231 lines
6.2 KiB
YAML
231 lines
6.2 KiB
YAML
kube-prometheus-stack:
|
|
fullnameOverride: prometheus
|
|
|
|
defaultRules:
|
|
create: true
|
|
rules:
|
|
alertmanager: true
|
|
etcd: true
|
|
configReloaders: true
|
|
general: true
|
|
k8s: true
|
|
kubeApiserverAvailability: true
|
|
kubeApiserverBurnrate: true
|
|
kubeApiserverHistogram: true
|
|
kubeApiserverSlos: true
|
|
kubelet: true
|
|
kubeProxy: true
|
|
kubePrometheusGeneral: true
|
|
kubePrometheusNodeRecording: true
|
|
kubernetesApps: true
|
|
kubernetesResources: true
|
|
kubernetesStorage: true
|
|
kubernetesSystem: true
|
|
kubeScheduler: true
|
|
kubeStateMetrics: true
|
|
network: true
|
|
node: true
|
|
nodeExporterAlerting: true
|
|
nodeExporterRecording: true
|
|
prometheus: true
|
|
prometheusOperator: true
|
|
|
|
alertmanager:
|
|
fullnameOverride: alertmanager
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
kubernetes.io/ingress.class: nginx
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
|
|
hosts:
|
|
- alertmanager.durp.info
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: alertmanager-tls
|
|
hosts:
|
|
- alertmanager.durp.info
|
|
grafana:
|
|
enabled: true
|
|
fullnameOverride: grafana
|
|
forceDeployDatasources: false
|
|
forceDeployDashboards: false
|
|
defaultDashboardsEnabled: true
|
|
defaultDashboardsTimezone: utc
|
|
plugins:
|
|
- grafana-polystat-panel
|
|
serviceMonitor:
|
|
enabled: true
|
|
admin:
|
|
existingSecret: grafana-admin-credentials
|
|
userKey: admin-user
|
|
passwordKey: admin-password
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
kubernetes.io/ingress.class: nginx
|
|
hosts:
|
|
- grafana.durp.info
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: grafana-tls
|
|
hosts:
|
|
- grafana.durp.info
|
|
env:
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
|
GF_AUTH_GENERIC_OAUTH_NAME: "authentik"
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "6a7eadea9bc68f7a59712a0365bd0822de9a6946"
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "c8105547137367e4fe0ba6b5c022ff322569a0b2ea93c9652b77762eb4a094558f9edf98f81aa7329ad724d569b126ff2e281989ebe289bbd7b855f5e80bad5d"
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.durp.info/application/o/authorize/"
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.durp.info/application/o/token/"
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.durp.info/application/o/userinfo/"
|
|
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.durp.info/application/o/grafana/end-session/"
|
|
# Optionally enable auto-login (bypasses Grafana login screen)
|
|
#GF_AUTH_OAUTH_AUTO_LOGIN: "true"
|
|
# Optionally map user groups to Grafana roles
|
|
#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
|
|
kubeApiServer:
|
|
enabled: true
|
|
|
|
kubelet:
|
|
enabled: true
|
|
serviceMonitor:
|
|
metricRelabelings:
|
|
- action: replace
|
|
sourceLabels:
|
|
- node
|
|
targetLabel: instance
|
|
|
|
kubeControllerManager:
|
|
enabled: true
|
|
endpoints: # ips of servers
|
|
- 192.168.20.121
|
|
- 192.168.20.122
|
|
- 192.168.20.123
|
|
|
|
coreDns:
|
|
enabled: false
|
|
|
|
kubeDns:
|
|
enabled: false
|
|
|
|
kubeEtcd:
|
|
enabled: true
|
|
endpoints: # ips of servers
|
|
- 192.168.20.121
|
|
- 192.168.20.122
|
|
- 192.168.20.123
|
|
service:
|
|
enabled: true
|
|
port: 2381
|
|
targetPort: 2381
|
|
|
|
kubeScheduler:
|
|
enabled: true
|
|
endpoints: # ips of servers
|
|
- 192.168.20.121
|
|
- 192.168.20.122
|
|
- 192.168.20.123
|
|
|
|
kubeProxy:
|
|
enabled: true
|
|
endpoints: # ips of servers
|
|
- 192.168.20.121
|
|
- 192.168.20.122
|
|
- 192.168.20.123
|
|
|
|
kubeStateMetrics:
|
|
enabled: true
|
|
|
|
kube-state-metrics:
|
|
fullnameOverride: kube-state-metrics
|
|
selfMonitor:
|
|
enabled: true
|
|
prometheus:
|
|
monitor:
|
|
enabled: true
|
|
relabelings:
|
|
- action: replace
|
|
regex: (.*)
|
|
replacement: $1
|
|
sourceLabels:
|
|
- __meta_kubernetes_pod_node_name
|
|
targetLabel: kubernetes_node
|
|
|
|
nodeExporter:
|
|
enabled: true
|
|
serviceMonitor:
|
|
relabelings:
|
|
- action: replace
|
|
regex: (.*)
|
|
replacement: $1
|
|
sourceLabels:
|
|
- __meta_kubernetes_pod_node_name
|
|
targetLabel: kubernetes_node
|
|
|
|
prometheus-node-exporter:
|
|
fullnameOverride: node-exporter
|
|
podLabels:
|
|
jobLabel: node-exporter
|
|
extraArgs:
|
|
- --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
|
|
- --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
|
|
service:
|
|
portName: http-metrics
|
|
prometheus:
|
|
monitor:
|
|
enabled: true
|
|
relabelings:
|
|
- action: replace
|
|
regex: (.*)
|
|
replacement: $1
|
|
sourceLabels:
|
|
- __meta_kubernetes_pod_node_name
|
|
targetLabel: kubernetes_node
|
|
resources:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 2048Mi
|
|
|
|
prometheusOperator:
|
|
enabled: true
|
|
prometheusConfigReloader:
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 50Mi
|
|
limits:
|
|
memory: 100Mi
|
|
|
|
prometheus:
|
|
enabled: true
|
|
prometheusSpec:
|
|
replicas: 1
|
|
replicaExternalLabelName: "replica"
|
|
ruleSelectorNilUsesHelmValues: false
|
|
serviceMonitorSelectorNilUsesHelmValues: false
|
|
podMonitorSelectorNilUsesHelmValues: false
|
|
probeSelectorNilUsesHelmValues: false
|
|
retention: 6h
|
|
enableAdminAPI: true
|
|
walCompression: true
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
storageClassName: nfs-storage
|
|
accessModes: ["ReadWriteMany"]
|
|
resources:
|
|
requests:
|
|
storage: 50Gi
|
|
|
|
thanosRuler:
|
|
enabled: false
|