Aaron Riedel
ee0909b968
All checks were successful
ci/woodpecker/push/dashboard Pipeline was successful
197 lines
5.4 KiB
YAML
197 lines
5.4 KiB
YAML
alertmanager:
|
|
alertmanagerSpec:
|
|
podAntiAffinity: "hard"
|
|
replicas: 2
|
|
secrets:
|
|
- "telegram-api"
|
|
configMaps:
|
|
- "templates"
|
|
storage:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
useExistingSecret: false
|
|
config:
|
|
global:
|
|
resolve_timeout: 5m
|
|
templates:
|
|
- '/etc/alertmanager/configmaps/templates/telegram.tmpl'
|
|
route:
|
|
group_by: ['alertname']
|
|
group_wait: 30s
|
|
group_interval: 30s
|
|
repeat_interval: 24h
|
|
receiver: 'tg1'
|
|
routes:
|
|
- matchers:
|
|
- severity=warning
|
|
receiver: 'tg1'
|
|
- matchers:
|
|
- severity=critical
|
|
receiver: 'tg1'
|
|
receivers:
|
|
- name: tg1
|
|
telegram_configs:
|
|
- bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
|
|
chat_id: -995270884
|
|
api_url: "https://api.telegram.org"
|
|
send_resolved: true
|
|
parse_mode: "HTML"
|
|
message: '{{ template "telegram.aaron" .}}'
|
|
inhibit_rules:
|
|
- source_matchers:
|
|
- severity = critical
|
|
target_matchers:
|
|
- severity = warning
|
|
- severity = info
|
|
equal: ['node']
|
|
- source_matchers:
|
|
- alertname = KubeNodeUnreachable
|
|
target_matchers:
|
|
- severity =~ "warning|info"
|
|
ingress:
|
|
paths:
|
|
- /
|
|
enabled: true
|
|
hosts:
|
|
- alertmanager.services.yolokube.de
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
|
kubernetes.io/tls-acme: "true"
|
|
tls:
|
|
- secretName: alertmanager-tls-key
|
|
hosts:
|
|
- alertmanager.services.yolokube.de
|
|
ingressPerReplica:
|
|
pathType: ImplementationSpecific
|
|
paths:
|
|
- /
|
|
enabled: true
|
|
hostPrefix: alertmanager
|
|
hostDomain: services.yolokube.de
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
|
kubernetes.io/tls-acme: "true"
|
|
tlsSecretPerReplica:
|
|
enabled: true
|
|
prefix: alertmanager
|
|
servicePerReplica:
|
|
enabled: true
|
|
podAntiAffinity: "hard"
|
|
grafana:
|
|
defaultDashboardsTimezone: Europe/Berlin
|
|
ingress:
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
|
enabled: true
|
|
hosts:
|
|
- grafana.services.yolokube.de
|
|
tls:
|
|
- secretName: grafana-tls-key
|
|
hosts:
|
|
- grafana.services.yolokube.de
|
|
persistence:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteMany
|
|
grafana.ini:
|
|
auth:
|
|
disable_login_form: true
|
|
disable_signout_menu: true
|
|
auth.proxy:
|
|
enabled: true
|
|
header_name: X-Authentik-Username
|
|
header_property: username
|
|
auto_sign_up: true
|
|
headers: Email:X-Authentik-Email, Name:X-Authentik-Name, Role:X-Authentik-Grafana-Role
|
|
whitelist: 10.1.0.0/16
|
|
additionalDataSources:
|
|
- name: Thanos
|
|
type: prometheus
|
|
url: http://querier.thanos.svc.cluster.local:9090
|
|
prometheus-node-exporter:
|
|
prometheus:
|
|
monitor:
|
|
enabled: true
|
|
relabelings:
|
|
- action: replace
|
|
sourceLabels: [__meta_kubernetes_endpoint_node_name]
|
|
targetLabel: node
|
|
extraArgs:
|
|
- '--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)'
|
|
- '--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$'
|
|
- '--collector.textfile.directory=/host/root/var/log/'
|
|
- '--collector.ethtool'
|
|
prometheus:
|
|
servicePerReplica:
|
|
enabled: true
|
|
ingress:
|
|
paths:
|
|
- /
|
|
enabled: true
|
|
hosts:
|
|
- prometheus.services.yolokube.de
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
|
kubernetes.io/tls-acme: "true"
|
|
tls:
|
|
- secretName: prometheus-tls-key
|
|
hosts:
|
|
- prometheus.services.yolokube.de
|
|
ingressPerReplica:
|
|
pathType: ImplementationSpecific
|
|
paths:
|
|
- /
|
|
enabled: true
|
|
hostPrefix: prometheus
|
|
hostDomain: services.yolokube.de
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
|
|
kubernetes.io/tls-acme: "true"
|
|
tlsSecretPerReplica:
|
|
enabled: true
|
|
prefix: prometheus
|
|
prometheusSpec:
|
|
remoteWrite:
|
|
- url: http://receiver-write.thanos.svc.cluster.local:10908/api/v1/receive
|
|
name: thanos
|
|
queueConfig:
|
|
maxSamplesPerSend: 1000
|
|
maxShards: 200
|
|
capacity: 2500
|
|
retentionSize: "45GB"
|
|
replicas: 2
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
storageClassName: longhorn
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 50Gi
|
|
ruleNamespaceSelector:
|
|
matchLabels:
|
|
prometheus: yolokube
|
|
ruleSelector:
|
|
matchLabels: null
|
|
serviceMonitorSelector:
|
|
matchLabels: null
|
|
podMonitorSelector:
|
|
matchLabels: null
|
|
probeSelector:
|
|
matchLabels: null
|
|
scrapeConfigSelector:
|
|
matchLabels: null
|
|
podAntiAffinity: "hard"
|
|
servicePerReplica:
|
|
enabled: true
|
|
defaultRules:
|
|
create: true
|
|
customRules:
|
|
KubeNodeUnreachable:
|
|
for: 0m
|
|
severity: "critical"
|