├── .bumpversion.cfg
├── .drone.yml
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
└── pull_request_template.md
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── build
└── builder
│ └── Dockerfile
├── docs
├── COMPATIBILITY_MATRIX.md
├── CONTRIBUTING.md
└── releases
│ ├── unreleased.md
│ ├── v1.1.0.md
│ ├── v1.10.0.md
│ ├── v1.10.1.md
│ ├── v1.10.2.md
│ ├── v1.10.3.md
│ ├── v1.11.0.md
│ ├── v1.11.1.md
│ ├── v1.12.0.md
│ ├── v1.12.1.md
│ ├── v1.12.2.md
│ ├── v1.12.3.md
│ ├── v1.13.0.md
│ ├── v1.14.0.md
│ ├── v1.14.1.md
│ ├── v1.14.2.md
│ ├── v1.2.0.md
│ ├── v1.3.0.md
│ ├── v1.4.0.md
│ ├── v1.4.1.md
│ ├── v1.5.0.md
│ ├── v1.6.0.md
│ ├── v1.6.1.md
│ ├── v1.7.0.md
│ ├── v1.7.1.md
│ ├── v1.8.0.md
│ ├── v1.9.0.md
│ ├── v1.9.1.md
│ ├── v2.0.0.md
│ ├── v2.0.1.md
│ ├── v2.1.0.md
│ ├── v2.2.0.md
│ ├── v3.0.0.md
│ ├── v3.0.1.md
│ ├── v3.0.2.md
│ ├── v3.1.0.md
│ ├── v3.2.0.md
│ ├── v3.3.0.md
│ ├── v3.3.1.md
│ ├── v3.4.0.md
│ └── v3.5.0.md
├── examples
├── alertmanager-configuration
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── alertmanager.yaml
│ └── kustomization.yaml
├── alertmanager-operated-deployment
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── alertmanager-operated-deployment.yml
│ └── kustomization.yaml
├── blackbox-exporter-probe
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── probe.yml
├── grafana-add-dashboard
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── add-dashboard.yml
│ ├── kustomization.yaml
│ └── sighup-sample-dashboard.json
├── grafana-configuration
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── env-variables.yml
│ └── kustomization.yaml
├── prometheus-additionalScrapes
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── prometheus-additionalScrapes.yml
├── prometheus-alertmanager-externalUrl
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── prometheus-alertmanager-externalUrl.yml
├── prometheus-externalLabels
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── prometheus-externalLabels.yml
├── prometheus-operated-deployment
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── prometheus-operated-deployment.yml
├── prometheus-operated-nodeSelector
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── kustomization.yaml
│ └── prometheus-operated-nodeSelector.yml
├── prometheus-rules
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── add-alert.yml
│ └── kustomization.yaml
├── registry-override
│ ├── README.md
│ ├── alertmanager-operated
│ │ ├── image.yml
│ │ └── kustomization.yaml
│ ├── grafana
│ │ └── kustomization.yaml
│ ├── kube-proxy-metrics
│ │ └── kustomization.yaml
│ ├── kube-state-metrics
│ │ └── kustomization.yaml
│ ├── metrics-server
│ │ └── kustomization.yaml
│ ├── node-exporter
│ │ └── kustomization.yaml
│ ├── prometheus-operated
│ │ ├── image.yml
│ │ └── kustomization.yaml
│ └── prometheus-operator
│ │ ├── deploy.yml
│ │ └── kustomization.yaml
├── serviceMonitor
│ ├── Furyfile.yml
│ ├── Makefile
│ ├── README.md
│ ├── example-app.yml
│ ├── kustomization.yaml
│ └── sm.yml
└── tests.sh
├── katalog
├── aks-sm
│ ├── MAINTENANCE.md
│ ├── README.md
│ └── kustomization.yaml
├── alertmanager-operated
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── alertmanager.yaml
│ ├── alertmanagerconfig.yml
│ ├── config
│ │ ├── alertmanager.tmpl
│ │ └── alertmanager.yaml
│ ├── dashboards
│ │ ├── alertmanager-overview.json
│ │ └── kustomization.yaml
│ ├── kustomization.yaml
│ ├── prometheusRule.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── blackbox-exporter
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── configuration.yaml
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── prometheusRule.yml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── configs
│ ├── aks
│ │ ├── README.md
│ │ ├── dashboards
│ │ │ └── .keep
│ │ ├── kustomization.yaml
│ │ └── service-monitors
│ │ │ └── .keep
│ ├── bases
│ │ ├── coredns
│ │ │ ├── dashboards
│ │ │ │ └── coredns.json
│ │ │ ├── kustomization.yaml
│ │ │ └── service-monitors
│ │ │ │ └── coredns.yml
│ │ └── default
│ │ │ ├── dashboards
│ │ │ ├── apiserver.json
│ │ │ ├── cluster-total.json
│ │ │ ├── kubelet.json
│ │ │ ├── namespace-by-pod.json
│ │ │ ├── namespace-by-workload.json
│ │ │ ├── persistent-volumes-usage.json
│ │ │ ├── pod-total.json
│ │ │ └── workload-total.json
│ │ │ ├── kustomization.yaml
│ │ │ └── service-monitors
│ │ │ ├── apiserver.yml
│ │ │ └── kubelet.yml
│ ├── eks
│ │ ├── README.md
│ │ ├── dashboards
│ │ │ └── .keep
│ │ ├── kustomization.yaml
│ │ └── service-monitors
│ │ │ └── .keep
│ ├── gke
│ │ ├── README.md
│ │ ├── dashboards
│ │ │ └── .keep
│ │ ├── kustomization.yaml
│ │ └── service-monitors
│ │ │ └── .keep
│ ├── kubeadm
│ │ ├── README.md
│ │ ├── dashboards
│ │ │ ├── controller-manager.json
│ │ │ ├── etcd.json
│ │ │ └── scheduler.json
│ │ ├── kustomization.yaml
│ │ ├── rules.yml
│ │ ├── service-monitors
│ │ │ ├── controller-manager.yml
│ │ │ ├── etcd.yml
│ │ │ └── scheduler.yml
│ │ └── services
│ │ │ ├── controller-manager.yml
│ │ │ ├── etcd.yml
│ │ │ └── scheduler.yml
│ └── kustomization.yaml
├── eks-sm
│ ├── MAINTENANCE.md
│ ├── README.md
│ └── kustomization.yaml
├── gke-sm
│ ├── MAINTENANCE.md
│ ├── README.md
│ └── kustomization.yaml
├── grafana
│ ├── .gitignore
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── config.yaml
│ ├── dashboardSources.yaml
│ ├── dashboards
│ │ ├── fury-cluster-overview.json
│ │ ├── grafana-overview.json
│ │ ├── k8s-resources-multicluster.json
│ │ ├── kustomization.yaml
│ │ └── nodes-darwin.json
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── patches
│ │ ├── grafana-dashboard-sidecar.yml
│ │ ├── grafana-dashboard-sources.yml
│ │ ├── grafana-datasource-sidecar.yml
│ │ ├── grafana-env.yaml
│ │ ├── grafana-security-context.yml
│ │ └── grafana-volumes.yaml
│ ├── prometheusRule.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── haproxy
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── dashboards
│ │ ├── 12693_rev8.json
│ │ └── kustomization.yaml
│ ├── kustomization.yaml
│ └── rules
│ │ ├── haproxy-rules.yaml
│ │ └── kustomization.yaml
├── karma
│ ├── README.md
│ ├── configMap.yaml
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── service.yaml
│ └── serviceMonitor.yaml
├── kube-proxy-metrics
│ ├── README.md
│ ├── dashboards
│ │ ├── kustomization.yaml
│ │ └── proxy.json
│ ├── deploy.yml
│ ├── kustomization.yaml
│ ├── rbac.yml
│ └── sm.yml
├── kube-state-metrics
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── dashboards
│ │ ├── k8s-resources-cluster.json
│ │ ├── k8s-resources-namespace.json
│ │ ├── k8s-resources-node.json
│ │ ├── k8s-resources-pod.json
│ │ ├── k8s-resources-workload.json
│ │ ├── k8s-resources-workloads-namespace.json
│ │ ├── kustomization.yaml
│ │ ├── pods.json
│ │ └── statefulset.json
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── prometheusRule.yaml
│ ├── role.yaml
│ ├── roleBinding.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── kubeadm-sm
│ ├── MAINTENANCE.md
│ ├── README.md
│ └── kustomization.yaml
├── mimir
│ ├── MAINTENANCE.md
│ ├── MAINTENANCE.values.yaml
│ ├── README.md
│ ├── config
│ │ └── mimir.yaml
│ ├── dashboards
│ │ ├── kustomization.yaml
│ │ ├── mimir-alertmanager-resources.json
│ │ ├── mimir-compactor-resources.json
│ │ ├── mimir-compactor.json
│ │ ├── mimir-config.json
│ │ ├── mimir-object-store.json
│ │ ├── mimir-overrides.json
│ │ ├── mimir-overview-networking.json
│ │ ├── mimir-overview-resources.json
│ │ ├── mimir-overview.json
│ │ ├── mimir-queries.json
│ │ ├── mimir-reads-networking.json
│ │ ├── mimir-reads-resources.json
│ │ ├── mimir-reads.json
│ │ ├── mimir-remote-ruler-reads-networking.json
│ │ ├── mimir-remote-ruler-reads-resources.json
│ │ ├── mimir-ruler.json
│ │ ├── mimir-scaling.json
│ │ ├── mimir-slow-queries.json
│ │ ├── mimir-tenants.json
│ │ ├── mimir-top-tenants.json
│ │ ├── mimir-writes-networking.json
│ │ ├── mimir-writes-resources.json
│ │ └── mimir-writes.json
│ ├── datasources
│ │ ├── kustomization.yaml
│ │ └── mimir.yaml
│ ├── deploy.yaml
│ ├── kustomization.yaml
│ └── prometheusRules.yaml
├── minio-ha
│ ├── MAINTENANCE.md
│ ├── MAINTENANCE.values.yaml
│ ├── README.md
│ ├── deploy.yaml
│ ├── initialize-minio-buckets.yaml
│ ├── kustomization.yaml
│ └── prometheusrules.yaml
├── node-exporter
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── daemonset.yaml
│ ├── dashboards
│ │ ├── kustomization.yaml
│ │ ├── node-cluster-rsrc-use.json
│ │ ├── node-rsrc-use.json
│ │ └── nodes.json
│ ├── kustomization.yaml
│ ├── prometheusRule.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── prometheus-adapter
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── apiService.yaml
│ ├── clusterRole.yaml
│ ├── clusterRoleAggregatedMetricsReader.yaml
│ ├── clusterRoleBinding.yaml
│ ├── clusterRoleBindingDelegator.yaml
│ ├── clusterRoleBindingHpaController.yaml
│ ├── clusterRoleServerResources.yaml
│ ├── config.yaml
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── roleBindingAuthReader.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── prometheus-operated
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── dashboards
│ │ ├── kustomization.yaml
│ │ ├── prometheus-remote-write.json
│ │ └── prometheus.json
│ ├── datasources
│ │ ├── kustomization.yaml
│ │ └── prometheus.yaml
│ ├── kube-prometheus-rules.yml
│ ├── kubernetes-monitoring-rules.yml
│ ├── kustomization.yaml
│ ├── prometheus.yaml
│ ├── prometheusRule.yaml
│ ├── roleBindingConfig.yaml
│ ├── roleConfig.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── prometheus-operator
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── clusterRole.yaml
│ ├── clusterRoleBinding.yaml
│ ├── crds
│ │ ├── 0alertmanagerConfigCustomResourceDefinition.yaml
│ │ ├── 0alertmanagerCustomResourceDefinition.yaml
│ │ ├── 0podmonitorCustomResourceDefinition.yaml
│ │ ├── 0probeCustomResourceDefinition.yaml
│ │ ├── 0prometheusCustomResourceDefinition.yaml
│ │ ├── 0prometheusagentCustomResourceDefinition.yaml
│ │ ├── 0prometheusruleCustomResourceDefinition.yaml
│ │ ├── 0scrapeconfigCustomResourceDefinition.yaml
│ │ ├── 0servicemonitorCustomResourceDefinition.yaml
│ │ └── 0thanosrulerCustomResourceDefinition.yaml
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ ├── namespace.yaml
│ ├── prometheusRule.yaml
│ ├── service.yaml
│ ├── serviceAccount.yaml
│ └── serviceMonitor.yaml
├── tests
│ ├── grafana-ldap-auth
│ │ ├── kustomize-project
│ │ │ ├── kustomization.yaml
│ │ │ ├── ldap-config
│ │ │ │ └── ldap.toml
│ │ │ └── patches
│ │ │ │ └── grafana-ldap.yaml
│ │ └── ldap-server
│ │ │ ├── ldap-server.yaml
│ │ │ └── sighup.io-groups.ldif
│ ├── grafana-ldap.sh
│ ├── helper.bash
│ ├── kind-config.yml
│ ├── promtool.sh
│ ├── tests.sh
│ └── x509-exporter
│ │ └── volume-patch.yml
└── x509-exporter
│ ├── MAINTENANCE.md
│ ├── README.md
│ ├── common
│ ├── dashboards
│ │ ├── kustomization.yaml
│ │ └── x509.json
│ ├── kustomization.yaml
│ ├── rules.yml
│ ├── sm.yml
│ └── svc.yml
│ ├── daemonset
│ ├── base
│ │ ├── daemonset.yml
│ │ ├── kustomization.yaml
│ │ └── sa.yml
│ ├── kustomization.yaml
│ ├── x509-certificate-exporter-control-plane
│ │ └── kustomization.yaml
│ └── x509-certificate-exporter-data-plane
│ │ └── kustomization.yaml
│ ├── deployment
│ ├── deployment.yml
│ ├── kustomization.yaml
│ ├── rbac.yml
│ └── sa.yml
│ └── kustomization.yaml
├── utils
└── pull-upstream.sh
└── values
└── prometheus-adapter.yml
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 | - OS: [e.g. iOS]
28 | - Browser [e.g. chrome, safari]
29 | - Version [e.g. 22]
30 |
31 | **Kubernetes (please complete the following information):**
32 | - Kubernetes version: [e.g. 1.30.0]
33 | - OPA Gatekeeper version: [e.g. 3.18.0]
34 |
35 | **Additional context**
36 | Add any other context about the problem here.
37 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: enhancement
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | vendor
2 | katalog/tests/workspace/
3 | katalog/tests/.vagrant/
4 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | BSD 3-Clause License
2 |
3 | Copyright (c) 2019, SIGHUP
4 | All rights reserved.
5 |
6 | Redistribution and use in source and binary forms, with or without
7 | modification, are permitted provided that the following conditions are met:
8 |
9 | * Redistributions of source code must retain the above copyright notice, this
10 | list of conditions and the following disclaimer.
11 |
12 | * Redistributions in binary form must reproduce the above copyright notice,
13 | this list of conditions and the following disclaimer in the documentation
14 | and/or other materials provided with the distribution.
15 |
16 | * Neither the name of the copyright holder nor the names of its
17 | contributors may be used to endorse or promote products derived from
18 | this software without specific prior written permission.
19 |
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 |
--------------------------------------------------------------------------------
/build/builder/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | # hadolint ignore=DL3007
6 | FROM quay.io/sighup/policeman:latest as linter
7 |
8 | ENV VALIDATE_KUBERNETES_KUBEVAL="false"
9 | ENV VALIDATE_JSCPD="false"
10 | ENV VALIDATE_DOCKERFILE="false"
11 |
12 | RUN mkdir /app
13 | WORKDIR /app
14 |
15 | COPY . .
16 |
17 | RUN npm install -g embedme@1.22.0 && /entrypoint.sh && embedme --verify "**/*.md"
18 |
19 | FROM golang:1.20 as add-license-requirement
20 |
21 | RUN go install github.com/google/addlicense@v1.1.1 && addlicense -c "SIGHUP s.r.l" -v -l bsd -y "2017-present" .
22 |
23 | FROM golang:1.20 as check-license
24 |
25 | RUN go install github.com/google/addlicense@v1.1.1 && mkdir /app
26 |
27 | WORKDIR /app
28 |
29 | COPY . .
30 |
31 | RUN addlicense -c "SIGHUP s.r.l" -v -l bsd -y "2017-present" --check .
32 |
33 | FROM openpolicyagent/conftest:v0.28.1 as checklabel
34 |
35 | RUN mkdir /app
36 | WORKDIR /app
37 |
38 | COPY . .
39 |
40 | RUN conftest pull https://raw.githubusercontent.com/sighupio/ci-commons/main/conftest/kustomization/kfd-labels.rego && \
41 | conftest test katalog/**/kustomization.yaml
42 |
43 | FROM registry.sighup.io/poc/fury-repo-automations:v0.0.3 as jsonbuilder
44 |
45 | RUN mkdir /app
46 | WORKDIR /app
47 |
48 | COPY . .
49 |
50 | FROM python:3.9-alpine as bumpversion-requirement
51 |
52 | # hadolint ignore=DL3018
53 | RUN apk add git --no-cache && pip --no-cache-dir install bump2version==1.0.1
54 |
55 | ENTRYPOINT ["/usr/local/bin/bumpversion"]
56 |
--------------------------------------------------------------------------------
/docs/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 |
3 | Please refer to the contributing section in [SD's official documentation][kfd-contributing] to learn how to contribute.
4 |
5 | [kfd-contributing]: https://docs.kubernetesfury.com/docs/contribute
6 |
--------------------------------------------------------------------------------
/docs/releases/v1.1.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.0.0` and this release: `1.1.0`
6 |
7 | - New alert rule: `NodeCPUStuckInSystem`
8 | - Modified rule: `TargetDown`. Now grouped by `job` and `namespace`
9 | - Minor changes in the `alertmanager-operated` deployment.
10 |
--------------------------------------------------------------------------------
/docs/releases/v1.10.1.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version 1.10.1
2 |
3 | The previous 1.10.0 release includes a couple of issues in the Fury alerting stack.
4 | This release solves these problems to maintain retro compatibility with previous alerting stack versions.
5 |
6 | *Special thanks to @lnovara, @nutellinoit, and @lzecca78 to spot these problems!*
7 |
8 | ## Changelog
9 |
10 | - Remove `CPUThrottlingHigh` as it was previously removed in #43.
11 | - Rename `Watchdog` to `DeadMansSwitch` to maintain backward compatibility.
12 |
13 | ## Upgrade path
14 |
15 | To upgrade this core module from `v1.10.0` to `v1.10.1`, you need to download this new version, then apply the
16 | `kustomize` project. No further action is required.
17 |
18 | ```bash
19 | kustomize build katalog/prometheus-operated | kubectl apply -f -
20 | ```
21 |
--------------------------------------------------------------------------------
/docs/releases/v1.10.3.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version 1.10.3
2 |
3 | `kubeadm` versions starting from `1.17` are not exposing `kube-controller-manager` nor `kube-scheduler` metrics
4 | over the insecure port *(respectively TCP/10252 and TCP/10251)*.
5 | This makes the current `ServiceMonitor` configuration unable to properly scrape these targets.
6 | Also, there were duplicated Prometheus Rules across packages: `kubeadm-sm` and `prometheus-operated`.
7 |
8 | Thanks to @lnovara to spot and solve these issues.
9 |
10 | ## Changelog
11 |
12 | - FIX #51: `kubeadm-sm` package to proper configure `serviceMonitors` to solve `kubeadm` +1.17 versions.
13 | - FIX: Remove duplicated prometheus rules:
14 | - `KubeClientCertificateExpiration`
15 | - `KubeSchedulerDown`
16 | - `KubeControllerManagerDown`
17 |
18 | ## Upgrade path
19 |
20 | To upgrade this core module from `v1.10.2` to `v1.10.3`, you need to download this new version, then apply the
21 | `kustomize` project. No further action is required.
