From 1bb720840d3f1a7b4ea1fd230b33470349fc7225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 4 Jun 2025 13:18:18 +0200 Subject: [PATCH] feat: Migrate sys applications to helmfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move most of helmfiles into temp to test only velero. File structure: ```bash / ├── helmfile.d/ # Helmfiles, *.yaml.gotmpl ├── charts/ # Our own charts, e.g `Atlantis` ├── values # Values for helmfiles │ ├── │ │ ├── values.yaml.gotmpl # Values to be templated in `values/` │ │ ├── kustomize # Kustomizations per environment │ │ ├── manifests # Raw manifests │ │ │ ├── .yaml # Argo App for bootstrap │ │ │ ├── dashboards # Grafana dashboards │ │ │ │ └── -metrics.yaml │ │ │ └── policies # Cilium and Kyverno policies │ │ │ ├── CiliumNetworkPolicy-allow-api-server.yaml │ │ │ └── KyvernoPolicy-regred-secret.yaml │ │ └── values # Values for each environment │ │ ├── -staging.yaml.gotmpl # Values for staging environment │ │ ├── -prod.yaml.gotmpl # Values for prod environment │ │ └── .yaml.gotmpl # Standard values for all environments │ │ │ ├── values.yaml # Standard values for all cluster │ ├── values-oceanbox.yaml # Values overrides for oceanbox │ ├── values-ekman.yaml # Values overrides for ekman ``` --- argocd/helmfile-cmp/argo-repo-server.yaml | 476 ++ argocd/helmfile-cmp/generate.sh | 7 +- argocd/helmfile-cmp/plugin.yaml | 4 +- bin/helmify | 5 +- envs/environments.yaml.gotmpl | 12 +- ...elero.yaml.gotmpl => helmfile.yaml.gotmpl} | 8 +- justfile | 4 +- shell.nix | 5 +- {helmfile.d => temp}/argo.yaml.gotmpl | 0 {helmfile.d => temp}/atlantis.yaml.gotmpl | 0 {helmfile.d => temp}/cert-manager.yaml.gotmpl | 15 +- {helmfile.d => temp}/cilium.yaml.gotmpl | 0 {helmfile.d => temp}/dapr.yaml.gotmpl | 0 {helmfile.d => temp}/geoserver.yaml.gotmpl | 0 {helmfile.d => temp}/headscale.yaml.gotmpl | 0 .../ingress-nginx.yaml.gotmpl | 0 {helmfile.d => temp}/keycloak.yaml.gotmpl | 0 {helmfile.d => temp}/kyverno.yaml.gotmpl | 2 +- {helmfile.d => temp}/loki.yaml.gotmpl | 0 .../metricsserver.yaml.gotmpl | 16 +- temp/nfs-provisioner.yaml.gotmpl | 43 + {helmfile.d => temp}/nix/argo.gotmpl.nix | 0 {helmfile.d => temp}/nix/helmfile.gotmpl.nix | 0 {helmfile.d => temp}/openfga.yaml.gotmpl | 0 .../otel-collector.yaml.gotmpl | 0 {helmfile.d => temp}/plausible.yaml.gotmpl | 0 .../postgres-operator.yaml.gotmpl | 0 {helmfile.d => temp}/prometheus.yaml.gotmpl | 0 {helmfile.d => temp}/rabbitmq.yaml.gotmpl | 0 {helmfile.d => temp}/redis.yaml.gotmpl | 0 {helmfile.d => temp}/tempo.yaml.gotmpl | 0 {helmfile.d => temp}/wordpress.yaml.gotmpl | 0 .../x509-exporter.yaml.gotmpl | 14 +- .../cert-manager/manifests/cert-manager.yaml | 38 + ...licy-allow-api-server-to-cert-manager.yaml | 0 .../CiliumNetworkPolicy-allow-api-server.yaml | 0 ...etworkPolicy-allow-prometheus-metrics.yaml | 0 ...liumNetworkPolicy-allow-world-traffic.yaml | 0 .../manifests/pre-cert-manager.yaml | 225 + values/cert-manager/values.yaml.gotmpl | 3 + .../values/cert-manager.yaml.gotmpl | 5 + .../manifests}/dashboards/ingress-nginx.yaml | 0 .../manifests/ingress-nginx.yaml | 3 + ...iliumNetworkPolicy-allow-host-traffic.yaml | 14 + ...iumNetworkPolicy-allow-hubble-traffic.yaml | 14 + ...etworkPolicy-allow-prometheus-metrics.yaml | 17 + .../CiliumNetworkPolicy-allow-s3-traffic.yaml | 19 + ...rkPolicy-allow-world-to-ingress-nginx.yaml | 19 + .../kyverno/kustomize/base/kustomization.yaml | 4 - .../kustomize/default/kustomization.yaml | 4 - .../manifests/kyverno-cluster-admin.yaml | 17 + .../CiliumNetworkPolicy-allow-api-server.yaml | 15 + ...etworkPolicy-allow-prometheus-metrics.yaml | 17 + ...rkPolicy-allow-remote-node-to-kyverno.yaml | 12 + .../manifests/policies/sync-gitlab.yaml | 31 + .../manifests/policies/sync-regcred.yaml | 33 + .../manifests/policies/sync-s3-secret.yaml | 33 + .../whitelist-internal-ingresses.yaml | 73 + .../manifests/metricsserver.yaml | 36 + values/metricsserver/values.yaml.gotmpl | 4 + .../values/metricsserver.yaml.gotmpl | 9 + .../manifests/nfs-provisioner.yaml | 38 + values/nfs-provisioner/values.yaml.gotmpl | 6 + .../values/nfs-provisioner.yaml.gotmpl | 16 + .../kustomize/base/kustomization.yaml | 4 - .../kustomize/default/kustomization.yaml | 4 - .../manifests/dashboards/cnpg-postgres.yaml | 3908 +++++++++++++++++ .../CiliumNetworkPolicy-allow-api-server.yaml | 16 + ...workPolicy-allow-remote-node-webhooks.yaml | 15 + .../CiliumNetworkPolicy-allow-alerting.yaml | 13 + ...workPolicy-allow-alertmanager-ingress.yaml | 14 + ...CiliumNetworkPolicy-allow-dns-metrics.yaml | 15 + ...iliumNetworkPolicy-allow-etcd-metrics.yaml | 15 + ...umNetworkPolicy-allow-grafana-ingress.yaml | 14 + ...etworkPolicy-allow-grafana-oidc-login.yaml | 16 + ...umNetworkPolicy-allow-grafana-plugins.yaml | 15 + ...kPolicy-allow-grafana-secure-gravatar.yaml | 14 + ...iliumNetworkPolicy-allow-host-traffic.yaml | 14 + ...liumNetworkPolicy-allow-nginx-ingress.yaml | 14 + ...umNetworkPolicy-allow-opencost-scrape.yaml | 19 + ...y-allow-remote-node-to-metrics-server.yaml | 13 + ...rkPolicy-allow-remote-node-to-webhook.yaml | 13 + ...umNetworkPolicy-allow-robusta-ingress.yaml | 14 + ...liumNetworkPolicy-allow-stats-grafana.yaml | 13 + ...heus-add-folder-to-default-dashboards.yaml | 32 + values/prometheus/manifests/prometheus.yaml | 5 +- values/prometheus/values.yaml.gotmpl | 61 +- values/values-oceanbox.yaml | 1 + .../velero/kustomize/base/kustomization.yaml | 4 - .../kustomize/default/kustomization.yaml | 4 - .../velero/manifests/dashboards/velero.yaml | 2214 ++++++++++ .../CiliumNetworkPolicy-allow-api-server.yaml | 16 + ...iumNetworkPolicy-allow-job-api-server.yaml | 16 + ...etworkPolicy-allow-prometheus-metrics.yaml | 17 + values/velero/manifests/schedule.yaml | 31 + values/velero/manifests/velero.yaml | 9 +- values/velero/values.yaml.gotmpl | 6 +- values/velero/values/velero.yaml.gotmpl | 6 +- .../kustomize/base/kustomization.yaml | 4 - .../kustomize/default/kustomization.yaml | 4 - .../dashboards/x509-exporter-dashbaoard.yaml | 2011 +++++++++ .../manifests/x509-certificates.yaml | 48 + 102 files changed, 9862 insertions(+), 106 deletions(-) create mode 100644 argocd/helmfile-cmp/argo-repo-server.yaml rename helmfile.d/{velero.yaml.gotmpl => helmfile.yaml.gotmpl} (82%) rename {helmfile.d => temp}/argo.yaml.gotmpl (100%) rename {helmfile.d => temp}/atlantis.yaml.gotmpl (100%) rename {helmfile.d => temp}/cert-manager.yaml.gotmpl (79%) rename {helmfile.d => temp}/cilium.yaml.gotmpl (100%) rename {helmfile.d => temp}/dapr.yaml.gotmpl (100%) rename {helmfile.d => temp}/geoserver.yaml.gotmpl (100%) rename {helmfile.d => temp}/headscale.yaml.gotmpl (100%) rename {helmfile.d => temp}/ingress-nginx.yaml.gotmpl (100%) rename {helmfile.d => temp}/keycloak.yaml.gotmpl (100%) rename {helmfile.d => temp}/kyverno.yaml.gotmpl (98%) rename {helmfile.d => temp}/loki.yaml.gotmpl (100%) rename {helmfile.d => temp}/metricsserver.yaml.gotmpl (78%) create mode 100644 temp/nfs-provisioner.yaml.gotmpl rename {helmfile.d => temp}/nix/argo.gotmpl.nix (100%) rename {helmfile.d => temp}/nix/helmfile.gotmpl.nix (100%) rename {helmfile.d => temp}/openfga.yaml.gotmpl (100%) rename {helmfile.d => temp}/otel-collector.yaml.gotmpl (100%) rename {helmfile.d => temp}/plausible.yaml.gotmpl (100%) rename {helmfile.d => temp}/postgres-operator.yaml.gotmpl (100%) rename {helmfile.d => temp}/prometheus.yaml.gotmpl (100%) rename {helmfile.d => temp}/rabbitmq.yaml.gotmpl (100%) rename {helmfile.d => temp}/redis.yaml.gotmpl (100%) rename {helmfile.d => temp}/tempo.yaml.gotmpl (100%) rename {helmfile.d => temp}/wordpress.yaml.gotmpl (100%) rename {helmfile.d => temp}/x509-exporter.yaml.gotmpl (80%) create mode 100644 values/cert-manager/manifests/cert-manager.yaml rename {apps/charts/sys-cilium-policies/templates/cert-manager => values/cert-manager/manifests/policies}/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml (100%) rename {apps/charts/sys-cilium-policies/templates/cert-manager => values/cert-manager/manifests/policies}/CiliumNetworkPolicy-allow-api-server.yaml (100%) rename {apps/charts/sys-cilium-policies/templates/cert-manager => values/cert-manager/manifests/policies}/CiliumNetworkPolicy-allow-prometheus-metrics.yaml (100%) rename {apps/charts/sys-cilium-policies/templates/cert-manager => values/cert-manager/manifests/policies}/CiliumNetworkPolicy-allow-world-traffic.yaml (100%) create mode 100644 values/cert-manager/manifests/pre-cert-manager.yaml create mode 100644 values/cert-manager/values.yaml.gotmpl create mode 100644 values/cert-manager/values/cert-manager.yaml.gotmpl rename {apps/templates/resources => values/ingress-nginx/manifests}/dashboards/ingress-nginx.yaml (100%) create mode 100644 values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml create mode 100644 values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml create mode 100644 values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml create mode 100644 values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml delete mode 100644 values/kyverno/kustomize/base/kustomization.yaml delete mode 100644 values/kyverno/kustomize/default/kustomization.yaml create mode 100644 values/kyverno/manifests/kyverno-cluster-admin.yaml create mode 100644 values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml create mode 100644 values/kyverno/manifests/policies/sync-gitlab.yaml create mode 100644 values/kyverno/manifests/policies/sync-regcred.yaml create mode 100644 values/kyverno/manifests/policies/sync-s3-secret.yaml create mode 100644 values/kyverno/manifests/policies/whitelist-internal-ingresses.yaml create mode 100644 values/metricsserver/manifests/metricsserver.yaml create mode 100644 values/metricsserver/values.yaml.gotmpl create mode 100644 values/metricsserver/values/metricsserver.yaml.gotmpl create mode 100644 values/nfs-provisioner/manifests/nfs-provisioner.yaml create mode 100644 values/nfs-provisioner/values.yaml.gotmpl create mode 100644 values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl delete mode 100644 values/postgres-operator/kustomize/base/kustomization.yaml delete mode 100644 values/postgres-operator/kustomize/default/kustomization.yaml create mode 100644 values/postgres-operator/manifests/dashboards/cnpg-postgres.yaml create mode 100644 values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml create mode 100644 values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml create mode 100644 values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml delete mode 100644 values/velero/kustomize/base/kustomization.yaml delete mode 100644 values/velero/kustomize/default/kustomization.yaml create mode 100644 values/velero/manifests/dashboards/velero.yaml create mode 100644 values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml create mode 100644 values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/velero/manifests/schedule.yaml delete mode 100644 values/x509-exporter/kustomize/base/kustomization.yaml delete mode 100644 values/x509-exporter/kustomize/default/kustomization.yaml create mode 100644 values/x509-exporter/manifests/dashboards/x509-exporter-dashbaoard.yaml create mode 100644 values/x509-exporter/manifests/x509-certificates.yaml diff --git a/argocd/helmfile-cmp/argo-repo-server.yaml b/argocd/helmfile-cmp/argo-repo-server.yaml new file mode 100644 index 00000000..fb061f0e --- /dev/null +++ b/argocd/helmfile-cmp/argo-repo-server.yaml @@ -0,0 +1,476 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server + deployment.kubernetes.io/revision: "27" + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argocd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.12.3 + helm.sh/chart: argo-cd-7.5.2 + name: argocd-repo-server + namespace: argocd +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argocd + app.kubernetes.io/name: argocd-repo-server + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/cm: 67d6152e0e3482f9a74a6b570fd32bbec4e7856bffe49f577a2a0d3aeaed6f48 + checksum/cmd-params: 69ed50e8936f4d6429dc331f782ad0a7d22eb12c318d6800403040352214b781 + creationTimestamp: null + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argocd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/version: v2.12.3 + helm.sh/chart: argo-cd-7.5.2 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - /usr/local/bin/argocd-repo-server + - --port=8081 + - --metrics-port=8084 + env: + - name: ARGOCD_REPO_SERVER_NAME + value: argocd-repo-server + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + key: redis-username + name: argocd-redis + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + key: redis-sentinel-username + name: argocd-redis + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + key: redis-sentinel-password + name: argocd-redis + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:v2.12.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: repo-server + ports: + - containerPort: 8081 + name: repo-server + protocol: TCP + - containerPort: 8084 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: tmp + - command: + - /var/run/argocd/argocd-cmp-server + image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest + imagePullPolicy: Always + name: kustomize-helm-with-rewrite + securityContext: + runAsNonRoot: true + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: cmp-tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - command: + - /var/run/argocd/argocd-cmp-server + image: registry.gitlab.com/oceanbox/manifests/helm-kustomize-cmp:latest + imagePullPolicy: Always + name: helm-kustomize-cmp + securityContext: + runAsNonRoot: true + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: cmp-tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - command: + - /var/run/argocd/argocd-cmp-server + image: registry.gitlab.com/oceanbox/manifests/helmfile-cmp:latest + imagePullPolicy: Always + name: helmfile-cmp + securityContext: + runAsNonRoot: true + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: cmp-tmp + - mountPath: /helm-working-dir + name: helm-working-dir + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: gitlab-pull-secret + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:v2.12.3 + imagePullPolicy: IfNotPresent + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - command: + - /bin/sh + - /plugin/init-helm-repos.sh + env: + - name: OCEANBOX_HELM_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: token + name: oceanbox-helm + optional: false + image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest + imagePullPolicy: Always + name: init-helm-repos + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /helm-working-dir + name: helm-working-dir + restartPolicy: Always + schedulerName: default-scheduler + serviceAccount: argocd-repo-server + serviceAccountName: argocd-repo-server + terminationGracePeriodSeconds: 30 + volumes: + - name: cmp-tmp + - name: helm-working-dir + - name: plugins + - name: var-files + - name: tmp + - configMap: + defaultMode: 420 + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + defaultMode: 420 + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + defaultMode: 420 + name: argocd-gpg-keys-cm + name: gpg-keys + - name: gpg-keyring + - name: argocd-repo-server-tls + secret: + defaultMode: 420 + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls diff --git a/argocd/helmfile-cmp/generate.sh b/argocd/helmfile-cmp/generate.sh index b4869ba5..ff18bef9 100644 --- a/argocd/helmfile-cmp/generate.sh +++ b/argocd/helmfile-cmp/generate.sh @@ -1,5 +1,8 @@ #!