- else if .hostPath }}
|
||||||
|
hostPath:
|
||||||
|
path: {{ .hostPath }}
|
||||||
|
{{- else }}
|
||||||
|
emptyDir: {}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range .Values.extraEmptyDirMounts }}
|
{{- range .Values.extraEmptyDirMounts }}
|
||||||
- name: {{ .name }}
|
- name: {{ .name }}
|
||||||
|
|
|
@ -17,19 +17,8 @@ spec:
|
||||||
privileged: false
|
privileged: false
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
requiredDropCapabilities:
|
requiredDropCapabilities:
|
||||||
# Default set from Docker, without DAC_OVERRIDE or CHOWN
|
# Default set from Docker, with DAC_OVERRIDE and CHOWN
|
||||||
- FOWNER
|
- ALL
|
||||||
- FSETID
|
|
||||||
- KILL
|
|
||||||
- SETGID
|
|
||||||
- SETUID
|
|
||||||
- SETPCAP
|
|
||||||
- NET_BIND_SERVICE
|
|
||||||
- NET_RAW
|
|
||||||
- SYS_CHROOT
|
|
||||||
- MKNOD
|
|
||||||
- AUDIT_WRITE
|
|
||||||
- SETFCAP
|
|
||||||
volumes:
|
volumes:
|
||||||
- 'configMap'
|
- 'configMap'
|
||||||
- 'emptyDir'
|
- 'emptyDir'
|
||||||
|
@ -42,12 +31,20 @@ spec:
|
||||||
hostIPC: false
|
hostIPC: false
|
||||||
hostPID: false
|
hostPID: false
|
||||||
runAsUser:
|
runAsUser:
|
||||||
rule: 'RunAsAny'
|
rule: 'MustRunAsNonRoot'
|
||||||
seLinux:
|
seLinux:
|
||||||
rule: 'RunAsAny'
|
rule: 'RunAsAny'
|
||||||
supplementalGroups:
|
supplementalGroups:
|
||||||
rule: 'RunAsAny'
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
fsGroup:
|
fsGroup:
|
||||||
rule: 'RunAsAny'
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -53,7 +53,7 @@ livenessProbe:
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: grafana/grafana
|
repository: grafana/grafana
|
||||||
tag: 7.4.3
|
tag: 7.5.3
|
||||||
sha: ""
|
sha: ""
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
@ -401,10 +401,14 @@ extraSecretMounts: []
|
||||||
## Additional grafana server volume mounts
|
## Additional grafana server volume mounts
|
||||||
# Defines additional volume mounts.
|
# Defines additional volume mounts.
|
||||||
extraVolumeMounts: []
|
extraVolumeMounts: []