22 |
23 | ```bash
24 | kustomize build katalog/kubeadm-sm | kubectl apply -f -
25 | kustomize build katalog/prometheus-operated | kubectl apply -f -
26 | ```
27 |
--------------------------------------------------------------------------------
/docs/releases/v1.11.0.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version 1.11.0
2 |
3 | SIGHUP team maintains this module updated and tested. That is the main reason why we worked on this new release.
4 | With the Kubernetes 1.20 release, it became the perfect time to start testing this module against this Kubernetes
5 | release.
6 |
7 | Continue reading the [Changelog](#changelog) to discover them:
8 |
9 | ## Changelog
10 |
11 | - Update Prometheus Operator. From version `0.42.0` to `0.44.1`.
12 | - Update Prometheus. From version `2.21.0` to `2.22.2`.
13 | - Update Grafana. From version `7.1.5` to `7.3.6`.
14 | - Update metrics-server. From version `0.3.7` to `0.4.1`.
15 | - Kubernetes support:
16 | - Deprecate Kubernetes 1.16 support.
17 | - Kubernetes 1.19 is considered stable.
18 | - Add tech-preview support to Kubernetes 1.20.
19 | - All the container images come from the SIGHUP registry to avoid rate limits.
20 |
21 |
22 | ## Upgrade path
23 |
24 | To upgrade this core module from `v1.10.3` to `v1.11.0`, first, delete old resources before applying the new
25 | `kustomize` project, download this new version, then apply the `kustomize` project. No further action is required.
26 |
27 | ```bash
28 | kustomize build katalog/prometheus-operator | kubectl apply -f -
29 | kustomize build katalog/prometheus-operated | kubectl apply -f -
30 | kustomize build katalog/grafana | kubectl apply -f -
31 | kustomize build katalog/metrics-server | kubectl apply -f -
32 | ```
33 |
--------------------------------------------------------------------------------
/docs/releases/v1.11.1.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version v1.11.1
2 |
3 | This patch contains only the change (and few examples) to move the container image from the `reg.sighup.io` registry
4 | to `registry.sighup.io`.
5 |
6 | ## Changelog
7 |
8 | - All the container images comes from SIGHUP registry to avoid rate limits.
9 |
10 | ## Upgrade path
11 |
12 | To upgrade this core module from `v1.11.0` to `v1.11.1`, you need to download this new version, then apply the
13 | `kustomize` project. No further action is required.
14 |
15 | ```bash
16 | kustomize build katalog/alertmanager-operated | kubectl apply -f -
17 | kustomize build katalog/goldpinger | kubectl apply -f -
18 | kustomize build katalog/grafana | kubectl apply -f -
19 | kustomize build katalog/kube-proxy-metrics | kubectl apply -f -
20 | kustomize build katalog/kube-state-metrics | kubectl apply -f -
21 | kustomize build katalog/metrics-server | kubectl apply -f -
22 | kustomize build katalog/node-exporter | kubectl apply -f -
23 | kustomize build katalog/prometheus-operated | kubectl apply -f -
24 | kustomize build katalog/prometheus-operator | kubectl apply -f -
25 | kustomize build katalog/thanos | kubectl apply -f -
26 | ```
27 |
--------------------------------------------------------------------------------
/docs/releases/v1.12.1.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version v1.12.1
2 |
3 | This patch includes a couple of fixes in prometheus and the kube-proxy-metrics.
4 |
5 | ## Changelog
6 |
7 | - Fixing the GID in kube-rbac-proxy #66. Thanks to @nandajavarma
8 | - changed severity when all targets are down #65. Thanks to @lzecca78
9 |
10 | ## Upgrade path
11 |
12 | To upgrade this core module from `v1.12.0` to `v1.12.1`, you need to download this new version, then apply the
13 | `kustomize` project. No further action is required.
14 |
15 | ```bash
16 | kustomize build katalog/kube-proxy-metrics | kubectl apply -f -
17 | kustomize build katalog/prometheus-operated | kubectl apply -f -
18 | ```
19 |
--------------------------------------------------------------------------------
/docs/releases/v1.12.2.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version v1.12.2
2 |
3 | This patch includes hotfix in `kube-rbac-proxy` containers.
4 |
5 | ## Changelog
6 |
7 | - Fixing the UID:GID in kube-rbac-proxy
8 | - [brancz/kube-rbac-proxy/Dockerfile](https://github.com/brancz/kube-rbac-proxy/blob/v0.10.0/Dockerfile#L6)
9 | - Was configured `65534:65534`, correct one is: `65532:65532`
10 |
11 | ## Upgrade path
12 |
13 | To upgrade this core module from `v1.12.1` to `v1.12.2`, you need to download this new version, then apply the
14 | `kustomize` project. No further action is required.
15 |
16 | ```bash
17 | kustomize build katalog/kube-proxy-metrics | kubectl apply -f -
18 | kustomize build katalog/node-exporter | kubectl apply -f -
19 | ```
20 |
--------------------------------------------------------------------------------
/docs/releases/v1.12.3.md:
--------------------------------------------------------------------------------
1 | # Monitoring Module version v1.12.3
2 |
3 | This patch includes hotfix in `thanos/thanos-with-store` package.
4 |
5 | ## Changelog
6 |
7 | - Remove unsupported flag `--experimental.enable-index-cache-postings-compression` (behaviour is now the default)
8 |
9 | ## Upgrade path
10 |
11 | To upgrade this core module from `v1.12.2` to `v1.12.3`:
12 |
13 | 1. Download the new module version
14 | 2. Build and apply the `kustomize` project:
15 |
16 | ```bash
17 | kustomize build katalog/thanos/thanos-with-store | kubectl apply -f -
18 | ```
19 |
--------------------------------------------------------------------------------
/docs/releases/v1.2.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.1.0` and this release: `1.2.0`
6 |
7 | - Modified `node-exporter` tolerations. Now it tolerates all node taints using `operator: Exists` attribute.
8 | - CI: Added testing in three diferent kubernetes versions.
9 |
--------------------------------------------------------------------------------
/docs/releases/v1.3.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.2.0` and this release: `1.3.0`
6 |
7 | - Added Kubernetes 1.16 compatibility.
8 | - Updated [`prometheus-operator`](../../katalog/prometheus-operator/) from `0.29.0` to `0.30.0`.
9 | - Added [`Goldpinger`](../../katalog/goldpinger) deployment.
10 | - Updated [`kube-state-metrics`](../../katalog/kube-state-metrics) from `1.5.0` to `1.8.0`.
11 |
--------------------------------------------------------------------------------
/docs/releases/v1.4.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.3.0` and this release: `1.4.0`
6 |
7 | - Updated packages:
8 | - alertmanager-operated from version v0.16.0 to version v0.20.0
9 | - grafana from version v5.3.4 to version v6.6.2
10 | - Added grafana dashboards
11 | - kube-state-metrics update from v1.8.0 to version v1.9.5
12 | - node-exporter update from v0.16.0 to version v0.18.1
13 | - scrape interval for node-exporter changed to '15s' from '30s'
14 | - cpu resource limit increase to '250m' from '102m'
15 | - prometheus-operated to version v2.16.0
16 | - storage increased to '150Gi' from '50Gi'
17 | - prometheus-operator to version v0.37.0
18 | - new package:
19 | - metrics-server (migrated form aws installer)
20 |
21 | ## Update procedure from v1.3.0
22 |
23 | To update from v1.3.0 to v1.4.0 just checkout the new version applying the new manifests:
24 |
25 | ```bash
26 | kustomize build katalog/prometheus-operator | kubectl apply -f -
27 | kustomize build katalog/prometheus-operated | kubectl apply -f -
28 | kustomize build katalog/grafana | kubectl apply -f -
29 | kustomize build katalog/kubeadm-sm | kubectl apply -f -
30 | kustomize build katalog/kube-state-metrics | kubectl apply -f -
31 | kustomize build katalog/node-exporter | kubectl apply -f -
32 | ```
33 |
--------------------------------------------------------------------------------
/docs/releases/v1.4.1.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.4.0` and this release: `1.4.1`
6 |
7 | - Fixes:
8 | - examples tests in the pipeline
9 | - Refactor:
10 | - alertmanager secret/configuration generation.
11 | You can see a working example [here](examples/alertmanager-configuration)
12 |
--------------------------------------------------------------------------------
/docs/releases/v1.5.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.4.1` and this release: `1.5.0`
6 |
7 | - Add a `machine-id` textfile recolector in `node-exporter`:
8 | - Add `systemd_machine_id` metric.
9 | - Closing #21
10 | - Add an alert to monitor `machine-id` collisions:
11 | - Alert name: `NodeMachineIDCollision`
12 |
--------------------------------------------------------------------------------
/docs/releases/v1.6.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.5.0` and this release: `1.6.0`
6 |
7 | - Make metrics-server compatible with cert-manager >= 0.11:
8 | - Read carefully the [cert-manager upgrade path](https://github.com/sighupio/fury-kubernetes-ingress/blob/v1.6.0/docs/releases/v1.6.0.md)
9 |
10 |
--------------------------------------------------------------------------------
/docs/releases/v1.6.1.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.6.0` and this release: `1.6.1`
6 |
7 | - Add missing networking dashboard. Calico dashboard.
8 |
--------------------------------------------------------------------------------
/docs/releases/v1.7.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.6.1` and this release: `1.7.0`
6 |
7 | - Added Kong Ingress Controller dashboard to Grafana
8 |
--------------------------------------------------------------------------------
/docs/releases/v1.7.1.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.7.0` and this release: `1.7.1`
6 |
7 | - Added Gatekeeper dashboard to Grafana
8 | - FIX: Move cert-manager annotation to the current one
9 |
--------------------------------------------------------------------------------
/docs/releases/v1.8.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.7.1` and this release: `1.8.0`
6 |
7 | - Support 1.16, 1.17 and 1.18 Kubernetes Version
8 |
--------------------------------------------------------------------------------
/docs/releases/v1.9.0.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.8.0` and this release: `1.9.0`
6 |
7 | - Add sidecar to live-reload grafana dashboards
8 | - Add thanos package
--------------------------------------------------------------------------------
/docs/releases/v1.9.1.md:
--------------------------------------------------------------------------------
1 | # Release notes
2 |
3 | ## Changelog
4 |
5 | Changes between `1.9.0` and this release: `1.9.1`
6 |
7 | - Changing grafana dashboard generation
8 |
9 | ## Update procedure from v1.9.0
10 |
11 | Go in the `monitoring` namespace, and delete all the grafana configmap dashboards with:
12 |
13 | ```bash
14 | kubectl delete cm -l grafana-sighup-dashboard=default
15 | ```
16 |
17 | Then, apply the new version
--------------------------------------------------------------------------------
/examples/alertmanager-configuration/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/alertmanager-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
--------------------------------------------------------------------------------
/examples/alertmanager-configuration/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/alertmanager-configuration/README.md:
--------------------------------------------------------------------------------
1 | # Alertmanager Configuration
2 |
3 | This example shows how to deploy a customized Alertmanager Configuration. It customizes Fury distribution Alertmanager to deploy with no DeadManSwitch and sends all alerts to slack only. This example is meant to illustrate how to attach a new configuration to alertmanager
4 |
5 | 0. Run furyctl to get packages: `furyctl install`
6 |
7 | 1. You can modify `alertmanager.yaml` file to change slack url with your own ([WebHook integration](https://api.slack.com/incoming-webhooks) needed in your slack) and channel to send the alert to. To see all fields you can modify please refer to [documentation](https://prometheus.io/docs/alerting/configuration/)
8 |
9 | 2. Run `make build` to see output of kustomize with your modifications.
10 |
11 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on cluster.
12 |
--------------------------------------------------------------------------------
/examples/alertmanager-configuration/alertmanager.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | global:
6 | resolve_timeout: 5m
7 | route:
8 | group_by: ['alertname', 'cluster', 'service', 'job']
9 | group_wait: 30s
10 | group_interval: 5m
11 | repeat_interval: 1h
12 | receiver: 'kubernetes-team'
13 | routes:
14 | - match:
15 | alertname: DeadMansSwitch
16 | receiver: null
17 | - match:
18 | receiver: 'kubernetes-team'
19 | receivers:
20 | - name: 'kubernetes-team'
21 | slack_configs:
22 | - channel: kubernetes-alerts
23 | api_url: 'https://hooks.slack.com/services/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-'
24 | send_resolved: true
25 | templates:
26 | - '/etc/alertmanager/config/*.tmpl'
27 |
--------------------------------------------------------------------------------
/examples/alertmanager-configuration/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/alertmanager-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | generatorOptions:
10 | disableNameSuffixHash: true
11 |
12 | secretGenerator:
13 | - name: alertmanager-main
14 | behavior: merge
15 | namespace: monitoring
16 | files:
17 | - alertmanager.yaml=alertmanager.yaml
18 |
--------------------------------------------------------------------------------
/examples/alertmanager-operated-deployment/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/alertmanager-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
11 |
--------------------------------------------------------------------------------
/examples/alertmanager-operated-deployment/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/alertmanager-operated-deployment/README.md:
--------------------------------------------------------------------------------
1 | # Alertmanager Deployment
2 |
3 | This example shows how to deploy a customized Alertmanager. It customizes Fury distribution Alertmanager to deploy version `0.15.2` as 1 replica.
4 |
5 | 0. Run furyctl to get packages: `furyctl install`
6 |
7 | 1. You can modify `alertmanager-operated-deployment.yml` file to change replica number and version. To see all fields you can modify please refer to [documentation](https://github.com/coreos/prometheus-operator/blob/main/Documentation/user-guides/alerting.md)
8 |
9 | 2. Run `make build` to see output of kustomize with your modifications.
10 |
11 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on cluster.
12 |
--------------------------------------------------------------------------------
/examples/alertmanager-operated-deployment/alertmanager-operated-deployment.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Alertmanager
7 | metadata:
8 | labels:
9 | alertmanager: main
10 | name: main
11 | namespace: monitoring
12 | spec:
13 | replicas: 1
14 | version: v0.15.2
15 |
--------------------------------------------------------------------------------
/examples/alertmanager-operated-deployment/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/alertmanager-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | patches:
10 | - alertmanager-operated-deployment.yml
11 |
--------------------------------------------------------------------------------
/examples/blackbox-exporter-probe/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/alertmanager-operated
7 | version: v2.0.1
8 | - name: monitoring/blackbox-exporter
9 | version: v2.0.1
10 | - name: monitoring/prometheus-operated
11 | version: v2.0.1
12 | - name: monitoring/prometheus-operator
13 | version: v2.0.1
14 |
--------------------------------------------------------------------------------
/examples/blackbox-exporter-probe/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/blackbox-exporter-probe/README.md:
--------------------------------------------------------------------------------
1 | # Endpoint blackbox probing with Probe CRD
2 |
3 | This example shows how to define a Probe resource to monitor an endpoint
4 | reachable via HTTP and HTTPS protocols using blackbox-exporter. To learn more
5 | about the Probe resource, see the Prometheus Operator API reference
6 | [documentation](https://github.com/prometheus-operator/prometheus-operator/blob/v0.57.0/Documentation/api.md#probespec).
7 |
8 | To deploy this example:
9 |
10 | ```shell
11 | furyctl vendor -H
12 | make deploy
13 | ```
14 |
--------------------------------------------------------------------------------
/examples/blackbox-exporter-probe/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | bases:
12 | - vendor/katalog/monitoring/alertmanager-operated
13 | - vendor/katalog/monitoring/blackbox-exporter
14 | - vendor/katalog/monitoring/prometheus-operated
15 | - vendor/katalog/monitoring/prometheus-operator
16 |
17 | resources:
18 | - probe.yml
19 |
--------------------------------------------------------------------------------
/examples/blackbox-exporter-probe/probe.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Probe
7 | metadata:
8 | name: sighup
9 | namespace: monitoring
10 | spec:
11 | jobName: sighup
12 | interval: 60s
13 | module: http_2xx
14 | prober:
15 | url: blackbox-exporter.monitoring.svc:19115
16 | scheme: http
17 | path: /probe
18 | targets:
19 | staticConfig:
20 | static:
21 | - http://sighup.io
22 | - https://sighup.io
23 |
--------------------------------------------------------------------------------
/examples/grafana-add-dashboard/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/grafana
7 | version: v2.0.1
8 |
--------------------------------------------------------------------------------
/examples/grafana-add-dashboard/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f -
8 |
--------------------------------------------------------------------------------
/examples/grafana-add-dashboard/README.md:
--------------------------------------------------------------------------------
1 | # Grafana Adding Dashboard
2 |
3 | This example shows how to add new dashboards to your Grafana instance. A
4 | dashboards is represented by a JSON object and mounted as a ConfigMap to Grafana
5 | Deployment, in `/grafana-dashboard-definitions/folder_name/` path. JSON file
6 | contains dashboard properties, metadata from panels, template variables, panel
7 | queries etc. A dashboard has one or more panels which are building blocks of a
8 | dashboard. Each data query visualization is a panel. To learn more about Grafana
9 | dashboard JSON please see the Grafana
10 | [documentation](http://docs.grafana.org/reference/dashboard/).
11 |
12 | 0. Run furyctl to get packages: `furyctl install`
13 |
14 | 1. Configure dashboard details, add or remove panels from dashboard by modifying
15 | `sighup-sample-dashboard.json` file.
16 |
17 | 2. `kustomization.yml` creates a ConfigMap from `sighup-sample-dashboard.json`
18 | file
19 |
20 | 3. `add-dashboard.yml` patches Grafana Deployment to mount ConfigMap to Grafana
21 | Deployment.
22 |
23 | 3. Run `make build` to see output of kustomize with your modifications.
24 |
25 | 4. Once you're satisfied with generated output run `make deploy` to deploy it on
26 | your cluster.
27 |
--------------------------------------------------------------------------------
/examples/grafana-add-dashboard/add-dashboard.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apps/v1
6 | kind: Deployment
7 | metadata:
8 | labels:
9 | app: grafana
10 | name: grafana
11 | spec:
12 | template:
13 | spec:
14 | containers:
15 | - image: grafana/grafana:8.3.3
16 | name: grafana
17 | volumeMounts:
18 | - mountPath: /grafana-dashboard-definitions/0/sighup
19 | name: sighup-sample-dashboard-definition
20 | readOnly: false
21 | volumes:
22 | - configMap:
23 | name: sighup-sample-dashboard-definition
24 | name: sighup-sample-dashboard-definition
25 |
--------------------------------------------------------------------------------
/examples/grafana-add-dashboard/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | namespace: monitoring
6 |
7 | bases:
8 | - vendor/katalog/monitoring/grafana
9 |
10 | configMapGenerator:
11 | - name: sighup-sample-dashboard-definition
12 | files:
13 | - sighup-sample-dashboard.json
14 |
15 | patches:
16 | - add-dashboard.yml
17 |
--------------------------------------------------------------------------------
/examples/grafana-configuration/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/grafana
7 | version: v2.0.1
8 |
--------------------------------------------------------------------------------
/examples/grafana-configuration/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f -
8 |
--------------------------------------------------------------------------------
/examples/grafana-configuration/README.md:
--------------------------------------------------------------------------------
1 | # Configuring Grafana with Environment Variables
2 |
3 | This example shows how to configure Grafana instance via environment variables.
4 | It sets default instance name to "grafana" and changes role for unauthenticated
5 | users to "Viewer". All options in the configuration file can be overridden using
6 | environment variables. To learn more about Grafana configuration please see the
7 | [documentation](http://docs.grafana.org/installation/configuration/).
8 |
9 | 0. Run furyctl to get packages: `furyctl install`
10 |
11 | 1. You can modify environment variable values in `env-variables.yml` file.
12 |
13 | 2. Run `make build` to see output of kustomize with your modifications.
14 |
15 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on
16 | your cluster.
