From 090700adb460c97fe85ce0b018bc353e39be6c27 Mon Sep 17 00:00:00 2001 From: Ian Stanton Date: Mon, 20 May 2024 21:31:30 -0400 Subject: [PATCH] Add templates Signed-off-by: Ian Stanton --- charts/monitoring/templates/alerting.yaml | 108 ++++++++++++++++++ .../templates/grafana-dashboards.yaml | 8 ++ charts/monitoring/templates/ingress.yaml | 87 ++++++++++++++ .../monitoring/templates/logging-ingress.yaml | 20 ++++ .../templates/values-input-validation.yaml | 4 + 5 files changed, 227 insertions(+) create mode 100644 charts/monitoring/templates/alerting.yaml create mode 100644 charts/monitoring/templates/grafana-dashboards.yaml create mode 100644 charts/monitoring/templates/ingress.yaml create mode 100644 charts/monitoring/templates/logging-ingress.yaml create mode 100644 charts/monitoring/templates/values-input-validation.yaml diff --git a/charts/monitoring/templates/alerting.yaml b/charts/monitoring/templates/alerting.yaml new file mode 100644 index 0000000..a0b6eb4 --- /dev/null +++ b/charts/monitoring/templates/alerting.yaml @@ -0,0 +1,108 @@ +{{- if .Values.slackAlerting.enabled }} + +{{- if not (and .Values.slackAlerting.channel .Values.slackAlerting.slackWebhookUrl) -}} +{{ fail "You must set slackAlerting.slackWebhookUrl and slackAlerting.channel" }} +{{- end }} + +apiVersion: monitoring.coreos.com/v1alpha1 +kind: AlertmanagerConfig +metadata: + name: global-default-alertmanager-config + namespace: {{ .Release.Namespace }} +spec: + route: + groupBy: ['alertname'] + groupWait: 120s + groupInterval: 5m + repeatInterval: 12h + receiver: 'slack-receiver' + routes: + {{- if .Values.deadManSnitch.webhook_url }} + - receiver: 'deadmansnitch' + groupWait: 0s + groupInterval: 1m + repeatInterval: 1m + matchers: + - matchType: = + name: alertname + value: Watchdog + - matchType: = + name: severity + value: none + {{- else }} + - receiver: 'null' + matchers: + - matchType: = + name: alertname + value: Watchdog + - matchType: = + name: severity + value: none + {{- end }} + {{- if .Values.pagerDuty.routingKey }} + - receiver: 'pagerduty-receiver' + matchers: + - matchType: = + name: severity + value: critical + continue: true + {{- end }} + - receiver: 'slack-receiver' + receivers: + - name: 'null' + {{- if .Values.deadManSnitch.webhook_url }} + - name: deadmansnitch + webhookConfigs: + - url: {{ .Values.deadManSnitch.webhook_url }} + {{- end }} + - name: slack-receiver + slackConfigs: + - apiURL: + key: slack_webhook_url + name: {{ .Release.Name }}-slack-webhook-url + optional: false + text: | + + https://alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + https://grafana{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + https://prometheus{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + +{{ .Files.Get "files/slack-notification-template.txt" | indent 10 }} + title: '{{ .Files.Get "files/slack-notification-title.txt" }}' + channel: "{{ .Values.slackAlerting.channel }}" + sendResolved: true + username: "alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }}" + {{- if .Values.pagerDuty.routingKey }} + - name: pagerduty-receiver + pagerdutyConfigs: + - routingKey: + key: pagerduty_routing_key + name: {{ .Release.Name }}-pagerduty-routing-key + optional: false + sendResolved: true + {{- end }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-slack-webhook-url + namespace: {{ .Release.Namespace }} +data: + slack_webhook_url: {{ .Values.slackAlerting.slackWebhookUrl | b64enc }} + + +{{- if .Values.pagerDuty.routingKey }} +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-pagerduty-routing-key + namespace: {{ .Release.Namespace }} +data: + pagerduty_routing_key: {{ .Values.pagerDuty.routingKey | b64enc }} +{{- end }} + +{{- end }} diff --git a/charts/monitoring/templates/grafana-dashboards.yaml b/charts/monitoring/templates/grafana-dashboards.yaml new file mode 100644 index 0000000..c755d66 --- /dev/null +++ b/charts/monitoring/templates/grafana-dashboards.