|
||||||
# - name: extra-volume
|
# - name: extra-volume-0
|
||||||
# mountPath: /mnt/volume
|
# mountPath: /mnt/volume0
|
||||||
# readOnly: true
|
# readOnly: true
|
||||||
# existingClaim: volume-claim
|
# existingClaim: volume-claim
|
||||||
|
# - name: extra-volume-1
|
||||||
|
# mountPath: /mnt/volume1
|
||||||
|
# readOnly: true
|
||||||
|
# hostPath: /usr/shared/
|
||||||
|
|
||||||
## Pass the plugins you want installed as a list.
|
## Pass the plugins you want installed as a list.
|
||||||
##
|
##
|
||||||
|
|
|
@ -15,4 +15,4 @@ maintainers:
|
||||||
name: kube-state-metrics
|
name: kube-state-metrics
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/kubernetes/kube-state-metrics/
|
- https://github.com/kubernetes/kube-state-metrics/
|
||||||
version: 2.13.0
|
version: 2.13.2
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
|
{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
|
||||||
{{- if eq .Values.rbac.useClusterRole false }}
|
{{- if eq .Values.rbac.useClusterRole false }}
|
||||||
{{- range (split "," $.Values.namespace) }}
|
{{- range (split "," $.Values.namespace) }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
|
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
|
||||||
{{- range (split "," $.Values.namespace) }}
|
{{- range (split "," $.Values.namespace) }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
|
|
|
@ -14,4 +14,4 @@ maintainers:
|
||||||
name: prometheus-node-exporter
|
name: prometheus-node-exporter
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/prometheus/node_exporter/
|
- https://github.com/prometheus/node_exporter/
|
||||||
version: 1.16.2
|
version: 1.17.0
|
||||||
|
|
|
@ -29,6 +29,10 @@ spec:
|
||||||
{{- if .Values.priorityClassName }}
|
{{- if .Values.priorityClassName }}
|
||||||
priorityClassName: {{ .Values.priorityClassName }}
|
priorityClassName: {{ .Values.priorityClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.extraInitContainers }}
|
||||||
|
initContainers:
|
||||||
|
{{ toYaml .Values.extraInitContainers | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: node-exporter
|
- name: node-exporter
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
|
|
|
@ -168,3 +168,7 @@ sidecarVolumeMount: []
|
||||||
## - name: collector-textfiles
|
## - name: collector-textfiles
|
||||||
## mountPath: /run/prometheus
|
## mountPath: /run/prometheus
|
||||||
## readOnly: false
|
## readOnly: false
|
||||||
|
|
||||||
|
## Additional InitContainers to initialize the pod
|
||||||
|
##
|
||||||
|
extraInitContainers: []
|
||||||
|
|
|
@ -7,6 +7,10 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||||
|
{{- if .Values.alertmanager.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.alertmanager.alertmanagerSpec.image }}
|
{{- if .Values.alertmanager.alertmanagerSpec.image }}
|
||||||
image: {{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}
|
image: {{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}
|
||||||
|
|
|
@ -21,6 +21,9 @@ spec:
|
||||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
||||||
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -21,6 +21,9 @@ spec:
|
||||||
{{- if .Values.coreDns.serviceMonitor.interval}}
|
{{- if .Values.coreDns.serviceMonitor.interval}}
|
||||||
interval: {{ .Values.coreDns.serviceMonitor.interval }}
|
interval: {{ .Values.coreDns.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.coreDns.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
|
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
|
||||||
metricRelabelings:
|
metricRelabelings:
|
||||||
|
|
|
@ -13,6 +13,9 @@ spec:
|
||||||
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
|
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
|
||||||
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
|
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
port: https
|
port: https
|
||||||
scheme: https
|
scheme: https
|
||||||
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
|
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeControllerManager.enabled }}
|
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeControllerManager.enabled }}
|
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -22,6 +22,9 @@ spec:
|
||||||
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
|
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
{{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
|
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
|
||||||
scheme: https
|
scheme: https
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
|
|
|
@ -22,6 +22,9 @@ spec:
|
||||||
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
{{- if .Values.kubeDns.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
|
{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
|
||||||
metricRelabelings:
|
metricRelabelings:
|
||||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
|
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeEtcd.enabled }}
|
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeEtcd.enabled }}
|
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -22,6 +22,9 @@ spec:
|
||||||
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
|
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
{{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
|
{{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
|
||||||
scheme: https
|
scheme: https
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeProxy.enabled }}
|
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeProxy.enabled }}
|
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -22,6 +22,9 @@ spec:
|
||||||
interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
|
interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
{{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.kubeProxy.serviceMonitor.https }}
|
{{- if .Values.kubeProxy.serviceMonitor.https }}
|
||||||
scheme: https
|
scheme: https