/bin/sh +# NOTE: Ensure errors are part of exitcode +# set -o pipefail + export HOME=/plugin export HELM_CACHE_HOME=/tmp/helm/cache @@ -11,5 +14,5 @@ export HELMFILE_TEMPDIR=/tmp/helmfile/tmp env > /tmp/$ARGOCD_APP_NAME.env -helmfile -n "$ARGOCD_APP_NAMESPACE" $ARGS template --include-crds -q - +# helmfile -n "$ARGOCD_APP_NAMESPACE" $ARGS template --include-crds -q +helmfile -n "$ARGOCD_APP_NAMESPACE" $ARGS template --include-crds --debug diff --git a/argocd/helmfile-cmp/plugin.yaml b/argocd/helmfile-cmp/plugin.yaml index 7ecee01b..49299ff0 100644 --- a/argocd/helmfile-cmp/plugin.yaml +++ b/argocd/helmfile-cmp/plugin.yaml @@ -1,12 +1,10 @@ apiVersion: argoproj.io/v1alpha1 kind: ConfigManagementPlugin metadata: - name: helmfile + name: helmfile-cmp spec: generate: command: [ /bin/sh ] args: - /plugin/generate.sh - discover: - fileName: helmfile.yaml lockRepo: false diff --git a/bin/helmify b/bin/helmify index 55d7ca2b..545e88ff 100755 --- a/bin/helmify +++ b/bin/helmify @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -o pipefail + cmd=$1 chart=$2 env=$3 @@ -8,13 +10,14 @@ outdir=${5:-_manifests} build() { mkdir -p $outdir/templates + echo "Creating $outdir/templates" echo "generating $outdir/Chart.yaml" 1>&2 cat < $outdir/Chart.yaml apiVersion: v1 appVersion: "1.0" -description: A Helm chart for Kubernetes +# description: A Helm chart for Kubernetes name: $chart version: 0.1.0 EOF diff --git a/envs/environments.yaml.gotmpl b/envs/environments.yaml.gotmpl index 26ac52ff..d95ffed7 100644 --- a/envs/environments.yaml.gotmpl +++ b/envs/environments.yaml.gotmpl @@ -2,22 +2,22 @@ environments: default: values: - ../values/values.yaml - - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml + - ../values/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/*/values.yaml.gotmpl - - ../values/*/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl + - ../values/*/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl missingFileHandler: Info prod: values: - ../values.yaml - - ../values-{{ requiredEnv "CLUSTER_NAME" }}.yaml + - ../values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/*/values.yaml.gotmpl - - ../values/*/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl + - ../values/*/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl missingFileHandler: Info staging: values: - ../values.yaml - - ../values-{{ requiredEnv "CLUSTER_NAME" }}.yaml + - ../values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/*/values.yaml.gotmpl - - ../values/*/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl + - ../values/*/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl missingFileHandler: Info diff --git a/helmfile.d/velero.yaml.gotmpl b/helmfile.d/helmfile.yaml.gotmpl similarity index 82% rename from helmfile.d/velero.yaml.gotmpl rename to helmfile.d/helmfile.yaml.gotmpl index 1e393669..35d2f69c 100644 --- a/helmfile.d/velero.yaml.gotmpl +++ b/helmfile.d/helmfile.yaml.gotmpl @@ -12,7 +12,7 @@ releases: - name: velero namespace: velero chart: velero/velero - version: 0.18.2 + version: 6.0.0 condition: velero.enabled values: - ../values/velero/values/velero.yaml.gotmpl @@ -27,13 +27,13 @@ releases: condition: velero.enabled missingFileHandler: Info values: - - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml + - ../values/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - ../values/velero/values.yaml.gotmpl - - ../values/velero/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl + - ../values/velero/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl hooks: - events: [ prepare, cleanup ] showlogs: true - command: ../bin/helmify + command: "../bin/helmify" args: - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' - '{{`{{ .Release.Chart }}`}}' diff --git a/justfile b/justfile index a3574ba1..386ad3ad 100644 --- a/justfile +++ b/justfile @@ -9,5 +9,5 @@ l HELMFILE ENV="default": # NOTE: Render a specifc helm chart r HELMFILE ENV="default": - helmfile --environment={{ENV}} template -q -f helmfile.d/{{HELMFILE}}.yaml.gotmpl --output-dir-template="../_manifests/{{HELMFILE}}/{{ENV}}/{{{{.Release.Name }}" - + helmfile --environment={{ENV}} template -q -f helmfile.d/{{HELMFILE}}.yaml.gotmpl --output-dir-template="../_manifests/{{HELMFILE}}/{{ENV}}" + # helmfile --environment={{ENV}} template -q -f helmfile.d/{{HELMFILE}}.yaml.gotmpl #--output-dir-template="../_manifests/{{HELMFILE}}/{{ENV}}/{{{{.Release.Name }}" diff --git a/shell.nix b/shell.nix index bb02e2ac..f364b352 100644 --- a/shell.nix +++ b/shell.nix @@ -28,7 +28,10 @@ pkgs.mkShellNoCC { helmWrap helmfileWrap helmfile-nix + + kubectl-cnpg + kubectl-neat ]; - CLUSTER_NAME = "oceanbox"; + ARGOCD_ENV_CLUSTER_NAME = "oceanbox"; } diff --git a/helmfile.d/argo.yaml.gotmpl b/temp/argo.yaml.gotmpl similarity index 100% rename from helmfile.d/argo.yaml.gotmpl rename to temp/argo.yaml.gotmpl diff --git a/helmfile.d/atlantis.yaml.gotmpl b/temp/atlantis.yaml.gotmpl similarity index 100% rename from helmfile.d/atlantis.yaml.gotmpl rename to temp/atlantis.yaml.gotmpl diff --git a/helmfile.d/cert-manager.yaml.gotmpl b/temp/cert-manager.yaml.gotmpl similarity index 79% rename from helmfile.d/cert-manager.yaml.gotmpl rename to temp/cert-manager.yaml.gotmpl index a55ed873..cdfd03a6 100644 --- a/helmfile.d/cert-manager.yaml.gotmpl +++ b/temp/cert-manager.yaml.gotmpl @@ -1,14 +1,19 @@ bases: - ../envs/environments.yaml.gotmpl +repositories: + - name: cert-manager + url: 'https://charts.jetstack.io' + commonLabels: tier: sys releases: - name: cert-manager - namespace: {{ .Environment.Name }}-cert-manager - chart: ../charts/cert-manager - condition: cert-manager.enabled + namespace: cert-manager + chart: cert-manager/cert-manager + version: 1.12.13 + condition: cert_manager.enabled values: - ../values/cert-manager/values/cert-manager.yaml.gotmpl - ../values/cert-manager/values/cert-manager-{{ .Environment.Name }}.yaml.gotmpl @@ -17,9 +22,9 @@ releases: - ../values/cert-manager/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: cert-manager-manifests - namespace: {{ .Environment.Name }}-cert-manager + namespace: cert-manager chart: _cert-manager-manifests - condition: cert-manager.enabled + condition: cert_manager.enabled missingFileHandler: Info values: - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml diff --git a/helmfile.d/cilium.yaml.gotmpl b/temp/cilium.yaml.gotmpl similarity index 100% rename from helmfile.d/cilium.yaml.gotmpl rename to temp/cilium.yaml.gotmpl diff --git a/helmfile.d/dapr.yaml.gotmpl b/temp/dapr.yaml.gotmpl similarity index 100% rename from helmfile.d/dapr.yaml.gotmpl rename to temp/dapr.yaml.gotmpl diff --git a/helmfile.d/geoserver.yaml.gotmpl b/temp/geoserver.yaml.gotmpl similarity index 100% rename from helmfile.d/geoserver.yaml.gotmpl rename to temp/geoserver.yaml.gotmpl diff --git a/helmfile.d/headscale.yaml.gotmpl b/temp/headscale.yaml.gotmpl similarity index 100% rename from helmfile.d/headscale.yaml.gotmpl rename to temp/headscale.yaml.gotmpl diff --git a/helmfile.d/ingress-nginx.yaml.gotmpl b/temp/ingress-nginx.yaml.gotmpl similarity index 100% rename from helmfile.d/ingress-nginx.yaml.gotmpl rename to temp/ingress-nginx.yaml.gotmpl diff --git a/helmfile.d/keycloak.yaml.gotmpl b/temp/keycloak.yaml.gotmpl similarity index 100% rename from helmfile.d/keycloak.yaml.gotmpl rename to temp/keycloak.yaml.gotmpl diff --git a/helmfile.d/kyverno.yaml.gotmpl b/temp/kyverno.yaml.gotmpl similarity index 98% rename from helmfile.d/kyverno.yaml.gotmpl rename to temp/kyverno.yaml.gotmpl index 4eb734f8..01ac3d5d 100644 --- a/helmfile.d/kyverno.yaml.gotmpl +++ b/temp/kyverno.yaml.gotmpl @@ -6,7 +6,7 @@ repositories: url: 'https://kyverno.github.io/kyverno/' commonLabels: - tier: system + tier: sys apiVersions: - monitoring.coreos.com/v1 diff --git a/helmfile.d/loki.yaml.gotmpl b/temp/loki.yaml.gotmpl similarity index 100% rename from helmfile.d/loki.yaml.gotmpl rename to temp/loki.yaml.gotmpl diff --git a/helmfile.d/metricsserver.yaml.gotmpl b/temp/metricsserver.yaml.gotmpl similarity index 78% rename from helmfile.d/metricsserver.yaml.gotmpl rename to temp/metricsserver.yaml.gotmpl index e583be45..3c7b2c23 100644 --- a/helmfile.d/metricsserver.yaml.gotmpl +++ b/temp/metricsserver.yaml.gotmpl @@ -1,14 +1,20 @@ bases: - ../envs/environments.yaml.gotmpl +repositories: + - name: metricsserver + url: 'https://kubernetes-sigs.github.io/metrics-server/' + + commonLabels: tier: sys releases: - name: metricsserver - namespace: {{ .Environment.Name }}-metricsserver - chart: ../charts/metricsserver - condition: metricsserver.enabled + namespace: kube-system + chart: metricsserver/metricsserver + version: 3.8.2 + condition: metrics_server.enabled values: - ../values/metricsserver/values/metricsserver.yaml.gotmpl - ../values/metricsserver/values/metricsserver-{{ .Environment.Name }}.yaml.gotmpl @@ -17,9 +23,9 @@ releases: - ../values/metricsserver/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: metricsserver-manifests - namespace: {{ .Environment.Name }}-metricsserver + namespace: kube-system chart: _metricsserver-manifests - condition: metricsserver.enabled + condition: metrics_server.enabled missingFileHandler: Info values: - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml diff --git a/temp/nfs-provisioner.yaml.gotmpl b/temp/nfs-provisioner.yaml.gotmpl new file mode 100644 index 00000000..4d4484f2 --- /dev/null +++ b/temp/nfs-provisioner.yaml.gotmpl @@ -0,0 +1,43 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: + - name: nfs-provisioner + url: 'https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/' + + +commonLabels: + tier: sys + +releases: +- name: nfs-provisioner + namespace: kube-system + chart: nfs-provisioner/nfs-subdir-external-provisioner + version: 4.0.13 + condition: nfs_provisioner.enabled + values: + - ../values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl + - ../values/nfs-provisioner/values/nfs-provisioner-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/nfs-provisioner/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: nfs-provisioner-manifests + namespace: kube-system + chart: _nfs-provisioner-manifests + condition: nfs_provisioner.enabled + missingFileHandler: Info + values: + - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml + - ../values/nfs-provisioner/values.yaml.gotmpl + - ../values/nfs-provisioner/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/nfs-provisioner/manifests + - _nfs-provisioner-manifests diff --git a/helmfile.d/nix/argo.gotmpl.nix b/temp/nix/argo.gotmpl.nix similarity index 100% rename from helmfile.d/nix/argo.gotmpl.nix rename to temp/nix/argo.gotmpl.nix diff --git a/helmfile.d/nix/helmfile.gotmpl.nix b/temp/nix/helmfile.gotmpl.nix similarity index 100% rename from helmfile.d/nix/helmfile.gotmpl.nix rename to temp/nix/helmfile.gotmpl.nix diff --git a/helmfile.d/openfga.yaml.gotmpl b/temp/openfga.yaml.gotmpl similarity index 100% rename from helmfile.d/openfga.yaml.gotmpl rename to temp/openfga.yaml.gotmpl diff --git a/helmfile.d/otel-collector.yaml.gotmpl b/temp/otel-collector.yaml.gotmpl similarity index 100% rename from helmfile.d/otel-collector.yaml.gotmpl rename to temp/otel-collector.yaml.gotmpl diff --git a/helmfile.d/plausible.yaml.gotmpl b/temp/plausible.yaml.gotmpl similarity index 100% rename from helmfile.d/plausible.yaml.gotmpl rename to temp/plausible.yaml.gotmpl diff --git a/helmfile.d/postgres-operator.yaml.gotmpl b/temp/postgres-operator.yaml.gotmpl similarity index 100% rename from helmfile.d/postgres-operator.yaml.gotmpl rename to temp/postgres-operator.yaml.gotmpl diff --git a/helmfile.d/prometheus.yaml.gotmpl b/temp/prometheus.yaml.gotmpl similarity index 100% rename from helmfile.d/prometheus.yaml.gotmpl rename to temp/prometheus.yaml.gotmpl diff --git a/helmfile.d/rabbitmq.yaml.gotmpl b/temp/rabbitmq.yaml.gotmpl similarity index 100% rename from helmfile.d/rabbitmq.yaml.gotmpl rename to temp/rabbitmq.yaml.gotmpl diff --git a/helmfile.d/redis.yaml.gotmpl b/temp/redis.yaml.gotmpl similarity index 100% rename from helmfile.d/redis.yaml.gotmpl rename to temp/redis.yaml.gotmpl diff --git a/helmfile.d/tempo.yaml.gotmpl b/temp/tempo.yaml.gotmpl similarity index 100% rename from helmfile.d/tempo.yaml.gotmpl rename to temp/tempo.yaml.gotmpl diff --git a/helmfile.d/wordpress.yaml.gotmpl b/temp/wordpress.yaml.gotmpl similarity index 100% rename from helmfile.d/wordpress.yaml.gotmpl rename to temp/wordpress.yaml.gotmpl diff --git a/helmfile.d/x509-exporter.yaml.gotmpl b/temp/x509-exporter.yaml.gotmpl similarity index 80% rename from helmfile.d/x509-exporter.yaml.gotmpl rename to temp/x509-exporter.yaml.gotmpl index f24ed025..de6ebb88 100644 --- a/helmfile.d/x509-exporter.yaml.gotmpl +++ b/temp/x509-exporter.yaml.gotmpl @@ -1,14 +1,18 @@ bases: - ../envs/environments.yaml.gotmpl +repositories: + - name: x509-exporter + url: 'https://charts.enix.io' + commonLabels: tier: sys releases: - name: x509-exporter - namespace: {{ .Environment.Name }}-x509-exporter - chart: ../charts/x509-exporter - condition: x509-exporter.enabled + namespace: x509-exporter + chart: x509-exporter/x509-certificate-exporter + condition: x509_exporter.enabled values: - ../values/x509-exporter/values/x509-exporter.yaml.gotmpl - ../values/x509-exporter/values/x509-exporter-{{ .Environment.Name }}.yaml.gotmpl @@ -17,9 +21,9 @@ releases: - ../values/x509-exporter/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: x509-exporter-manifests - namespace: {{ .Environment.Name }}-x509-exporter + namespace: x509-exporter chart: _x509-exporter-manifests - condition: x509-exporter.enabled + condition: x509_exporter.enabled missingFileHandler: Info values: - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml diff --git a/values/cert-manager/manifests/cert-manager.yaml b/values/cert-manager/manifests/cert-manager.yaml new file mode 100644 index 00000000..b75be7be --- /dev/null +++ b/values/cert-manager/manifests/cert-manager.yaml @@ -0,0 +1,38 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: cert-manager + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfiles/cert-manager + plugin: + name: helmfile + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.cert_manager.