Merge changes I574c3b05,I95020080,I894e47f3,I86c5c547
* changes: Adapt to ytt 0.28.0 Sort monitoring and logging components into sub-maps in the config Collect logs from Gerrit in Kubernetes Add promtail chart to collect logs from cluster
This commit is contained in:
commit
50c3a5aac8
77
README.md
77
README.md
|
@ -10,9 +10,10 @@ The setup is provided as a helm chart. It can be installed using Helm
|
|||
The charts used in this setup are the chart provided in the open source and can be
|
||||
found on GitHub:
|
||||
|
||||
- [Prometheus](https://github.com/helm/charts/tree/master/stable/prometheus)
|
||||
- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana)
|
||||
- [Loki](https://github.com/grafana/loki/tree/master/production/helm/loki)
|
||||
- [Prometheus](https://github.com/helm/charts/tree/master/stable/prometheus)
|
||||
- [Promtail](https://github.com/grafana/loki/tree/master/production/helm/promtail)
|
||||
|
||||
This project just provides `values.yaml`-files that are already configured to
|
||||
work with the `metrics-reporter-prometheus`-plugin of Gerrit to make the setup
|
||||
|
@ -76,43 +77,43 @@ setup, some configuration is highly dependent on the specific installation.
|
|||
These options have to be configured in the `./config.yaml` before installing and
|
||||
are listed here:
|
||||
|
||||
| option | description |
|
||||
|-----------------------------------------|----------------------------------------------------------------------------------------|
|
||||
| `gerritServers` | List of Gerrit servers to scrape. For details refer to section [below](#gerritServers) |
|
||||
| `namespace` | The namespace the charts are installed to |
|
||||
| `tls.skipVerify` | Whether to skip TLS certificate verification |
|
||||
| `tls.caCert` | CA certificate used for TLS certificate verification |
|
||||
| `prometheus.server.host` | Prometheus server ingress hostname |
|
||||
| `prometheus.server.username` | Username for Prometheus |
|
||||
| `prometheus.server.password` | Password for Prometheus |
|
||||
| `prometheus.server.tls.cert` | TLS certificate |
|
||||
| `prometheus.server.tls.key` | TLS key |
|
||||
| `prometheus.alertmanager.slack.apiUrl` | API URL of the Slack Webhook |
|
||||
| `prometheus.alertmanager.slack.channel` | Channel to which the alerts should be posted |
|
||||
| `loki.host` | Loki ingress hostname |
|
||||
| `loki.username` | Username for Loki |
|
||||
| `loki.password` | Password for Loki |
|
||||
| `loki.s3.protocol` | Protocol used for communicating with S3 |
|
||||
| `loki.s3.host` | Hostname of the S3 object store |
|
||||
| `loki.s3.accessToken` | The EC2 accessToken used for authentication with S3 |
|
||||
| `loki.s3.secret` | The secret associated with the accessToken |
|
||||
| `loki.s3.bucket` | The name of the S3 bucket |
|
||||
| `loki.s3.region` | The region in which the S3 bucket is hosted |
|
||||
| `loki.tls.cert` | TLS certificate |
|
||||
| `loki.tls.key` | TLS key |
|
||||
| `grafana.host` | Grafana ingress hostname |
|
||||
| `grafana.tls.cert` | TLS certificate |
|
||||
| `grafana.tls.key` | TLS key |
|
||||
| `grafana.admin.username` | Username for the admin user |
|
||||
| `grafana.admin.password` | Password for the admin user |
|
||||
| `grafana.ldap.enabled` | Whether to enable LDAP |
|
||||
| `grafana.ldap.host` | Hostname of LDAP server |
|
||||
| `grafana.ldap.port` | Port of LDAP server (Has to be `quoted`!) |
|
||||
| `grafana.ldap.password` | Password of LDAP server |
|
||||
| `grafana.ldap.bind_dn` | Bind DN (username) of the LDAP server |
|
||||
| `grafana.ldap.accountBases` | List of base DNs to discover accounts (Has to have the format `"['a', 'b']"`) |
|
||||
| `grafana.ldap.groupBases` | List of base DNs to discover groups (Has to have the format `"['a', 'b']"`) |
|
||||