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeScheduler.enabled }}
|
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.kubeScheduler.enabled }}
|
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -22,6 +22,9 @@ spec:
|
||||||
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
|
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
{{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.kubeScheduler.serviceMonitor.https }}
|
{{- if .Values.kubeScheduler.serviceMonitor.https }}
|
||||||
scheme: https
|
scheme: https
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
|
|
|
@ -14,6 +14,9 @@ spec:
|
||||||
{{- if .Values.kubeStateMetrics.serviceMonitor.interval }}
|
{{- if .Values.kubeStateMetrics.serviceMonitor.interval }}
|
||||||
interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }}
|
interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.kubeStateMetrics.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeStateMetrics.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
honorLabels: true
|
honorLabels: true
|
||||||
{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }}
|
{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }}
|
||||||
metricRelabelings:
|
metricRelabelings:
|
||||||
|
@ -22,6 +25,11 @@ spec:
|
||||||
{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }}
|
{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }}
|
||||||
relabelings:
|
relabelings:
|
||||||
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }}
|
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }}
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- {{ .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
|
|
|
@ -15,6 +15,9 @@ spec:
|
||||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
||||||
{{- if .Values.nodeExporter.serviceMonitor.interval }}
|
{{- if .Values.nodeExporter.serviceMonitor.interval }}
|
||||||
interval: {{ .Values.nodeExporter.serviceMonitor.interval }}
|
interval: {{ .Values.nodeExporter.serviceMonitor.interval }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
|
{{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
|
||||||
scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
|
scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -18,7 +18,7 @@ metadata:
|
||||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
spec:
|
spec:
|
||||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||||
duration: 43800h # 5y
|
duration: 43800h0m0s # 5y
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
||||||
commonName: "ca.webhook.kube-prometheus-stack"
|
commonName: "ca.webhook.kube-prometheus-stack"
|
||||||
|
@ -43,7 +43,7 @@ metadata:
|
||||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
spec:
|
spec:
|
||||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||||
duration: 8760h # 1y
|
duration: 8760h0m0s # 1y
|
||||||
issuerRef:
|
issuerRef:
|
||||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
|
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
|
||||||
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
|
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
|
||||||
|
|
|
@ -150,14 +150,24 @@ spec:
|
||||||
{{ else }}
|
{{ else }}
|
||||||
probeNamespaceSelector: {}
|
probeNamespaceSelector: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.remoteRead }}
|
{{- if (or .Values.prometheus.prometheusSpec.remoteRead .Values.prometheus.prometheusSpec.additionalRemoteRead) }}
|
||||||
remoteRead:
|
remoteRead:
|
||||||
|
{{- if .Values.prometheus.prometheusSpec.remoteRead }}
|
||||||
{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }}
|
{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
|
{{- if .Values.prometheus.prometheusSpec.additionalRemoteRead }}
|
||||||
|
{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteRead | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if (or .Values.prometheus.prometheusSpec.remoteWrite .Values.prometheus.prometheusSpec.additionalRemoteWrite) }}
|
||||||
remoteWrite:
|
remoteWrite:
|
||||||
|
{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
|
||||||
{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }}
|
{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.prometheusSpec.additionalRemoteWrite }}
|
||||||
|
{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteWrite | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.securityContext }}
|
{{- if .Values.prometheus.prometheusSpec.securityContext }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
|
{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
|
||||||
|
|
|
@ -30,7 +30,7 @@ spec:
|
||||||
summary: Filesystem is predicted to run out of space within the next 24 hours.
|
summary: Filesystem is predicted to run out of space within the next 24 hours.
|
||||||
expr: |-
|
expr: |-
|
||||||
(
|
(
|
||||||
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40
|
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 25
|
||||||
and
|
and
|
||||||
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
|
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
|
||||||
and
|
and
|
||||||
|
@ -48,7 +48,7 @@ spec:
|
||||||
summary: Filesystem is predicted to run out of space within the next 4 hours.
|
summary: Filesystem is predicted to run out of space within the next 4 hours.
|
||||||
expr: |-
|
expr: |-
|
||||||
(
|
(
|
||||||
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15
|
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 10
|
||||||
and
|
and
|
||||||
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
|
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
|
||||||
and
|
and
|
||||||
|
@ -259,4 +259,4 @@ spec:
|
||||||
{{- if .Values.defaultRules.additionalRuleLabels }}
|
{{- if .Values.defaultRules.additionalRuleLabels }}
|
||||||
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -16,7 +16,7 @@ metadata:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