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-custom-dashboards + labels: + grafana_dashboard: "1" +data: +{{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }} diff --git a/charts/monitoring/templates/ingress.yaml b/charts/monitoring/templates/ingress.yaml new file mode 100644 index 0000000..2b136fe --- /dev/null +++ b/charts/monitoring/templates/ingress.yaml @@ -0,0 +1,87 @@ +{{- define "ingress.annotations" -}} +alb.ingress.kubernetes.io/backend-protocol: HTTP +alb.ingress.kubernetes.io/group.name: {{ .Values.ingress.albGroupName }} +alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' +# Ingress only internally for unauthenticated endpoints like Prometheus +alb.ingress.kubernetes.io/scheme: internal +alb.ingress.kubernetes.io/ssl-redirect: "443" +alb.ingress.kubernetes.io/target-type: ip +kubernetes.io/ingress.class: alb +{{- end }} + + +{{- if .Values.ingress.enabled -}} + +{{- if not .Values.ingress.albGroupName -}} +{{ fail "You must set ingress.albGroupName" }} +{{- end }} + +{{- if not .Values.ingress.baseDomain -}} +{{ fail "You must set ingress.baseDomain" }} +{{- end }} + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: +{{ include "ingress.annotations" . | indent 4 }} + name: {{ .Release.Name }}-grafana + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: grafana{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + http: + paths: + - backend: + service: + name: {{ .Release.Name }}-grafana + port: + number: 80 + path: / + pathType: Prefix +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: +{{ include "ingress.annotations" . | indent 4}} + name: {{ .Release.Name }}-prometheus + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: prometheus{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + http: + paths: + - backend: + service: + name: {{ .Release.Name }}-kube-prometheus-prometheus + port: + number: 9090 + path: / + pathType: Prefix +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: +{{ include "ingress.annotations" . | indent 4}} + name: {{ .Release.Name }}-alertmanager + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: alertmanager{{ .Values.ingress.subdomainSuffix }}.{{ .Values.ingress.baseDomain }} + http: + paths: + - backend: + service: + name: {{ .Release.Name }}-kube-prometheus-alertmanager + port: + number: 9093 + path: / + pathType: Prefix + +{{- end }} diff --git a/charts/monitoring/templates/logging-ingress.yaml b/charts/monitoring/templates/logging-ingress.yaml new file mode 100644 index 0000000..ab85c25 --- /dev/null +++ b/charts/monitoring/templates/logging-ingress.yaml @@ -0,0 +1,20 @@ +# This is intended to be paired with a forward auth middleware +# and a Loki multi-tenancy configuration. +{{- if .Values.ingressRouteLoki.enabled }} +{{- $domains := required "IngressRouteLoki is enabled, but no domains are provided in .Values.ingressRouteLoki.domains" .Values.ingressRouteLoki.domains }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: loki-{{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: ({{ range $index, $domain := $domains }}Host(`{{ $domain }}`){{ if lt $index (sub (len $domains) 1) }} || {{ end }}{{ end }}) && PathPrefix(`/loki/`) + services: + - name: loki-read + port: 3100 + tls: {} +{{- end }} diff --git a/charts/monitoring/templates/values-input-validation.yaml b/charts/monitoring/templates/values-input-validation.yaml new file mode 100644 index 0000000..5e2588a --- /dev/null +++ b/charts/monitoring/templates/values-input-validation.yaml @@ -0,0 +1,4 @@ +# https://github.com/helm/helm/issues/2192#issuecomment-293739257 +{{- if not (index .Values "kube-prometheus-stack").grafana.adminPassword -}} +{{ fail "You must set kube-prometheus-stack.grafana.adminPassword." }} +{{- end }}