| `grafana.dashboards.editable` | Whether dashboards can be edited manually in the UI |
|
||||
| option | description |
|
||||
|----------------------------------------------------|----------------------------------------------------------------------------------------|
|
||||
| `gerritServers` | List of Gerrit servers to scrape. For details refer to section [below](#gerritServers) |
|
||||
| `namespace` | The namespace the charts are installed to |
|
||||
| `tls.skipVerify` | Whether to skip TLS certificate verification |
|
||||
| `tls.caCert` | CA certificate used for TLS certificate verification |
|
||||
| `monitoring.prometheus.server.host` | Prometheus server ingress hostname |
|
||||
| `monitoring.prometheus.server.username` | Username for Prometheus |
|
||||
| `monitoring.prometheus.server.password` | Password for Prometheus |
|
||||
| `monitoring.prometheus.server.tls.cert` | TLS certificate |
|
||||
| `monitoring.prometheus.server.tls.key` | TLS key |
|
||||
| `monitoring.prometheus.alertmanager.slack.apiUrl` | API URL of the Slack Webhook |
|
||||
| `monitoring.prometheus.alertmanager.slack.channel` | Channel to which the alerts should be posted |
|
||||
| `monitoring.grafana.host` | Grafana ingress hostname |
|
||||
| `monitoring.grafana.tls.cert` | TLS certificate |
|
||||
| `monitoring.grafana.tls.key` | TLS key |
|
||||
| `monitoring.grafana.admin.username` | Username for the admin user |
|
||||
| `monitoring.grafana.admin.password` | Password for the admin user |
|
||||
| `monitoring.grafana.ldap.enabled` | Whether to enable LDAP |
|
||||
| `monitoring.grafana.ldap.host` | Hostname of LDAP server |
|
||||
| `monitoring.grafana.ldap.port` | Port of LDAP server (Has to be `quoted`!) |
|
||||
| `monitoring.grafana.ldap.password` | Password of LDAP server |
|
||||
| `monitoring.grafana.ldap.bind_dn` | Bind DN (username) of the LDAP server |
|
||||
| `monitoring.grafana.ldap.accountBases` | List of base DNs to discover accounts (Has to have the format `"['a', 'b']"`) |
|
||||
| `monitoring.grafana.ldap.groupBases` | List of base DNs to discover groups (Has to have the format `"['a', 'b']"`) |
|
||||
| `monitoring.grafana.dashboards.editable` | Whether dashboards can be edited manually in the UI |
|
||||
| `logging.loki.host` | Loki ingress hostname |
|
||||
| `logging.loki.username` | Username for Loki |
|
||||
| `logging.loki.password` | Password for Loki |
|
||||
| `logging.loki.s3.protocol` | Protocol used for communicating with S3 |
|
||||
| `logging.loki.s3.host` | Hostname of the S3 object store |
|
||||
| `logging.loki.s3.accessToken` | The EC2 accessToken used for authentication with S3 |
|
||||
| `logging.loki.s3.secret` | The secret associated with the accessToken |
|
||||
| `logging.loki.s3.bucket` | The name of the S3 bucket |
|
||||
| `logging.loki.s3.region` | The region in which the S3 bucket is hosted |
|
||||
| `logging.loki.tls.cert` | TLS certificate |
|
||||
| `logging.loki.tls.key` | TLS key |
|
||||
|
||||
### `gerritServers`
|
||||
|
||||
|
|
|
@ -26,8 +26,8 @@ class AbstractConfigManager(abc.ABC):
|
|||
self.config_path = config_path
|
||||
|
||||
self.requires_htpasswd = [
|
||||
["loki"],
|
||||
["prometheus", "server"],
|
||||
["logging", "loki"],
|
||||
["monitoring", "prometheus", "server"],
|
||||
]
|
||||
|
||||
def get_config(self):
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#@ load("@ytt:data", "data")
|
||||
#@ load("@ytt:base64", "base64")
|
||||
#@ if data.values.grafana.ldap.enabled and not data.values.tls.skipVerify:
|
||||
#@ if data.values.monitoring.grafana.ldap.enabled and not data.values.tls.skipVerify:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -7,9 +7,9 @@ metadata:
|
|||
name: grafana-credentials
|
||||
namespace: #@ data.values.namespace
|
||||
data:
|
||||