type: {{ .Values.prometheus.thanosService.type }}
|
type: {{ .Values.prometheus.thanosService.type }}
|
||||||
clusterIP: None
|
clusterIP: {{ .Values.prometheus.thanosService.clusterIP }}
|
||||||
ports:
|
ports:
|
||||||
- name: {{ .Values.prometheus.thanosService.portName }}
|
- name: {{ .Values.prometheus.thanosService.portName }}
|
||||||
port: {{ .Values.prometheus.thanosService.port }}
|
port: {{ .Values.prometheus.thanosService.port }}
|
|
@ -117,6 +117,10 @@ alertmanager:
|
||||||
##
|
##
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
## Annotations for Alertmanager
|
||||||
|
##
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2
|
## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2
|
||||||
##
|
##
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
|
@ -194,7 +198,7 @@ alertmanager:
|
||||||
# *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
|
# *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
|
||||||
# *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
|
# *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
|
||||||
# *Details:*
|
# *Details:*
|
||||||
# {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
|
# {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`
|
||||||
# {{ end }}
|
# {{ end }}
|
||||||
# {{ end }}
|
# {{ end }}
|
||||||
# {{ end }}
|
# {{ end }}
|
||||||
|
@ -345,6 +349,10 @@ alertmanager:
|
||||||
interval: ""
|
interval: ""
|
||||||
selfMonitor: true
|
selfMonitor: true
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
|
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
|
||||||
scheme: ""
|
scheme: ""
|
||||||
|
|
||||||
|
@ -375,7 +383,7 @@ alertmanager:
|
||||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
|
||||||
##
|
##
|
||||||
alertmanagerSpec:
|
alertmanagerSpec:
|
||||||
## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
|
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||||
## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
|
## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
|
||||||
##
|
##
|
||||||
podMetadata: {}
|
podMetadata: {}
|
||||||
|
@ -747,6 +755,10 @@ kubeApiServer:
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
jobLabel: component
|
jobLabel: component
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
|
@ -771,6 +783,10 @@ kubelet:
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## Enable scraping the kubelet over https. For requirements to enable this see
|
## Enable scraping the kubelet over https. For requirements to enable this see
|
||||||
## https://github.com/prometheus-operator/prometheus-operator/issues/926
|
## https://github.com/prometheus-operator/prometheus-operator/issues/926
|
||||||
##
|
##
|
||||||
|
@ -891,16 +907,22 @@ kubeControllerManager:
|
||||||
## If using kubeControllerManager.endpoints only the port and targetPort are used
|
## If using kubeControllerManager.endpoints only the port and targetPort are used
|
||||||
##
|
##
|
||||||
service:
|
service:
|
||||||
|
enabled: true
|
||||||
port: 10252
|
port: 10252
|
||||||
targetPort: 10252
|
targetPort: 10252
|
||||||
# selector:
|
# selector:
|
||||||
# component: kube-controller-manager
|
# component: kube-controller-manager
|
||||||
|
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## Enable scraping kube-controller-manager over https.
|
## Enable scraping kube-controller-manager over https.
|
||||||
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
||||||
##
|
##
|
||||||
|
@ -943,6 +965,10 @@ coreDns:
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## metric relabel configs to apply to samples before ingestion.
|
## metric relabel configs to apply to samples before ingestion.
|
||||||
##
|
##
|
||||||
metricRelabelings: []
|
metricRelabelings: []
|
||||||
|
@ -978,6 +1004,10 @@ kubeDns:
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## metric relabel configs to apply to samples before ingestion.
|
## metric relabel configs to apply to samples before ingestion.
|
||||||
##
|
##
|
||||||
metricRelabelings: []
|
metricRelabelings: []
|
||||||
|
@ -1024,6 +1054,7 @@ kubeEtcd:
|
||||||
## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
|
## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
|
||||||
##
|
##
|
||||||
service:
|
service:
|
||||||
|
enabled: true
|
||||||
port: 2379
|
port: 2379
|
||||||
targetPort: 2379
|
targetPort: 2379
|
||||||
# selector:
|
# selector:
|
||||||
|
@ -1041,9 +1072,13 @@ kubeEtcd:
|
||||||
## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
|
## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
|
||||||
##
|
##
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
scheme: http
|
scheme: http
|
||||||
insecureSkipVerify: false
|
insecureSkipVerify: false
|
||||||
serverName: ""
|
serverName: ""
|
||||||
|
@ -1084,15 +1119,20 @@ kubeScheduler:
|
||||||
## If using kubeScheduler.endpoints only the port and targetPort are used
|
## If using kubeScheduler.endpoints only the port and targetPort are used
|
||||||
##
|
##
|
||||||
service:
|
service:
|
||||||
|
enabled: true
|
||||||
port: 10251
|
port: 10251
|
||||||
targetPort: 10251
|
targetPort: 10251
|
||||||
# selector:
|
# selector:
|
||||||
# component: kube-scheduler
|
# component: kube-scheduler
|
||||||
|
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
## Enable scraping kube-scheduler over https.
|
## Enable scraping kube-scheduler over https.
|
||||||
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
||||||
##
|
##
|
||||||
|
@ -1135,16 +1175,22 @@ kubeProxy:
|
||||||
# - 10.141.4.24
|
# - 10.141.4.24
|
||||||
|
|
||||||
service:
|
service:
|
||||||
|
enabled: true
|
||||||
port: 10249
|
port: 10249
|
||||||
targetPort: 10249
|
targetPort: 10249
|
||||||
# selector:
|
# selector:
|
||||||
# k8s-app: kube-proxy
|
# k8s-app: kube-proxy
|
||||||
|
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## Enable scraping kube-proxy over https.