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml b/values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml similarity index 100% rename from apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml rename to values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml diff --git a/apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-api-server.yaml b/values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml similarity index 100% rename from apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-api-server.yaml rename to values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml diff --git a/apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml similarity index 100% rename from apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-prometheus-metrics.yaml rename to values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml diff --git a/apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-world-traffic.yaml b/values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-world-traffic.yaml similarity index 100% rename from apps/charts/sys-cilium-policies/templates/cert-manager/CiliumNetworkPolicy-allow-world-traffic.yaml rename to values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-world-traffic.yaml diff --git a/values/cert-manager/manifests/pre-cert-manager.yaml b/values/cert-manager/manifests/pre-cert-manager.yaml new file mode 100644 index 00000000..8d6a498a --- /dev/null +++ b/values/cert-manager/manifests/pre-cert-manager.yaml @@ -0,0 +1,225 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: letsencrypt-production +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: {{ .Values.cluster_config.acme_email }} + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-production + solvers: + - http01: + ingress: + class: nginx +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: letsencrypt-staging +spec: + acme: + # The ACME server URL + server: https://acme-staging-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: {{ .Values.cluster_config.acme_email }} + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: nginx +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: ca-issuer +spec: + ca: + secretName: cluster-ca +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: selfsigning-issuer +spec: + selfSigned: {} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: front-proxy-client +subjects: + - kind: User + name: front-proxy-client + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: front-proxy-client +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: front-proxy-client +rules: +- apiGroups: + - "webhook.cert-manager.io" + resources: + - mutations + - validations + verbs: [ "*" ] +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- + +{{ if .Values.cluster_config.initca }} + +# Pod to update certificates from master nodes +# only runs on control plane nodes (etcd) +# Mounts cert files rotatet by nixos service.mgr and uses it to update cert-manager secret +# Always create certs on initial creation, +# Otherwise, cert creation would not happen until cronJob runs +apiVersion: batch/v1 +kind: Job +metadata: + name: cert-create + namespace: cert-manager +spec: + backoffLimit: 1 + template: + metadata: + labels: + block-egress: "true" + annotations: + linkerd.io/inject: disabled + spec: + restartPolicy: Never + serviceAccountName: cert-secret-updater + securityContext: + runAsUser: 12000 + runAsGroup: 13000 + fsGroup: 10000 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io + operator: In + values: + - control-plane + tolerations: + - key: unschedulable + value: "true" + effect: NoSchedule + containers: + - image: bitnami/kubectl:1.24 + name: kubectl + resources: {} + securityContext: + allowPrivilegeEscalation: false + command: + - "/bin/sh" + - -c + - /tmp/renew-certs/renew-certs.sh + volumeMounts: + - name: ca-pem + mountPath: /tmp/ca.pem + - name: ca-key-pem + mountPath: /tmp/ca-key.pem + - name: certs-script + mountPath: /tmp/renew-certs + volumes: + - name: ca-pem + hostPath: + path: {{.Values.cluster_config.initca}}/ca.pem + type: File + - name: ca-key-pem + hostPath: + path: {{.Values.cluster_config.initca}}/ca-key.pem + type: File + - name: certs-script + configMap: + name: renew-certs-script + defaultMode: 0755 +--- +apiVersion: v1 +data: + renew-certs.sh: | + #! /bin/bash + kubectl create secret tls -n cert-manager cluster-ca --cert=/tmp/ca.pem --key=/tmp/ca-key.pem --dry-run=client -o yaml > /tmp/new-secret.yaml + kubectl apply -f /tmp/new-secret.yaml +kind: ConfigMap +metadata: + name: renew-certs-script + namespace: cert-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cert-secret-updater + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cert-secret-updater-role + namespace: cert-manager +rules: +- apiGroups: + - "" + resourceNames: + - cluster-ca + resources: + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cert-secret-updater-rbinding + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-secret-updater-role +subjects: +- kind: ServiceAccount + name: cert-secret-updater + namespace: cert-manager +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-egress + namespace: cert-manager +spec: + podSelector: + matchLabels: + block-egress: "true" + policyTypes: + - Egress +--- +{{ end }} diff --git a/values/cert-manager/values.yaml.gotmpl b/values/cert-manager/values.yaml.gotmpl new file mode 100644 index 00000000..0df31c10 --- /dev/null +++ b/values/cert-manager/values.yaml.gotmpl @@ -0,0 +1,3 @@ +cert_manager: + enabled: true + autosync: true diff --git a/values/cert-manager/values/cert-manager.yaml.gotmpl b/values/cert-manager/values/cert-manager.yaml.gotmpl new file mode 100644 index 00000000..21ed315e --- /dev/null +++ b/values/cert-manager/values/cert-manager.yaml.gotmpl @@ -0,0 +1,5 @@ +installCRDs: true +enableCertificateOwnerRef: true +startupapicheck: + podAnnotations: + linkerd.io/inject: disabled diff --git a/apps/templates/resources/dashboards/ingress-nginx.yaml b/values/ingress-nginx/manifests/dashboards/ingress-nginx.yaml similarity index 100% rename from apps/templates/resources/dashboards/ingress-nginx.yaml rename to values/ingress-nginx/manifests/dashboards/ingress-nginx.yaml diff --git a/values/ingress-nginx/manifests/ingress-nginx.yaml b/values/ingress-nginx/manifests/ingress-nginx.yaml index 964437cb..7a12b854 100644 --- a/values/ingress-nginx/manifests/ingress-nginx.yaml +++ b/values/ingress-nginx/manifests/ingress-nginx.yaml @@ -21,6 +21,9 @@ spec: value: {{ .Values.clusterConfig.cluster }} project: sys syncPolicy: + managedNamespaceMetadata: + labels: + component: sys syncOptions: - ServerSideApply=true {{- if .Values.nginx.autosync }} diff --git a/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml new file mode 100644 index 00000000..4ffbbd8c --- /dev/null +++ b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-traffic + namespace: ingress-nginx +spec: + egress: + - toEntities: + - kube-apiserver + - host + endpointSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx diff --git a/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml new file mode 100644 index 00000000..fa9ee953 --- /dev/null +++ b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-hubble-traffic + namespace: ingress-nginx +spec: + egress: + - toFQDNs: + - matchPattern: hubble.*.*.* + - matchPattern: hubble.*.*.*.* + endpointSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx diff --git a/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..98bbc402 --- /dev/null +++ b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,17 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: ingress-nginx +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: ingress-nginx + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + - toPorts: + - ports: + - port: "9913" + protocol: TCP diff --git a/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml new file mode 100644 index 00000000..b3bcc3d3 --- /dev/null +++ b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml @@ -0,0 +1,19 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-s3-traffic + namespace: ingress-nginx +spec: + egress: + - toCIDR: + - 10.139.2.10/32 + - toCIDR: + - 10.139.2.11/32 + - toCIDR: + - 10.139.2.20/32 + - toCIDR: + - 10.139.2.21/32 + endpointSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx diff --git a/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml new file mode 100644 index 00000000..4ecbe4fa --- /dev/null +++ b/values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml @@ -0,0 +1,19 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-world-to-ingress-nginx + namespace: ingress-nginx +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + ingress: + - fromEntities: + - world + - toPorts: + - ports: + - port: "80" + protocol: TCP + - port: "443" + protocol: TCP diff --git a/values/kyverno/kustomize/base/kustomization.yaml b/values/kyverno/kustomize/base/kustomization.yaml deleted file mode 100644 index 57f354b1..00000000 --- a/values/kyverno/kustomize/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - _manifest.yaml diff --git a/values/kyverno/kustomize/default/kustomization.yaml b/values/kyverno/kustomize/default/kustomization.yaml deleted file mode 100644 index 22967828..00000000 --- a/values/kyverno/kustomize/default/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -resources: - - ../base diff --git a/values/kyverno/manifests/kyverno-cluster-admin.yaml b/values/kyverno/manifests/kyverno-cluster-admin.yaml new file mode 100644 index 00000000..5154ee58 --- /dev/null +++ b/values/kyverno/manifests/kyverno-cluster-admin.yaml @@ -0,0 +1,17 @@ +{{- if .Values.kyverno.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kyverno:generate-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kyverno + namespace: kyverno +- kind: ServiceAccount + name: kyverno-background-controller + namespace: kyverno +{{- end }} diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..d52ee5c9 --- /dev/null +++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,15 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: kyverno +spec: + egress: + - toEntities: + - kube-apiserver + - toPorts: + - ports: + - port: "6443" + protocol: TCP + endpointSelector: + matchLabels: {} diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..f547d4a5 --- /dev/null +++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,17 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: kyverno +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: kyverno + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + - toPorts: + - ports: + - port: "8000" + protocol: TCP diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml new file mode 100644 index 00000000..5087fa86 --- /dev/null +++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml @@ -0,0 +1,12 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-to-kyverno + namespace: kyverno +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: kyverno + ingress: + - fromEntities: + - remote-node diff --git a/values/kyverno/manifests/policies/sync-gitlab.yaml b/values/kyverno/manifests/policies/sync-gitlab.yaml new file mode 100644 index 00000000..35f7304f --- /dev/null +++ b/values/kyverno/manifests/policies/sync-gitlab.yaml @@ -0,0 +1,31 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-gitlab-secret + annotations: + policies.kyverno.io/title: Sync Secrets + policies.kyverno.io/category: Sample + policies.kyverno.io/subject: Secret + policies.kyverno.io/description: >- + Secrets like registry credentials often need to exist in multiple + Namespaces so Pods there have access. Manually duplicating those Secrets + is time consuming and error prone. This policy will copy a + Secret called `regcred` which exists in the `default` Namespace to + new Namespaces when they are created. It will also push updates to + the copied Secrets should the source Secret be changed. +spec: + rules: + - name: sync-image-pull-secret + match: + resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{`{{request.object.metadata.name}}`}}" + synchronize: true + clone: + namespace: default + name: gitlab-pull-secret diff --git a/values/kyverno/manifests/policies/sync-regcred.yaml b/values/kyverno/manifests/policies/sync-regcred.yaml new file mode 100644 index 00000000..2ee8df33 --- /dev/null +++ b/values/kyverno/manifests/policies/sync-regcred.yaml @@ -0,0 +1,33 @@ +{{- if .Values.kyverno.enabled }} +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-regcred-secret + annotations: + policies.kyverno.io/title: Sync Secrets + policies.kyverno.io/category: Sample + policies.kyverno.io/subject: Secret + policies.kyverno.io/description: >- + Secrets like registry credentials often need to exist in multiple + Namespaces so Pods there have access. Manually duplicating those Secrets + is time consuming and error prone. This policy will copy a + Secret called `regcred` which exists in the `default` Namespace to + new Namespaces when they are created. It will also push updates to + the copied Secrets should the source Secret be changed. +spec: + rules: + - name: sync-image-pull-secret + match: + resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{`{{request.object.metadata.name}}`}}" + synchronize: true + clone: + namespace: default + name: regcred +{{- end }} diff --git a/values/kyverno/manifests/policies/sync-s3-secret.yaml b/values/kyverno/manifests/policies/sync-s3-secret.yaml new file mode 100644 index 00000000..b1f1ea03 --- /dev/null +++ b/values/kyverno/manifests/policies/sync-s3-secret.yaml @@ -0,0 +1,33 @@ +{{- if .Values.kyverno.enabled }} +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + annotations: + policies.kyverno.io/description: 'This policy will sync the s3 secret in kube-system namespace across namespaces' + policies.kyverno.io/subject: Secret + policies.kyverno.io/title: Sync s3 Secrets + name: sync-s3-credentials +spec: + generateExistingOnPolicyUpdate: true + background: true + rules: + - generate: + apiVersion: v1 + clone: + name: s3-credentials + namespace: kube-system + kind: Secret + name: s3-credentials + namespace: '{{`{{request.object.metadata.name}}`}}' + synchronize: true + match: + resources: + kinds: + - Namespace + names: + - "velero" + - "loki" + - "tempo" + name: sync-s3-secret + validationFailureAction: audit +{{- end }} diff --git a/values/kyverno/manifests/policies/whitelist-internal-ingresses.yaml b/values/kyverno/manifests/policies/whitelist-internal-ingresses.yaml new file mode 100644 index 00000000..289f30de --- /dev/null +++ b/values/kyverno/manifests/policies/whitelist-internal-ingresses.yaml @@ -0,0 +1,73 @@ +{{- if .Values.kyverno.enabled }} +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: whitelist-internal-ingresses + annotations: + policies.kyverno.io/title: Concatenate Ingresss + policies.kyverno.io/category: Other + policies.kyverno.io/severity: medium + policies.kyverno.io/subject: Ingress + policies.kyverno.io/description: >- + Ingresses with the label "internal=true" should be whitelisted. + If no whitelist exists, add the default values, otherwise append + whitelist to the already existing ones +spec: + mutateExistingOnPolicyUpdate: false + #precondition: has whitelist annotation or + rules: + - name: ensure-nginx-whitelist-exists + match: + resources: + kinds: + - Ingress + selector: + matchLabels: + internal: "true" + mutate: + patchStrategicMerge: + metadata: + annotations: + +(nginx.ingress.kubernetes.io/whitelist-source-range): "" + - name: append-existing-whitelist + match: + resources: + kinds: + - Ingress + selector: + matchLabels: + internal: "true" + preconditions: + any: + - key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}" + operator: NotEquals + value: "" + mutate: + patchStrategicMerge: + metadata: + annotations: + {{- with .Values.cluster_config.ingress_whitelist_ips }} + nginx.ingress.kubernetes.io/whitelist-source-range: "{{`{{ @ }}`}},{{ join "," . }}" + {{- end }} + - name: add-nginx-whitelist + match: + resources: + kinds: + - Ingress + selector: + matchLabels: + internal: "true" + preconditions: + any: + - key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}" + operator: Equals + value: "" + mutate: + patchStrategicMerge: + metadata: + annotations: + {{- with .Values.cluster_config.ingress_whitelist_ips }} + nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," . }}" + {{- end }} +{{- end }} + diff --git a/values/metricsserver/manifests/metricsserver.yaml b/values/metricsserver/manifests/metricsserver.yaml new file mode 100644 index 00000000..0a72c1df --- /dev/null +++ b/values/metricsserver/manifests/metricsserver.yaml @@ -0,0 +1,36 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: metricsserver + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: kube-system + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfiles/metricsserver + plugin: + name: helmfile + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.metrics_server.