refactor(monitoring): do not monitor cluster components

feat(quotas): add service.nodeport and separate service.loadbalancer to standalone quota
feat(quotas): add storage quotas
2022-09-06 17:36:51 +02:00 · 2022-09-06 11:43:45 +02:00 · 2022-09-06 11:41:19 +02:00 · 2022-09-05 21:27:08 +02:00 · 2022-09-05 21:03:15 +02:00 · 2022-09-05 21:02:01 +02:00
16 changed files with 170 additions and 41 deletions
--- a/README.md
+++ b/README.md
@ -6,11 +6,28 @@ Underlying Kubernetes cluster components for [KISSJ](https://github.com/skautdev
 - namespaces
  - `kissj-db`
  - `kissj-dev`
  - `kissj-prod`
  - `kissj-staging`
  - `kissj-monitoring`
 - PostgreSQL instance
 - monitoring
  - Prometheus
  - AlertManager
  - Grafana
  - blackbox exporter
 ## Security
 - Users
- ServiceAccounts
+  - lung
  - majkl
 ## Monitoring
 As mentione before in [components](#components), the monitoring consists of:
 - [Prometheus](https://prometheus.monitoring.kissj.net)
 - [AlertManager](https://alertmanager.monitoring.kissj.net)
 - [Grafana](https://grafana.monitoring.kissj.net)
 To monitor everything, we also deploy [prometheus/blackbox_exporter](https://github.com/prometheus/blackbox_exporter) to monitor the overall availability of the site.
--- a/_apps/kissj-production-quotas.yml
+++ b/_apps/kissj-production-quotas.yml
@ -0,0 +1,18 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: kissj-production-quotas
  namespace: argocd
 spec:
  destination:
    namespace: kissj-production
    server: https://kubernetes.default.svc
  project: kissj
  source:
    path: quotas/production
    repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/_apps/kissj-staging-quotas.yml
+++ b/_apps/kissj-staging-quotas.yml
@ -0,0 +1,18 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: kissj-staging-quotas
  namespace: argocd
 spec:
  destination:
    namespace: kissj-staging
    server: https://kubernetes.default.svc
  project: kissj
  source:
    path: quotas/staging
    repoURL: https://gitlab.mareshq.com/gitops/skautdevs/kissj.git
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/monitoring/Chart.lock
+++ b/monitoring/Chart.lock
@ -2,5 +2,8 @@ dependencies:
 - name: kube-prometheus-stack
  repository: https://prometheus-community.github.io/helm-charts
  version: 39.11.0
-digest: sha256:2000f95ea7c9e6ac6ec0cc0ed3f08ee6adebf5e3ad383a0e8d89d80ab61439eb
+- name: prometheus-blackbox-exporter
-generated: "2022-09-03T10:54:33.34106+02:00"
+  repository: https://prometheus-community.github.io/helm-charts
  version: 7.0.0
 digest: sha256:7a9382529ff259e31426aa23cf9eea9a0dc5fe7d6950339133bc78bcb310fa30
 generated: "2022-09-03T16:06:15.239791+02:00"
--- a/monitoring/Chart.yaml
+++ b/monitoring/Chart.yaml
@ -9,3 +9,6 @@ dependencies:
 - name: kube-prometheus-stack
  version: 39.11.0
  repository: https://prometheus-community.github.io/helm-charts
 - name: prometheus-blackbox-exporter
  version: 7.0.0
  repository: https://prometheus-community.github.io/helm-charts
--- a/monitoring/values.yaml
+++ b/monitoring/values.yaml
@ -13,6 +13,27 @@ kube-prometheus-stack:
  kubeStateMetrics:
    enabled: false
  kubeApiServer:
    enabled: false
  kubelet:
    enabled: false
  kubeControllerManager:
    enabled: false
  coreDns:
    enabled: false
  kubeScheduler:
    enabled: false
  kubeProxy:
    enabled: false
  defaultRules:
    create: false
  prometheus:
    prometheusSpec:
      serviceMonitorSelectorNilUsesHelmValues: false
@ -96,34 +117,5 @@ kube-prometheus-stack:
    serviceMonitor:
      selfMonitor: true
-    # This AM is for KISSJ, cluster components are monitored by different instance
+prometheus-blackbox-exporter:
-    kubeApiServer:
+  fullnameOverride: kissj-blackbox-exporter
      enabled: false
    kubelet:
      enabled: false
    kubeControllerManager:
      enabled: false
    coreDns:
      enabled: false
    kubeScheduler:
      enabled: false
    kubeProxy:
      enabled: false