|
## Enable scraping kube-proxy over https.
|
||||||
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
|
||||||
##
|
##
|
||||||
|
@ -1173,9 +1219,15 @@ kubeStateMetrics:
|
||||||
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
## Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
## Override serviceMonitor selector
|
## Override serviceMonitor selector
|
||||||
##
|
##
|
||||||
selectorOverride: {}
|
selectorOverride: {}
|
||||||
|
## Override namespace selector
|
||||||
|
##
|
||||||
|
namespaceOverride: ""
|
||||||
|
|
||||||
## metric relabel configs to apply to samples before ingestion.
|
## metric relabel configs to apply to samples before ingestion.
|
||||||
##
|
##
|
||||||
|
@ -1217,6 +1269,10 @@ nodeExporter:
|
||||||
##
|
##
|
||||||
interval: ""
|
interval: ""
|
||||||
|
|
||||||
|
## proxyUrl: URL of a proxy that should be used for scraping.
|
||||||
|
##
|
||||||
|
proxyUrl: ""
|
||||||
|
|
||||||
## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
|
## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
|
||||||
##
|
##
|
||||||
scrapeTimeout: ""
|
scrapeTimeout: ""
|
||||||
|
@ -1527,6 +1583,7 @@ prometheus:
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
create: true
|
create: true
|
||||||
name: ""
|
name: ""
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
# Service for thanos service discovery on sidecar
|
# Service for thanos service discovery on sidecar
|
||||||
# Enable this can make Thanos Query can use
|
# Enable this can make Thanos Query can use
|
||||||
|
@ -1540,6 +1597,7 @@ prometheus:
|
||||||
portName: grpc
|
portName: grpc
|
||||||
port: 10901
|
port: 10901
|
||||||
targetPort: "grpc"
|
targetPort: "grpc"
|
||||||
|
clusterIP: "None"
|
||||||
|
|
||||||
## Service type
|
## Service type
|
||||||
##
|
##
|
||||||
|
@ -1814,7 +1872,7 @@ prometheus:
|
||||||
##
|
##
|
||||||
image:
|
image:
|
||||||
repository: quay.io/prometheus/prometheus
|
repository: quay.io/prometheus/prometheus
|
||||||
tag: v2.24.0
|
tag: v2.26.0
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
## Tolerations for use with node taints
|
## Tolerations for use with node taints
|
||||||
|
@ -2035,7 +2093,7 @@ prometheus:
|
||||||
##
|
##
|
||||||
routePrefix: /
|
routePrefix: /
|
||||||
|
|
||||||
## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
|
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||||
## Metadata Labels and Annotations gets propagated to the prometheus pods.
|
## Metadata Labels and Annotations gets propagated to the prometheus pods.
|
||||||
##
|
##
|
||||||
podMetadata: {}
|
podMetadata: {}
|
||||||
|
@ -2072,11 +2130,15 @@ prometheus:
|
||||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
|
||||||
remoteRead: []
|
remoteRead: []
|
||||||
# - url: http://remote1/read
|
# - url: http://remote1/read
|
||||||
|
## additionalRemoteRead is appended to remoteRead
|
||||||
|
additionalRemoteRead: []