17 |
--------------------------------------------------------------------------------
/examples/grafana-configuration/env-variables.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apps/v1
6 | kind: Deployment
7 | metadata:
8 | labels:
9 | app: grafana
10 | name: grafana
11 | spec:
12 | template:
13 | spec:
14 | containers:
15 | - image: grafana/grafana:8.3.3
16 | name: grafana
17 | env:
18 | - name: GF_DEFAULT_INSTANCE_NAME
19 | value: "grafana"
20 | - name: GF_AUTH_ANONYMOUS_ORG_ROLE
21 | value: "Viewer"
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/examples/grafana-configuration/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | namespace: monitoring
6 |
7 | bases:
8 | - vendor/katalog/monitoring/grafana
9 |
10 | patches:
11 | - env-variables.yml
12 |
--------------------------------------------------------------------------------
/examples/prometheus-additionalScrapes/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
11 |
--------------------------------------------------------------------------------
/examples/prometheus-additionalScrapes/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-additionalScrapes/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Additional Scrapes
2 |
3 | This example shows how to customize your Prometheus deployment (deployed via
4 | Prometheus Operator CRD) to add additional scrapes. This example adds 2 scrape
5 | configurations: one for metrics from external-node-exporter and other for
6 | metrics from etcd.
7 |
8 | 0. Run furyctl to get packages: `furyctl install`
9 |
10 | 1. To learn how to write scrape config like in
11 | `prometheus-additional-scrapes.yml` file please refer to Prometheus
12 | [documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#%3Cscrape_config%3E)
13 |
14 | 2. Run `make build` to see output of kustomize with your modifications.
15 |
16 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on
17 | cluster.
18 |
--------------------------------------------------------------------------------
/examples/prometheus-additionalScrapes/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | resources:
10 | - prometheus-additionalScrapes.yml
11 |
--------------------------------------------------------------------------------
/examples/prometheus-additionalScrapes/prometheus-additionalScrapes.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | stringData:
7 | prometheus-additional-scrapes.yml: |-
8 | - job_name: external-node-exporter
9 | scrape_interval: 15s
10 | static_configs:
11 | - targets:
12 | - "192.168.0.1:9100"
13 | - "192.168.0.2:9100"
14 | - "192.168.0.3:9100"
15 | - job_name: etcd-metrics
16 | scrape_interval: 15s
17 | static_configs:
18 | - targets:
19 | - "192.168.0.4:2378"
20 | kind: Secret
21 | metadata:
22 | name: prometheus-additional-scrapes
23 | namespace: monitoring
24 | type: Opaque
25 |
--------------------------------------------------------------------------------
/examples/prometheus-alertmanager-externalUrl/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/alertmanager-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operated
9 | version: v2.0.1
10 | - name: monitoring/prometheus-operator
11 | version: v2.0.1
12 |
13 |
--------------------------------------------------------------------------------
/examples/prometheus-alertmanager-externalUrl/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-alertmanager-externalUrl/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus and Alertmanager external URL
2 |
3 | This example shows how to add external URLs to access Prometheus expression
4 | browser and Alertmanager dashboard.
5 |
6 | 0. Run furyctl to get packages: `furyctl install`
7 |
8 | 1. Replace `externalUrl` field's value with your desired URLs for Prometheus and
9 | Alertmanager resources in `prometheus-alertmanager-externalUrl.yml`.
10 |
11 | 2. Run `make build` to see output of kustomize with your modifications.
12 |
13 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on
14 | cluster.
15 |
16 | 4. Check if you can access Prometheus expression browser and Alertmanager
17 | dashboard from your browser.
18 |
--------------------------------------------------------------------------------
/examples/prometheus-alertmanager-externalUrl/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/alertmanager-operated
7 | - vendor/katalog/monitoring/prometheus-operated
8 | - vendor/katalog/monitoring/prometheus-operator
9 |
10 | patches:
11 | - prometheus-alertmanager-externalUrl.yml
12 |
--------------------------------------------------------------------------------
/examples/prometheus-alertmanager-externalUrl/prometheus-alertmanager-externalUrl.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Prometheus
7 | metadata:
8 | labels:
9 | prometheus: k8s
10 | name: k8s
11 | namespace: monitoring
12 | spec:
13 | externalUrl: "http://prometheus.k8s.sighup.io/"
14 | ---
15 | apiVersion: monitoring.coreos.com/v1
16 | kind: Alertmanager
17 | metadata:
18 | name: main
19 | namespace: monitoring
20 | spec:
21 | externalUrl: "http://alertmanager.k8s.sighup.io/"
22 |
--------------------------------------------------------------------------------
/examples/prometheus-externalLabels/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
11 |
--------------------------------------------------------------------------------
/examples/prometheus-externalLabels/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-externalLabels/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Adding External Labels
2 |
3 | This example shows how to add external labels to any time series or alerts for
4 | your Prometheus deployment.
5 |
6 | 0. Run furyctl to get packages: `furyctl install`
7 |
8 | 1. Add/modify labels you want to add to your Prometheus deployment, by modifying
9 | `prometheus-externalLabels.yml` file.
10 |
11 | 2. Run `make build` to see output of kustomize with your modifications.
12 |
13 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on
14 | your cluster.
15 |
--------------------------------------------------------------------------------
/examples/prometheus-externalLabels/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | patches:
10 | - prometheus-externalLabels.yml
11 |
--------------------------------------------------------------------------------
/examples/prometheus-externalLabels/prometheus-externalLabels.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Prometheus
7 | metadata:
8 | labels:
9 | prometheus: k8s
10 | name: k8s
11 | spec:
12 | externalLabels:
13 | k8s_cluster: sighup
14 | cluster_env: production
15 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-deployment/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
11 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-deployment/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-deployment/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Operated Deployment
2 |
3 | This example shows how to customize your Prometheus deployment (which you deploy via Prometheus Operator) changing default retention policy and adding a PersistentVolumeClaim for 150Gi of storage. To see full list of fields that you can modify please refer to Prometheus CRD manifest.
4 |
5 | 0. Run furyctl to get packages: `furyctl install`
6 |
7 | In `prometheus-operated-deployment.yml`
8 |
9 | 1. Modify `retention` field for time duration you want.
10 |
11 | 2. Modify `VolumeClaimTemplate` field to claim a storage resource of your desired `size` and `accessMode`.
12 |
13 | In the example's directory:
14 |
15 | 3. Run `make build` to see output of kustomize with your modifications.
16 |
17 | 4. Once you're satisfied with generated output run `make deploy` to deploy it on cluster.
18 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-deployment/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | patches:
10 | - prometheus-operated-deployment.yml
11 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-deployment/prometheus-operated-deployment.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Prometheus
7 | metadata:
8 | labels:
9 | prometheus: k8s
10 | name: k8s
11 | spec:
12 | retention: 60d
13 | storage:
14 | volumeClaimTemplate:
15 | spec:
16 | accessModes:
17 | - ReadWriteOnce
18 | resources:
19 | requests:
20 | storage: 150Gi
21 | version: v2.4.2
22 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-nodeSelector/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
11 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-nodeSelector/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-nodeSelector/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Operated NodeSelector
2 |
3 | This example shows how to customize your Prometheus deployment (which you deploy via Prometheus Operator) changing the node selector to deploy Prometheus only on nodes with a particular labels. To see full list of fields that you can modify please refer to Prometheus CRD manifest.
4 |
5 | 0. Run furyctl to get packages: `furyctl install`
6 |
7 | In `prometheus-operated-nodeSelector.yml`
8 |
9 | 1. Modify `nodeSelector` field selecting the desired labels.
10 |
11 | In the example's directory:
12 |
13 | 2. Run `make build` to see output of kustomize with your modifications.
14 |
15 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on cluster.
16 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-nodeSelector/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | patches:
10 | - prometheus-operated-nodeSelector.yml
11 |
--------------------------------------------------------------------------------
/examples/prometheus-operated-nodeSelector/prometheus-operated-nodeSelector.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Prometheus
7 | metadata:
8 | name: k8s
9 | spec:
10 | nodeSelector:
11 | beta.sighup.io/type: infra
12 |
--------------------------------------------------------------------------------
/examples/prometheus-rules/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
--------------------------------------------------------------------------------
/examples/prometheus-rules/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/prometheus-rules/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Creating Alert Rules
2 |
3 | This example shows how to create alert rules for Prometheus, using
4 | PrometheusRule CRD. Example defines two rules for two different type of event
5 | that can occur.
6 |
7 | First rule fires an alert if application MyApp has disappered from Prometheus
8 | target discovery. Second rule fires an alert if application MyApp's failure rate
9 | measured on a time window of 2 minutes was higher than 10% in the last 10
10 | minutes.
11 |
12 | Alert rule conditions are defined based on PromQL expressions, with `expr` field
13 | in your rule definitions. To learn more about PromQL please refer to Prometheus
14 | [documentation](https://prometheus.io/docs/prometheus/latest/querying/basics/)
15 |
16 | 0. Run furyctl to get packages: `furyctl install`
17 |
18 | 1. Add new rules based on conditions expressed with PromQL, add annotations to
19 | inform user about alert and specify an interval with `for` field.
20 |
21 | 2. Run `make build` to see output of kustomize with your modifications.
22 |
23 | 3. Once you're satisfied with generated output run `make deploy` to deploy it on
24 | your cluster.
25 |
--------------------------------------------------------------------------------
/examples/prometheus-rules/add-alert.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: PrometheusRule
7 | metadata:
8 | labels:
9 | prometheus: k8s
10 | role: alert-rules
11 | name: myapp-k8s-rules
12 | namespace: monitoring
13 | spec:
14 | groups:
15 | - name: myapp.rules
16 | rules:
17 | - alert: MyAppDown
18 | annotations:
19 | message: 'MyApp instance {{ $labels.instance }} has disappered from
20 | Prometheus target discovery.'
21 | doc: "This alert fires if Prometheus target discovery was not able to
22 | reach myapp-metrics in the last 3 minutes."
23 | expr: |
24 | absent(up{job="myapp-metrics"} == 1)
25 | for: 3m
26 | labels:
27 | severity: critical
28 | - alert: MyAppFailureRate
29 | annotations:
30 | message: 'MyApp failure rate is {{ printf "%.2f" $value }}%.'
31 | doc: "This alert fires if the failure rate (the rate of 4xx and 5xx
32 | responses) measured on a time window of 2 minutes was higher than 10%
33 | in the last 10 minutes."
34 | expr: |
35 | (sum without (status) (rate(myapp_http_requests_total{status=~"(4|5).*"}[2m]))
36 | /
37 | sum without (status) (rate(myapp_http_requests_total[2m]))) * 100 > 10
38 | for: 10m
39 | labels:
40 | severity: warning
41 |
--------------------------------------------------------------------------------
/examples/prometheus-rules/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | resources:
10 | - add-alert.yml
11 |
--------------------------------------------------------------------------------
/examples/registry-override/README.md:
--------------------------------------------------------------------------------
1 | # Kustomization example for image override
2 |
3 | In this folder, you will find all the examples to override the images used in our `katalogs`.
4 |
5 | We host all the fury images on registry.sighup.io, but if you have your registry or mirror, you can override them and switch the source.
--------------------------------------------------------------------------------
/examples/registry-override/alertmanager-operated/image.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: Alertmanager
8 | metadata:
9 | labels:
10 | alertmanager: main
11 | name: main
12 | spec:
13 | image: quay.io/prometheus/alertmanager:v0.21.0
14 |
--------------------------------------------------------------------------------
/examples/registry-override/alertmanager-operated/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/alertmanager-operated
11 |
12 | patchesStrategicMerge:
13 | - image.yml
14 |
--------------------------------------------------------------------------------
/examples/registry-override/grafana/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/grafana
11 |
12 | images:
13 | - name: registry.sighup.io/fury/grafana
14 | newName: grafana/grafana
15 | - name: registry.sighup.io/fury/kiwigrid/k8s-sidecar
16 | newName: kiwigrid/k8s-sidecar
17 |
--------------------------------------------------------------------------------
/examples/registry-override/kube-proxy-metrics/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/kube-proxy-metrics
11 |
12 | images:
13 | - name: registry.sighup.io/fury/coreos/kube-rbac-proxy
14 | newName: quay.io/coreos/kube-state-metrics
15 |
--------------------------------------------------------------------------------
/examples/registry-override/kube-state-metrics/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/kube-state-metrics
11 |
12 | images:
13 | - name: registry.sighup.io/fury/coreos/kube-state-metrics
14 | newName: quay.io/coreos/kube-state-metrics
15 |
--------------------------------------------------------------------------------
/examples/registry-override/metrics-server/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/metrics-server
11 |
12 | images:
13 | - name: registry.sighup.io/fury/metrics-server
14 | newName: k8s.gcr.io/metrics-server/metrics-server
15 |
--------------------------------------------------------------------------------
/examples/registry-override/node-exporter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/node-exporter
11 |
12 | images:
13 | - name: registry.sighup.io/fury/alpine
14 | newName: alpine
15 | - name: registry.sighup.io/fury/prometheus/node-exporter
16 | newName: quay.io/prometheus/node-exporter
17 | - name: registry.sighup.io/fury/coreos/kube-rbac-proxy
18 | newName: quay.io/coreos/kube-rbac-proxy
19 |
--------------------------------------------------------------------------------
/examples/registry-override/prometheus-operated/image.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: Prometheus
8 | metadata:
9 | labels:
10 | prometheus: k8s
11 | name: k8s
12 | spec:
13 | image: quay.io/prometheus/prometheus:v2.29.1
14 |
--------------------------------------------------------------------------------
/examples/registry-override/prometheus-operated/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/prometheus-operated
11 |
12 | patchesStrategicMerge:
13 | - image.yml
14 |
--------------------------------------------------------------------------------
/examples/registry-override/prometheus-operator/deploy.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | labels:
10 | k8s-app: prometheus-operator
11 | name: prometheus-operator
12 | spec:
13 | template:
14 | spec:
15 | containers:
16 | - args:
17 | - --kubelet-service=kube-system/kubelet
18 | - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.50.0
19 | name: prometheus-operator
20 |
--------------------------------------------------------------------------------
/examples/registry-override/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../../../katalog/prometheus-operator
11 |
12 | patchesStrategicMerge:
13 | - deploy.yml
14 |
15 | images:
16 | - name: quay.io/prometheus-operator/prometheus-operator
17 | newName: registry.sighup.io/fury/prometheus-operator
18 |
--------------------------------------------------------------------------------
/examples/serviceMonitor/Furyfile.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - name: monitoring/prometheus-operated
7 | version: v2.0.1
8 | - name: monitoring/prometheus-operator
9 | version: v2.0.1
10 |
--------------------------------------------------------------------------------
/examples/serviceMonitor/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build deploy
2 |
3 | build:
4 | kustomize build .
5 |
6 | deploy:
7 | kustomize build . | kubectl apply -f - --server-side
8 |
--------------------------------------------------------------------------------
/examples/serviceMonitor/example-app.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | name: example-app
9 | labels:
10 | app: example-app
11 | spec:
12 | ports:
13 | - port: 8080
14 | protocol: TCP
15 | name: http
16 | selector:
17 | app: example-app
18 | ---
19 | apiVersion: apps/v1
20 | kind: Deployment
21 | metadata:
22 | name: example-app
23 | labels:
24 | app: example-app
25 | spec:
26 | replicas: 1
27 | selector:
28 | matchLabels:
29 | app: example-app
30 | template:
31 | metadata:
32 | labels:
33 | app: example-app
34 | spec:
35 | containers:
36 | - name: example-app
37 | image: quay.io/brancz/prometheus-example-app:v0.1.0
38 | ports:
39 | - containerPort: 8080
40 |
--------------------------------------------------------------------------------
/examples/serviceMonitor/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | bases:
6 | - vendor/katalog/monitoring/prometheus-operated
7 | - vendor/katalog/monitoring/prometheus-operator
8 |
9 | resources:
10 | - sm.yml
11 | - example-app.yml
12 |
--------------------------------------------------------------------------------
/examples/serviceMonitor/sm.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | name: example-app
9 | labels:
10 | k8s-app: example-app
11 | spec:
12 | endpoints:
13 | - interval: 10s
14 | port: http
15 | scheme: http
16 | path: /metrics
17 | jobLabel: k8s-app
18 | namespaceSelector:
19 | matchNames:
20 | - default
21 | selector:
22 | matchLabels:
23 | app: example-app
24 |
--------------------------------------------------------------------------------
/katalog/aks-sm/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `aks-sm` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} aks-sm
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
--------------------------------------------------------------------------------
/katalog/aks-sm/README.md:
--------------------------------------------------------------------------------
1 | # AKS ServiceMonitor
2 |
3 |
4 |
5 | This package provides monitoring for Kubernetes components `kubelet`, `coredns` and
6 | `api-server` on AKS.
7 |
8 | ## Requirements
9 |
10 | - Kubernetes >= `1.29.0`
11 | - Kustomize = `5.6.0`
12 | - [prometheus-operator](../prometheus-operator)
13 |
14 | ## Configuration
15 |
16 | Fury distribution AKS ServiceMonitor has the following configuration:
17 |
18 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
19 | - `coredns` metrics are scraped with `15s` intervals
20 | - Dashboards shipped:
21 | - `coredns`: CoreDNS >= 1.8.0
22 | - `api-server`: Kubernetes / API server
23 | - `cluster-total`: Kubernetes / Networking / Cluster
24 | - `kubelet`: Kubernetes / Kubelet
25 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
26 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
27 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
28 | - `pod-total`: Kubernetes / Networking / Pod
29 | - `workload-total`: Kubernetes / Networking / Workload
30 |
31 |
32 |
33 | ## License
34 |
35 | For license details please see [LICENSE](../../LICENSE)
36 |
--------------------------------------------------------------------------------
/katalog/aks-sm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../configs/aks
11 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `alertmanager-operated` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} alertmanager-operated
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
20 | 5. Check that the `DeadMansSwitch` alerts in the current configuration have the following parameters and not the default ones:
21 |
22 | ```yaml
23 | repeatInterval: 30s
24 | groupWait: 1m
25 | groupInterval: 1m
26 | ```
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/alertmanager.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Alertmanager
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: alert-router
10 | app.kubernetes.io/instance: main
11 | app.kubernetes.io/name: alertmanager
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.27.0
14 | name: main
15 | namespace: monitoring
16 | spec:
17 | image: quay.io/prometheus/alertmanager:v0.27.0
18 | # We set the matcher strategy to None, because otherwise the Prometheus
19 | # Operator will add a matcher to all routes checking for a namespace label
20 | # with the namespace where alertmanager is running.