    kubeStateMetrics:
      enabled: false
    nodeExporter:
      enabled: false
    prometheusOperator:
      serviceMonitor:
        selfMonitor: false
    defaultRules:
      create: false
--- a/namespaces/kissj-prod.yml
+++ b/namespaces/kissj-prod.yml
@ -1,6 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: kissj-prod
  labels:
    prometheus: kissj
--- a/namespaces/kissj-production.yml
+++ b/namespaces/kissj-production.yml
@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: kissj-dev
+  name: kissj-production
  labels:
    prometheus: kissj
--- a/quotas/production/compute-resources.yml
+++ b/quotas/production/compute-resources.yml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: compute-resources
 spec:
  hard:
    requests.cpu: 6000m
    requests.memory: 16384Mi
    limits.cpu: 8000m
    limits.memory: 20480Mi
--- a/quotas/production/kube-objects.yml
+++ b/quotas/production/kube-objects.yml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: kube-objects
 spec:
  hard:
    count/deployments.apps: "5"
    count/statefulsets.apps: "0"
    count/cronjobs.batch: "0"
    count/jobs.batch: "5"
    count/pods: "50"
    count/persistentvolumeclaims: "1"
--- a/quotas/production/network.yml
+++ b/quotas/production/network.yml
@ -0,0 +1,9 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: network
 spec:
  hard:
    services.loadbalancers: "0"
    services.nodeports: "0"
--- a/quotas/production/storage.yml
+++ b/quotas/production/storage.yml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: storage
 spec:
  hard:
    requests.storage: 1Gi
    persistentvolumeclaims: "3"
    local-path.storageclass.storage.k8s.io/requests.storage: 0Mi
    local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
--- a/quotas/staging/compute-resources.yml
+++ b/quotas/staging/compute-resources.yml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: compute-resources
 spec:
  hard:
    requests.cpu: 800m
    requests.memory: 1536Mi
    limits.cpu: 1200m
    limits.memory: 2048Mi
--- a/quotas/staging/kube-objects.yml
+++ b/quotas/staging/kube-objects.yml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: kube-objects
 spec:
  hard:
    count/deployments.apps: "5"
    count/statefulsets.apps: "0"
    count/cronjobs.batch: "0"
    count/jobs.batch: "5"
    count/pods: "20"
    count/persistentvolumeclaims: "1"
--- a/quotas/staging/network.yml
+++ b/quotas/staging/network.yml
@ -0,0 +1,9 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: network
 spec:
  hard:
    services.loadbalancers: "0"
    services.nodeports: "0"
--- a/quotas/staging/storage.yml
+++ b/quotas/staging/storage.yml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: storage
 spec:
  hard:
    requests.storage: 1Gi
    persistentvolumeclaims: "3"
    local-path.storageclass.storage.k8s.io/requests.storage: 0Mi
    local-path.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
Author	SHA1	Message	Date
Vojtech Mares	f09c1ec86b	refactor(monitoring): do not monitor cluster components	2022-09-06 17:36:51 +02:00
Vojtech Mares	7734c642e1	feat(quotas): add service.nodeport and separate service.loadbalancer to standalone quota	2022-09-06 11:43:45 +02:00
Vojtech Mares	f16a7aa365	feat(quotas): add storage quotas	2022-09-06 11:41:19 +02:00
Vojtech Mares	4f0927c6bf	feat: add quoats	2022-09-05 21:27:08 +02:00
Vojtech Mares	e7d20864a9	refactor(namespaces): kissj-prod -> kissj-production	2022-09-05 21:03:15 +02:00
Vojtech Mares	b192ffe85d	refactor(namespaces): delete kissj-dev	2022-09-05 21:02:01 +02:00
Vojtech Mares	1b290d7cb2	refactor(monitoring): prefix blackbox exporter with kissj-	2022-09-03 16:58:48 +02:00
Vojtech Mares	43f2caa087	refactor(monitoring): add fullnameOverride for blackbox exporter	2022-09-03 16:54:38 +02:00
Vojtech Mares	4c114a5010	docs: update README.md	2022-09-03 16:08:05 +02:00
Vojtech Mares	ac16fabbd5	feat(monitoring): add blackbox-exporter	2022-09-03 16:06:25 +02:00