|
||||||
|
|
||||||
## The remote_write spec configuration for Prometheus.
|
## The remote_write spec configuration for Prometheus.
|
||||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
|
||||||
remoteWrite: []
|
remoteWrite: []
|
||||||
# - url: http://remote1/push
|
# - url: http://remote1/push
|
||||||
|
## additionalRemoteWrite is appended to remoteWrite
|
||||||
|
additionalRemoteWrite: []
|
||||||
|
|
||||||
## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
|
## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
|
||||||
remoteWriteDashboards: false
|
remoteWriteDashboards: false
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
|
|
||||||
index b430951..8358704 100644
|
|
||||||
--- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
|
|
||||||
+++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
|
|
||||||
@@ -71,34 +71,6 @@ spec:
|
|
||||||
severity: warning
|
|
||||||
{{- if .Values.defaultRules.additionalRuleLabels }}
|
|
||||||
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
|
||||||
-{{- end }}
|
|
||||||
- - alert: etcdHighNumberOfFailedGRPCRequests
|
|
||||||
- annotations:
|
|
||||||
- message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
|
|
||||||
- expr: |-
|
|
||||||
- 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
|
||||||
- /
|
|
||||||
- sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
|
||||||
- > 1
|
|
||||||
- for: 10m
|
|
||||||
- labels:
|
|
||||||
- severity: warning
|
|
||||||
-{{- if .Values.defaultRules.additionalRuleLabels }}
|
|
||||||
-{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
|
||||||
-{{- end }}
|
|
||||||
- - alert: etcdHighNumberOfFailedGRPCRequests
|
|
||||||
- annotations:
|
|
||||||
- message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
|
|
||||||
- expr: |-
|
|
||||||
- 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
|
||||||
- /
|
|
||||||
- sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
|
|
||||||
- > 5
|
|
||||||
- for: 5m
|
|
||||||
- labels:
|
|
||||||
- severity: critical
|
|
||||||
-{{- if .Values.defaultRules.additionalRuleLabels }}
|
|
||||||
-{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
- alert: etcdGRPCRequestsSlow
|
|
||||||
annotations:
|
|
|
@ -1,8 +1,10 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
VERSION=14.3.0
|
VERSION=14.9.0
|
||||||
|
|
||||||
rm -rf charts/kube-prometheus-stack
|
rm -rf charts/kube-prometheus-stack
|
||||||
curl -L -s -o - https://github.com/prometheus-community/helm-charts/releases/download/kube-prometheus-stack-${VERSION}/kube-prometheus-stack-${VERSION}.tgz | tar xfz - -C charts
|
curl -L -s -o - https://github.com/prometheus-community/helm-charts/releases/download/kube-prometheus-stack-${VERSION}/kube-prometheus-stack-${VERSION}.tgz | tar xfz - -C charts
|
||||||
|
|
||||||
patch -p3 -i remove_etcd_grpc_alerts.patch --no-backup-if-mismatch
|
# The grpc alerts could be re-enabled with etcd 3.5
|
||||||
|
# https://github.com/etcd-io/etcd/pull/12196
|
||||||
|
patch -p0 -i adjust_alarms.patch --no-backup-if-mismatch
|
||||||
|
|
|
@ -126,6 +126,8 @@ kube-prometheus-stack:
|
||||||
enabled: true
|
enabled: true
|
||||||
size: 4Gi
|
size: 4Gi
|
||||||
storageClassName: ebs-sc-gp2-xfs
|
storageClassName: ebs-sc-gp2-xfs
|
||||||
|
deploymentStrategy:
|
||||||
|
type: Recreate
|
||||||
plugins:
|
plugins:
|
||||||
- grafana-piechart-panel
|
- grafana-piechart-panel
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{{- define "istio-ingress-values" }}
|
{{- define "istio-ingress-values" }}
|
||||||
|
|
||||||
|
{{- with index .Values "istio-ingress" "global" }}
|
||||||
|
global:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- if index .Values "istio-ingress" "public" }}
|
{{- if index .Values "istio-ingress" "public" }}
|
||||||
istio-ingress:
|
istio-ingress:
|
||||||
enabled: {{ index .Values "istio-ingress" "public" "enabled" }}
|
enabled: {{ index .Values "istio-ingress" "public" "enabled" }}
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
{{- define "istio-values" }}
|
{{- define "istio-values" }}
|
||||||
|
|
||||||
|
{{- if .Values.HighAvailableControlplane }}
|
||||||
|
global:
|
||||||
|
defaultPodDisruptionBudget:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
istio-discovery:
|
istio-discovery:
|
||||||
pilot:
|
pilot:
|
||||||
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
replicaCount: 2
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Subproject commit 25b8ebe3cc2af88643a4674a63e651e9c31245cb
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
NODES=$(kubectl get nodes -o json | jq -rc .items[].status.addresses[0].address)
|
||||||
|
|
||||||
|
for n in $NODES; do
|
||||||
|
>&2 echo "Node: $n"
|
||||||
|
ssh -q $n "$@"
|
||||||
|
done
|
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
NAME=$1
|
||||||
|
|
||||||
|
POD_ID="$(crictl pods --name $NAME -q)"
|
||||||
|
CGROUP_PATH=$(crictl inspectp -o=json $POD_ID | jq -rc .info.runtimeSpec.linux.cgroupsPath)
|
||||||
|
|
||||||
|
echo -n "cgroup memory limit in bytes for $NAME: "
|
||||||
|
cat /sys/fs/cgroup/memory/$(dirname $CGROUP_PATH)/memory.limit_in_bytes
|
Loading…
Reference in New Issue