21 | alertmanagerConfigMatcherStrategy:
22 | type: None
23 | nodeSelector:
24 | kubernetes.io/os: linux
25 | podMetadata:
26 | labels:
27 | app.kubernetes.io/component: alert-router
28 | app.kubernetes.io/instance: main
29 | app.kubernetes.io/name: alertmanager
30 | app.kubernetes.io/part-of: kube-prometheus
31 | app.kubernetes.io/version: 0.27.0
32 | replicas: 3
33 | resources:
34 | limits:
35 | cpu: 100m
36 | memory: 100Mi
37 | requests:
38 | cpu: 4m
39 | memory: 100Mi
40 | secrets: []
41 | securityContext:
42 | fsGroup: 2000
43 | runAsNonRoot: true
44 | runAsUser: 1000
45 | serviceAccountName: alertmanager-main
46 | version: 0.27.0
47 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/config/alertmanager.tmpl:
--------------------------------------------------------------------------------
1 | {{ define "__alertmanagerURL" }}{{ .ExternalURL }}/#/alerts?receiver={{ .Receiver }}{{ end }}
2 |
3 | {{ define "__subject" }}[{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] Monitoring Event Notification{{ end }}
4 |
5 | {{ define "__text" }}{{ range .Alerts }}
6 | *Alert:* {{ .Labels.alertname }} - `{{ .Labels.severity }}`
7 | *Description:* {{ .Annotations.description }}
8 | *Runbook*: {{ .Annotations.runbook_url }}
9 | *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
10 | *Details:*
11 | {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
12 | {{ end }}{{ end }}{{ end }}
13 |
14 | {{ define "slack.default.title" }}{{ template "__subject" . }}{{ end }}
15 | {{ define "slack.default.username" }}{{ .CommonLabels.k8s_cluster | toUpper }}{{ end }}
16 | {{ define "slack.default.fallback" }}{{ template "slack.default.title" . }} | {{ template "slack.default.titlelink" . }}{{ end }}
17 | {{ define "slack.default.pretext" }}{{ end }}
18 | {{ define "slack.default.titlelink" }}{{ template "__alertmanagerURL" . }}{{ end }}
19 | {{ define "slack.default.iconemoji" }}{{ end }}
20 | {{ define "slack.default.iconurl" }}{{ end }}
21 | {{ define "slack.default.text" }}{{ template "__text" . }}{{ end }}
22 | {{ define "slack.default.footer" }}{{ end }}
23 |
24 | {{ define "email.default.subject" }}{{ template "__subject" .}} - {{ template "slack.default.username" . }}{{ end }}
25 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/config/alertmanager.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | global:
6 | resolve_timeout: 5m
7 |
8 | templates:
9 | - '/etc/alertmanager/config/*.tmpl'
10 |
11 | route:
12 | group_by: [alertname]
13 | group_wait: 30s
14 | group_interval: 1s
15 | repeat_interval: 1h
16 | receiver: noreceiver
17 |
18 | receivers:
19 | - name: noreceiver
20 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Monitoring"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: alertmanager-grafana-dashboards
20 | files:
21 | - alertmanager-overview.json
22 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | patchesStrategicMerge:
12 | - |-
13 | apiVersion: monitoring.coreos.com/v1
14 | kind: Alertmanager
15 | metadata:
16 | name: main
17 | namespace: monitoring
18 | spec:
19 | alertmanagerConfigSelector: {}
20 | image: registry.sighup.io/fury/prometheus/alertmanager:v0.27.0
21 | replicas: 1
22 |
23 | resources:
24 | - dashboards
25 | - alertmanager.yaml
26 | - alertmanagerconfig.yml
27 | - prometheusRule.yaml
28 | - service.yaml
29 | - serviceAccount.yaml
30 | - serviceMonitor.yaml
31 |
32 | generatorOptions:
33 | disableNameSuffixHash: true
34 |
35 | secretGenerator:
36 | - name: alertmanager-main
37 | namespace: monitoring
38 | files:
39 | - alertmanager.yaml=config/alertmanager.yaml
40 | - alertmanager.tmpl=config/alertmanager.tmpl
41 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: alert-router
10 | app.kubernetes.io/instance: main
11 | app.kubernetes.io/name: alertmanager
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.27.0
14 | name: alertmanager-main
15 | namespace: monitoring
16 | spec:
17 | ports:
18 | - name: web
19 | port: 9093
20 | targetPort: web
21 | - name: reloader-web
22 | port: 8080
23 | targetPort: reloader-web
24 | selector:
25 | app.kubernetes.io/component: alert-router
26 | app.kubernetes.io/instance: main
27 | app.kubernetes.io/name: alertmanager
28 | app.kubernetes.io/part-of: kube-prometheus
29 | sessionAffinity: ClientIP
30 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: alert-router
11 | app.kubernetes.io/instance: main
12 | app.kubernetes.io/name: alertmanager
13 | app.kubernetes.io/part-of: kube-prometheus
14 | app.kubernetes.io/version: 0.27.0
15 | name: alertmanager-main
16 | namespace: monitoring
17 |
--------------------------------------------------------------------------------
/katalog/alertmanager-operated/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: alert-router
10 | app.kubernetes.io/instance: main
11 | app.kubernetes.io/name: alertmanager
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.27.0
14 | name: alertmanager-main
15 | namespace: monitoring
16 | spec:
17 | endpoints:
18 | - interval: 30s
19 | port: web
20 | - interval: 30s
21 | port: reloader-web
22 | selector:
23 | matchLabels:
24 | app.kubernetes.io/component: alert-router
25 | app.kubernetes.io/instance: main
26 | app.kubernetes.io/name: alertmanager
27 | app.kubernetes.io/part-of: kube-prometheus
28 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `blackbox-exporter` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} blackbox-exporter
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/clusterRole.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRole
7 | metadata:
8 | name: blackbox-exporter
9 | rules:
10 | - apiGroups:
11 | - authentication.k8s.io
12 | resources:
13 | - tokenreviews
14 | verbs:
15 | - create
16 | - apiGroups:
17 | - authorization.k8s.io
18 | resources:
19 | - subjectaccessreviews
20 | verbs:
21 | - create
22 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: blackbox-exporter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.25.0
13 | name: blackbox-exporter
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: blackbox-exporter
18 | subjects:
19 | - kind: ServiceAccount
20 | name: blackbox-exporter
21 | namespace: monitoring
22 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/configuration.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | data:
7 | config.yml: |-
8 | "modules":
9 | "http_2xx":
10 | "http":
11 | "preferred_ip_protocol": "ip4"
12 | "prober": "http"
13 | "http_post_2xx":
14 | "http":
15 | "method": "POST"
16 | "preferred_ip_protocol": "ip4"
17 | "prober": "http"
18 | "irc_banner":
19 | "prober": "tcp"
20 | "tcp":
21 | "preferred_ip_protocol": "ip4"
22 | "query_response":
23 | - "send": "NICK prober"
24 | - "send": "USER prober prober prober :prober"
25 | - "expect": "PING :([^ ]+)"
26 | "send": "PONG ${1}"
27 | - "expect": "^:[^ ]+ 001"
28 | "pop3s_banner":
29 | "prober": "tcp"
30 | "tcp":
31 | "preferred_ip_protocol": "ip4"
32 | "query_response":
33 | - "expect": "^+OK"
34 | "tls": true
35 | "tls_config":
36 | "insecure_skip_verify": false
37 | "ssh_banner":
38 | "prober": "tcp"
39 | "tcp":
40 | "preferred_ip_protocol": "ip4"
41 | "query_response":
42 | - "expect": "^SSH-2.0-"
43 | "tcp_connect":
44 | "prober": "tcp"
45 | "tcp":
46 | "preferred_ip_protocol": "ip4"
47 | kind: ConfigMap
48 | metadata:
49 | labels:
50 | app.kubernetes.io/component: exporter
51 | app.kubernetes.io/name: blackbox-exporter
52 | app.kubernetes.io/part-of: kube-prometheus
53 | app.kubernetes.io/version: 0.25.0
54 | name: blackbox-exporter-configuration
55 | namespace: monitoring
56 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: quay.io/prometheus/blackbox-exporter
13 | newName: registry.sighup.io/fury/prometheus/blackbox-exporter
14 | newTag: v0.25.0
15 | - name: jimmidyson/configmap-reload
16 | newName: registry.sighup.io/fury/jimmidyson/configmap-reload
17 | newTag: v0.5.0
18 | - name: quay.io/brancz/kube-rbac-proxy
19 | newName: registry.sighup.io/fury/brancz/kube-rbac-proxy
20 | newTag: v0.18.1
21 | - name: ghcr.io/jimmidyson/configmap-reload
22 | newName: registry.sighup.io/fury/jimmidyson/configmap-reload
23 | resources:
24 | - clusterRole.yaml
25 | - clusterRoleBinding.yaml
26 | - configuration.yaml
27 | - deployment.yaml
28 | - prometheusRule.yml
29 | - service.yaml
30 | - serviceAccount.yaml
31 | - serviceMonitor.yaml
32 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/prometheusRule.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: PrometheusRule
7 | metadata:
8 | labels:
9 | role: alert-rules
10 | name: blackbox-exporter-rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: blackbox-exporter.rules
15 | rules:
16 | - alert: ProbeFailure
17 | annotations:
18 | description: "Probe on endpoint {{ $labels.instance }} failed."
19 | summary: Probe failure
20 | expr: probe_success == 0
21 | for: 10m
22 | labels:
23 | severity: warning
24 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: blackbox-exporter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.25.0
13 | name: blackbox-exporter
14 | namespace: monitoring
15 | spec:
16 | ports:
17 | - name: https
18 | port: 9115
19 | targetPort: https
20 | - name: probe
21 | port: 19115
22 | targetPort: http
23 | selector:
24 | app.kubernetes.io/component: exporter
25 | app.kubernetes.io/name: blackbox-exporter
26 | app.kubernetes.io/part-of: kube-prometheus
27 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: blackbox-exporter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.25.0
14 | name: blackbox-exporter
15 | namespace: monitoring
16 |
--------------------------------------------------------------------------------
/katalog/blackbox-exporter/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: blackbox-exporter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.25.0
13 | name: blackbox-exporter
14 | namespace: monitoring
15 | spec:
16 | endpoints:
17 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
18 | interval: 30s
19 | path: /metrics
20 | port: https
21 | scheme: https
22 | tlsConfig:
23 | insecureSkipVerify: true
24 | selector:
25 | matchLabels:
26 | app.kubernetes.io/component: exporter
27 | app.kubernetes.io/name: blackbox-exporter
28 | app.kubernetes.io/part-of: kube-prometheus
29 |
--------------------------------------------------------------------------------
/katalog/configs/aks/README.md:
--------------------------------------------------------------------------------
1 | # AKS ServiceMonitor
2 |
3 | This package provides monitoring for Kubernetes components `kubelet`, `coredns` and
4 | `api-server` on AKS.
5 |
6 | ## Requirements
7 |
8 | - Kubernetes >= `1.29.0`
9 | - Kustomize = `5.6.0`
10 | - [prometheus-operator](../../prometheus-operator)
11 |
12 | ## Configuration
13 |
14 | Fury distribution AKS ServiceMonitor has the following configuration:
15 |
16 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
17 | - `coredns` metrics are scraped with `15s` intervals
18 | - Dashboards shipped:
19 | - `coredns`: CoreDNS >= 1.8.0
20 | - `api-server`: Kubernetes / API server
21 | - `cluster-total`: Kubernetes / Networking / Cluster
22 | - `kubelet`: Kubernetes / Kubelet
23 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
24 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
25 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
26 | - `pod-total`: Kubernetes / Networking / Pod
27 | - `workload-total`: Kubernetes / Networking / Workload
28 |
29 | ## License
30 |
31 | For license details please see [LICENSE](../../../LICENSE)
32 |
--------------------------------------------------------------------------------
/katalog/configs/aks/dashboards/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/aks/dashboards/.keep
--------------------------------------------------------------------------------
/katalog/configs/aks/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | generatorOptions:
10 | labels:
11 | grafana-sighup-dashboard: default
12 | disableNameSuffixHash: true
13 |
14 | resources:
15 | - ../bases/default
16 | - ../bases/coredns
17 |
--------------------------------------------------------------------------------
/katalog/configs/aks/service-monitors/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/aks/service-monitors/.keep
--------------------------------------------------------------------------------
/katalog/configs/bases/coredns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: kube-system
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Kubernetes Components"
16 | disableNameSuffixHash: true
17 |
18 | resources:
19 | - service-monitors/coredns.yml
20 |
21 | configMapGenerator:
22 | - name: sighup-coredns-dashboard-definition
23 | files:
24 | - dashboards/coredns.json
25 |
--------------------------------------------------------------------------------
/katalog/configs/bases/coredns/service-monitors/coredns.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/name: coredns
10 | app.kubernetes.io/part-of: kube-prometheus
11 | name: coredns
12 | namespace: monitoring
13 | spec:
14 | endpoints:
15 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
16 | interval: 15s
17 | metricRelabelings:
18 | - action: drop
19 | regex: coredns_cache_misses_total
20 | sourceLabels:
21 | - __name__
22 | port: metrics
23 | jobLabel: app.kubernetes.io/name
24 | namespaceSelector:
25 | matchNames:
26 | - kube-system
27 | selector:
28 | matchLabels:
29 | k8s-app: kube-dns
30 |
--------------------------------------------------------------------------------
/katalog/configs/bases/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: kube-system
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Workloads"
16 | disableNameSuffixHash: true
17 |
18 | resources:
19 | - service-monitors/apiserver.yml
20 | - service-monitors/kubelet.yml
21 |
22 | configMapGenerator:
23 | - name: sighup-containers-dashboard-definitions
24 | files:
25 | - dashboards/pod-total.json
26 | - dashboards/workload-total.json
27 | - name: sighup-namespace-dashboard-definitions
28 | files:
29 | - dashboards/namespace-by-pod.json
30 | - dashboards/namespace-by-workload.json
31 | - name: sighup-cluster-dashboard-definitions
32 | files:
33 | - dashboards/apiserver.json
34 | - dashboards/kubelet.json
35 | - dashboards/cluster-total.json
36 | - dashboards/persistent-volumes-usage.json
37 |
--------------------------------------------------------------------------------
/katalog/configs/eks/README.md:
--------------------------------------------------------------------------------
1 | # EKS ServiceMonitor
2 |
3 | This package provides monitoring for Kubernetes components `kubelet` and
4 | `api-server` on EKS.
5 |
6 | ## Requirements
7 |
8 | - Kubernetes >= `1.29.0`
9 | - Kustomize = `5.6.0`
10 | - [prometheus-operator](../../prometheus-operator)
11 |
12 | ## Configuration
13 |
14 | Fury distribution EKS ServiceMonitor has following configuration:
15 |
16 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
17 | - `coredns` metrics are scraped with `15s` intervals
18 | - Dashboards shipped:
19 | - `coredns`: CoreDNS >= 1.8.0
20 | - `api-server`: Kubernetes / API server
21 | - `cluster-total`: Kubernetes / Networking / Cluster
22 | - `kubelet`: Kubernetes / Kubelet
23 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
24 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
25 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
26 | - `pod-total`: Kubernetes / Networking / Pod
27 | - `workload-total`: Kubernetes / Networking / Workload
28 |
29 | ## License
30 |
31 | For license details please see [LICENSE](../../../LICENSE)
32 |
--------------------------------------------------------------------------------
/katalog/configs/eks/dashboards/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/eks/dashboards/.keep
--------------------------------------------------------------------------------
/katalog/configs/eks/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | generatorOptions:
10 | labels:
11 | grafana-sighup-dashboard: default
12 | disableNameSuffixHash: true
13 |
14 | resources:
15 | - ../bases/default
16 | - ../bases/coredns
17 |
--------------------------------------------------------------------------------
/katalog/configs/eks/service-monitors/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/eks/service-monitors/.keep
--------------------------------------------------------------------------------
/katalog/configs/gke/README.md:
--------------------------------------------------------------------------------
1 | # GKE ServiceMonitor
2 |
3 | This package provides monitoring for Kubernetes components `kubelet` and
4 | `api-server` on GKE.
5 |
6 | ## Requirements
7 |
8 | - Kubernetes >= `1.29.0`
9 | - Kustomize = `5.6.0`
10 | - [prometheus-operator](../../prometheus-operator)
11 |
12 | ## Configuration
13 |
14 | Fury distribution GKE ServiceMonitor has following configuration:
15 |
16 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
17 | - Dashboards shipped:
18 | - `api-server`: Kubernetes / API server
19 | - `cluster-total`: Kubernetes / Networking / Cluster
20 | - `kubelet`: Kubernetes / Kubelet
21 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
22 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
23 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
24 | - `pod-total`: Kubernetes / Networking / Pod
25 | - `workload-total`: Kubernetes / Networking / Workload
26 |
27 | ## License
28 |
29 | For license details please see [LICENSE](../../../LICENSE)
30 |
--------------------------------------------------------------------------------
/katalog/configs/gke/dashboards/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/gke/dashboards/.keep
--------------------------------------------------------------------------------
/katalog/configs/gke/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | generatorOptions:
10 | labels:
11 | grafana-sighup-dashboard: default
12 | disableNameSuffixHash: true
13 |
14 | resources:
15 | - ../bases/default
16 |
--------------------------------------------------------------------------------
/katalog/configs/gke/service-monitors/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sighupio/module-monitoring/6232b27ba5cf44cf6d5cf71dd8021b327dec8254/katalog/configs/gke/service-monitors/.keep
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: kube-system
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Kubernetes Components"
16 | disableNameSuffixHash: true
17 |
18 | resources:
19 | - ../bases/coredns
20 | - ../bases/default
21 | - rules.yml
22 | - service-monitors/controller-manager.yml
23 | - service-monitors/etcd.yml
24 | - service-monitors/scheduler.yml
25 | - services/controller-manager.yml
26 | - services/etcd.yml
27 | - services/scheduler.yml
28 |
29 | configMapGenerator:
30 | - name: sighup-kubeadm-dashboard-definitions
31 | files:
32 | - dashboards/controller-manager.json
33 | - dashboards/scheduler.json
34 | - name: sighup-etcd-dashboard-definitions
35 | files:
36 | - dashboards/etcd.json
37 |
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/service-monitors/etcd.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: ServiceMonitor
8 | metadata:
9 | labels:
10 | k8s-app: etcd-metrics
11 | name: etcd-metrics
12 | namespace: monitoring
13 | spec:
14 | endpoints:
15 | - interval: 15s
16 | port: metrics
17 | jobLabel: etcd-metrics
18 | namespaceSelector:
19 | matchNames:
20 | - kube-system
21 | selector:
22 | matchLabels:
23 | app: etcd-metrics
24 |
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/service-monitors/scheduler.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/name: kube-scheduler
10 | app.kubernetes.io/part-of: kube-prometheus
11 | name: kube-scheduler
12 | namespace: monitoring
13 | spec:
14 | endpoints:
15 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
16 | interval: 30s
17 | port: https-metrics
18 | scheme: https
19 | tlsConfig:
20 | insecureSkipVerify: true
21 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
22 | interval: 5s
23 | metricRelabelings:
24 | - action: drop
25 | regex: process_start_time_seconds
26 | sourceLabels:
27 | - __name__
28 | path: /metrics/slis
29 | port: https-metrics
30 | scheme: https
31 | tlsConfig:
32 | insecureSkipVerify: true
33 | jobLabel: app.kubernetes.io/name
34 | namespaceSelector:
35 | matchNames:
36 | - kube-system
37 | selector:
38 | matchLabels:
39 | app.kubernetes.io/name: kube-scheduler
40 |
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/services/controller-manager.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | labels:
10 | app.kubernetes.io/name: kube-controller-manager
11 | name: kube-controller-manager
12 | spec:
13 | ports:
14 | - name: https-metrics
15 | port: 10257
16 | protocol: TCP
17 | selector:
18 | component: kube-controller-manager
19 |
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/services/etcd.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | labels:
10 | app: etcd-metrics
11 | name: etcd-metrics
12 | namespace: kube-system
13 | spec:
14 | ports:
15 | - name: metrics
16 | port: 2378
17 | protocol: TCP
18 | selector:
19 | component: kube-apiserver
20 |
--------------------------------------------------------------------------------
/katalog/configs/kubeadm/services/scheduler.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | labels:
10 | app.kubernetes.io/name: kube-scheduler
11 | name: kube-scheduler
12 | spec:
13 | ports:
14 | - name: https-metrics
15 | port: 10259
16 | protocol: TCP
17 | selector:
18 | component: kube-scheduler
19 |
--------------------------------------------------------------------------------
/katalog/configs/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ./bases/default
11 |
--------------------------------------------------------------------------------
/katalog/eks-sm/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `eks-sm` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} eks-sm
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
--------------------------------------------------------------------------------
/katalog/eks-sm/README.md:
--------------------------------------------------------------------------------
1 | # EKS ServiceMonitor
2 |
3 |
4 |
5 | This package provides monitoring for Kubernetes components `kubelet` and
6 | `api-server` on EKS.
