diff --git a/README.md b/README.md index 5dd5977..5417fbd 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,28 @@ Underlying Kubernetes cluster components for [KISSJ](https://github.com/skautdev - namespaces - `kissj-db` + - `kissj-dev` - `kissj-prod` - `kissj-staging` + - `kissj-monitoring` - PostgreSQL instance +- monitoring + - Prometheus + - AlertManager + - Grafana + - blackbox exporter ## Security - Users -- ServiceAccounts + - lung + - majkl + +## Monitoring + +As mentione before in [components](#components), the monitoring consists of: +- [Prometheus](https://prometheus.monitoring.kissj.net) +- [AlertManager](https://alertmanager.monitoring.kissj.net) +- [Grafana](https://grafana.monitoring.kissj.net) + +To monitor everything, we also deploy [prometheus/blackbox_exporter](https://github.com/prometheus/blackbox_exporter) to monitor the overall availability of the site. diff --git a/_apps/kissj-production-quotas.yml b/_apps/kissj-production-quotas.yml new file mode 100644 index 0000000..7f16afc --- /dev/null +++ b/_apps/kissj-production-quotas.yml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kissj-production-quotas + namespace: argocd +spec: + destination: + namespace: kissj-production + server: https://kubernetes.default.svc + project: kissj + source: + path: quotas/production + repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/_apps/kissj-staging-quotas.yml b/_apps/kissj-staging-quotas.yml new file mode 100644 index 0000000..c0b7b2b --- /dev/null +++ b/_apps/kissj-staging-quotas.yml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kissj-staging-quotas + namespace: argocd +spec: + destination: + namespace: kissj-staging + server: https://kubernetes.default.svc + project: kissj + source: + path: quotas/staging + repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/monitoring/Chart.lock b/monitoring/Chart.lock index 8956be1..4fbfe82 100644 --- a/monitoring/Chart.lock +++ b/monitoring/Chart.lock @@ -2,5 +2,8 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts version: 39.11.0 -digest: sha256:2000f95ea7c9e6ac6ec0cc0ed3f08ee6adebf5e3ad383a0e8d89d80ab61439eb -generated: "2022-09-03T10:54:33.34106+02:00" +- name: prometheus-blackbox-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 7.0.0 +digest: sha256:7a9382529ff259e31426aa23cf9eea9a0dc5fe7d6950339133bc78bcb310fa30 +generated: "2022-09-03T16:06:15.239791+02:00" diff --git a/monitoring/Chart.yaml b/monitoring/Chart.yaml index 00605fb..c22dfc7 100644 --- a/monitoring/Chart.yaml +++ b/monitoring/Chart.yaml @@ -9,3 +9,6 @@ dependencies: - name: kube-prometheus-stack version: 39.11.0 repository: https://prometheus-community.github.io/helm-charts +- name: prometheus-blackbox-exporter + version: 7.0.0 + repository: https://prometheus-community.github.io/helm-charts diff --git a/monitoring/values.yaml b/monitoring/values.yaml index 3618e5b..bea8d7f 100644 --- a/monitoring/values.yaml +++ b/monitoring/values.yaml @@ -13,6 +13,27 @@ kube-prometheus-stack: kubeStateMetrics: enabled: false + kubeApiServer: + enabled: false + + kubelet: + enabled: false + + kubeControllerManager: + enabled: false + + coreDns: + enabled: false + + kubeScheduler: + enabled: false + + kubeProxy: + enabled: false + + defaultRules: + create: false + prometheus: prometheusSpec: serviceMonitorSelectorNilUsesHelmValues: false @@ -96,34 +117,5 @@ kube-prometheus-stack: serviceMonitor: selfMonitor: true - # This AM is for KISSJ, cluster components are monitored by different instance - kubeApiServer: - enabled: false - - kubelet: - enabled: false - - kubeControllerManager: - enabled: false - - coreDns: - enabled: false - - kubeScheduler: - enabled: false - - kubeProxy: - enabled: false - - kubeStateMetrics: - enabled: false - - nodeExporter: - enabled: false - - prometheusOperator: - serviceMonitor: - selfMonitor: false - - defaultRules: - create: false +prometheus-blackbox-exporter: + fullnameOverride: kissj-blackbox-exporter diff --git a/namespaces/kissj-prod.yml b/namespaces/kissj-prod.yml deleted file mode 100644 index b948144..0000000 --- a/namespaces/kissj-prod.