Add templates

Signed-off-by: Ian Stanton <ian@tembo.io>

charts/monitoring/templates/alerting.yaml

@@ -0,0 +1,108 @@
+{{- if .Values.slackAlerting.enabled }}
+
+{{- if not (and .Values.slackAlerting.channel .Values.slackAlerting.slackWebhookUrl) -}}
+{{ fail "You must set slackAlerting.slackWebhookUrl and slackAlerting.channel" }}
+{{- end }}
+
+apiVersion: monitoring.coreos.com/v1alpha1
+kind: AlertmanagerConfig
+metadata:
+  name: global-default-alertmanager-config
+  namespace: {{ .Release.Namespace }}
+spec:
+  route:
+    groupBy: ['alertname']
+    groupWait: 120s
+    groupInterval: 5m
+    repeatInterval: 12h
+    receiver: 'slack-receiver'
+    routes:
+    {{- if .Values.deadManSnitch.webhook_url }}
+    - receiver: 'deadmansnitch'
+      groupWait: 0s
+      groupInterval: 1m
+      repeatInterval: 1m
+      matchers:
+      - matchType: =
+        name: alertname
+        value: Watchdog
+      - matchType: =
+        name: severity
+        value: none
+    {{- else }}
+    - receiver: 'null'
+      matchers:
+      - matchType: =
+        name: alertname
+        value: Watchdog
+      - matchType: =
+        name: severity
+        value: none
+    {{- end }}
+    {{- if .Values.pagerDuty.routingKey }}
+    - receiver: 'pagerduty-receiver'
+      matchers:
+      - matchType: =
+        name: severity
+        value: critical
+      continue: true
+    {{- end }}
+    - receiver: 'slack-receiver'
+  receivers:
+    - name: 'null'
+    {{- if .Values.deadManSnitch.webhook_url }}
+    - name: deadmansnitch
+      webhookConfigs:
+      - url: {{ .Values.deadManSnitch.webhook_url }}
+    {{- end }}
+    - name: slack-receiver
+      slackConfigs:
+      - apiURL:
+          key: slack_webhook_url
+          name: {{ .Release.Name }}-slack-webhook-url
+          optional: false
+        text: |
+
+          https://alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+          https://grafana{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+          https://prometheus{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+
+{{ .Files.Get "files/slack-notification-template.txt" | indent 10 }}
+        title: '{{ .Files.Get "files/slack-notification-title.txt" }}'
+        channel: "{{ .Values.slackAlerting.channel }}"
+        sendResolved: true
+        username: "alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}"
+    {{- if .Values.pagerDuty.routingKey }}
+    - name: pagerduty-receiver
+      pagerdutyConfigs:
+        - routingKey:
+            key: pagerduty_routing_key
+            name: {{ .Release.Name }}-pagerduty-routing-key
+            optional: false
+          sendResolved: true
+    {{- end }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-slack-webhook-url
+  namespace: {{ .Release.Namespace }}
+data:
+  slack_webhook_url: {{ .Values.slackAlerting.slackWebhookUrl |  b64enc }}
+
+
+{{- if .Values.pagerDuty.routingKey }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-pagerduty-routing-key
+  namespace: {{ .Release.Namespace }}
+data:
+  pagerduty_routing_key: {{ .Values.pagerDuty.routingKey | b64enc }}
+{{- end }}
+
+{{- end }}

charts/monitoring/templates/grafana-dashboards.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-custom-dashboards
+  labels:
+    grafana_dashboard: "1"
+data:
+{{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }}

charts/monitoring/templates/ingress.yaml

@@ -0,0 +1,87 @@
+{{- define "ingress.annotations" -}}
+alb.ingress.kubernetes.io/backend-protocol: HTTP
+alb.ingress.kubernetes.io/group.name: {{ .Values.ingress.albGroupName }}
+alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]'
+# Ingress only internally for unauthenticated endpoints like Prometheus
+alb.ingress.kubernetes.io/scheme: internal
+alb.ingress.kubernetes.io/ssl-redirect: "443"
+alb.ingress.kubernetes.io/target-type: ip
+kubernetes.io/ingress.class: alb
+{{- end }}
+
+
+{{- if .Values.ingress.enabled -}}
+
+{{- if not .Values.ingress.albGroupName -}}
+{{ fail "You must set ingress.albGroupName" }}
+{{- end }}
+
+{{- if not .Values.ingress.baseDomain -}}
+{{ fail "You must set ingress.baseDomain" }}
+{{- end }}
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+{{ include "ingress.annotations" . | indent 4 }}
+  name: {{ .Release.Name }}-grafana
+  namespace: {{ .Release.Namespace }}
+spec:
+  rules:
+  - host: grafana{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}-grafana
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+{{ include "ingress.annotations" . | indent 4}}
+  name: {{ .Release.Name }}-prometheus
+  namespace: {{ .Release.Namespace }}
+spec:
+  rules:
+  - host: prometheus{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}-kube-prometheus-prometheus
+            port:
+              number: 9090
+        path: /
+        pathType: Prefix
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+{{ include "ingress.annotations" . | indent 4}}
+  name: {{ .Release.Name }}-alertmanager
+  namespace: {{ .Release.Namespace }}
+spec:
+  rules:
+  - host: alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}-kube-prometheus-alertmanager
+            port:
+              number: 9093
+        path: /
+        pathType: Prefix
+
+{{- end }}

charts/monitoring/templates/logging-ingress.yaml

@@ -0,0 +1,20 @@
+# This is intended to be paired with a forward auth middleware
+# and a Loki multi-tenancy configuration.
+{{- if .Values.ingressRouteLoki.enabled }}
+{{- $domains := required "IngressRouteLoki is enabled, but no domains are provided in .Values.ingressRouteLoki.domains" .Values.ingressRouteLoki.domains }}
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: loki-{{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: ({{ range $index, $domain := $domains }}Host(`{{ $domain }}`){{ if lt $index (sub (len $domains) 1) }} || {{ end }}{{ end }}) && PathPrefix(`/loki/`)
+    services:
+    - name: loki-read
+      port: 3100
+  tls: {}
+{{- end }}

charts/monitoring/templates/values-input-validation.yaml

@@ -0,0 +1,4 @@
+# https://github.com/helm/helm/issues/2192#issuecomment-293739257
+{{- if not (index .Values "kube-prometheus-stack").grafana.adminPassword -}}
+{{ fail "You must set kube-prometheus-stack.grafana.adminPassword." }}
+{{- end }}