From 1ed317195481ef72ae978f1de94e293a20f7e64b Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Tue, 3 Oct 2023 15:49:30 +0200 Subject: [PATCH] feat(cherry): add kube-prometheus-stack --- .../cherry/apps/kube-prometheus-stack.yaml | 204 ++++++++++++++++++ 1 file changed, 204 insertions(+) create mode 100644 clusters/cherry/apps/kube-prometheus-stack.yaml diff --git a/clusters/cherry/apps/kube-prometheus-stack.yaml b/clusters/cherry/apps/kube-prometheus-stack.yaml new file mode 100644 index 0000000..8f4db7b --- /dev/null +++ b/clusters/cherry/apps/kube-prometheus-stack.yaml @@ -0,0 +1,204 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cherry-kube-prometheus-stack + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: monitoring + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + destination: + server: https://kubernetes.default.svc + namespace: monitoring + source: + chart: kube-prometheus-stack + repoURL: https://prometheus-community.github.io/helm-charts + targetRevision: 51.2.0 + helm: + releaseName: monitoring + values: | + cleanPrometheusOperatorObjectNames: true + fullnameOverride: "monitoring" + + defaultRules: + create: true + rules: + alertmanager: true + etcd: false + configReloaders: true + general: true + k8s: true + kubeApiserverAvailability: true + kubeApiserverBurnrate: true + kubeApiserverHistogram: true + kubeApiserverSlos: true + kubeControllerManager: true + kubelet: true + kubeProxy: false + kubePrometheusGeneral: true + kubePrometheusNodeRecording: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeSchedulerAlerting: true + kubeSchedulerRecording: true + kubeStateMetrics: true + network: true + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + windows: false + + prometheus: + fullnameOverride: prometheus + + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - prometheus.ops.mareshq.com + paths: + - / + pathType: Prefix + tls: + - hosts: + - prometheus.ops.mareshq.com + secretName: prometheus-ingress-tls + + podDisruptionBudget: + enabled: true + minAvailable: 1 + + prometheusSpec: + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + ruleSelectorNilUsesHelmValues: false + + replicas: 2 + + retention: 45d + + resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 500m + memory: 2Gi + + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: hcloud-volumes + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi + + serviceMonitor: + selfMonitor: true + + alertmanager: + enabled: true + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - alertmanager.ops.mareshq.com + paths: + - / + pathType: Prefix + tls: + - hosts: + - alertmanager.ops.mareshq.com + secretName: alertmanager-ingress-tls + + podDisruptionBudget: + enabled: true + minAvailable: 1 + + alertmanagerSpec: + replicas: 2 + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + + storage: + volumeClaimTemplate: + spec: + storageClassName: hcloud-volumes + resources: + requests: + storage: 10Gi + + grafana: + enabled: true + defaultDashboardsEnabled: true + + adminPassword: zud!edy7WER5uqg7gjq + + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - grafana.ops.mareshq.com + paths: + - / + pathType: Prefix + tls: + - hosts: + - grafana.ops.mareshq.com + secretName: grafana-ingress-tls + + serviceMonitor: + selfMonitor: true + + grafana.ini: + server: + root_url: https://grafana.ops.mareshq.com + # auth.gitlab: + # enabled: true + # allow_sign_up: true + # client_id: old + # client_secret: old + # scopes: read_api + # auth_url: https://gitlab.mareshq.com/oauth/authorize + # token_url: https://gitlab.mareshq.com/oauth/token + # api_url: https://gitlab.mareshq.com/api/v4 + # allowed_groups: mareshq + auth.basic: + enabled: true + auth: + disable_login_form: false + + kubeProxy: + enabled: false + + kubeEtcd: + enabled: false + + prometheus-node-exporter: + fullnameOverride: node-exporter + + kube-state-metrics: + fullnameOverride: kube-state-metrics