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kissj-prod - labels: - prometheus: kissj diff --git a/namespaces/kissj-dev.yml b/namespaces/kissj-production.yml similarity index 74% rename from namespaces/kissj-dev.yml rename to namespaces/kissj-production.yml index 42385a7..f513b48 100644 --- a/namespaces/kissj-dev.yml +++ b/namespaces/kissj-production.yml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Namespace metadata: - name: kissj-dev + name: kissj-production labels: prometheus: kissj diff --git a/quotas/production/compute-resources.yml b/quotas/production/compute-resources.yml new file mode 100644 index 0000000..522ccaf --- /dev/null +++ b/quotas/production/compute-resources.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: compute-resources +spec: + hard: + requests.cpu: 6000m + requests.memory: 16384Mi + limits.cpu: 8000m + limits.memory: 20480Mi diff --git a/quotas/production/kube-objects.yml b/quotas/production/kube-objects.yml new file mode 100644 index 0000000..5fb9c8b --- /dev/null +++ b/quotas/production/kube-objects.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: kube-objects +spec: + hard: + count/deployments.apps: "5" + count/statefulsets.apps: "0" + count/cronjobs.batch: "0" + count/jobs.batch: "5" + count/pods: "50" + + count/persistentvolumeclaims: "1" diff --git a/quotas/production/network.yml b/quotas/production/network.yml new file mode 100644 index 0000000..63cbb06 --- /dev/null +++ b/quotas/production/network.yml @@ -0,0 +1,9 @@ + +apiVersion: v1 +kind: ResourceQuota +metadata: + name: network +spec: + hard: + services.loadbalancers: "0" + services.nodeports: "0" diff --git a/quotas/production/storage.yml b/quotas/production/storage.yml new file mode 100644 index 0000000..21165c4 --- /dev/null +++ b/quotas/production/storage.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: storage +spec: + hard: + requests.storage: 1Gi + persistentvolumeclaims: "3" + local-path.storageclass.storage.k8s.io/requests.storage: 0Mi + local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0" diff --git a/quotas/staging/compute-resources.yml b/quotas/staging/compute-resources.yml new file mode 100644 index 0000000..d2e4c38 --- /dev/null +++ b/quotas/staging/compute-resources.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: compute-resources +spec: + hard: + requests.cpu: 800m + requests.memory: 1536Mi + limits.cpu: 1200m + limits.memory: 2048Mi diff --git a/quotas/staging/kube-objects.yml b/quotas/staging/kube-objects.yml new file mode 100644 index 0000000..dbb9720 --- /dev/null +++ b/quotas/staging/kube-objects.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: kube-objects +spec: + hard: + count/deployments.apps: "5" + count/statefulsets.apps: "0" + count/cronjobs.batch: "0" + count/jobs.batch: "5" + count/pods: "20" + + count/persistentvolumeclaims: "1" diff --git a/quotas/staging/network.yml b/quotas/staging/network.yml new file mode 100644 index 0000000..63cbb06 --- /dev/null +++ b/quotas/staging/network.yml @@ -0,0 +1,9 @@ + +apiVersion: v1 +kind: ResourceQuota +metadata: + name: network +spec: + hard: + services.loadbalancers: "0" + services.nodeports: "0" diff --git a/quotas/staging/storage.yml b/quotas/staging/storage.yml new file mode 100644 index 0000000..21165c4 --- /dev/null +++ b/quotas/staging/storage.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: storage +spec: + hard: + requests.storage: 1Gi + persistentvolumeclaims: "3" + local-path.storageclass.storage.k8s.io/requests.storage: 0Mi + local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0"