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/metricsserver/values.yaml.gotmpl b/values/metricsserver/values.yaml.gotmpl new file mode 100644 index 00000000..e71a5877 --- /dev/null +++ b/values/metricsserver/values.yaml.gotmpl @@ -0,0 +1,4 @@ +metricsserver: + enabled: true + autosync: true + ignoreTLS: false \ No newline at end of file diff --git a/values/metricsserver/values/metricsserver.yaml.gotmpl b/values/metricsserver/values/metricsserver.yaml.gotmpl new file mode 100644 index 00000000..deaaa3e4 --- /dev/null +++ b/values/metricsserver/values/metricsserver.yaml.gotmpl @@ -0,0 +1,9 @@ +containerPort: 10250 +resources: + requests: + cpu: 100m + memory: 200Mi +{{- if .Values.metrics_server.ignoreTLS }} +args: + - "--kubelet-insecure-tls" +{{- end }} \ No newline at end of file diff --git a/values/nfs-provisioner/manifests/nfs-provisioner.yaml b/values/nfs-provisioner/manifests/nfs-provisioner.yaml new file mode 100644 index 00000000..63fa319a --- /dev/null +++ b/values/nfs-provisioner/manifests/nfs-provisioner.yaml @@ -0,0 +1,38 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nfs-provisioner + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: kube-system + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfiles/nfs-provisioner + plugin: + name: helmfile + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.nfs_provisioner.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/nfs-provisioner/values.yaml.gotmpl b/values/nfs-provisioner/values.yaml.gotmpl new file mode 100644 index 00000000..17ed8833 --- /dev/null +++ b/values/nfs-provisioner/values.yaml.gotmpl @@ -0,0 +1,6 @@ +nfs_provisioner: + enabled: true + autosync: true + archiveOnDelete: true + defaultClass: true + extraMountOpts: [] diff --git a/values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl b/values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl new file mode 100644 index 00000000..2f3e33fe --- /dev/null +++ b/values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl @@ -0,0 +1,16 @@ +nfs: + server: {{ .Values.cluster_config.fileserver }} + path: /{{ default (.Values.clusterConfig.cluster) .Values.nfs_provisioner.path }} + mountOptions: + - nfsvers=4.2 + {{- range .Values.nfs_provisioner.extraMountOpts }} + - {{ . }} + {{- end }} +storageClass: + defaultClass: {{ .Values.nfs_provisioner.defaultClass}} + name: managed-nfs-storage + archiveOnDelete: {{ .Values.nfs_provisioner.archiveOnDelete }} +tolerations: + - key: unschedulable + operator: Exists + effect: NoSchedule \ No newline at end of file diff --git a/values/postgres-operator/kustomize/base/kustomization.yaml b/values/postgres-operator/kustomize/base/kustomization.yaml deleted file mode 100644 index 57f354b1..00000000 --- a/values/postgres-operator/kustomize/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - _manifest.yaml diff --git a/values/postgres-operator/kustomize/default/kustomization.yaml b/values/postgres-operator/kustomize/default/kustomization.yaml deleted file mode 100644 index 22967828..00000000 --- a/values/postgres-operator/kustomize/default/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -resources: - - ../base diff --git a/values/postgres-operator/manifests/dashboards/cnpg-postgres.yaml b/values/postgres-operator/manifests/dashboards/cnpg-postgres.yaml new file mode 100644 index 00000000..0b2b5007 --- /dev/null +++ b/values/postgres-operator/manifests/dashboards/cnpg-postgres.yaml @@ -0,0 +1,3908 @@ +{{- if .Values.postgres_operator.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: cnpg-dashboard + namespace: prometheus + labels: + grafana_dashboard: "1" + app.kubernetes.io/instance: prometheus-community + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: grafana + app.kubernetes.io/version: 9.1.7 + helm.sh/chart: grafana-6.40.4 +data: + cnp.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": null, + "graphTooltip": 0, + "iteration": 1637064390546, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 12, + "panels": [], + "title": "Server Health", + "type": "row" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 0, + "y": 1 + }, + "id": 191, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Instance", + "transparent": true, + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 2, + "x": 3, + "y": 1 + }, + "id": 192, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Status", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 4, + "x": 5, + "y": 1 + }, + "id": 193, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Clustering / replicas", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 5, + "x": 9, + "y": 1 + }, + "id": 195, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Connections", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 14, + "y": 1 + }, + "id": 196, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Max Connections", + "type": "text" + }, + { + "datasource": "${DataSource}", + "description": "", + "gridPos": { + "h": 1, + "w": 3, + "x": 17, + "y": 1 + }, + "id": 197, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Wraparound", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 2, + "x": 20, + "y": 1 + }, + "id": 313, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Started", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 2, + "x": 22, + "y": 1 + }, + "id": 198, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Server Version", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 2 + }, + "id": 61, + "options": { + "content": "\n \n

$instances

\n
", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "text" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "Down" + }, + "1": { + "index": 1, + "text": "Up" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 3, + "y": 2 + }, + "id": 33, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "color": "red", + "index": 1, + "text": "No" + }, + "1": { + "color": "green", + "index": 0, + "text": "Yes" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 5, + "y": 2 + }, + "id": 60, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "1 - cnpg_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnpg_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "transformations": [], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 7, + "y": 2 + }, + "id": 229, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_replication_streaming_replicas{namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "transformations": [], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 9, + "y": 2 + }, + "id": 58, + "options": { + "legend": { + "calcs": [ + "last", + "mean" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "sum by (pod) (cnpg_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"})", + "instant": false, + "interval": "", + "legendFormat": "-", + "refId": "A" + } + ], + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "max": 100, + "noValue": "<1%", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 75 + }, + { + "color": "red", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 14, + "y": 2 + }, + "id": 32, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "100 * sum by (pod) (cnpg_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) / sum by (pod) (cnpg_pg_settings_setting{name=\"max_connections\",namespace=~\"$namespace\",pod=~\"$instances\"})", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "gauge" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 2147483647, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 200000000 + }, + { + "color": "red", + "value": 1000000000 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 17, + "y": 2 + }, + "id": 8, + "options": { + "displayMode": "lcd", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "text": {} + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "max by (pod) (cnpg_pg_database_xid_age{namespace=~\"$namespace\",pod=~\"$instances\"})", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "bargauge" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-blue", + "value": null + } + ] + }, + "unit": "dateTimeFromNow" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 20, + "y": 2 + }, + "id": 314, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": false, + "expr": "cnpg_pg_postmaster_start_time{namespace=~\"$namespace\",pod=~\"$instances\"}*1000", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "transformations": [], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-blue", + "value": null + } + ] + }, + "unit": "string" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 22, + "y": 2 + }, + "id": 42, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": false, + "expr": "cnpg_collector_postgres_version{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "transformations": [], + "type": "stat" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 41, + "panels": [ + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 0, + "y": 6 + }, + "id": 187, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Instance", + "transparent": true, + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 3, + "y": 6 + }, + "id": 183, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Max Connections", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 6, + "y": 6 + }, + "id": 184, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Shared Buffers", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 9, + "y": 6 + }, + "id": 185, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Effective Cache Size", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 12, + "y": 6 + }, + "id": 186, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Work Mem", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 15, + "y": 6 + }, + "id": 188, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Maintenance Work Mem", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 18, + "y": 6 + }, + "id": 189, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Random Page Cost", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 3, + "x": 21, + "y": 6 + }, + "id": 190, + "options": { + "content": "", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Sequential Page Cost", + "type": "text" + }, + { + "datasource": "${DataSource}", + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 7 + }, + "id": 86, + "options": { + "content": "\n \n

$instances

\n
", + "mode": "html" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "text" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 7 + }, + "id": 30, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"max_connections\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 7 + }, + "id": 24, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "max by (pod) (cnpg_pg_settings_setting{name=\"shared_buffers\",namespace=~\"$namespace\",pod=~\"$instances\"}) * max by (pod) (cnpg_pg_settings_setting{name=\"block_size\",namespace=~\"$namespace\",pod=~\"$instances\"})", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 7 + }, + "id": 57, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"effective_cache_size\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 12, + "y": 7 + }, + "id": 26, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"work_mem\",namespace=~\"$namespace\",pod=~\"$instances\"} * 1024", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 15, + "y": 7 + }, + "id": 47, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"maintenance_work_mem\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 18, + "y": 7 + }, + "id": 48, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"random_page_cost\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 7 + }, + "id": 56, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.2.1", + "repeat": "instances", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{name=\"seq_page_cost\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "filterable": true + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-purple", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 150, + "options": { + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "parameter" + } + ] + }, + "pluginVersion": "8.2.1", + "repeatDirection": "v", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_settings_setting{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Configurations", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "container": true, + "endpoint": true, + "instance": true, + "job": true, + "name": false, + "namespace": true, + "pod": false + }, + "indexByName": { + "Time": 0, + "Value": 9, + "__name__": 1, + "container": 2, + "endpoint": 3, + "instance": 4, + "job": 5, + "name": 7, + "namespace": 8, + "pod": 6 + }, + "renameByName": { + "__name__": "", + "name": "parameter" + } + } + } + ], + "type": "table" + } + ], + "title": "Configuration", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 10, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DataSource}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 273, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.2.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{pod=~\"$instances\", namespace=~\"$namespace\"}) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{pod}}`}}", + "legendLink": null, + "refId": "A", + "step": 10 + }, + { + "exemplar": true, + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{pod=~\"$instances\", namespace=~\"$namespace\"})", + "hide": false, + "interval": "", + "legendFormat": "total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:189", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:190", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DataSource}", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 7 + }, + "hiddenSeries": false, + "id": 275, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.2.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(container_memory_working_set_bytes{pod=~\"$instances\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{pod}}`}}", + "legendLink": null, + "refId": "A", + "step": 10 + }, + { + "exemplar": true, + "expr": "sum(container_memory_working_set_bytes{pod=~\"$instances\", namespace=\"$namespace\", container!=\"\", image!