2023-04-20 01:39:36 +02:00
|
|
|
alertmanager:
|
2023-06-20 08:43:48 +02:00
|
|
|
alertmanagerSpec:
|
2024-02-09 04:41:59 +01:00
|
|
|
podAntiAffinity: "hard"
|
2023-06-20 08:43:48 +02:00
|
|
|
replicas: 2
|
2023-08-30 21:27:13 +02:00
|
|
|
secrets:
|
2023-08-30 21:32:18 +02:00
|
|
|
- "telegram-api"
|
|
|
|
configMaps:
|
|
|
|
- "templates"
|
2023-08-31 00:29:12 +02:00
|
|
|
storage:
|
|
|
|
volumeClaimTemplate:
|
|
|
|
spec:
|
|
|
|
accessModes: ["ReadWriteOnce"]
|
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
storage: 5Gi
|
|
|
|
useExistingSecret: false
|
2023-08-30 21:27:13 +02:00
|
|
|
config:
|
|
|
|
global:
|
|
|
|
resolve_timeout: 5m
|
|
|
|
templates:
|
2023-09-15 01:43:41 +02:00
|
|
|
- '/etc/alertmanager/configmaps/templates/telegram.tmpl'
|
2023-08-30 21:27:13 +02:00
|
|
|
route:
|
|
|
|
group_by: ['alertname']
|
|
|
|
group_wait: 30s
|
|
|
|
group_interval: 30s
|
|
|
|
repeat_interval: 24h
|
|
|
|
receiver: 'tg1'
|
|
|
|
routes:
|
|
|
|
- matchers:
|
|
|
|
- severity=warning
|
|
|
|
receiver: 'tg1'
|
|
|
|
- matchers:
|
|
|
|
- severity=critical
|
|
|
|
receiver: 'tg1'
|
|
|
|
receivers:
|
|
|
|
- name: tg1
|
|
|
|
telegram_configs:
|
2023-09-15 01:43:41 +02:00
|
|
|
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
2023-08-30 21:27:13 +02:00
|
|
|
chat_id: -995270884
|
|
|
|
api_url: "https://api.telegram.org"
|
|
|
|
send_resolved: true
|
|
|
|
parse_mode: "HTML"
|
|
|
|
message: '{{ template "telegram.aaron" .}}'
|
|
|
|
inhibit_rules:
|
|
|
|
- source_matchers:
|
|
|
|
- severity = critical
|
|
|
|
target_matchers:
|
|
|
|
- severity = warning
|
2023-12-18 17:33:47 +01:00
|
|
|
- severity = info
|
|
|
|
equal: ['node']
|
2024-01-31 16:19:42 +01:00
|
|
|
- source_matchers:
|
|
|
|
- alertname = KubeNodeUnreachable
|
|
|
|
target_matchers:
|
|
|
|
- severity =~ "warning|info"
|
2023-06-20 08:43:48 +02:00
|
|
|
ingress:
|
2023-06-20 08:54:19 +02:00
|
|
|
paths:
|
|
|
|
- /
|
2023-06-17 09:11:18 +02:00
|
|
|
enabled: true
|
2023-06-20 08:43:48 +02:00
|
|
|
hosts:
|
|
|
|
- alertmanager.services.yolokube.de
|
|
|
|
annotations:
|
2024-09-29 14:10:34 +02:00
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
2024-05-28 17:42:47 +02:00
|
|
|
kubernetes.io/tls-acme: "true"
|
|
|
|
tls:
|
|
|
|
- secretName: alertmanager-tls-key
|
|
|
|
hosts:
|
|
|
|
- alertmanager.services.yolokube.de
|
2023-06-20 08:43:48 +02:00
|
|
|
ingressPerReplica:
|
2023-06-20 09:06:13 +02:00
|
|
|
pathType: ImplementationSpecific
|
2023-06-20 08:56:06 +02:00
|
|
|
paths:
|
|
|
|
- /
|
2023-06-20 08:43:48 +02:00
|
|
|
enabled: true
|
|
|
|
hostPrefix: alertmanager
|
|
|
|
hostDomain: services.yolokube.de
|
|
|
|
annotations:
|
2024-09-29 14:10:34 +02:00
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
2024-05-28 17:42:47 +02:00
|
|
|
kubernetes.io/tls-acme: "true"
|
|
|
|
tlsSecretPerReplica:
|
|
|
|
enabled: true
|
|
|
|
prefix: alertmanager
|
2023-06-20 08:43:48 +02:00
|
|
|
servicePerReplica:
|
|
|
|
enabled: true
|
2023-12-25 10:19:03 +01:00
|
|
|
podAntiAffinity: "hard"
|
2023-06-20 08:43:48 +02:00
|
|
|
grafana:
|
|
|
|
defaultDashboardsTimezone: Europe/Berlin
|
|
|
|
ingress:
|
2024-05-28 17:42:47 +02:00
|
|
|
annotations:
|
|
|
|
kubernetes.io/tls-acme: "true"
|
2024-09-29 15:23:01 +02:00
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
2023-06-20 08:43:48 +02:00
|
|
|
enabled: true
|
|
|
|
hosts:
|
|
|
|
- grafana.services.yolokube.de
|
2024-05-28 17:42:47 +02:00
|
|
|
tls:
|
|
|
|
- secretName: grafana-tls-key
|
|
|
|
hosts:
|
|
|
|
- grafana.services.yolokube.de
|
2023-06-29 12:02:54 +02:00
|
|
|
persistence:
|
|
|
|
enabled: true
|
2024-02-23 13:00:56 +01:00