7 |
8 | ## Requirements
9 |
10 | - Kubernetes >= `1.29.0`
11 | - Kustomize = `5.6.0`
12 | - [prometheus-operator](../prometheus-operator)
13 |
14 | ## Configuration
15 |
16 | Fury distribution EKS ServiceMonitor has following configuration:
17 |
18 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
19 | - `coredns` metrics are scraped with `15s` intervals
20 | - Dashboards shipped:
21 | - `coredns`: CoreDNS >= 1.8.0
22 | - `api-server`: Kubernetes / API server
23 | - `cluster-total`: Kubernetes / Networking / Cluster
24 | - `kubelet`: Kubernetes / Kubelet
25 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
26 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
27 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
28 | - `pod-total`: Kubernetes / Networking / Pod
29 | - `workload-total`: Kubernetes / Networking / Workload
30 |
31 |
32 |
33 | ## License
34 |
35 | For license details please see [LICENSE](../../LICENSE)
36 |
--------------------------------------------------------------------------------
/katalog/eks-sm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../configs/eks
11 |
--------------------------------------------------------------------------------
/katalog/gke-sm/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `gke-sm` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} gke-sm
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
--------------------------------------------------------------------------------
/katalog/gke-sm/README.md:
--------------------------------------------------------------------------------
1 | # GKE ServiceMonitor
2 |
3 |
4 |
5 | This package provides monitoring for Kubernetes components `kubelet` and
6 | `api-server` on GKE, the managed cluster solution by GCP.
7 |
8 | ## Requirements
9 |
10 | - Kubernetes >= `1.29.0`
11 | - Kustomize = `5.6.0`
12 | - [prometheus-operator](../prometheus-operator)
13 |
14 | ## Configuration
15 |
16 | Fury distribution GKE ServiceMonitor has following configuration:
17 |
18 | - `api-server` and `kubelet` metrics are scraped with `30s` intervals
19 | - Dashboards shipped:
20 | - `api-server`: Kubernetes / API server
21 | - `cluster-total`: Kubernetes / Networking / Cluster
22 | - `kubelet`: Kubernetes / Kubelet
23 | - `namespace-by-pod`: Kubernetes / Networking / Namespace (Pods)
24 | - `namespace-by-workload`: Kubernetes / Networking / Namespace (Workload)
25 | - `persistent-volumes-usage`: Kubernetes / Persistent Volumes
26 | - `pod-total`: Kubernetes / Networking / Pod
27 | - `workload-total`: Kubernetes / Networking / Workload
28 |
29 |
30 |
31 | ## License
32 |
33 | For license details please see [LICENSE](../../LICENSE)
34 |
--------------------------------------------------------------------------------
/katalog/gke-sm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../configs/gke
11 |
--------------------------------------------------------------------------------
/katalog/grafana/.gitignore:
--------------------------------------------------------------------------------
1 | .envrc
2 | .tool-versions
3 |
--------------------------------------------------------------------------------
/katalog/grafana/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `grafana` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} grafana
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
20 | ## Customizations
21 |
22 | - We've changed the json file inside grafana-dashboardSources, dropping the folder name and enbling the option to use subfolders.
23 | - Added `FOLDER_ANNOTATION` environment variable to the dashboards sidecar.
24 | - Added custom grafana dashboard (`fury-cluster-overview.json`), which shows an overview of the status of the resources present in the cluster.
25 |
26 | ## Considerations
27 |
28 | For the release 3.3.0 the Grafana deployment tag was manually set to a newer version because the suggested by the upstream had some issues. For more details, check [this issue](https://github.com/grafana/grafana/issues/92634).
29 |
--------------------------------------------------------------------------------
/katalog/grafana/clusterRole.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: ClusterRole
8 | metadata:
9 | name: k8s-sidecar
10 | rules:
11 | - apiGroups: [""]
12 | resources: ["configmaps", "secrets"]
13 | verbs: ["get", "watch", "list"]
14 |
--------------------------------------------------------------------------------
/katalog/grafana/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: ClusterRoleBinding
8 | metadata:
9 | name: k8s-sidecar-grafana-dashboards
10 | roleRef:
11 | kind: ClusterRole
12 | name: k8s-sidecar
13 | apiGroup: rbac.authorization.k8s.io
14 | subjects:
15 | - kind: ServiceAccount
16 | name: grafana
17 | namespace: monitoring
18 |
--------------------------------------------------------------------------------
/katalog/grafana/config.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Secret
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: grafana
10 | app.kubernetes.io/name: grafana
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 11.2.0
13 | name: grafana-config
14 | namespace: monitoring
15 | stringData:
16 | grafana.ini: |
17 | [date_formats]
18 | default_timezone = UTC
19 | type: Opaque
20 |
--------------------------------------------------------------------------------
/katalog/grafana/dashboardSources.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | data:
7 | dashboards.yaml: |-
8 | {
9 | "apiVersion": 1,
10 | "providers": [
11 | {
12 | "folder": "Default",
13 | "folderUid": "",
14 | "name": "0",
15 | "options": {
16 | "path": "/grafana-dashboard-definitions/0"
17 | },
18 | "orgId": 1,
19 | "type": "file"
20 | }
21 | ]
22 | }
23 | kind: ConfigMap
24 | metadata:
25 | labels:
26 | app.kubernetes.io/component: grafana
27 | app.kubernetes.io/name: grafana
28 | app.kubernetes.io/part-of: kube-prometheus
29 | app.kubernetes.io/version: 11.2.0
30 | name: grafana-dashboards
31 | namespace: monitoring
32 |
--------------------------------------------------------------------------------
/katalog/grafana/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Monitoring"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: grafana-dashboard
20 | files:
21 | - grafana-overview.json
22 | - name: fury-dashboard
23 | files:
24 | - fury-cluster-overview.json
25 |
--------------------------------------------------------------------------------
/katalog/grafana/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: grafana/grafana
13 | newName: registry.sighup.io/fury/grafana/grafana
14 | newTag: 11.3.0
15 | - name: kiwigrid/k8s-sidecar
16 | newName: registry.sighup.io/fury/kiwigrid/k8s-sidecar
17 | newTag: 1.19.2
18 |
19 | patchesStrategicMerge:
20 | - patches/grafana-dashboard-sidecar.yml
21 | - patches/grafana-datasource-sidecar.yml
22 | - patches/grafana-env.yaml
23 | - patches/grafana-security-context.yml
24 | - patches/grafana-volumes.yaml
25 | - patches/grafana-dashboard-sources.yml
26 |
27 | resources:
28 | - dashboards
29 | - clusterRole.yaml
30 | - clusterRoleBinding.yaml
31 | - config.yaml
32 | - dashboardSources.yaml
33 | - deployment.yaml
34 | - prometheusRule.yaml
35 | - service.yaml
36 | - serviceAccount.yaml
37 | - serviceMonitor.yaml
38 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-dashboard-sidecar.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: grafana
10 | namespace: monitoring
11 | spec:
12 | template:
13 | spec:
14 | containers:
15 | - name: dashboard-sidecar
16 | image: kiwigrid/k8s-sidecar
17 | env:
18 | - name: LABEL
19 | value: "grafana-sighup-dashboard"
20 | - name: FOLDER
21 | value: /tmp/dashboards
22 | - name: FOLDER_ANNOTATION
23 | value: "grafana-folder"
24 | - name: RESOURCE
25 | # configmap and secret
26 | value: both
27 | - name: NAMESPACE
28 | value: "ALL"
29 | resources:
30 | limits:
31 | cpu: 100m
32 | memory: 100Mi
33 | requests:
34 | cpu: 50m
35 | memory: 50Mi
36 | securityContext:
37 | allowPrivilegeEscalation: false
38 | capabilities:
39 | drop:
40 | - ALL
41 | readOnlyRootFilesystem: true
42 | volumeMounts:
43 | - name: grafana-dashboards
44 | mountPath: /tmp/dashboards
45 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-dashboard-sources.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | data:
8 | dashboards.yaml: |-
9 | {
10 | "apiVersion": 1,
11 | "providers": [
12 | {
13 | "folder": "",
14 | "folderUid": "",
15 | "name": "0",
16 | "options": {
17 | "path": "/grafana-dashboard-definitions/",
18 | "foldersFromFilesStructure": true
19 | },
20 | "orgId": 1,
21 | "type": "file"
22 | }
23 | ]
24 | }
25 | kind: ConfigMap
26 | metadata:
27 | name: grafana-dashboards
28 | namespace: monitoring
29 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-datasource-sidecar.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: grafana
10 | namespace: monitoring
11 | spec:
12 | template:
13 | spec:
14 | containers:
15 | - name: datasource-sidecar
16 | image: kiwigrid/k8s-sidecar
17 | env:
18 | - name: LABEL
19 | value: "grafana-sighup-datasource"
20 | - name: FOLDER
21 | value: /tmp/datasource
22 | - name: RESOURCE
23 | # configmap and secret
24 | value: both
25 | - name: NAMESPACE
26 | value: "ALL"
27 | - name: REQ_URL
28 | value: http://localhost:3000/api/admin/provisioning/datasources/reload
29 | - name: REQ_METHOD
30 | value: POST
31 | # dummy username and password, required by reload API
32 | - name: REQ_USERNAME
33 | value: admin
34 | - name: REQ_PASSWORD
35 | value: admin
36 | resources:
37 | limits:
38 | cpu: 100m
39 | memory: 100Mi
40 | requests:
41 | cpu: 50m
42 | memory: 50Mi
43 | securityContext:
44 | allowPrivilegeEscalation: false
45 | capabilities:
46 | drop:
47 | - ALL
48 | readOnlyRootFilesystem: true
49 | volumeMounts:
50 | - name: grafana-datasources-provisioning
51 | mountPath: /tmp/datasource
52 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-env.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: grafana
10 | namespace: monitoring
11 | spec:
12 | template:
13 | metadata:
14 | annotations:
15 | kubectl.kubernetes.io/default-container: grafana
16 | spec:
17 | containers:
18 | - image: grafana/grafana
19 | name: grafana
20 | env:
21 | - name: GF_AUTH_ANONYMOUS_ENABLED
22 | value: "true"
23 | - name: GF_AUTH_ANONYMOUS_DISABLE_LOGIN_FORM
24 | value: "true"
25 | - name: GF_AUTH_ANONYMOUS_ORG_ROLE
26 | value: "Admin"
27 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-security-context.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apps/v1
6 | kind: Deployment
7 | metadata:
8 | name: grafana
9 | namespace: monitoring
10 | spec:
11 | template:
12 | spec:
13 | automountServiceAccountToken: true
14 | securityContext:
15 | runAsGroup: 65534
16 |
--------------------------------------------------------------------------------
/katalog/grafana/patches/grafana-volumes.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apps/v1
6 | kind: Deployment
7 | metadata:
8 | name: grafana
9 | namespace: monitoring
10 | spec:
11 | template:
12 | spec:
13 | containers:
14 | - name: grafana
15 | volumeMounts:
16 | - mountPath: /etc/grafana
17 | name: grafana-config
18 | readOnly: false
19 | - mountPath: /grafana-dashboard-definitions/
20 | name: grafana-dashboards
21 | - mountPath: /etc/grafana/provisioning/dashboards
22 | name: grafana-dashboards-provisioning
23 | readOnly: false
24 | - mountPath: /etc/grafana/provisioning/datasources
25 | name: grafana-datasources-provisioning
26 | readOnly: false
27 | - mountPath: /var/lib/grafana
28 | name: grafana-storage
29 | readOnly: false
30 | - mountPath: /tmp
31 | name: tmp-plugins
32 | readOnly: false
33 | - $patch: replace
34 | volumes:
35 | - name: grafana-config
36 | secret:
37 | secretName: grafana-config
38 | - name: grafana-dashboards
39 | emptyDir: {}
40 | - name: grafana-dashboards-provisioning
41 | configMap:
42 | name: grafana-dashboards
43 | - name: grafana-datasources-provisioning
44 | emptyDir: {}
45 | - name: grafana-storage
46 | emptyDir:
47 | medium: Memory
48 | - name: tmp-plugins
49 | emptyDir:
50 | medium: Memory
51 | - $patch: replace
52 |
--------------------------------------------------------------------------------
/katalog/grafana/prometheusRule.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: PrometheusRule
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: grafana
10 | app.kubernetes.io/name: grafana
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 11.2.0
13 | prometheus: k8s
14 | role: alert-rules
15 | name: grafana-rules
16 | namespace: monitoring
17 | spec:
18 | groups:
19 | - name: GrafanaAlerts
20 | rules:
21 | - alert: GrafanaRequestsFailing
22 | annotations:
23 | message: '{{ $labels.namespace }}/{{ $labels.job }}/{{ $labels.handler }} is experiencing {{ $value | humanize }}% errors'
24 | runbook_url: https://runbooks.prometheus-operator.dev/runbooks/grafana/grafanarequestsfailing
25 | expr: |
26 | 100 * sum without (status_code) (namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m{handler!~"/api/datasources/proxy/:id.*|/api/ds/query|/api/tsdb/query", status_code=~"5.."})
27 | /
28 | sum without (status_code) (namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m{handler!~"/api/datasources/proxy/:id.*|/api/ds/query|/api/tsdb/query"})
29 | > 50
30 | for: 5m
31 | labels:
32 | severity: warning
33 | - name: grafana_rules
34 | rules:
35 | - expr: |
36 | sum by (namespace, job, handler, status_code) (rate(grafana_http_request_duration_seconds_count[5m]))
37 | record: namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m
38 |
--------------------------------------------------------------------------------
/katalog/grafana/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: grafana
10 | app.kubernetes.io/name: grafana
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 11.2.0
13 | name: grafana
14 | namespace: monitoring
15 | spec:
16 | ports:
17 | - name: http
18 | port: 3000
19 | targetPort: http
20 | selector:
21 | app.kubernetes.io/component: grafana
22 | app.kubernetes.io/name: grafana
23 | app.kubernetes.io/part-of: kube-prometheus
24 |
--------------------------------------------------------------------------------
/katalog/grafana/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: grafana
11 | app.kubernetes.io/name: grafana
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 11.2.0
14 | name: grafana
15 | namespace: monitoring
16 |
--------------------------------------------------------------------------------
/katalog/grafana/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: grafana
10 | app.kubernetes.io/name: grafana
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 11.2.0
13 | name: grafana
14 | namespace: monitoring
15 | spec:
16 | endpoints:
17 | - interval: 15s
18 | port: http
19 | selector:
20 | matchLabels:
21 | app.kubernetes.io/name: grafana
22 |
--------------------------------------------------------------------------------
/katalog/haproxy/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # HAproxy Package Maintenance Guide
2 |
3 | ## Grafana Dashboard
4 |
5 | The included Grafana dashboard has been taken from:
6 |
7 |
8 |
9 |
10 | ### Customizations
11 |
12 | 1. Changed the dashboard title from "HAproxy 2 Full" to "HAproxy"
13 | 2. Changed datasource variable name from `DS_PROMETHEUS` to `datasource`.
14 | 2. Changed the `code` variable metric from `haproxy_server_http_responses_total{instance="$host"}` to `{__name__=~"haproxy_.*_http_responses_total",instance="$host"}`.
15 |
16 | ## Alerts
17 |
18 | The Prometheus Rules for alerts are taken from the [Awesome Prometheus Alerts](https://samber.github.io/awesome-prometheus-alerts/rules#haproxy-1) project.
19 |
20 | In particular from here:
21 |
22 |
23 |
24 | We took the contents of the previous link and embedded it into a `PrometheusRule` object.
25 |
--------------------------------------------------------------------------------
/katalog/haproxy/README.md:
--------------------------------------------------------------------------------
1 | # HAproxy Package
2 |
3 | This package provides a Grafana Dashboard and a set of alert rules for the prometheus exporter built in HAproxy v2 (and not the `haproxy_exporter`).
4 |
5 | To use this package to monitor an HAproxy battery *outside* the cluster you must:
6 |
7 | 1. Check that your haproxy has been built with the built-in prometheus exporter enabled:
8 |
9 | ```bash
10 | haproxy -vvv | grep prometheus
11 | ```
12 |
13 | 2. Enable a frontend on HAproxy that exposes the metrics:
14 |
15 | ```haproxyconfig
16 | frontend prometheus
17 | bind :8405
18 | mode http
19 | http-request use-service prometheus-exporter
20 | no log
21 | ```
22 |
23 | 3. Create a `ScrapeConfig` object to make Prometheus scrape the metrics from the HAproxy hosts:
24 |
25 | ```yaml
26 | apiVersion: monitoring.coreos.com/v1alpha1
27 | kind: ScrapeConfig
28 | metadata:
29 | name: haproxy-lb
30 | namespace: monitoring
31 | labels:
32 | prometheus: k8s
33 | spec:
34 | staticConfigs:
35 | - labels:
36 | job: prometheus
37 | targets:
38 | - haproxy01.mydomain:8405
39 | - haproxy02.mydomain:8405
40 | ```
41 |
--------------------------------------------------------------------------------
/katalog/haproxy/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "External Components"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: haproxy-grafana-dashboards
20 | files:
21 | - 12693_rev8.json
22 |
--------------------------------------------------------------------------------
/katalog/haproxy/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - dashboards
13 | - rules
14 |
--------------------------------------------------------------------------------
/katalog/haproxy/rules/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 | resources:
9 | - haproxy-rules.yaml
10 |
--------------------------------------------------------------------------------
/katalog/karma/README.md:
--------------------------------------------------------------------------------
1 | # Karma
2 |
3 |
4 |
5 | Karma is a UI for Alertmanager, useful for browsing alerts based on labels and managing silences.
6 | It can also aggregate alerts from multiple Alertmanager instances.
7 |
8 | *Source:* [prymitive/karma][k-gh]
9 |
10 | ## Requirements
11 |
12 | - Kubernetes >= `1.29.0`
13 | - Kustomize = `5.6.0`
14 | - [prometheus-operator](../prometheus-operator)
15 | - [prometheus-operated](../prometheus-operated)
16 | - [alertmanager-operated](../alertmanager-operated)
17 |
18 | ## Image repository and tag
19 |
20 | - Karma image: `registry.sighup.io/fury/prymitive/karma/karma:v0.113`
21 | - Karma repository: [Karma on GitHub][k-gh]
22 |
23 | ## Configuration
24 |
25 | Fury distribution Karma is deployed with the following
26 | configuration:
27 |
28 | - Alertmanager URI: `http://alertmanager-main.monitoring.svc.cluster.local:9093`
29 | - Polling interval: `1m`
30 |
31 | All configuration options can be found [here](https://github.com/prymitive/karma/blob/v0.113/docs/CONFIGURATION.md)
32 |
33 | ## Deployment
34 |
35 | You can deploy karma by running the following command:
36 |
37 | ```shell
38 | kustomize build katalog/karma | kubectl apply -f -
39 | ```
40 |
41 |
42 |
43 | [k-gh]: https://github.com/prymitive/karma
44 |
45 |
46 |
47 | ## License
48 |
49 | For license details please see [LICENSE](../../LICENSE)
50 |
--------------------------------------------------------------------------------
/katalog/karma/configMap.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | data:
7 | config.yaml: |-
8 | # Configuration options can be found at https://github.com/prymitive/karma/blob/main/docs/CONFIGURATION.md
9 | alertmanager:
10 | interval: 1m
11 | servers: []
12 | history:
13 | enabled: false
14 | kind: ConfigMap
15 | metadata:
16 | labels:
17 | app: karma
18 | name: karma-config
19 | namespace: monitoring
20 |
--------------------------------------------------------------------------------
/katalog/karma/deployment.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apps/v1
6 | kind: Deployment
7 | metadata:
8 | name: karma
9 | labels:
10 | app: karma
11 | spec:
12 | selector:
13 | matchLabels:
14 | app: karma
15 | template:
16 | metadata:
17 | labels:
18 | app: karma
19 | spec:
20 | containers:
21 | - name: karma
22 | image: ghcr.io/prymitive/karma:v0.113
23 | env:
24 | - name: ALERTMANAGER_URI
25 | value: http://alertmanager-main.monitoring.svc.cluster.local:9093
26 | - name: CONFIG_FILE
27 | value: /etc/karma/config.yaml
28 | resources:
29 | limits:
30 | cpu: 800m
31 | memory: 1000Mi
32 | requests:
33 | cpu: 10m
34 | memory: 500Mi
35 | ports:
36 | - containerPort: 8080
37 | name: http
38 | livenessProbe:
39 | httpGet:
40 | path: /health
41 | port: 8080
42 | readinessProbe:
43 | httpGet:
44 | path: /health
45 | port: 8080
46 | volumeMounts:
47 | - mountPath: /etc/karma
48 | name: config
49 | readOnly: false
50 | volumes:
51 | - configMap:
52 | name: karma-config
53 | name: config
54 |
--------------------------------------------------------------------------------
/katalog/karma/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: ghcr.io/prymitive/karma
13 | newName: registry.sighup.io/fury/prymitive/karma/karma
14 | newTag: v0.113
15 |
16 | resources:
17 | - deployment.yaml
18 | - configMap.yaml
19 | - service.yaml
20 | - serviceMonitor.yaml
21 |
--------------------------------------------------------------------------------
/katalog/karma/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app: karma
10 | name: karma
11 | namespace: monitoring
12 | spec:
13 | ports:
14 | - name: http
15 | port: 8080
16 | targetPort: http
17 | selector:
18 | app: karma
19 |
--------------------------------------------------------------------------------
/katalog/karma/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app: karma
10 | name: karma
11 | namespace: monitoring
12 | spec:
13 | endpoints:
14 | - interval: 15s
15 | port: http
16 | path: /metrics
17 | selector:
18 | matchLabels:
19 | app: karma
20 |
--------------------------------------------------------------------------------
/katalog/kube-proxy-metrics/README.md:
--------------------------------------------------------------------------------
1 | # kube-proxy Metrics Exporter
2 |
3 |
4 |
5 | kube-proxy is a critical piece of any Kubernetes cluster, therefore it is highly
6 | recommended to gather its metrics. Sometimes (especially in managed clusters) it
7 | is not possible to configure kube-proxy to be reachable by Prometheus for
8 | metrics scraping, this is why this package exists. Furthermore, this package
9 | also adds an authorization layer based on Kubernetes RBAC to the metrics exposed
10 | by kube-proxy.