=\"\"})", + "hide": false, + "interval": "", + "legendFormat": "total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:246", + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:247", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 39, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(cnpg_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) by (pod)", + "hide": false, + "interval": "", + "legendFormat": "total ({{`{{pod}}`}})", + "refId": "B" + }, + { + "exemplar": true, + "expr": "sum(cnpg_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) by (state, pod)", + "interval": "", + "legendFormat": "{{`{{state}}`}} ({{`{{pod}}`}})", + "refId": "A" + } + ], + "title": "Session States", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 22 + }, + "id": 50, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(rate(cnpg_pg_stat_database_xact_commit{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])) by (pod)", + "interval": "", + "legendFormat": "committed ({{`{{pod}}`}})", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(rate(cnpg_pg_stat_database_xact_rollback{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])) by (pod)", + "hide": false, + "interval": "", + "legendFormat": "rolled back ({{`{{pod}}`}})", + "refId": "B" + } + ], + "title": "Transactions [5m]", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 22 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "max by (pod) (cnpg_backends_max_tx_duration_seconds{namespace=~\"$namespace\",pod=~\"$instances\"})", + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Longest Transaction", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 55, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_deadlocks{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "count ({{`{{pod}}`}})", + "refId": "B" + } + ], + "title": "Deadlocks [5m]", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 30 + }, + "id": 54, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_backends_waiting_total{namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Blocked Queries", + "type": "timeseries" + } + ], + "title": "Operational Stats", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 13 + }, + "id": 35, + "panels": [ + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 35 + }, + "id": 44, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_tup_deleted{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "interval": "", + "legendFormat": "deleted ({{`{{pod}}`}})", + "refId": "A" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_tup_inserted{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "inserted ({{`{{pod}}`}})", + "refId": "B" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_tup_fetched{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "fetched ({{`{{pod}}`}})", + "refId": "C" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_tup_returned{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "returned ({{`{{pod}}`}})", + "refId": "D" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_tup_updated{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "updated ({{`{{pod}}`}})", + "refId": "E" + } + ], + "title": "Tuple I/O [5m]", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 35 + }, + "id": 46, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_blks_hit{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "interval": "", + "legendFormat": "hit ({{`{{pod}}`}})", + "refId": "A" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_blks_read{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "read ({{`{{pod}}`}})", + "refId": "B" + } + ], + "title": "Block I/O [5m]", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 43 + }, + "id": 22, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.0.5", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_database_size_bytes{datname!~\"template.*\",datname!=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": " {{`{{pod}}`}}: {{`{{datname}}`}}", + "refId": "A" + } + ], + "title": "Database Size", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 43 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_database_temp_bytes{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "instant": false, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Temp Bytes [5m]", + "type": "timeseries" + } + ], + "title": "Storage & I/O", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 37, + "panels": [ + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 53 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_collector_pg_wal_archive_status{value=\"ready\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": "ready ({{`{{pod}}`}})", + "refId": "A" + }, + { + "exemplar": true, + "expr": "cnpg_collector_pg_wal_archive_status{value=\"done\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "hide": false, + "interval": "", + "legendFormat": "done ({{`{{pod}}`}})", + "refId": "B" + } + ], + "title": "WAL Segment Archive Status", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 53 + }, + "id": 52, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_archiver_archived_count{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "interval": "", + "legendFormat": "archived ({{`{{pod}}`}})", + "refId": "A" + }, + { + "exemplar": true, + "expr": "rate(cnpg_pg_stat_archiver_failed_count{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", + "hide": false, + "interval": "", + "legendFormat": "failed ({{`{{pod}}`}})", + "refId": "B" + } + ], + "title": "Archiver Status [5m]", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 53 + }, + "id": 53, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": "age ({{`{{pod}}`}})", + "refId": "A" + } + ], + "title": "Last Archive Age", + "type": "timeseries" + } + ], + "title": "Write Ahead Log", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 18, + "panels": [ + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "line" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 600 + }, + { + "color": "dark-red", + "value": 3600 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 6 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"}", + "instant": false, + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Replication Lag", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 6 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_replication_write_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-.*\"}", + "instant": false, + "interval": "", + "legendFormat": "{{`{{pod}}`}} -> {{`{{application_name}}`}}", + "refId": "A" + } + ], + "title": "Write Lag", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 6 + }, + "id": 59, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_replication_flush_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-.*\"}", + "instant": false, + "interval": "", + "legendFormat": "{{`{{pod}}`}} -> {{`{{application_name}}`}}", + "refId": "A" + } + ], + "title": "Flush Lag", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 6 + }, + "id": 20, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_replication_replay_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-.*\"}", + "interval": "", + "legendFormat": "{{`{{pod}}`}} -> {{`{{application_name}}`}}", + "refId": "A" + } + ], + "title": "Replay Lag", + "type": "timeseries" + } + ], + "title": "Replication", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 231, + "panels": [ + { + "cards": { + "cardPadding": null, + "cardRound": null + }, + "color": { + "cardColor": "#b4ff00", + "colorScale": "sqrt", + "colorScheme": "interpolateOranges", + "exponent": 0.5, + "mode": "spectrum" + }, + "dataFormat": "timeseries", + "datasource": "${DataSource}", + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 63 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 233, + "legend": { + "show": false + }, + "reverseYBuckets": false, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_collector_collection_duration_seconds{namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Collection Duration", + "tooltip": { + "show": true, + "showHistogram": false + }, + "type": "heatmap", + "xAxis": { + "show": true + }, + "xBucketNumber": null, + "xBucketSize": null, + "yAxis": { + "decimals": null, + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true, + "splitFactor": null + }, + "yBucketBound": "auto", + "yBucketNumber": null, + "yBucketSize": null + }, + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 63 + }, + "id": 235, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_collector_last_collection_error{namespace=~\"$namespace\",pod=~\"$instances\"}", + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Errors", + "type": "timeseries" + } + ], + "title": "Collector Stats", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 239, + "panels": [ + { + "datasource": "${DataSource}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "dateTimeAsIso" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 72 + }, + "id": 237, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "cnpg_collector_first_recoverability_point{namespace=~\"$namespace\",pod=~\"$instances\"}*1000 > 0", + "format": "time_series", + "interval": "", + "legendFormat": "{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "First Recoverability Point", + "type": "timeseries" + } + ], + "title": "Backups", + "type": "row" + }, + { + "collapsed": true, + "datasource": "${DataSource}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 293, + "panels": [ + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": -1, + "drawStyle": "line", + "fillOpacity": 8, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 79 + }, + "id": 295, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi" + } + }, + "pluginVersion": "8.2.1", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_bgwriter_checkpoints_req{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "req/{{`{{pod}}`}}", + "refId": "B" + }, + { + "exemplar": true, + "expr": "cnpg_pg_stat_bgwriter_checkpoints_timed{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "timed/{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Requested/Timed", + "type": "timeseries" + }, + { + "datasource": "${DataSource}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": -1, + "drawStyle": "line", + "fillOpacity": 8, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 5, + "y": 79 + }, + "id": 296, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi" + } + }, + "pluginVersion": "8.2.1", + "targets": [ + { + "exemplar": true, + "expr": "cnpg_pg_stat_bgwriter_checkpoint_write_time{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "write/{{`{{pod}}`}}", + "refId": "B" + }, + { + "exemplar": true, + "expr": "cnpg_pg_stat_bgwriter_checkpoint_sync_time{namespace=~\"$namespace\",pod=~\"$instances\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "sync/{{`{{pod}}`}}", + "refId": "A" + } + ], + "title": "Write/Sync time", + "type": "timeseries" + } + ], + "title": "Checkpoints", + "type": "row" + } + ], + "refresh": "30s", + "schemaVersion": 31, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Data Source", + "multi": false, + "name": "DataSource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "datasource": "${DataSource}", + "definition": "cnpg_collector_up", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "cnpg_collector_up", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/namespace=\"(?[^\"]+)/g", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "cnp-sandbox", + "value": "cnp-sandbox" + }, + "datasource": "${DataSource}", + "definition": "cnpg_collector_up{namespace=~\"$namespace\"}", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "cnpg_collector_up{namespace=~\"$namespace\"}", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/cluster=\"(?[^\"]+)/g", + "skipUrlSync": false, + "sort": 1, + "type": "query" + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": "${DataSource}", + "definition": "cnpg_collector_up{namespace=~\"$namespace\",pod=~\"$cluster-.*\"}", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": null, + "multi": true, + "name": "instances", + "options": [], + "query": { + "query": "cnpg_collector_up{namespace=~\"$namespace\",pod=~\"$cluster-.*\"}", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/pod=\"(?[^\"]+)/g", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "nowDelay": "" + }, + "timezone": "", + "title": "CloudNativePG", + "uid": "z7FCA4Nnk", + "version": 2 + } +{{- end }} diff --git a/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..d32ac553 --- /dev/null +++ b/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,16 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: cnpg +spec: + egress: + - toEntities: + - kube-apiserver + toPorts: + - ports: + - port: "6443" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/instance: postgres-operator diff --git a/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..6c04cc22 --- /dev/null +++ b/values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,15 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: cnpg +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - toPorts: + - ports: + - port: "9443" + protocol: TCP diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml new file mode 100644 index 00000000..e092cb26 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml @@ -0,0 +1,13 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-alerting + namespace: prometheus +spec: + description: Allow alerting + egress: + - toEntities: + - world + endpointSelector: + matchLabels: + app.kubernetes.io/instance: prom-alertmanager diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml new file mode 100644 index 00000000..b6f96e64 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-alertmanager-ingress + namespace: prometheus +spec: + description: Allow Nginx ingress + endpointSelector: + matchLabels: + app.kubernetes.io/name: alertmanager + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: ingress-nginx diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml new file mode 100644 index 00000000..0ee91e6e --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml @@ -0,0 +1,15 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-dns-metrics + namespace: prometheus +spec: + description: Allow DNS metrics + egress: + - toPorts: + - ports: + - port: "9153" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/name: prometheus diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml new file mode 100644 index 00000000..90ac789e --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml @@ -0,0 +1,15 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-etcd-metrics + namespace: prometheus +spec: + description: Allow ETCD metrics + egress: + - toPorts: + - ports: + - port: "2379" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/name: prometheus diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml new file mode 100644 index 00000000..fca3baf2 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-grafana-ingress + namespace: prometheus +spec: + description: Allow Grafana ingress + endpointSelector: + matchLabels: + app.kubernetes.io/name: grafana + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: ingress-nginx diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml new file mode 100644 index 00000000..ed2084fe --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml @@ -0,0 +1,16 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-grafana-oidc-login + namespace: prometheus +spec: + description: Allow Grafana OIDC login + egress: + - toFQDNs: + - matchName: login.microsoftonline.com + - matchPattern: '*.microsoftonline.com' + - matchName: api.github.com + - matchName: github.com + endpointSelector: + matchLabels: + app.kubernetes.io/name: grafana diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml new file mode 100644 index 00000000..60721c6a --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml @@ -0,0 +1,15 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-grafana-plugins + namespace: prometheus +spec: + description: Allow Grafana Plugins + egress: + - toFQDNs: + - matchName: grafana.com + - matchName: storage.googleapis.com + - matchName: raw.githubusercontent.com + endpointSelector: + matchLabels: + app.kubernetes.io/name: grafana diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml new file mode 100644 index 00000000..453c2330 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-grafana-secure-gravatar + namespace: prometheus +spec: + description: Allow Grafana Secure Gravatar + egress: + - toFQDNs: + - matchName: secure.grafana.com + - matchName: secure.gravatar.com + endpointSelector: + matchLabels: + app.kubernetes.io/name: grafana diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml new file mode 100644 index 00000000..bb3a591a --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-traffic + namespace: prometheus +spec: + description: Allow Host Traffic + egress: + - toEntities: + - remote-node + - host + - kube-apiserver + endpointSelector: + matchLabels: {} diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml new file mode 100644 index 00000000..ac650e55 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-nginx-ingress + namespace: prometheus +spec: + description: Allow Nginx ingress + endpointSelector: + matchLabels: + app.kubernetes.io/name: prometheus + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: ingress-nginx diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml new file mode 100644 index 00000000..4b7bd679 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml @@ -0,0 +1,19 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-opencost-scrape + namespace: prometheus +spec: + description: Allow OpenCost scrape + endpointSelector: + matchLabels: + app.kubernetes.io/name: prometheus + ingress: + - fromEndpoints: + - matchLabels: + app.kubernetes.io/name: opencost + io.kubernetes.pod.namespace: opencost + - toPorts: + - ports: + - port: "9090" + protocol: TCP diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml new file mode 100644 index 00000000..0603da13 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml @@ -0,0 +1,13 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-to-metrics-server + namespace: prometheus +spec: + description: Allow Remote Metrics Server + endpointSelector: + matchLabels: + app.kubernetes.io/instance: metrics-server + ingress: + - fromEntities: + - remote-node diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml new file mode 100644 index 00000000..eeabfcbd --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml @@ -0,0 +1,13 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-to-webhook + namespace: prometheus +spec: + description: Allow Remote Web Hook + endpointSelector: + matchLabels: + app: kube-prometheus-stack-operator + ingress: + - fromEntities: + - remote-node diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml new file mode 100644 index 00000000..c1856c3f --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-robusta-ingress + namespace: prometheus +spec: + description: Allow Robusta ingress + endpointSelector: + matchLabels: + app.kubernetes.io/name: prom-prometheus + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: robusta diff --git a/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml new file mode 100644 index 00000000..5d1ed102 --- /dev/null +++ b/values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml @@ -0,0 +1,13 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-stats-grafana + namespace: prometheus +spec: + description: Allow stats + egress: + - toFQDNs: + - matchName: stats.grafana.org + endpointSelector: + matchLabels: + app.kubernetes.io/name: grafana diff --git a/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml b/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml new file mode 100644 index 00000000..0bb56a35 --- /dev/null +++ b/values/prometheus/manifests/policies/prometheus-add-folder-to-default-dashboards.yaml @@ -0,0 +1,32 @@ +{{- if and (.Values.kyverno.enabled) (.Values.prometheus.enabled) }} +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: prometheus-stack-default-dashboard-folder + namespace: prometheus +spec: + admission: true + background: true + mutateExistingOnPolicyUpdate: true + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + selector: + matchLabels: + app.kubernetes.io/part-of: kube-prometheus-stack + mutate: + patchStrategicMerge: + metadata: + annotations: + grafana_folder: Prometheus-stack + targets: + - apiVersion: v1 + kind: ConfigMap + name: "{{`{{ request.object.metadata.name }}`}}" + name: generate-dashboard-folder-annotation + skipBackgroundRequests: true + validationFailureAction: Audit +{{- end }} diff --git a/values/prometheus/manifests/prometheus.yaml b/values/prometheus/manifests/prometheus.yaml index 00f95320..93f610ee 100644 --- a/values/prometheus/manifests/prometheus.yaml +++ b/values/prometheus/manifests/prometheus.yaml @@ -11,7 +11,7 @@ spec: sources: - repoURL: {{ .Values.clusterConfig.manifests }} targetRevision: HEAD - path: helmfiles/cilium + path: helmfiles/prometheus plugin: name: helmfile env: @@ -19,6 +19,9 @@ spec: value: {{ .Values.clusterConfig.cluster }} project: sys syncPolicy: + managedNamespaceMetadata: + labels: + component: sys syncOptions: - ServerSideApply=true {{- if .Values.prometheus.autosync }} diff --git a/values/prometheus/values.yaml.gotmpl b/values/prometheus/values.yaml.gotmpl index 6163164c..9cfc35ba 100644 --- a/values/prometheus/values.yaml.gotmpl +++ b/values/prometheus/values.yaml.gotmpl @@ -1,32 +1,35 @@ -cilium: - enabled: false +prometheus: + enabled: true autosync: true - spire: + # Helm chart version, and app version is different. CRD version MUST be equals to chart's APP version + crd_version: 14.0.0 + certRenewCronEnabled: true + snitchUrl: "" + oncallUrl: "" + pagerdutyRoutingKey: "" + fullname: "" + # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L47 + defaultRules: {} + additionalScrapeConfigs: [] + additionalDataSources: [] + enableFeatures: [] + storage: + size: 50Gi + grafana: + defaultDashboardsEnabled: true + persistence: false + disable_login_form: true + plugins: [] + coredns: + targetPort: "" + etcd: + targetPort: "" + scheduler: + targetPort: "" + kubelet: enabled: false - envoy: + https: false + thanos: enabled: false - hubble: - ui: true - enabled: false - encryption: - enabled: true - type: wireguard - kubeProxyReplacement: true - l2announcement: - enabled: false - nodePort: - enabled: false - gatewayAPI: - enabled: false - ingressController: - enabled: false - defaultClass: false - loadbalancerMode: shared - policyAuditMode: false - upgradeCompatability: 1.15 - k8sServiceHost: localhost - k8sServicePort: 7445 - loadbalancerPool: - enabled: false - cidr: [] - + datasource: + enabled: false \ No newline at end of file diff --git a/values/values-oceanbox.yaml b/values/values-oceanbox.yaml index 4e2d2d2d..7b2b8369 100644 --- a/values/values-oceanbox.yaml +++ b/values/values-oceanbox.yaml @@ -1,4 +1,5 @@ clusterConfig: + manifests: https://gitlab.com/oceanbox/manifests.git argo: enabled: true env: "prod" diff --git a/values/velero/kustomize/base/kustomization.yaml b/values/velero/kustomize/base/kustomization.yaml deleted file mode 100644 index 57f354b1..00000000 --- a/values/velero/kustomize/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - _manifest.yaml diff --git a/values/velero/kustomize/default/kustomization.yaml b/values/velero/kustomize/default/kustomization.yaml deleted file mode 100644 index 22967828..00000000 --- a/values/velero/kustomize/default/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -resources: - - ../base diff --git a/values/velero/manifests/dashboards/velero.yaml b/values/velero/manifests/dashboards/velero.yaml new file mode 100644 index 00000000..6874bdec --- /dev/null +++ b/values/velero/manifests/dashboards/velero.yaml @@ -0,0 +1,2214 @@ +{{- if .Values.velero.enabled }} +apiVersion: v1 +data: + velero.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Velero Stats maintained by Velero team", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 16829, + "graphTooltip": 1, + "id": 34, + "iteration": 1678979743251, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 15, + "panels": [], + "title": "Backup", + "type": "row" + }, + { + "datasource": "prometheus", + "description": "The sum of one-off backup and schedule backup success total ", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 23, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "velero_backup_total", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Backup Success Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 4, + "y": 1 + }, + "id": 22, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(velero_backup_success_total{schedule=~\"$schedule\"}) / sum(velero_backup_attempt_total{schedule=~\"$schedule\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Backup Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 26, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(velero_backup_deletion_success_total{schedule=~\"$schedule\"}) / sum(velero_backup_deletion_attempt_total{schedule=~\"$schedule\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Backup Deletion Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 12, + "y": 1 + }, + "id": 25, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(velero_volume_snapshot_success_total{schedule=~\"$schedule\"}) / sum(velero_volume_snapshot_attempt_total{schedule=~\"$schedule\"})\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Volume snapshot Success Rate", + "type": "gauge" + }, + { + "columns": [ + { + "$$hashKey": "object:462", + "text": "Current", + "value": "current" + } + ], + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "for schedule backup use only", + "fontSize": "100%", + "gridPos": { + "h": 9, + "w": 8, + "x": 16, + "y": 1 + }, + "id": 13, + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "styles": [ + { + "alias": "Time", + "align": "auto", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "Hours since last backup", + "align": "auto", + "colorMode": "row", + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "decimals": 2, + "pattern": "Current", + "thresholds": [ + "24", + "48" + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "(time() - velero_backup_last_successful_timestamp{schedule!=\"\"}) / 60 / 60", + "instant": true, + "interval": "", + "legendFormat": "{{`{{schedule}}`}}", + "refId": "A" + } + ], + "title": "Hours since last Backup", + "transform": "timeseries_aggregations", + "type": "table-old" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "decimals": 0, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 10, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_success_total{schedule=~\"$schedule\"}[1h])))", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Backup success", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_failure_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup failure", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_partial_failure_total{schedule=~\"$schedule\"}[1h])))", + "instant": false, + "interval": "", + "legendFormat": "Backup partial failure", + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_deletion_success_total{schedule=~\"$schedule\"}[1h])))", + "instant": false, + "interval": "", + "legendFormat": "Backup deletion success", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_deletion_failure_total{schedule=~\"$schedule\"}[1h])))", + "instant": false, + "interval": "", + "legendFormat": "Backup deletion failure", + "refId": "E" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "sum(avg_over_time(velero_backup_items_total{schedule=~\"$schedule\"}[1h]))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup items total", + "refId": "F" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "sum(avg_over_time(velero_backup_items_errors{schedule=~\"$schedule\"}[1h]))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup items errors_total", + "refId": "G" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_backup_validation_failure_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup validation failure", + "refId": "H" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_volume_snapshot_success_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup volume snapshot success", + "refId": "I" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_volume_snapshot_failure_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Backup volume snapshot failure", + "refId": "J" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Backup per hour", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:124", + "decimals": 0, + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:125", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "cards": {}, + "color": { + "cardColor": "#1F60C4", + "colorScale": "linear", + "colorScheme": "interpolateSpectral", + "exponent": 0.5, + "mode": "spectrum" + }, + "dataFormat": "tsbuckets", + "datasource": "prometheus", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 19 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 34, + "legend": { + "show": true + }, + "reverseYBuckets": false, + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(increase(velero_backup_duration_seconds_bucket{schedule=~\"$schedule\",le!=\"+Inf\"}[1h])) by (le)", + "format": "heatmap", + "hide": false, + "interval": "", + "legendFormat": "{{`{{le}}`}}", + "refId": "B" + } + ], + "title": "Backup time heatmap", + "tooltip": { + "show": true, + "showHistogram": true + }, + "type": "heatmap", + "xAxis": { + "show": true + }, + "yAxis": { + "format": "s", + "logBase": 1, + "show": true + }, + "yBucketBound": "auto" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 27 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(avg_over_time(velero_backup_tarball_size_bytes{schedule=~\"$schedule\"}[15m]))", + "interval": "", + "legendFormat": "{{`{{schedule}}`}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Backup Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:561", + "decimals": 0, + "format": "decbytes", + "label": "", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:562", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 17, + "panels": [], + "title": "Restore", + "type": "row" + }, + { + "datasource": "prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a" + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 0, + "y": 34 + }, + "id": 27, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "velero_restore_total", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Restore Success Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a" + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 4, + "y": 34 + }, + "id": 24, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(velero_restore_success_total{schedule=~\"$schedule\"}) / sum(velero_restore_attempt_total{schedule=~\"$schedule\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Restore Success Rate", + "type": "gauge" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "decimals": 0, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 10, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 16, + "x": 8, + "y": 34 + }, + "hiddenSeries": false, + "id": 28, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_restore_success_total{schedule=~\"$schedule\"}[1h])))", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Restore success", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_restore_failed_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "interval": "", + "legendFormat": "Restore failure", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_restore_validation_failed_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "interval": "", + "legendFormat": "Restore validation failure", + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_restore_partial_failure_total{schedule=~\"$schedule\"}[1h])))", + "hide": false, + "interval": "", + "legendFormat": "Restore partial failure", + "refId": "D" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Restore per hour", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:124", + "decimals": 0, + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:125", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 43 + }, + "id": 30, + "panels": [], + "title": "CSI", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "decimals": 0, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 10, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 44 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_csi_snapshot_attempt_total{schedule=~\"$schedule\", backupName=~\"$csi_backup_name\"}[1h])))", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "CSI Snapshot attempt", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_csi_snapshot_success_total{schedule=~\"$schedule\", backupName=~\"$csi_backup_name\"}[1h])))", + "hide": false, + "interval": "", + "legendFormat": "CSI Snapshot success", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(velero_csi_snapshot_failure_total{schedule=~\"$schedule\", backupName=~\"$csi_backup_name\"}[1h])))", + "hide": false, + "interval": "", + "legendFormat": "CSI Snapshot failure", + "refId": "C" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "CSI per hour", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:124", + "decimals": 0, + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:125", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": true, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 53 + }, + "id": 36, + "panels": [], + "title": "Restic", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a" + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 0, + "y": 54 + }, + "id": 37, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(restic_pod_volume_backup_dequeue_count{node=~\"$restic_node\"}) / sum(restic_pod_volume_backup_enqueue_count{node=~\"$restic_node\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Restic Success Rate", + "type": "gauge" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "decimals": 0, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 10, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 20, + "x": 4, + "y": 54 + }, + "hiddenSeries": false, + "id": 38, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(restic_pod_volume_backup_enqueue_count{node=~\"$restic_node\"}[1h])))", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Restic enqueue", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "round(sum(increase(restic_pod_volume_backup_dequeue_count{node=~\"$restic_node\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "Restic dequeue", + "refId": "B" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Restic per hour", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:124", + "decimals": 0, + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:125", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 63 + }, + "hiddenSeries": false, + "id": 39, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(avg_over_time(restic_restic_operation_latency_seconds_gauge{backupName=~\"$restic_backup_name\", node=~\"$restic_node\", operation=~\"$restic_operation\", pod_volume_backup=~\"$restic_pvb_name\"}[15m]))", + "interval": "", + "legendFormat": "Avg over time", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Restic time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:561", + "decimals": 0, + "format": "s", + "label": "", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:562", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 69 + }, + "id": 43, + "panels": [], + "title": "File System Backup(for v1.10 and later)", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a" + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.95 + }, + { + "color": "#299c46", + "value": 0.99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 4, + "x": 0, + "y": 70 + }, + "id": 41, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(pod_volume_backup_dequeue_count{node=~\"$fsb_node\"}) / sum(pod_volume_backup_enqueue_count{node=~\"$fsb_node\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "FSB Success Rate", + "type": "gauge" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "decimals": 0, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 10, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 20, + "x": 4, + "y": 70 + }, + "hiddenSeries": false, + "id": 45, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": true, + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "round(sum(increase(pod_volume_backup_enqueue_count{node=~\"$fsb_node\"}[1h])))", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "FSB enqueue", + "refId": "A" + }, + { + "datasource": "prometheus", + "exemplar": false, + "expr": "round(sum(increase(pod_volume_backup_dequeue_count{node=~\"$fsb_node\"}[1h])))", + "hide": false, + "instant": false, + "interval": "", + "legendFormat": "FSB dequeue", + "refId": "B" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "FSB per hour", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:124", + "decimals": 0, + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:125", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 79 + }, + "hiddenSeries": false, + "id": 47, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": "prometheus", + "exemplar": false, + "expr": "sum(avg_over_time(pod_volume_operation_latency_seconds_gauge{backupName=~\"$fsb_backup_name\", node=~\"$fsb_node\", operation=~\"$fsb_operation\", pod_volume_backup=~\"$fsb_pvb_name\"}[15m]))", + "interval": "", + "legendFormat": "Avg over time", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "FSB time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:561", + "decimals": 0, + "format": "s", + "label": "", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:562", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + } + ], + "refresh": false, + "schemaVersion": 36, + "style": "dark", + "tags": [ + "velero" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "k0", + "value": "k0" + }, + "hide": 0, + "includeAll": false, + "label": "Datasource", + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(velero_backup_attempt_total, schedule)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "schedule", + "options": [], + "query": { + "query": "label_values(velero_backup_attempt_total, schedule)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(velero_csi_snapshot_attempt_total, backupName)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "csi_backup_name", + "options": [], + "query": { + "query": "label_values(velero_csi_snapshot_attempt_total, backupName)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(restic_pod_volume_backup_enqueue_count, node)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "restic_node", + "options": [], + "query": { + "query": "label_values(restic_pod_volume_backup_enqueue_count, node)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(restic_restic_operation_latency_seconds_gauge, backupName)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "restic_backup_name", + "options": [], + "query": { + "query": "label_values(restic_restic_operation_latency_seconds_gauge, backupName)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(restic_restic_operation_latency_seconds_gauge, operation)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "restic_operation", + "options": [], + "query": { + "query": "label_values(restic_restic_operation_latency_seconds_gauge, operation)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(restic_restic_operation_latency_seconds_gauge, pod_volume_backup)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "restic_pvb_name", + "options": [], + "query": { + "query": "label_values(restic_restic_operation_latency_seconds_gauge, pod_volume_backup)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(pod_volume_backup_enqueue_count, node)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "fsb_node", + "options": [], + "query": { + "query": "label_values(pod_volume_backup_enqueue_count, node)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(pod_volume_operation_latency_seconds_gauge, backupName)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "fsb_backup_name", + "options": [], + "query": { + "query": "label_values(pod_volume_operation_latency_seconds_gauge, backupName)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(pod_volume_operation_latency_seconds_gauge, operation)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "fsb_operation", + "options": [], + "query": { + "query": "label_values(pod_volume_operation_latency_seconds_gauge, operation)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "definition": "label_values(pod_volume_operation_latency_seconds_gauge, pod_volume_backup)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "fsb_pvb_name", + "options": [], + "query": { + "query": "label_values(pod_volume_operation_latency_seconds_gauge, pod_volume_backup)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-2d", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Kubernetes/Tanzu/Velero", + "uid": "EbXSjT24k", + "version": 2, + "weekStart": "" + } +kind: ConfigMap +metadata: + name: velero-dashboard + namespace: prometheus + labels: + grafana_dashboard: "1" +{{- end }} diff --git a/values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..cb01381b --- /dev/null +++ b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,16 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: velero +spec: + egress: + - toEntities: + - kube-apiserver + toPorts: + - ports: + - port: "6443" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/instance: velero diff --git a/values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml new file mode 100644 index 00000000..21c8e2ff --- /dev/null +++ b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml @@ -0,0 +1,16 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-job-api-server + namespace: velero +spec: + egress: + - toEntities: + - kube-apiserver + toPorts: + - ports: + - port: "6443" + protocol: TCP + endpointSelector: + matchLabels: + batch.kubernetes.io/job-name: velero-upgrade-crds diff --git a/values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..1631d4bf --- /dev/null +++ b/values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,17 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: velero +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: velero + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + - toPorts: + - ports: + - port: "8085" + protocol: TCP diff --git a/values/velero/manifests/schedule.yaml b/values/velero/manifests/schedule.yaml new file mode 100644 index 00000000..627b920d --- /dev/null +++ b/values/velero/manifests/schedule.yaml @@ -0,0 +1,31 @@ +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: full-backup + namespace: velero +spec: + paused: false + schedule: '@every 24h' + skipImmediately: false + template: + csiSnapshotTimeout: 10m0s + defaultVolumesToRestic: true + excludedNamespaces: + - cilium-secrets + - cilium-spire + - grafana + - jaeger + - kube-system + - loki + - rabbitmq + - prometheus + - tempo + - test + - velero + includedNamespaces: + - '*' + includedResources: + - '*' + storageLocation: default + ttl: 336h0m0s + useOwnerReferencesInBackup: false diff --git a/values/velero/manifests/velero.yaml b/values/velero/manifests/velero.yaml index 2e455085..595dc1da 100644 --- a/values/velero/manifests/velero.yaml +++ b/values/velero/manifests/velero.yaml @@ -10,13 +10,16 @@ spec: server: 'https://kubernetes.default.svc' sources: - repoURL: {{ .Values.clusterConfig.manifests }} - targetRevision: HEAD - path: helmfiles/velero + # targetRevision: HEAD + targetRevision: mrtz/helmify + path: helmfile.d plugin: - name: helmfile + name: helmfile-cmp env: - name: CLUSTER_NAME value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: default project: sys syncPolicy: managedNamespaceMetadata: diff --git a/values/velero/values.yaml.gotmpl b/values/velero/values.yaml.gotmpl index 966cdf7d..9cd033cb 100644 --- a/values/velero/values.yaml.gotmpl +++ b/values/velero/values.yaml.gotmpl @@ -2,16 +2,16 @@ velero: enabled: true autosync: true kubeletRootDir: "/var/lib/kubernetes/pods" - bucket: velero-backup + bucket: backup bsl: default # Opt-in or opt-out pvc backup # https://velero.io/docs/main/file-system-backup/#to-back-up backupAllVolumes: true credentials: - secretName: "s3-credentials" + secretName: "velero-s3" s3: region: us-east-1 - url: "https://nutanix-obj-s3.kube-system" + url: "http://10.255.241.30:30080" insecureSkipTLSVerify: true resources: velero: diff --git a/values/velero/values/velero.yaml.gotmpl b/values/velero/values/velero.yaml.gotmpl index a1ffec82..c6d89ec2 100644 --- a/values/velero/values/velero.yaml.gotmpl +++ b/values/velero/values/velero.yaml.gotmpl @@ -28,17 +28,17 @@ configuration: uploaderType: kopia # Backup all volumes by default defaultVolumesToFsBackup: {{ .Values.velero.backupAllVolumes }} - ## https://velero.io/docs/v1.6/api-types/backupstoragelocation/ + # https://velero.io/docs/v1.6/api-types/backupstoragelocation/ backupStorageLocation: - name: {{ .Values.velero.bsl }} bucket: {{ .Values.velero.bucket }} provider: aws default: true ## prefix is the directory under which all Velero data should be stored within the bucket. Optional. - prefix: {{ .Values.cluster_config.cluster }}/velero + prefix: {{ .Values.clusterConfig.cluster }}/velero accessMode: ReadWrite config: - ## ONLY us-east-1 region is supported by nutanix + # ONLY us-east-1 region is supported by nutanix region: {{ .Values.velero.s3.region }} s3ForcePathStyle: "true" s3Url: {{ .Values.velero.s3.url }} diff --git a/values/x509-exporter/kustomize/base/kustomization.yaml b/values/x509-exporter/kustomize/base/kustomization.yaml deleted file mode 100644 index 57f354b1..00000000 --- a/values/x509-exporter/kustomize/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - _manifest.yaml diff --git a/values/x509-exporter/kustomize/default/kustomization.yaml b/values/x509-exporter/kustomize/default/kustomization.yaml deleted file mode 100644 index 22967828..00000000 --- a/values/x509-exporter/kustomize/default/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -resources: - - ../base diff --git a/values/x509-exporter/manifests/dashboards/x509-exporter-dashbaoard.yaml b/values/x509-exporter/manifests/dashboards/x509-exporter-dashbaoard.yaml new file mode 100644 index 00000000..01a9bc0a --- /dev/null +++ b/values/x509-exporter/manifests/dashboards/x509-exporter-dashbaoard.yaml @@ -0,0 +1,2011 @@ +{{- if .Values.x509_exporter.enabled }} +apiVersion: v1 +data: + x509-dash.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Unified dashboard for checking certificates expiration: Kubernetes Secrets, certificate files on nodes, or on any server.", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 13922, + "graphTooltip": 0, + "iteration": 1678705600458, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 24, + "panels": [], + "title": "Overview", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "super-light-blue" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 1 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "count(x509_cert_not_after)", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Total Certificates", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "dark-red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 5, + "y": 1 + }, + "id": 18, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "sum(((x509_cert_not_after - time()) / 86400) < bool 0)", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Expired", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 8, + "y": 1 + }, + "id": 19, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "sum(0 < ((x509_cert_not_after - time()) / 86400) < bool $critical_threshold)", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Expiring within $critical_threshold days", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 11, + "y": 1 + }, + "id": 20, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "sum(0 < ((x509_cert_not_after - time()) / 86400) < bool $warning_threshold)", + "instant": false, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Expiring within $warning_threshold days", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "super-light-blue" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 14, + "y": 1 + }, + "id": 17, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "count(x509_read_errors)", + "instant": false, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Exporters", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 14, + "y": 4 + }, + "id": 36, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "sum(x509_read_errors)", + "instant": false, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Exporter Errors", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 26, + "panels": [], + "title": "Expiration", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Because of a missing feature in Grafana, critical and warning thresholds from dashboard variables will not affect coloration of the Time Left column in this table.