|
|
|
accessModes:
|
|
|
|
- ReadWriteMany
|
2024-09-29 15:23:01 +02:00
|
|
|
grafana.ini:
|
|
|
|
auth:
|
|
|
|
disable_login_form: true
|
|
|
|
disable_signout_menu: true
|
|
|
|
auth.proxy:
|
|
|
|
enabled: true
|
|
|
|
header_name: X-Authentik-Username
|
|
|
|
header_property: username
|
|
|
|
auto_sign_up: true
|
2024-09-29 16:03:50 +02:00
|
|
|
headers: Email:X-Authentik-Email, Name:X-Authentik-Name, Role:X-Authentik-Grafana-Role
|
2024-09-29 15:41:25 +02:00
|
|
|
whitelist: 10.1.0.0/16
|
2024-10-02 22:01:03 +02:00
|
|
|
additionalDataSources:
|
|
|
|
- name: Thanos
|
|
|
|
type: prometheus
|
|
|
|
url: http://querier.thanos.svc.cluster.local:9090
|
2023-04-20 06:03:40 +02:00
|
|
|
prometheus-node-exporter:
|
2023-06-23 19:19:48 +02:00
|
|
|
prometheus:
|
|
|
|
monitor:
|
|
|
|
enabled: true
|
|
|
|
relabelings:
|
2023-06-24 07:28:58 +02:00
|
|
|
- action: replace
|
|
|
|
sourceLabels: [__meta_kubernetes_endpoint_node_name]
|
2023-06-23 19:19:48 +02:00
|
|
|
targetLabel: node
|
2023-04-20 06:03:40 +02:00
|
|
|
extraArgs:
|
2023-06-20 08:43:48 +02:00
|
|
|
- '--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)'
|
|
|
|
- '--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$'
|
2023-04-20 06:03:40 +02:00
|
|
|
- '--collector.textfile.directory=/host/root/var/log/'
|
|
|
|
- '--collector.ethtool'
|
2023-06-20 08:43:48 +02:00
|
|
|
prometheus:
|
|
|
|
servicePerReplica:
|
|
|
|
enabled: true
|
|
|
|
ingress:
|
2023-06-20 08:54:19 +02:00
|
|
|
paths:
|
|
|
|
- /
|
2023-06-20 08:43:48 +02:00
|
|
|
enabled: true
|
|
|
|
hosts:
|
|
|
|
- prometheus.services.yolokube.de
|
|
|
|
annotations:
|
2024-09-29 14:10:34 +02:00
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
2024-05-28 17:42:47 +02:00
|
|
|
kubernetes.io/tls-acme: "true"
|
|
|
|
tls:
|
|
|
|
- secretName: prometheus-tls-key
|
|
|
|
hosts:
|
|
|
|
- prometheus.services.yolokube.de
|
2023-06-20 08:43:48 +02:00
|
|
|
ingressPerReplica:
|
2023-06-20 09:06:13 +02:00
|
|
|
pathType: ImplementationSpecific
|
2023-06-20 08:56:06 +02:00
|
|
|
paths:
|
|
|
|
- /
|
2023-06-20 08:43:48 +02:00
|
|
|
enabled: true
|
|
|
|
hostPrefix: prometheus
|
|
|
|
hostDomain: services.yolokube.de
|
|
|
|
annotations:
|
2024-09-29 14:10:34 +02:00
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
2024-05-28 17:42:47 +02:00
|
|
|
kubernetes.io/tls-acme: "true"
|
|
|
|
tlsSecretPerReplica:
|
|
|
|
enabled: true
|
|
|
|
prefix: prometheus
|
2023-06-20 08:43:48 +02:00
|
|
|
prometheusSpec:
|
2024-10-02 21:13:29 +02:00
|
|
|
remoteWrite:
|
|
|
|
- url: http://receiver-write.thanos.svc.cluster.local:10908/api/v1/receive
|
|
|
|
name: thanos
|
|
|
|
queueConfig:
|
|
|
|
maxSamplesPerSend: 1000
|
|
|
|
maxShards: 200
|
|
|
|
capacity: 2500
|
2024-02-06 22:27:49 +01:00
|
|
|
retentionSize: "45GB"
|
2023-06-20 08:43:48 +02:00
|
|
|
replicas: 2
|
2023-06-20 13:15:28 +02:00
|
|
|
storageSpec:
|
|
|
|
volumeClaimTemplate:
|
|
|
|
spec:
|
2024-09-30 22:39:58 +02:00
|
|
|
storageClassName: longhorn
|
2023-06-20 13:15:28 +02:00
|
|
|
accessModes: ["ReadWriteOnce"]
|
|
|
|
resources:
|
|
|
|
requests:
|
2024-02-06 22:27:49 +01:00
|
|
|
storage: 50Gi
|
2023-10-23 18:05:29 +02:00
|
|
|
ruleNamespaceSelector:
|
|
|
|
matchLabels:
|
|
|
|
prometheus: yolokube
|
2024-03-16 13:06:47 +01:00
|
|
|
podAntiAffinity: "hard"
|
2023-06-20 08:43:48 +02:00
|
|
|
servicePerReplica:
|
2023-11-26 20:41:43 +01:00
|
|
|
enabled: true
|
2024-02-01 22:00:37 +01:00
|
|
|
defaultRules:
|
2024-03-17 12:36:18 +01:00
|
|
|
create: true
|
|
|
|
customRules:
|
|
|
|
KubeNodeUnreachable:
|
|
|
|
for: 0m
|
2024-05-28 17:42:47 +02:00
|
|
|
severity: "critical"
|