11 |
12 | ## Requirements
13 |
14 | - Kubernetes >= `1.29.0`
15 | - Kustomize = `5.6.0`
16 | - [prometheus-operator](../prometheus-operator)
17 |
18 |
19 | ## Image repository and tag
20 |
21 | - kube-rbac-proxy image: `registry.sighup.io/fury/brancz/kube-rbac-proxy:v0.18.1`
22 | - kube-rbac-proxy repository: [kube-rbac-proxy on Github][krp-gh]
23 |
24 |
25 | ## Configuration
26 |
27 | Fury distribution kube-proxy-metrics is deployed with the following configuration:
28 |
29 | - Resource limits are `20m` for CPU and `40Mi` for memory
30 | - Listens on port `18443`
31 | - Metrics are scraped by Prometheus with `15s` intervals
32 | - Requires `hostNetwork: true` and `hostPID: true`
33 | - Runs as non-root user.
34 |
35 |
36 | ## Deployment
37 |
38 | You can deploy kube-proxy-metrics by running the following command:
39 |
40 | ```shell
41 | kustomize build | kubectl apply -f -
42 | ```
43 |
44 |
45 |
46 | [krp-gh]: https://quay.io/repository/brancz/kube-rbac-proxy
47 |
48 |
49 |
50 | ## License
51 |
52 | For license details please see [LICENSE](../../LICENSE)
53 |
--------------------------------------------------------------------------------
/katalog/kube-proxy-metrics/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: kube-system
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Kubernetes Components"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: kube-proxy-grafana-dashboard
20 | files:
21 | - proxy.json
22 |
--------------------------------------------------------------------------------
/katalog/kube-proxy-metrics/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: kube-rbac-proxy
13 | newName: registry.sighup.io/fury/brancz/kube-rbac-proxy
14 | newTag: v0.18.1
15 |
16 | resources:
17 | - dashboards
18 | - deploy.yml
19 | - rbac.yml
20 | - sm.yml
21 |
--------------------------------------------------------------------------------
/katalog/kube-proxy-metrics/rbac.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: ServiceAccount
7 | metadata:
8 | name: kube-proxy-metrics
9 | ---
10 | apiVersion: rbac.authorization.k8s.io/v1
11 | kind: ClusterRoleBinding
12 | metadata:
13 | name: kube-proxy-metrics
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: kube-proxy-metrics
18 | subjects:
19 | - kind: ServiceAccount
20 | name: kube-proxy-metrics
21 | ---
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | kind: ClusterRole
24 | metadata:
25 | name: kube-proxy-metrics
26 | rules:
27 | - apiGroups: ["authentication.k8s.io"]
28 | resources:
29 | - tokenreviews
30 | verbs: ["create"]
31 | - apiGroups: ["authorization.k8s.io"]
32 | resources:
33 | - subjectaccessreviews
34 | verbs: ["create"]
35 |
--------------------------------------------------------------------------------
/katalog/kube-proxy-metrics/sm.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: ServiceMonitor
8 | metadata:
9 | labels:
10 | k8s-app: kube-proxy-metrics
11 | name: kube-proxy-metrics
12 | spec:
13 | endpoints:
14 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
15 | interval: 15s
16 | port: https
17 | scheme: https
18 | tlsConfig:
19 | insecureSkipVerify: true
20 | jobLabel: k8s-proxied-app
21 | namespaceSelector:
22 | matchNames:
23 | - monitoring
24 | selector:
25 | matchLabels:
26 | k8s-app: kube-proxy-metrics
27 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `kube-state-metrics` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} kube-state-metrics
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: kube-state-metrics
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 2.13.0
13 | name: kube-state-metrics
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: kube-state-metrics
18 | subjects:
19 | - kind: ServiceAccount
20 | name: kube-state-metrics
21 | namespace: monitoring
22 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | generatorOptions:
10 | labels:
11 | grafana-sighup-dashboard: default
12 | annotations:
13 | grafana-folder: "Workloads"
14 | disableNameSuffixHash: true
15 |
16 | configMapGenerator:
17 | - name: k8s-cluster-resources-grafana-dashboards
18 | files:
19 | - k8s-resources-cluster.json
20 | - k8s-resources-namespace.json
21 | - k8s-resources-node.json
22 | - name: k8s-workloads-resources-grafana-dashboards
23 | files:
24 | - k8s-resources-workload.json
25 | - k8s-resources-workloads-namespace.json
26 | - name: k8s-containers-resources-grafana-dashboards
27 | files:
28 | - k8s-resources-pod.json
29 | - pods.json
30 | - statefulset.json
31 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: registry.k8s.io/kube-state-metrics/kube-state-metrics
13 | newName: registry.sighup.io/fury/kube-state-metrics/kube-state-metrics
14 | - name: quay.io/brancz/kube-rbac-proxy
15 | newName: registry.sighup.io/fury/brancz/kube-rbac-proxy
16 |
17 | patchesStrategicMerge:
18 | - |-
19 | apiVersion: apps/v1
20 | kind: Deployment
21 | metadata:
22 | name: kube-state-metrics
23 | namespace: monitoring
24 | spec:
25 | template:
26 | spec:
27 | containers:
28 | - name: kube-state-metrics
29 | securityContext:
30 | runAsNonRoot: true
31 | runAsGroup: 65534
32 |
33 | resources:
34 | - dashboards
35 | - clusterRole.yaml
36 | - clusterRoleBinding.yaml
37 | - deployment.yaml
38 | - prometheusRule.yaml
39 | - role.yaml
40 | - roleBinding.yaml
41 | - service.yaml
42 | - serviceAccount.yaml
43 | - serviceMonitor.yaml
44 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/role.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 | ---
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: Role
7 | metadata:
8 | name: kube-state-metrics
9 | rules:
10 | - apiGroups:
11 | - ""
12 | resources:
13 | - pods
14 | verbs:
15 | - get
16 | - apiGroups:
17 | - extensions
18 | resources:
19 | - deployments
20 | resourceNames:
21 | - kube-state-metrics
22 | verbs:
23 | - get
24 | - update
25 | - apiGroups:
26 | - apps
27 | resources:
28 | - deployments
29 | resourceNames:
30 | - kube-state-metrics
31 | verbs:
32 | - get
33 | - update
34 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/roleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: RoleBinding
8 | metadata:
9 | name: kube-state-metrics
10 | roleRef:
11 | apiGroup: rbac.authorization.k8s.io
12 | kind: Role
13 | name: kube-state-metrics
14 | subjects:
15 | - kind: ServiceAccount
16 | name: kube-state-metrics
17 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: kube-state-metrics
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 2.13.0
13 | name: kube-state-metrics
14 | namespace: monitoring
15 | spec:
16 | clusterIP: None
17 | ports:
18 | - name: https-main
19 | port: 8443
20 | targetPort: https-main
21 | - name: https-self
22 | port: 9443
23 | targetPort: https-self
24 | selector:
25 | app.kubernetes.io/component: exporter
26 | app.kubernetes.io/name: kube-state-metrics
27 | app.kubernetes.io/part-of: kube-prometheus
28 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: kube-state-metrics
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.13.0
14 | name: kube-state-metrics
15 | namespace: monitoring
16 |
--------------------------------------------------------------------------------
/katalog/kube-state-metrics/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: exporter
10 | app.kubernetes.io/name: kube-state-metrics
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 2.13.0
13 | name: kube-state-metrics
14 | namespace: monitoring
15 | spec:
16 | endpoints:
17 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
18 | honorLabels: true
19 | interval: 30s
20 | metricRelabelings:
21 | - action: drop
22 | regex: kube_endpoint_address_not_ready|kube_endpoint_address_available
23 | sourceLabels:
24 | - __name__
25 | port: https-main
26 | relabelings:
27 | - action: labeldrop
28 | regex: (pod|service|endpoint|namespace)
29 | scheme: https
30 | scrapeTimeout: 30s
31 | tlsConfig:
32 | insecureSkipVerify: true
33 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
34 | interval: 30s
35 | port: https-self
36 | scheme: https
37 | tlsConfig:
38 | insecureSkipVerify: true
39 | jobLabel: app.kubernetes.io/name
40 | selector:
41 | matchLabels:
42 | app.kubernetes.io/component: exporter
43 | app.kubernetes.io/name: kube-state-metrics
44 | app.kubernetes.io/part-of: kube-prometheus
45 |
--------------------------------------------------------------------------------
/katalog/kubeadm-sm/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `kubeadm-sm` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} kubeadm-sm
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
--------------------------------------------------------------------------------
/katalog/kubeadm-sm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | resources:
10 | - ../configs/kubeadm
11 |
--------------------------------------------------------------------------------
/katalog/mimir/README.md:
--------------------------------------------------------------------------------
1 | # Mimir
2 |
3 |
4 |
5 | Mimir is an open source, horizontally scalable, highly available, multi-tenant TSDB for long-term storage for Prometheus.
6 |
7 | ## Requirements
8 |
9 | - Kubernetes >= `1.29.0`
10 | - Kustomize = `5.6.0`
11 | - [prometheus-operator from SD monitoring module][prometheus-operator]
12 | - [grafana from SD monitoring module][grafana]
13 | - [minio-ha](../minio-ha)
14 |
15 | ## Image repository
16 |
17 | - registry.sighup.io/fury/grafana/mimir
18 | - registry.sighup.io/fury/nginxinc/nginx-unprivileged
19 |
20 | ## Configuration
21 |
22 | Mimir is configured with the distributed approach. We disabled some optional components: Ruler, Override exporter and Alertmanager.
23 | By default, using this package, Prometheus operated is installed and patched to send metrics to Mimir with the remote write capability.
24 |
25 | All the time series are ingested in the `fury` tenant. A Grafana datasource is also installed as default for prometheus type metrics to scrape from Mimir instead of Prometheus.
26 |
27 | Also, the storage is configured by default to use the minio-ha package from the monitoring module.
28 |
29 | ## Deployment
30 |
31 | You can deploy Mimir by running the following command in the root of
32 | the project:
33 |
34 | ```shell
35 | kustomize build | kubectl apply -f -
36 | ```
37 |
38 |
39 |
40 | [prometheus-operator]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/prometheus-operator
41 | [grafana]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/grafana
42 |
43 |
44 |
45 |
46 | ## License
47 |
48 | For license details please see [LICENSE](../../LICENSE)
49 |
--------------------------------------------------------------------------------
/katalog/mimir/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Monitoring"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: mimir-dashboards
20 | files:
21 | # Disabled, we are not bundling alertmanager
22 | #- mimir-alertmanager-resources.json
23 | #- mimir-alertmanager.json
24 | - mimir-compactor-resources.json
25 | - mimir-compactor.json
26 | - mimir-config.json
27 | - mimir-object-store.json
28 | # Disabled, we are not doing overrides
29 | #- mimir-overrides.json
30 | - mimir-queries.json
31 | - mimir-reads.json
32 | # Disabled, no data with our setup
33 | #- mimir-reads-networking.json
34 | - mimir-reads-resources.json
35 | # Disabled, no rollout in our setup
36 | #- mimir-rollout-progress.json
37 | # Disabled, no rollout in our setup
38 | #- mimir-ruler.json
39 | # Disabled, no scaling in our setup
40 | #- mimir-scaling.json
41 | - mimir-tenants.json
42 | - mimir-writes.json
43 | # Disabled, no data with our setup
44 | #- mimir-writes-networking.json
45 | - mimir-writes-resources.json
46 |
--------------------------------------------------------------------------------
/katalog/mimir/datasources/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-datasource: default
14 | disableNameSuffixHash: true
15 |
16 | secretGenerator:
17 | - name: grafana-datasource-mimir
18 | namespace: monitoring
19 | files:
20 | - mimir.yaml
21 |
--------------------------------------------------------------------------------
/katalog/mimir/datasources/mimir.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: 1
6 | datasources:
7 | - access: proxy
8 | editable: false
9 | isDefault: true
10 | name: mimir
11 | orgId: 1
12 | type: prometheus
13 | url: http://mimir-distributed-gateway/prometheus
14 | version: 1
15 | jsonData:
16 | httpHeaderName1: 'X-Scope-OrgID'
17 | secureJsonData:
18 | httpHeaderValue1: 'fury'
19 |
--------------------------------------------------------------------------------
/katalog/mimir/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - ../prometheus-operated
13 | - datasources
14 | - dashboards
15 | - prometheusRules.yaml
16 | - deploy.yaml
17 |
18 | configMapGenerator:
19 | - name: mimir-distributed-config
20 | namespace: monitoring
21 | files:
22 | - config/mimir.yaml
23 |
24 | patchesStrategicMerge:
25 | - |-
26 | apiVersion: monitoring.coreos.com/v1
27 | kind: Prometheus
28 | metadata:
29 | name: k8s
30 | namespace: monitoring
31 | spec:
32 | remoteWrite:
33 | - url: http://mimir-distributed-gateway/api/v1/push
34 | headers:
35 | "X-Scope-OrgID": "fury"
36 |
37 | images:
38 | - name: docker.io/nginxinc/nginx-unprivileged
39 | newName: registry.sighup.io/fury/nginxinc/nginx-unprivileged
40 | - name: grafana/mimir
41 | newName: registry.sighup.io/fury/grafana/mimir
42 |
--------------------------------------------------------------------------------
/katalog/minio-ha/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # MinIO HA - maintenance
2 |
3 | To maintain the MinIO package, you should follow these steps.
4 |
5 | Download the latest tgz from [Main Minio repository releases](https://github.com/minio/minio/releases).
6 |
7 | Extract to a folder of your choice, for example: `/tmp/minio`.
8 |
9 | Run the following command:
10 |
11 | ```bash
12 | helm template minio-monitoring /tmp/minio/helm/minio --values MAINTENANCE.values.yaml -n monitoring > minio-built.yaml
13 | ```
14 |
15 | Minio's helm comes packaged with a specific mc (its client) version, to find out
16 | which version comes with it you can inspect `/tmp/minio/helm/minio/values.yaml`.
17 |
18 | What was customized (what differs from the helm template command):
19 |
20 | - Config has been moved from the template output and generated via kustomize
21 | - Added a custom init job to create buckets and add 7 day retention
22 | - Added `preferredDuringSchedulingIgnoredDuringExecution` on minio pods
23 |
24 | [github-releases]: https://github.com/minio/minio/releases
25 |
26 | ## Prometheus Alerts
27 |
28 | The included prometheus alerts for MinIO are taken from here:
29 |
30 | References:
31 |
32 | -
33 | -
34 |
--------------------------------------------------------------------------------
/katalog/minio-ha/README.md:
--------------------------------------------------------------------------------
1 | # MinIO HA
2 |
3 |
4 |
5 | MinIO is a popular distributed object storage system that allows organizations to deploy highly available
6 | and scalable storage infrastructure.
7 | In order to achieve high availability (HA) for MinIO, a cluster of multiple MinIO nodes must be deployed backed by their own set of PVCs.
8 |
9 | ## Requirements
10 |
11 | - Kubernetes >= `1.29.0`
12 | - Kustomize = `5.6.0`
13 | - [prometheus-operator from SD monitoring module][prometheus-operator]
14 |
15 | > Prometheus Operator is necessary since we configure a `ServiceMonitor` to make
16 | > some metrics available from `minio` on prometheus
17 |
18 | ## Image repository and tag
19 |
20 | * MinIO image: `minio/minio`
21 | * MinIO repo: [MinIO on GitHub][minio-gh]
22 |
23 | ## Configuration
24 |
25 | MinIO HA is deployed in the following configuration:
26 |
27 | - Three Pod MinIO statefulset with 2 PVCs per Pod
28 | - Custom init Job to initialize buckets (`loki` and `errors`) and default retention (7 days on `errors` bucket)
29 |
30 | ## Deployment
31 |
32 | You can deploy minio-ha by running the following command in the root of
33 | the project:
34 |
35 | ```shell
36 | kustomize build | kubectl apply -f -
37 | ```
38 |
39 |
40 |
41 | [prometheus-operator]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/prometheus-operator
42 | [minio-gh]: https://github.com/minio/minio
43 |
44 |
45 |
46 | ## License
47 |
48 | For license details please see [LICENSE](../../LICENSE)
49 |
--------------------------------------------------------------------------------
/katalog/minio-ha/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - deploy.yaml
13 | - initialize-minio-buckets.yaml
14 | - prometheusrules.yaml
15 |
16 | images:
17 | - name: registry.sighup.io/fury/groundnuty/k8s-wait-for
18 | newTag: v2.0
19 | - name: registry.sighup.io/fury/minio/mc
20 | newTag: RELEASE.2025-02-21T16-00-46Z
21 | - name: registry.sighup.io/fury/minio
22 | newTag: RELEASE.2025-02-28T09-55-16Z
23 |
24 | secretGenerator:
25 | - name: minio-monitoring
26 | literals:
27 | - rootPassword=minio123
28 | - rootUser=minio
29 |
--------------------------------------------------------------------------------
/katalog/minio-ha/prometheusrules.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: PrometheusRule
8 | metadata:
9 | labels:
10 | prometheus: k8s
11 | role: alert-rules
12 | name: minio-monitoring-rules
13 | namespace: monitoring
14 | spec:
15 | groups:
16 | - name: minio.rules
17 | rules:
18 | - alert: MinioMonitoringClusterDiskOffline
19 | expr: minio_cluster_disk_offline_total{job="minio-monitoring"} > 0
20 | for: 5m
21 | labels:
22 | severity: critical
23 | annotations:
24 | summary: Minio cluster disk offline (instance {{ $labels.instance }})
25 | description: "Minio cluster disk is offline\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
26 | - alert: MinioMonitoringNodeDiskOffline
27 | expr: minio_cluster_nodes_offline_total{job="minio-monitoring"} > 0
28 | for: 5m
29 | labels:
30 | severity: critical
31 | annotations:
32 | summary: Minio node disk offline (instance {{ $labels.instance }})
33 | description: "Minio cluster node disk is offline\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
34 | - alert: MinioMonitoringDiskSpaceUsage
35 | expr: minio_cluster_capacity_usable_free_bytes{job="minio-monitoring"} / minio_cluster_capacity_usable_total_bytes{job="minio-monitoring"} * 100 < 10
36 | for: 5m
37 | labels:
38 | severity: warning
39 | annotations:
40 | summary: Minio disk space usage (instance {{ $labels.instance }})
41 | description: "Minio available free space is low (< 10%)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
42 |
--------------------------------------------------------------------------------
/katalog/node-exporter/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `node-exporter` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} node-exporter
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
20 | ## Customizations
21 |
22 | We added the `GOMAXPROCS=1` environment variable to limit the goroutines to 1 processor because node-exporter was getting hard throttled by Kubernetes when using all the host CPUs. The patch is done in the `kustomization.yaml` file.