\n\nThresholds are to be set manually in the Overrides settings for this widget.\n\nPlease vote or contribute to issue : https://github.com/grafana/grafana/issues/922", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time Left" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 200 + }, + { + "id": "custom.filterable", + "value": false + }, + { + "id": "custom.displayMode", + "value": "color-background" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red" + }, + { + "color": "red", + "value": 0 + }, + { + "color": "yellow", + "value": 7 + }, + { + "color": "green", + "value": 28 + } + ] + } + }, + { + "id": "unit", + "value": "d" + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 46, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "sort(((x509_cert_not_after{secret_name!=\"linkerd-identity-issuer\", issuer_O=\"\", issuer_CN!=\"webhook.linkerd.cluster.local\"} - time()) / 86400) < $list_threshold)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Kubernetes Secrets (no issuer) (time left < $list_threshold days)", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(subject_CN|secret_namespace|secret_name|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Value": 3, + "secret_name": 2, + "secret_namespace": 1, + "subject_CN": 0 + }, + "renameByName": { + "Value": "Time Left", + "secret_name": "Secret Name", + "secret_namespace": "Secret Namespace", + "subject_CN": "Subject CN" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Because of a missing feature in Grafana, critical and warning thresholds from dashboard variables will not affect coloration of the Time Left column in this table.\n\nThresholds are to be set manually in the Overrides settings for this widget.\n\nPlease vote or contribute to issue : https://github.com/grafana/grafana/issues/922", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time Left" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 200 + }, + { + "id": "custom.filterable", + "value": false + }, + { + "id": "custom.displayMode", + "value": "color-background" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + }, + { + "color": "red", + "value": 0 + }, + { + "color": "#EAB839", + "value": 7 + }, + { + "color": "green", + "value": 28 + } + ] + } + }, + { + "id": "unit", + "value": "d" + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 47, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": false, + "expr": "sort(((x509_cert_not_after{issuer_O!=\"\"} - time()) / 86400) < $list_threshold)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Kubernetes Secrets (with issuer) (time left < $list_threshold days)", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(subject_CN|secret_namespace|secret_name|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Value": 3, + "secret_name": 2, + "secret_namespace": 1, + "subject_CN": 0 + }, + "renameByName": { + "Value": "Time Left", + "filepath": "File Path", + "instance": "Instance", + "subject_CN": "Subject CN" + } + } + } + ], + "type": "table" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 12, + "panels": [], + "title": "Charts", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Certificate Count" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 150 + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 0, + "y": 22 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "topk(10, sort_desc(count by (issuer_CN) (x509_cert_not_after)))", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Top Issuers", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "names": [ + "issuer_CN", + "Value" + ] + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Certificate Count", + "issuer_CN": "Issuer CN" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Certificate Count" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 150 + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 8, + "y": 22 + }, + "id": 15, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "topk(10, sort_desc(count by (secret_namespace) (x509_cert_not_after{secret_namespace!=\"\"})))", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Top Namespaces (Kubernetes Secrets)", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "names": [ + "Value", + "secret_namespace" + ] + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Certificate Count", + "secret_namespace": "Namespace" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Days" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 100 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Secret Namespace" + }, + "properties": [ + { + "id": "custom.width", + "value": 258 + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 34 + }, + "id": 31, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "bottomk(10, (x509_cert_not_after{secret_name!=\"\"} - x509_cert_not_before) / 86400)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Kubernetes Secrets : Shortest Validity Period", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(subject_CN|secret_namespace|secret_name|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Value": 3, + "secret_name": 2, + "secret_namespace": 1, + "subject_CN": 0 + }, + "renameByName": { + "Value": "Days", + "secret_name": "Secret Name", + "secret_namespace": "Secret Namespace", + "subject_CN": "Subject CN" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Days" + }, + "properties": [ + { + "id": "custom.align", + "value": "center" + }, + { + "id": "custom.width", + "value": 100 + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 34 + }, + "id": 28, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "topk(10, (x509_cert_not_after{secret_name!=\"\"} - x509_cert_not_before) / 86400)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Kubernetes Secrets : Longest Validity Period", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(subject_CN|secret_namespace|secret_name|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Value": 3, + "secret_name": 2, + "secret_namespace": 1, + "subject_CN": 0 + }, + "renameByName": { + "Value": "Days", + "secret_name": "Secret Name", + "secret_namespace": "Secret Namespace", + "subject_CN": "Subject CN" + } + } + } + ], + "type": "table" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 46 + }, + "id": 35, + "panels": [], + "title": "Exporters", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 47 + }, + "hiddenSeries": false, + "id": 38, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "count(x509_read_errors)", + "interval": "", + "legendFormat": "exporters", + "queryType": "randomWalk", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Reporting Exporters", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:237", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:238", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": { + "exporters with errors": "red" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 47 + }, + "hiddenSeries": false, + "id": 39, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (x509_read_errors > bool 0)", + "interval": "", + "legendFormat": "exporters with errors", + "queryType": "randomWalk", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Exporters with Errors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:237", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:238", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": { + "error rate": "red", + "errors": "red" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 55 + }, + "hiddenSeries": false, + "id": 41, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(x509_read_errors[15m]))", + "interval": "", + "legendFormat": "error rate", + "queryType": "randomWalk", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Error Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:237", + "format": "cps", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:238", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": { + "errors": "red" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 55 + }, + "hiddenSeries": false, + "id": 40, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.5.3", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(x509_read_errors)", + "interval": "", + "legendFormat": "errors", + "queryType": "randomWalk", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Cumulative Errors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:237", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:238", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Rate" + }, + "properties": [ + { + "id": "custom.width", + "value": 150 + }, + { + "id": "custom.align", + "value": "center" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 63 + }, + "id": 43, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "topk(10, rate(x509_read_errors[6h]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Top Exporters by Error Rate", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(instance|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Rate", + "instance": "Instance" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Errors" + }, + "properties": [ + { + "id": "custom.width", + "value": 150 + }, + { + "id": "custom.align", + "value": "center" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 63 + }, + "id": 44, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "8.5.3", + "targets": [ + { + "expr": "topk(10, x509_read_errors)", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Top Exporters by Cumulative Errors", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "pattern": "^(instance|Value)$" + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Errors", + "instance": "Instance" + } + } + } + ], + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 36, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "Datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "7", + "value": "7" + }, + "hide": 0, + "includeAll": false, + "label": "Critical Threshold (days)", + "multi": false, + "name": "critical_threshold", + "options": [ + { + "selected": false, + "text": "1", + "value": "1" + }, + { + "selected": true, + "text": "7", + "value": "7" + }, + { + "selected": false, + "text": "14", + "value": "14" + }, + { + "selected": false, + "text": "15", + "value": "15" + }, + { + "selected": false, + "text": "28", + "value": "28" + }, + { + "selected": false, + "text": "30", + "value": "30" + }, + { + "selected": false, + "text": "60", + "value": "60" + }, + { + "selected": false, + "text": "90", + "value": "90" + }, + { + "selected": false, + "text": "180", + "value": "180" + }, + { + "selected": false, + "text": "365", + "value": "365" + } + ], + "query": "1,7,14,15,28,30,60,90,180,365", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": false, + "text": "28", + "value": "28" + }, + "hide": 0, + "includeAll": false, + "label": "Warning Threshold (days)", + "multi": false, + "name": "warning_threshold", + "options": [ + { + "selected": false, + "text": "1", + "value": "1" + }, + { + "selected": false, + "text": "7", + "value": "7" + }, + { + "selected": false, + "text": "14", + "value": "14" + }, + { + "selected": false, + "text": "15", + "value": "15" + }, + { + "selected": true, + "text": "28", + "value": "28" + }, + { + "selected": false, + "text": "30", + "value": "30" + }, + { + "selected": false, + "text": "60", + "value": "60" + }, + { + "selected": false, + "text": "90", + "value": "90" + }, + { + "selected": false, + "text": "180", + "value": "180" + }, + { + "selected": false, + "text": "365", + "value": "365" + } + ], + "query": "1,7,14,15,28,30,60,90,180,365", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": true, + "text": "7300", + "value": "7300" + }, + "hide": 0, + "includeAll": false, + "label": "List expiring in less than (days)", + "multi": false, + "name": "list_threshold", + "options": [ + { + "selected": false, + "text": "1", + "value": "1" + }, + { + "selected": false, + "text": "7", + "value": "7" + }, + { + "selected": false, + "text": "15", + "value": "15" + }, + { + "selected": false, + "text": "30", + "value": "30" + }, + { + "selected": false, + "text": "60", + "value": "60" + }, + { + "selected": false, + "text": "90", + "value": "90" + }, + { + "selected": false, + "text": "180", + "value": "180" + }, + { + "selected": false, + "text": "365", + "value": "365" + }, + { + "selected": false, + "text": "730", + "value": "730" + }, + { + "selected": false, + "text": "1095", + "value": "1095" + }, + { + "selected": false, + "text": "1460", + "value": "1460" + }, + { + "selected": false, + "text": "1825", + "value": "1825" + }, + { + "selected": false, + "text": "3650", + "value": "3650" + }, + { + "selected": true, + "text": "7300", + "value": "7300" + } + ], + "query": "1,7,15,30,60,90,180,365,730,1095,1460,1825,3650,7300", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Certificates Expiration (X509 Certificate Exporter)", + "uid": "lHnsYlPGk", + "version": 2, + "weekStart": "" + } +kind: ConfigMap +metadata: + creationTimestamp: null + name: x509-exporter-dashboard + namespace: prometheus + labels: + grafana_dashboard: "1" +{{- end }} diff --git a/values/x509-exporter/manifests/x509-certificates.yaml b/values/x509-exporter/manifests/x509-certificates.yaml new file mode 100644 index 00000000..a488fd04 --- /dev/null +++ b/values/x509-exporter/manifests/x509-certificates.yaml @@ -0,0 +1,48 @@ +{{- if .Values.x509_exporter.alerts }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + # Some labels for various prometheus matching + k8s-app: x509-exporter + prometheus: k8s + role: alert-rules + name: x509-exporter-x509-certificate-exporter + namespace: x509-exporter +spec: + groups: + - name: x509-certificate-exporter.rules + rules: + - alert: X509ExporterReadErrors + annotations: + description: Over the last 15 minutes, this x509-certificate-exporter instance has experienced errors reading certificate files or querying the Kubernetes API. This could be caused by a misconfiguration if triggered when the exporter starts. + summary: Increasing read errors for x509-certificate-exporter + expr: delta(x509_read_errors[15m]) > 0 + for: 5m + labels: + severity: warning + - alert: CertificateError + annotations: + description: Certificate could not be decoded {{`{{`}}if $labels.secret_name {{`}}`}} in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}} + summary: Certificate cannot be decoded + expr: x509_cert_error > 0 + for: 15m + labels: + severity: warning + - alert: CertificateRenewal + annotations: + description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" should be renewed {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}} + summary: Certificate should be renewed + expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 28 + for: 15m + labels: + severity: warning + - alert: CertificateExpiration + annotations: + description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" is about to expire {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}} + summary: Certificate is about to expire + expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 14 + for: 15m + labels: + severity: critical +{{- end }}