alertmanager: alertmanagerSpec: podAntiAffinity: "hard" replicas: 2 secrets: - "telegram-api" configMaps: - "templates" storage: volumeClaimTemplate: spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi useExistingSecret: false config: global: resolve_timeout: 5m templates: - '/etc/alertmanager/configmaps/templates/telegram.tmpl' route: group_by: ['alertname'] group_wait: 30s group_interval: 30s repeat_interval: 24h receiver: 'tg1' routes: - matchers: - severity=warning receiver: 'tg1' - matchers: - severity=critical receiver: 'tg1' receivers: - name: tg1 telegram_configs: - bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key' chat_id: -995270884 api_url: "https://api.telegram.org" send_resolved: true parse_mode: "HTML" message: '{{ template "telegram.aaron" .}}' inhibit_rules: - source_matchers: - severity = critical target_matchers: - severity = warning - severity = info equal: ['node'] - source_matchers: - alertname = KubeNodeUnreachable target_matchers: - severity =~ "warning|info" ingress: paths: - / enabled: true hosts: - alertmanager.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd kubernetes.io/tls-acme: "true" tls: - secretName: alertmanager-tls-key hosts: - alertmanager.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: - / enabled: true hostPrefix: alertmanager hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd kubernetes.io/tls-acme: "true" tlsSecretPerReplica: enabled: true prefix: alertmanager servicePerReplica: enabled: true podAntiAffinity: "hard" grafana: defaultDashboardsTimezone: Europe/Berlin ingress: annotations: kubernetes.io/tls-acme: "true" traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd enabled: true hosts: - grafana.services.yolokube.de tls: - secretName: grafana-tls-key hosts: - grafana.services.yolokube.de persistence: enabled: true accessModes: - ReadWriteMany grafana.ini: auth: disable_login_form: true disable_signout_menu: true auth.proxy: enabled: true header_name: X-Authentik-Username header_property: username auto_sign_up: true headers: Email:X-Authentik-Email, Name:X-Authentik-Name, Role:X-Authentik-Grafana-Role whitelist: 10.1.0.0/16 prometheus-node-exporter: prometheus: monitor: enabled: true relabelings: - action: replace sourceLabels: [__meta_kubernetes_endpoint_node_name] targetLabel: node extraArgs: - '--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)' - '--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$' - '--collector.textfile.directory=/host/root/var/log/' - '--collector.ethtool' prometheus: servicePerReplica: enabled: true ingress: paths: - / enabled: true hosts: - prometheus.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd kubernetes.io/tls-acme: "true" tls: - secretName: prometheus-tls-key hosts: - prometheus.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: - / enabled: true hostPrefix: prometheus hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd kubernetes.io/tls-acme: "true" tlsSecretPerReplica: enabled: true prefix: prometheus prometheusSpec: remoteWrite: - url: http://receiver-write.thanos.svc.cluster.local:10908/api/v1/receive name: thanos queueConfig: maxSamplesPerSend: 1000 maxShards: 200 capacity: 2500 retentionSize: "45GB" replicas: 2 storageSpec: volumeClaimTemplate: spec: storageClassName: longhorn accessModes: ["ReadWriteOnce"] resources: requests: storage: 50Gi ruleNamespaceSelector: matchLabels: prometheus: yolokube ruleSelector: matchLabels: null serviceMonitorSelector: matchLabels: null podMonitorSelector: matchLabels: null probeSelector: matchLabels: null scrapeConfigSelector: matchLabels: null podAntiAffinity: "hard" servicePerReplica: enabled: true defaultRules: create: true customRules: KubeNodeUnreachable: for: 0m severity: "critical"