23 |
24 | This change will also be included in upstream later and then can be deleted. See:
25 |
26 | -
27 | -
28 |
--------------------------------------------------------------------------------
/katalog/node-exporter/README.md:
--------------------------------------------------------------------------------
1 | # Node Exporter
2 |
3 |
4 |
5 | This package provides monitoring for hardware and OS metrics exposed by \*NIX
6 | kernels provided by node-exporter service. You can see a list of collectors
7 | enabled by default from the project's [repository][ne-gh]
8 |
9 | ## Requirements
10 |
11 | - Kubernetes >= `1.29.0`
12 | - Kustomize = `5.6.0`
13 | - [prometheus-operator](../prometheus-operator)
14 |
15 | ## Image repository and tag
16 |
17 | * node-exporter image: `registry.sighup.io/fury/prometheus/node-exporter:v1.8.2`
18 | * node-exporter repository: [Node-Exporter on Github][ne-gh]
19 | - kube-rbac-proxy image: `registry.sighup.io/fury/brancz/kube-rbac-proxy:v0.18.1`
20 | - kube-rbac-proxy repository: [kube-rbac-proxy on Github][krp-gh]
21 |
22 | ## Configuration
23 |
24 | Fury distribution node-exporter is deployed with the following configuration:
25 |
26 | - Ignore filesystem mount points starting with `dev|proc|sys|var/lib/docker` (local to the container file system)
27 | - Ignore filesystem types `autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs`
28 | - Resource limits are `250m` for CPU and `180Mi` for memory
29 | - Listens on port `9100`
30 |
31 | ## Deployment
32 |
33 | You can deploy node-exporter by running the following command:
34 |
35 | ```shell
36 | kustomize build | kubectl apply -f -
37 | ```
38 |
39 |
40 |
41 | [ne-gh]: https://github.com/prometheus/node_exporter
42 | [krp-gh]: https://quay.io/repository/brancz/kube-rbac-proxy
43 |
44 |
45 |
46 | ## License
47 |
48 | For license details please see [LICENSE](../../LICENSE)
49 |
--------------------------------------------------------------------------------
/katalog/node-exporter/clusterRole.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: ClusterRole
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: node-exporter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 1.8.2
14 | name: node-exporter
15 | rules:
16 | - apiGroups:
17 | - authentication.k8s.io
18 | resources:
19 | - tokenreviews
20 | verbs:
21 | - create
22 | - apiGroups:
23 | - authorization.k8s.io
24 | resources:
25 | - subjectaccessreviews
26 | verbs:
27 | - create
28 |
--------------------------------------------------------------------------------
/katalog/node-exporter/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: ClusterRoleBinding
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: node-exporter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 1.8.2
14 | name: node-exporter
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: ClusterRole
18 | name: node-exporter
19 | subjects:
20 | - kind: ServiceAccount
21 | name: node-exporter
22 | namespace: monitoring
23 |
--------------------------------------------------------------------------------
/katalog/node-exporter/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | generatorOptions:
10 | labels:
11 | grafana-sighup-dashboard: default
12 | annotations:
13 | grafana-folder: "Kubernetes Components"
14 | disableNameSuffixHash: true
15 |
16 | configMapGenerator:
17 | - name: nodes-grafana-dashboards
18 | files:
19 | - node-cluster-rsrc-use.json
20 | - node-rsrc-use.json
21 | - nodes.json
22 |
--------------------------------------------------------------------------------
/katalog/node-exporter/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: node-exporter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 1.8.2
14 | name: node-exporter
15 | namespace: monitoring
16 | spec:
17 | clusterIP: None
18 | ports:
19 | - name: https
20 | port: 9100
21 | targetPort: https
22 | selector:
23 | app.kubernetes.io/component: exporter
24 | app.kubernetes.io/name: node-exporter
25 | app.kubernetes.io/part-of: kube-prometheus
26 |
--------------------------------------------------------------------------------
/katalog/node-exporter/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | automountServiceAccountToken: false
8 | kind: ServiceAccount
9 | metadata:
10 | labels:
11 | app.kubernetes.io/component: exporter
12 | app.kubernetes.io/name: node-exporter
13 | app.kubernetes.io/part-of: kube-prometheus
14 | app.kubernetes.io/version: 1.8.2
15 | name: node-exporter
16 | namespace: monitoring
17 |
--------------------------------------------------------------------------------
/katalog/node-exporter/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: ServiceMonitor
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: exporter
11 | app.kubernetes.io/name: node-exporter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 1.8.2
14 | name: node-exporter
15 | namespace: monitoring
16 | spec:
17 | endpoints:
18 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
19 | interval: 15s
20 | port: https
21 | relabelings:
22 | - action: replace
23 | regex: (.*)
24 | replacement: $1
25 | sourceLabels:
26 | - __meta_kubernetes_pod_node_name
27 | targetLabel: instance
28 | scheme: https
29 | tlsConfig:
30 | insecureSkipVerify: true
31 | jobLabel: app.kubernetes.io/name
32 | selector:
33 | matchLabels:
34 | app.kubernetes.io/component: exporter
35 | app.kubernetes.io/name: node-exporter
36 | app.kubernetes.io/part-of: kube-prometheus
37 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `prometheus-adapter` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} prometheus-adapter
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
20 | 5. Make sure the `config.yaml` for the prometheus adapter is up to date and with the full metrics `rules` `externalRules` `resourceRules` enabled.
21 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Adapter
2 |
3 |
4 |
5 | The Prometheus adapter provides an implementation of Kubernetes
6 | [resource metrics](https://github.com/kubernetes/design-proposals-archive/blob/main/instrumentation/resource-metrics-api.md),
7 | [custom metrics](https://github.com/kubernetes/design-proposals-archive/blob/main/instrumentation/custom-metrics-api.md), and
8 | [external metrics](https://github.com/kubernetes/design-proposals-archive/blob/main/instrumentation/external-metrics-api.md) APIs.
9 |
10 | This adapter is therefore suitable for use with the autoscaling/v2 Horizontal Pod Autoscaler in Kubernetes 1.6+.
11 | It can also replace the [metrics server](https://github.com/kubernetes-incubator/metrics-server) on clusters that already run Prometheus and collect the appropriate metrics.
12 |
13 | *Source:* [kubernetes-sigs/prometheus-adapter][pa-gh]
14 |
15 | ## Requirements
16 |
17 | - Kubernetes >= `1.29.0`
18 | - Kustomize = `5.6.0`
19 | - [prometheus-operator](../prometheus-operator)
20 | - [prometheus-operated](../prometheus-operated)
21 |
22 | ## Image repository and tag
23 |
24 | - Prometheus adapter image: `registry.sighup.io/fury/prometheus-adapter/prometheus-adapter:v0.12.0`
25 | - Prometheus adapter repository: [Prometheus adapter on GitHub][pa-gh]
26 |
27 | ## Configuration
28 |
29 | Fury distribution Prometheus adapter is deployed with the following
30 | configuration:
31 | - Resource limits are `250m` for CPU and `1024Mi` for memory
32 | - Listens on port 6443
33 | - Metrics are scraped from Prometheus every `1m`
34 |
35 | ## Deployment
36 | You can deploy prometheus-adapter by running the following command:
37 |
38 | ```shell
39 | kustomize build katalog/prometheus-adapter | kubectl apply -f -
40 | ```
41 |
42 |
43 |
44 | [pa-gh]: https://github.com/kubernetes-sigs/prometheus-adapter
45 |
46 |
47 |
48 | ## License
49 |
50 | For license details please see [LICENSE](../../LICENSE)
51 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/apiService.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: apiregistration.k8s.io/v1
6 | kind: APIService
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: v1beta1.metrics.k8s.io
14 | spec:
15 | group: metrics.k8s.io
16 | groupPriorityMinimum: 100
17 | insecureSkipTLSVerify: true
18 | service:
19 | name: prometheus-adapter
20 | namespace: monitoring
21 | version: v1beta1
22 | versionPriority: 100
23 | ---
24 | apiVersion: apiregistration.k8s.io/v1
25 | kind: APIService
26 | metadata:
27 | name: v1beta1.custom.metrics.k8s.io
28 | labels:
29 | app.kubernetes.io/component: metrics-adapter
30 | app.kubernetes.io/name: prometheus-adapter
31 | app.kubernetes.io/part-of: kube-prometheus
32 | app.kubernetes.io/version: 0.12.0
33 | spec:
34 | service:
35 | name: prometheus-adapter
36 | namespace: "monitoring"
37 | group: custom.metrics.k8s.io
38 | version: v1beta1
39 | insecureSkipTLSVerify: true
40 | groupPriorityMinimum: 100
41 | versionPriority: 100
42 | ---
43 | apiVersion: apiregistration.k8s.io/v1
44 | kind: APIService
45 | metadata:
46 | name: v1beta1.external.metrics.k8s.io
47 | labels:
48 | app.kubernetes.io/component: metrics-adapter
49 | app.kubernetes.io/name: prometheus-adapter
50 | app.kubernetes.io/part-of: kube-prometheus
51 | app.kubernetes.io/version: 0.12.0
52 | spec:
53 | service:
54 | name: prometheus-adapter
55 | namespace: "monitoring"
56 | group: external.metrics.k8s.io
57 | version: v1beta1
58 | insecureSkipTLSVerify: true
59 | groupPriorityMinimum: 100
60 | versionPriority: 100
61 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRole.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRole
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: prometheus-adapter
14 | rules:
15 | - apiGroups:
16 | - ""
17 | resources:
18 | - nodes
19 | - namespaces
20 | - pods
21 | - services
22 | verbs:
23 | - get
24 | - list
25 | - watch
26 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRoleAggregatedMetricsReader.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRole
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | rbac.authorization.k8s.io/aggregate-to-admin: "true"
14 | rbac.authorization.k8s.io/aggregate-to-edit: "true"
15 | rbac.authorization.k8s.io/aggregate-to-view: "true"
16 | name: system:aggregated-metrics-reader
17 | rules:
18 | - apiGroups:
19 | - metrics.k8s.io
20 | resources:
21 | - pods
22 | - nodes
23 | verbs:
24 | - get
25 | - list
26 | - watch
27 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: prometheus-adapter
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: prometheus-adapter
18 | subjects:
19 | - kind: ServiceAccount
20 | name: prometheus-adapter
21 | namespace: monitoring
22 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRoleBindingDelegator.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: resource-metrics:system:auth-delegator
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: system:auth-delegator
18 | subjects:
19 | - kind: ServiceAccount
20 | name: prometheus-adapter
21 | namespace: monitoring
22 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRoleBindingHpaController.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | name: hpa-controller-prometheus-adapter
9 | roleRef:
10 | apiGroup: rbac.authorization.k8s.io
11 | kind: ClusterRole
12 | name: resource-metrics-server-resources
13 | subjects:
14 | - kind: ServiceAccount
15 | name: horizontal-pod-autoscaler
16 | namespace: kube-system
17 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/clusterRoleServerResources.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRole
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: resource-metrics-server-resources
14 | rules:
15 | - apiGroups:
16 | - metrics.k8s.io
17 | - custom.metrics.k8s.io
18 | - external.metrics.k8s.io
19 | resources:
20 | - '*'
21 | verbs:
22 | - '*'
23 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: registry.k8s.io/prometheus-adapter/prometheus-adapter
13 | newName: registry.sighup.io/fury/prometheus-adapter/prometheus-adapter
14 |
15 | patchesStrategicMerge:
16 | - |-
17 | apiVersion: apps/v1
18 | kind: Deployment
19 | metadata:
20 | name: prometheus-adapter
21 | namespace: monitoring
22 | spec:
23 | replicas: 1
24 | template:
25 | spec:
26 | containers:
27 | - name: prometheus-adapter
28 | # we increase the memory limit because we have more rules than the default from upstream and they use slightly more memory in the adapter's container.
29 | resources:
30 | requests:
31 | memory: 3072Mi
32 | limits:
33 | memory: 4096Mi
34 |
35 | patchesJson6902:
36 | - target:
37 | group: rbac.authorization.k8s.io
38 | version: v1
39 | kind: RoleBinding
40 | name: resource-metrics-auth-reader
41 | namespace: monitoring
42 | patch: |-
43 | - op: replace
44 | path: /metadata/namespace
45 | value: kube-system
46 |
47 | configMapGenerator:
48 | - name: adapter-config
49 | namespace: monitoring
50 | files:
51 | - config.yaml=config.yaml
52 |
53 | resources:
54 | - apiService.yaml
55 | - clusterRole.yaml
56 | - clusterRoleAggregatedMetricsReader.yaml
57 | - clusterRoleBindingHpaController.yaml
58 | - clusterRoleBinding.yaml
59 | - clusterRoleBindingDelegator.yaml
60 | - clusterRoleServerResources.yaml
61 | - deployment.yaml
62 | - roleBindingAuthReader.yaml
63 | - service.yaml
64 | - serviceAccount.yaml
65 | - serviceMonitor.yaml
66 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/roleBindingAuthReader.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: RoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: resource-metrics-auth-reader
14 | namespace: kube-system
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: Role
18 | name: extension-apiserver-authentication-reader
19 | subjects:
20 | - kind: ServiceAccount
21 | name: prometheus-adapter
22 | namespace: monitoring
23 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: prometheus-adapter
14 | namespace: monitoring
15 | spec:
16 | ports:
17 | - name: https
18 | port: 443
19 | targetPort: 6443
20 | selector:
21 | app.kubernetes.io/component: metrics-adapter
22 | app.kubernetes.io/name: prometheus-adapter
23 | app.kubernetes.io/part-of: kube-prometheus
24 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: metrics-adapter
11 | app.kubernetes.io/name: prometheus-adapter
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.12.0
14 | name: prometheus-adapter
15 | namespace: monitoring
16 |
--------------------------------------------------------------------------------
/katalog/prometheus-adapter/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: metrics-adapter
10 | app.kubernetes.io/name: prometheus-adapter
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.12.0
13 | name: prometheus-adapter
14 | namespace: monitoring
15 | spec:
16 | endpoints:
17 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
18 | interval: 30s
19 | metricRelabelings:
20 | - action: drop
21 | regex: (apiserver_client_certificate_.*|apiserver_envelope_.*|apiserver_flowcontrol_.*|apiserver_storage_.*|apiserver_webhooks_.*|workqueue_.*)
22 | sourceLabels:
23 | - __name__
24 | port: https
25 | scheme: https
26 | tlsConfig:
27 | insecureSkipVerify: true
28 | selector:
29 | matchLabels:
30 | app.kubernetes.io/component: metrics-adapter
31 | app.kubernetes.io/name: prometheus-adapter
32 | app.kubernetes.io/part-of: kube-prometheus
33 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `prometheus-operated` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release and update local files:
6 |
7 | > [!IMPORTANT]
8 | > Run the following command from the `katalog` folder.
9 |
10 | ```bash
11 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
12 | ../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} prometheus-operated
13 | ```
14 |
15 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
16 |
17 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
18 |
19 | 3. Remove from `kubernetes-monitoring-rules.yml` the CPUThrottlingHigh alert and move KubeClientCertificateExpiration, KubeSchedulerDown and KubeControllerManagerDown to `configs/kubeadm/rules.yml`.
20 |
21 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
22 |
23 | 4. Update the `kustomization.yaml` file with the new image.
24 |
25 | 5. Make sure that all the files have the license headers:
26 |
27 | ```bash
28 | addlicense -c "SIGHUP s.r.l" -v -l bsd -y "2017-present" --check .
29 | ```
30 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/clusterRole.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRole
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s
15 | rules:
16 | - apiGroups:
17 | - ""
18 | resources:
19 | - nodes/metrics
20 | verbs:
21 | - get
22 | - nonResourceURLs:
23 | - /metrics
24 | - /metrics/slis
25 | verbs:
26 | - get
27 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: ClusterRole
18 | name: prometheus-k8s
19 | subjects:
20 | - kind: ServiceAccount
21 | name: prometheus-k8s
22 | namespace: monitoring
23 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Monitoring"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: prometheus-grafana-dashboards
20 | files:
21 | - prometheus.json
22 | - prometheus-remote-write.json
23 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/datasources/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-datasource: default
14 | disableNameSuffixHash: true
15 |
16 | secretGenerator:
17 | - name: grafana-datasource-prometheus
18 | namespace: monitoring
19 | files:
20 | - prometheus.yaml
21 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/datasources/prometheus.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: 1
6 | datasources:
7 | - access: proxy
8 | editable: false
9 | name: prometheus
10 | orgId: 1
11 | type: prometheus
12 | url: http://prometheus-k8s.monitoring.svc:9090
13 | version: 1
14 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/prometheus.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: Prometheus
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: k8s
15 | namespace: monitoring
16 | spec:
17 | alerting:
18 | alertmanagers:
19 | - apiVersion: v2
20 | name: alertmanager-main
21 | namespace: monitoring
22 | port: web
23 | enableFeatures: []
24 | externalLabels: {}
25 | image: quay.io/prometheus/prometheus:v2.54.1
26 | nodeSelector:
27 | kubernetes.io/os: linux
28 | podMetadata:
29 | labels:
30 | app.kubernetes.io/component: prometheus
31 | app.kubernetes.io/instance: k8s
32 | app.kubernetes.io/name: prometheus
33 | app.kubernetes.io/part-of: kube-prometheus
34 | app.kubernetes.io/version: 2.54.1
35 | podMonitorNamespaceSelector: {}
36 | podMonitorSelector: {}
37 | probeNamespaceSelector: {}
38 | probeSelector: {}
39 | replicas: 2
40 | resources:
41 | requests:
42 | memory: 400Mi
43 | ruleNamespaceSelector: {}
44 | ruleSelector: {}
45 | scrapeConfigNamespaceSelector: {}
46 | scrapeConfigSelector: {}
47 | securityContext:
48 | fsGroup: 2000
49 | runAsNonRoot: true
50 | runAsUser: 1000
51 | serviceAccountName: prometheus-k8s
52 | serviceMonitorNamespaceSelector: {}
53 | serviceMonitorSelector: {}
54 | version: 2.54.1
55 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/roleBindingConfig.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: RoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s-config
15 | namespace: monitoring
16 | roleRef:
17 | apiGroup: rbac.authorization.k8s.io
18 | kind: Role
19 | name: prometheus-k8s-config
20 | subjects:
21 | - kind: ServiceAccount
22 | name: prometheus-k8s
23 | namespace: monitoring
24 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/roleConfig.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: Role
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s-config
15 | namespace: monitoring
16 | rules:
17 | - apiGroups:
18 | - ""
19 | resources:
20 | - configmaps
21 | verbs:
22 | - get
23 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s
15 | namespace: monitoring
16 | spec:
17 | ports:
18 | - name: web
19 | port: 9090
20 | targetPort: web
21 | - name: reloader-web
22 | port: 8080
23 | targetPort: reloader-web
24 | selector:
25 | app.kubernetes.io/component: prometheus
26 | app.kubernetes.io/instance: k8s
27 | app.kubernetes.io/name: prometheus
28 | app.kubernetes.io/part-of: kube-prometheus
29 | sessionAffinity: ClientIP
30 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: true
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: prometheus
11 | app.kubernetes.io/instance: k8s
12 | app.kubernetes.io/name: prometheus
13 | app.kubernetes.io/part-of: kube-prometheus
14 | app.kubernetes.io/version: 2.54.1
15 | name: prometheus-k8s
16 | namespace: monitoring
17 |
--------------------------------------------------------------------------------
/katalog/prometheus-operated/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: prometheus
10 | app.kubernetes.io/instance: k8s
11 | app.kubernetes.io/name: prometheus
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 2.54.1
14 | name: prometheus-k8s
15 | namespace: monitoring
16 | spec:
17 | endpoints:
18 | - interval: 30s
19 | port: web
20 | - interval: 30s
21 | port: reloader-web
22 | selector:
23 | matchLabels:
24 | app.kubernetes.io/component: prometheus
25 | app.kubernetes.io/instance: k8s
26 | app.kubernetes.io/name: prometheus
27 | app.kubernetes.io/part-of: kube-prometheus
28 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `prometheus-operator` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | export KUBE_PROMETHEUS_RELEASE=v0.14.0
9 | ../../utils/pull-upstream.sh ${KUBE_PROMETHEUS_RELEASE} prometheus-operator
10 | ```
11 |
12 | Replace `KUBE_PROMETHEUS_RELEASE` with the current upstream release.
13 |
14 | 2. Check the differences introduced by pulling the upstream release and add the needed patches in `kustomization.yaml`
15 |
16 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
17 |
18 | 4. Update the `kustomization.yaml` file with the new image.
19 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/clusterRoleBinding.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: rbac.authorization.k8s.io/v1
6 | kind: ClusterRoleBinding
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: controller
10 | app.kubernetes.io/name: prometheus-operator
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.76.2
13 | name: prometheus-operator
14 | roleRef:
15 | apiGroup: rbac.authorization.k8s.io
16 | kind: ClusterRole
17 | name: prometheus-operator
18 | subjects:
19 | - kind: ServiceAccount
20 | name: prometheus-operator
21 | namespace: monitoring
22 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/namespace.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Namespace
8 | metadata:
9 | name: monitoring
10 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | kind: Service
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: controller
10 | app.kubernetes.io/name: prometheus-operator
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.76.2
13 | name: prometheus-operator
14 | namespace: monitoring
15 | spec:
16 | clusterIP: None
17 | ports:
18 | - name: https
19 | port: 8443
20 | targetPort: https
21 | selector:
22 | app.kubernetes.io/component: controller
23 | app.kubernetes.io/name: prometheus-operator
24 | app.kubernetes.io/part-of: kube-prometheus
25 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/serviceAccount.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: v1
6 | automountServiceAccountToken: false
7 | kind: ServiceAccount
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: controller
11 | app.kubernetes.io/name: prometheus-operator
12 | app.kubernetes.io/part-of: kube-prometheus
13 | app.kubernetes.io/version: 0.76.2
14 | name: prometheus-operator
15 | namespace: monitoring
16 |
--------------------------------------------------------------------------------
/katalog/prometheus-operator/serviceMonitor.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: monitoring.coreos.com/v1
6 | kind: ServiceMonitor
7 | metadata:
8 | labels:
9 | app.kubernetes.io/component: controller
10 | app.kubernetes.io/name: prometheus-operator
11 | app.kubernetes.io/part-of: kube-prometheus
12 | app.kubernetes.io/version: 0.76.2
13 | name: prometheus-operator
14 | namespace: monitoring
15 | spec:
16 | endpoints:
17 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
18 | honorLabels: true
19 | port: https
20 | scheme: https
21 | tlsConfig:
22 | insecureSkipVerify: true
23 | selector:
24 | matchLabels:
25 | app.kubernetes.io/component: controller
26 | app.kubernetes.io/name: prometheus-operator
27 | app.kubernetes.io/part-of: kube-prometheus
28 | app.kubernetes.io/version: 0.76.2
29 |
--------------------------------------------------------------------------------
/katalog/tests/grafana-ldap-auth/kustomize-project/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: kustomize.config.k8s.io/v1beta1
6 | kind: Kustomization
7 |
8 | bases:
9 | - ../../../grafana/
10 |
11 | patches:
12 | - path: patches/grafana-ldap.yaml
13 |
14 | generatorOptions:
15 | disableNameSuffixHash: true
16 |
17 | configMapGenerator:
18 | - name: ldap-config
19 | namespace: monitoring
20 | files:
21 | - ldap.toml=ldap-config/ldap.toml
22 |
--------------------------------------------------------------------------------
/katalog/tests/grafana-ldap-auth/kustomize-project/patches/grafana-ldap.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | # https://grafana.com/docs/grafana/latest/installation/configuration/#configure-with-environment-variables
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: grafana
10 | namespace: monitoring
11 | spec:
12 | template:
13 | spec:
14 | volumes:
15 | - name: ldap-config
16 | configMap:
17 | name: ldap-config
18 | containers:
19 | - name: grafana
20 | volumeMounts:
21 | - name: ldap-config
22 | mountPath: /etc/grafana/ldap/
23 | env:
24 | - name: GF_AUTH_LDAP_ENABLED
25 | value: "true"
26 | - name: GF_AUTH_LDAP_CONFIG_FILE
27 | value: /etc/grafana/ldap/ldap.toml
28 | - name: GF_AUTH_LDAP_ALLOW_SIGN_UP
29 | value: "true"
30 | - name: GF_AUTH_ANONYMOUS_ENABLED
31 | value: "false"
32 | - name: GF_AUTH_ANONYMOUS_DISABLE_LOGIN_FORM
33 | value: "false"
34 | - name: GF_LOG_FILTERS
35 | value: "ldap:debug"
36 |
--------------------------------------------------------------------------------
/katalog/tests/grafana-ldap-auth/ldap-server/ldap-server.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Secret
8 | metadata:
9 | labels:
10 | app: ldap-server
11 | name: ldap
12 | stringData:
13 | LDAP_ADMIN_PASSWORD: HatFriday
14 | ---
15 | kind: ConfigMap
16 | metadata:
17 | labels:
18 | app: ldap-server
19 | name: ldap
20 | apiVersion: v1
21 | data:
22 | LDAP_ORGANISATION: SIGHUP
23 | LDAP_DOMAIN: sighup.io
24 | ---
25 | apiVersion: v1
26 | kind: Service
27 | metadata:
28 | name: ldap-server
29 | spec:
30 | ports:
31 | - name: "tcp-389"
32 | port: 389
33 | protocol: TCP
34 | targetPort: 389
35 | - name: "tcp-363"
36 | port: 636
37 | protocol: TCP
38 | targetPort: 636
39 | selector:
40 | app: ldap-server
41 | ---
42 | apiVersion: apps/v1
43 | kind: Deployment
44 | metadata:
45 | labels:
46 | app: ldap-server
47 | name: ldap-server
48 | spec:
49 | replicas: 1
50 | selector:
51 | matchLabels:
52 | app: ldap-server
53 | strategy: {}
54 | template:
55 | metadata:
56 | labels:
57 | app: ldap-server
58 | spec:
59 | volumes:
60 | - name: ldap-ldif
61 | configMap:
62 | name: ldap-ldif
63 | containers:
64 | - name: ldap-server
65 | image: registry.sighup.io/fury/osixia/openldap:1.5.0
66 | command:
67 | - "sh"
68 | - "-c"
69 | - "cp -R /tmp/ldif /container/service/slapd/assets/config/bootstrap/ldif/custom && /container/tool/run"
70 | envFrom:
71 | - configMapRef:
72 | name: ldap
73 | - secretRef:
74 | name: ldap
75 | ports:
76 | - containerPort: 389
77 | name: "tcp-389"
78 | - containerPort: 636
79 | name: "tcp-636"
80 | resources: {}
81 | volumeMounts:
82 | - name: ldap-ldif
83 | mountPath: /tmp/ldif
84 |
--------------------------------------------------------------------------------
/katalog/tests/grafana-ldap-auth/ldap-server/sighup.io-groups.ldif:
--------------------------------------------------------------------------------
1 | version: 1
2 |
3 | dn: ou=groups,dc=sighup,dc=io
4 | objectClass: top
5 | objectClass: organizationalUnit
6 | ou: groups
7 |
8 | dn: ou=people,dc=sighup,dc=io
9 | objectClass: top
10 | objectClass: organizationalUnit
11 | ou: people
12 |
13 | dn: cn=angel,ou=people,dc=sighup,dc=io
14 | objectClass: top
15 | objectClass: person
16 | cn: angel
17 | sn: barrera
18 | userPassword: angel
19 |
20 | dn: cn=jacopo,ou=people,dc=sighup,dc=io
21 | objectClass: top
22 | objectClass: person
23 | cn: jacopo
24 | sn: nardiello
25 | userPassword: admin
26 |
27 | dn: cn=engineering,ou=groups,dc=sighup,dc=io
28 | objectClass: top
29 | objectClass: groupOfNames
30 | cn: engineering
31 | member: cn=angel,ou=people,dc=sighup,dc=io
32 | member: cn=jacopo,ou=people,dc=sighup,dc=io
33 |
34 | dn: cn=amministrazione,ou=groups,dc=sighup,dc=io
35 | objectClass: top
36 | objectClass: groupOfNames
37 | cn: amministrazione
38 | member: cn=jacopo,ou=people,dc=sighup,dc=io
--------------------------------------------------------------------------------
/katalog/tests/helper.bash:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bats
2 |
3 | # shellcheck disable=SC2086,SC2154,SC2034
4 |
5 | apply (){
6 | kustomize build $1 >&2
7 | kustomize build $1 | kubectl apply --server-side -f - 2>&3
8 | }
9 |
10 | delete (){
11 | kustomize build $1 >&2
12 | kustomize build $1 | kubectl delete -f - 2>&3
13 | }
14 |
15 | info(){
16 | echo -e "${BATS_TEST_NUMBER}: ${BATS_TEST_DESCRIPTION}" >&3
17 | }
18 |
19 | loop_it(){
20 | retry_counter=0
21 | max_retry=${2:-100}
22 | wait_time=${3:-2}
23 | run ${1}
24 | ko=${status}
25 | loop_it_result=${ko}
26 | while [[ ko -ne 0 ]]
27 | do
28 | if [ $retry_counter -ge $max_retry ]; then echo "Timeout waiting a condition"; return 1; fi
29 | sleep ${wait_time} && echo "# waiting..." $retry_counter >&3
30 | run ${1}
31 | ko=${status}
32 | loop_it_result=${ko}
33 | retry_counter=$((retry_counter + 1))
34 | done
35 | return 0
36 | }
37 |
--------------------------------------------------------------------------------
/katalog/tests/kind-config.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | apiVersion: kind.x-k8s.io/v1alpha4
6 | kind: Cluster
7 | networking:
8 | apiServerAddress: "0.0.0.0"
9 |
10 | nodes:
11 | - role: control-plane
12 | kubeadmConfigPatches:
13 | - |
14 | group: kubeadm.k8s.io
15 | version: v1beta1
16 | kind: ClusterConfiguration
17 | patch: |
18 | - op: add
19 | path: /apiServer/certSANs/-
20 | value: docker
21 | - |
22 | kind: ClusterConfiguration
23 | metadata:
24 | name: config
25 | etcd:
26 | local:
27 | extraArgs:
28 | "listen-metrics-urls": "http://0.0.0.0:2378"
29 | apiServer:
30 | extraArgs:
31 | "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,PodNodeSelector,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
32 | controllerManager:
33 | extraArgs:
34 | "bind-address": "0.0.0.0"
35 | scheduler:
36 | extraArgs:
37 | "bind-address": "0.0.0.0"
38 | - role: worker
39 |
40 | containerdConfigPatches:
41 | - |-
42 | [debug]
43 | level = "debug"
44 | [plugins."io.containerd.grpc.v1.cri".registry]
45 | [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
46 | [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
47 | endpoint = ["https://mirror.gcr.io", "https://registry-1.docker.io"]
48 |
--------------------------------------------------------------------------------
/katalog/tests/promtool.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
3 | # Use of this source code is governed by a BSD-style
4 | # license that can be found in the LICENSE file.
5 |
6 |
7 | set -x
8 | set -e
9 | set -u
10 | set -o pipefail
11 |
12 | # Check prometheus rules
13 | grep -ril "kind: PrometheusRule" . | \
14 | grep -v "$0" | \
15 | grep -v "kustomization.yaml" | \
16 | grep -v "crds" | \
17 | while read -r rules_file; do
18 | echo "------------- CHECKING PROMETHEUS RULES IN $rules_file ---------"
19 | yq '.spec' "$rules_file" | promtool check rules --lint="none" /dev/stdin
20 | done
21 |
--------------------------------------------------------------------------------
/katalog/tests/x509-exporter/volume-patch.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | spec:
6 | template:
7 | spec:
8 | volumes:
9 | - name: etc-etcd-pki
10 | hostPath:
11 | path: /etc/kubernetes/pki
12 | type: Directory
13 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/MAINTENANCE.md:
--------------------------------------------------------------------------------
1 | # `x509-exporter` Package Maintenance
2 |
3 | To prepare a new release of this package:
4 |
5 | 1. Get the current upstream release
6 |
7 | ```bash
8 | mkdir temp && cd temp
9 | helm repo add enix https://charts.enix.io
10 | helm template x509-certificate-exporter enix/x509-certificate-exporter > manifests.yaml
11 | ```
12 |
13 | 2. Check the differences between `manifests.yaml` and the manifests within this repository tree, adjust everything accordingly.
14 |
15 | 3. Sync the new image to our registry in the [`monitoring` images.yaml file fury-distribution-container-image-sync repository](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml).
16 |
17 | 4. Update each `kustomization.yaml` file with the new image.
18 |
19 | 5. Remove the temporary directory
20 |
21 | ```bash
22 | rm -rf temp
23 | ```
24 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/README.md:
--------------------------------------------------------------------------------
1 | # x509 Exporter
2 |
3 |
4 |
5 | This package provides monitoring for certificates.
6 | The original project is: [x509-certificate-exporter](https://github.com/enix/x509-certificate-exporter)
7 |
8 |
9 | ## Requirements
10 |
11 | - Kubernetes >= `1.29.0`
12 | - Kustomize = `v5.6.0`
13 | - [prometheus-operator](../prometheus-operator)
14 |
15 |
16 | ## Image repository and tag
17 |
18 | - Certificate exporter image: `registry.sighup.io/fury/enix/x509-certificate-exporter:3.18.1`
19 |
20 | ## Deployment
21 |
22 | You can deploy x509 exporter by running the following command:
23 |
24 | ```shell
25 | kustomize build | kubectl apply -f -
26 | ```
27 |
28 |
29 |
30 | ## License
31 |
32 | For license details please see [LICENSE](../../LICENSE)
33 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/common/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | generatorOptions:
12 | labels:
13 | grafana-sighup-dashboard: default
14 | annotations:
15 | grafana-folder: "Monitoring"
16 | disableNameSuffixHash: true
17 |
18 | configMapGenerator:
19 | - name: grafana-dashboard-definitions-x509
20 | files:
21 | - x509.json
22 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/common/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - dashboards
13 | - rules.yml
14 | - sm.yml
15 | - svc.yml
16 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/common/sm.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: monitoring.coreos.com/v1
7 | kind: ServiceMonitor
8 | metadata:
9 | name: x509-certificate-exporter
10 | labels:
11 | app: x509-certificate-exporter
12 | spec:
13 | selector:
14 | matchLabels:
15 | app: x509-certificate-exporter
16 | endpoints:
17 | - port: metrics
18 | interval: 60s
19 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/common/svc.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | name: x509-certificate-exporter-headless
10 | labels:
11 | app: x509-certificate-exporter
12 | spec:
13 | type: ClusterIP
14 | clusterIP: None
15 | ports:
16 | - name: metrics
17 | port: 9793
18 | targetPort: metrics
19 | selector:
20 | app: x509-certificate-exporter
21 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/daemonset/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: docker.io/enix/x509-certificate-exporter
13 | newName: registry.sighup.io/fury/enix/x509-certificate-exporter
14 | newTag: 3.18.1
15 |
16 | resources:
17 | - daemonset.yml
18 | - sa.yml
19 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/daemonset/base/sa.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: ServiceAccount
8 | metadata:
9 | name: x509-certificate-exporter-node
10 | labels:
11 | app: x509-certificate-exporter
12 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/daemonset/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - x509-certificate-exporter-control-plane
13 | - x509-certificate-exporter-data-plane
14 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/daemonset/x509-certificate-exporter-data-plane/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | nameSuffix: -data-plane
12 |
13 | resources:
14 | - ../base
15 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/deployment/deployment.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: x509-certificate-exporter
10 | labels:
11 | app: x509-certificate-exporter
12 | spec:
13 | selector:
14 | matchLabels:
15 | app: x509-certificate-exporter
16 | replicas: 1
17 | template:
18 | metadata:
19 | labels:
20 | app: x509-certificate-exporter
21 | spec:
22 | restartPolicy: Always
23 | serviceAccountName: x509-certificate-exporter
24 | containers:
25 | - name: x509-certificate-exporter
26 | securityContext:
27 | allowPrivilegeEscalation: false
28 | capabilities:
29 | drop:
30 | - ALL
31 | readOnlyRootFilesystem: true
32 | runAsGroup: 65534
33 | runAsNonRoot: true
34 | runAsUser: 65534
35 | resources:
36 | limits:
37 | cpu: 200m
38 | memory: 100Mi
39 | requests:
40 | cpu: 10m
41 | memory: 20Mi
42 | image: docker.io/enix/x509-certificate-exporter
43 | imagePullPolicy: IfNotPresent
44 | args:
45 | - --watch-kube-secrets
46 | - --secret-type=kubernetes.io/tls:tls.crt
47 | - --listen-address=:9793
48 | - --max-cache-duration=24h
49 | ports:
50 | - name: metrics
51 | containerPort: 9793
52 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/deployment/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | images:
12 | - name: docker.io/enix/x509-certificate-exporter
13 | newName: registry.sighup.io/fury/enix/x509-certificate-exporter
14 | newTag: 3.18.1
15 |
16 | resources:
17 | - deployment.yml
18 | - rbac.yml
19 | - sa.yml
20 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/deployment/rbac.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: rbac.authorization.k8s.io/v1
7 | kind: ClusterRole
8 | metadata:
9 | name: x509-certificate-exporter
10 | labels:
11 | app: x509-certificate-exporter
12 | rules:
13 | - apiGroups:
14 | - ""
15 | resources:
16 | - namespaces
17 | verbs:
18 | - get
19 | - watch
20 | - list
21 | - apiGroups:
22 | - ""
23 | resources:
24 | - secrets
25 | verbs:
26 | - get
27 | - watch
28 | - list
29 | ---
30 | apiVersion: rbac.authorization.k8s.io/v1
31 | kind: ClusterRoleBinding
32 | metadata:
33 | name: x509-certificate-exporter
34 | labels:
35 | app: x509-certificate-exporter
36 | roleRef:
37 | apiGroup: rbac.authorization.k8s.io
38 | kind: ClusterRole
39 | name: x509-certificate-exporter
40 | subjects:
41 | - kind: ServiceAccount
42 | name: x509-certificate-exporter
43 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/deployment/sa.yml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: v1
7 | kind: ServiceAccount
8 | metadata:
9 | name: x509-certificate-exporter
10 | labels:
11 | app: x509-certificate-exporter
12 |
--------------------------------------------------------------------------------
/katalog/x509-exporter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved.
2 | # Use of this source code is governed by a BSD-style
3 | # license that can be found in the LICENSE file.
4 |
5 | ---
6 | apiVersion: kustomize.config.k8s.io/v1beta1
7 | kind: Kustomization
8 |
9 | namespace: monitoring
10 |
11 | resources:
12 | - common
13 | - daemonset
14 | - deployment
15 |
--------------------------------------------------------------------------------