admin-user: #@ base64.encode(data.values.grafana.admin.username)
|
||||
admin-password: #@ base64.encode(data.values.grafana.admin.password)
|
||||
#@ if data.values.grafana.ldap.enabled:
|
||||
admin-user: #@ base64.encode(data.values.monitoring.grafana.admin.username)
|
||||
admin-password: #@ base64.encode(data.values.monitoring.grafana.admin.password)
|
||||
#@ if data.values.monitoring.grafana.ldap.enabled:
|
||||
ldap-toml: #@ base64.encode(format_ldap_toml())
|
||||
#@ end
|
||||
type: Opaque
|
||||
|
|
|
@ -7,5 +7,5 @@ metadata:
|
|||
namespace: #@ data.values.namespace
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: #@ base64.encode(data.values.grafana.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.grafana.tls.key)
|
||||
tls.crt: #@ base64.encode(data.values.monitoring.grafana.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.monitoring.grafana.tls.key)
|
||||
|
|
|
@ -2,18 +2,18 @@
|
|||
(@ def format_ldap_toml(): -@)
|
||||
[[servers]]
|
||||
|
||||
host = "(@= data.values.grafana.ldap.host @)"
|
||||
port = (@= data.values.grafana.ldap.port @)
|
||||
host = "(@= data.values.monitoring.grafana.ldap.host @)"
|
||||
port = (@= data.values.monitoring.grafana.ldap.port @)
|
||||
use_ssl = true
|
||||
start_tls = false
|
||||
ssl_skip_verify = (@= "{}".format(data.values.tls.skipVerify).lower() @)
|
||||
root_ca_cert = "/etc/secrets/server.ca.crt"
|
||||
bind_dn = "(@= data.values.grafana.ldap.bind_dn @)"
|
||||
bind_password = "(@= data.values.grafana.ldap.password @)"
|
||||
bind_dn = "(@= data.values.monitoring.grafana.ldap.bind_dn @)"
|
||||
bind_password = "(@= data.values.monitoring.grafana.ldap.password @)"
|
||||
search_filter = "(cn=%s)"
|
||||
search_base_dns = (@= data.values.grafana.ldap.accountBases @)
|
||||
search_base_dns = (@= data.values.monitoring.grafana.ldap.accountBases @)
|
||||
group_search_filter = "(cn=%s)"
|
||||
group_search_base_dns = (@= data.values.grafana.ldap.groupBases @)
|
||||
group_search_base_dns = (@= data.values.monitoring.grafana.ldap.groupBases @)
|
||||
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "*"
|
||||
|
|
|
@ -101,7 +101,8 @@ downloadDashboards:
|
|||
# podAnnotations: {}
|
||||
|
||||
## Pod Labels
|
||||
# podLabels: {}
|
||||
podLabels:
|
||||
app: grafana
|
||||
|
||||
podPortName: grafana
|
||||
|
||||
|
@ -129,7 +130,7 @@ ingress:
|
|||
labels: {}
|
||||
path: /
|
||||
hosts:
|
||||
- #@ data.values.grafana.host
|
||||
- #@ data.values.monitoring.grafana.host
|
||||
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
||||
extraPaths: []
|
||||
# - path: /*
|
||||
|
@ -139,7 +140,7 @@ ingress:
|
|||
tls:
|
||||
- secretName: grafana-server-tls
|
||||
hosts:
|
||||
- #@ data.values.grafana.host
|
||||
- #@ data.values.monitoring.grafana.host
|
||||
|
||||
resources:
|
||||
limits:
|
||||
|
@ -270,7 +271,7 @@ envRenderSecret: {}
|
|||
## Additional grafana server secret mounts
|
||||
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
|
||||
extraSecretMounts:
|
||||
#@ if data.values.grafana.ldap.enabled and not data.values.tls.skipVerify:
|
||||
#@ if data.values.monitoring.grafana.ldap.enabled and not data.values.tls.skipVerify:
|
||||
- name: tls-ca
|
||||
mountPath: /etc/secrets
|
||||
secretName: grafana-ca
|
||||
|
@ -395,7 +396,7 @@ grafana.ini:
|
|||
## LDAP Authentication can be enabled with the following values on grafana.ini
|
||||
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
|
||||
auth.ldap:
|
||||
enabled: #@ data.values.grafana.ldap.enabled
|
||||
enabled: #@ data.values.monitoring.grafana.ldap.enabled
|
||||
allow_sign_up: true
|
||||
config_file: /etc/grafana/ldap.toml
|
||||
|
||||
|
@ -405,7 +406,7 @@ grafana.ini:
|
|||
## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
|
||||
## ref: http://docs.grafana.org/installation/ldap/#configuration
|
||||
ldap:
|
||||
enabled: #@ data.values.grafana.ldap.enabled
|
||||
enabled: #@ data.values.monitoring.grafana.ldap.enabled
|
||||
# `existingSecret` is a reference to an existing secret containing the ldap configuration
|
||||
# for Grafana in a key `ldap-toml`.
|
||||
existingSecret: "grafana-credentials"
|
||||
|
@ -474,7 +475,7 @@ sidecar:
|
|||
# disableDelete to activate a import-only behaviour
|
||||
disableDelete: true
|
||||
# allow updating provisioned dashboards from the UI
|
||||
allowUiUpdates: #@ data.values.grafana.dashboards.editable
|
||||
allowUiUpdates: #@ data.values.monitoring.grafana.dashboards.editable
|
||||
datasources:
|
||||
enabled: false
|
||||
## Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
|
||||
|
|
|
@ -6,5 +6,5 @@ metadata:
|
|||
name: loki-basic-auth
|
||||
namespace: #@ data.values.namespace
|
||||
data:
|
||||
auth: #@ base64.encode(data.values.loki.htpasswd)
|
||||
auth: #@ base64.encode(data.values.logging.loki.htpasswd)
|
||||
type: Opaque
|
||||
|
|
|
@ -7,5 +7,5 @@ metadata:
|
|||
namespace: #@ data.values.namespace
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: #@ base64.encode(data.values.loki.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.loki.tls.key)
|
||||
tls.crt: #@ base64.encode(data.values.logging.loki.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.logging.loki.tls.key)
|
||||
|
|
|
@ -14,13 +14,13 @@ ingress:
|
|||
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: #@ data.values.loki.host
|
||||
- host: #@ data.values.logging.loki.host
|
||||
paths:
|
||||
- /
|
||||
tls:
|
||||
- secretName: loki-server-tls
|
||||
hosts:
|
||||
- #@ data.values.loki.host
|
||||
- #@ data.values.logging.loki.host
|
||||
|
||||
## Affinity for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
|
@ -87,7 +87,7 @@ config:
|
|||
boltdb:
|
||||
directory: /data/loki/index
|
||||
aws:
|
||||
s3: #@ "{}://{}:{}@{}/{}".format(data.values.loki.s3.protocol, data.values.loki.s3.accessToken, data.values.loki.s3.secret, data.values.loki.s3.host, data.values.loki.s3.bucket)
|
||||
s3: #@ "{}://{}:{}@{}/{}".format(data.values.logging.loki.s3.protocol, data.values.logging.loki.s3.accessToken, data.values.logging.loki.s3.secret, data.values.logging.loki.s3.host, data.values.logging.loki.s3.bucket)
|
||||
s3forcepathstyle: true
|
||||
chunk_store_config:
|
||||
max_look_back_period: 0
|
||||
|
@ -243,4 +243,4 @@ extraPorts: []
|
|||
# Extra env variables to pass to the loki container
|
||||
env:
|
||||
- name: AWS_REGION
|
||||
value: #@ data.values.loki.s3.region
|
||||
value: #@ data.values.logging.loki.s3.region
|
||||
|
|
|
@ -6,5 +6,5 @@ metadata:
|
|||
name: prometheus-basic-auth
|
||||
namespace: #@ data.values.namespace
|
||||
data:
|
||||
auth: #@ base64.encode(data.values.prometheus.server.htpasswd)
|
||||
auth: #@ base64.encode(data.values.monitoring.prometheus.server.htpasswd)
|
||||
type: Opaque
|
||||
|
|
|
@ -17,7 +17,7 @@ data:
|
|||
|
||||
#@ if not data.values.tls.skipVerify:
|
||||
server.ca.crt: #@ base64.encode(data.values.tls.caCert)
|
||||
server.crt: #@ base64.encode(data.values.prometheus.server.tls.cert)
|
||||
server.key: #@ base64.encode(data.values.prometheus.server.tls.key)
|
||||
server.crt: #@ base64.encode(data.values.monitoring.prometheus.server.tls.cert)
|
||||
server.key: #@ base64.encode(data.values.monitoring.prometheus.server.tls.key)
|
||||
#@ end
|
||||
type: Opaque
|
||||
|
|
|
@ -7,5 +7,5 @@ metadata:
|
|||
namespace: #@ data.values.namespace
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: #@ base64.encode(data.values.prometheus.server.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.prometheus.server.tls.key)
|
||||
tls.crt: #@ base64.encode(data.values.monitoring.prometheus.server.tls.cert)
|
||||
tls.key: #@ base64.encode(data.values.monitoring.prometheus.server.tls.key)
|
||||
|
|
|
@ -675,7 +675,7 @@ server:
|
|||
## Must be provided if Ingress is enabled
|
||||
##
|
||||
hosts:
|
||||
- #@ data.values.prometheus.server.host
|
||||
- #@ data.values.monitoring.prometheus.server.host
|
||||
# - prometheus.domain.com
|
||||
# - domain.com/prometheus
|
||||
|
||||
|
@ -692,7 +692,7 @@ server:
|
|||
tls:
|
||||
- secretName: prometheus-server-tls
|
||||
hosts:
|
||||
- #@ data.values.prometheus.server.host
|
||||
- #@ data.values.monitoring.prometheus.server.host
|
||||
|
||||
## Server Deployment Strategy type
|
||||
# strategy:
|
||||
|
@ -1055,12 +1055,12 @@ pushgateway:
|
|||
alertmanagerFiles:
|
||||
alertmanager.yml:
|
||||
global:
|
||||
slack_api_url: #@ data.values.prometheus.alertmanager.slack.apiUrl
|
||||
slack_api_url: #@ data.values.monitoring.prometheus.alertmanager.slack.apiUrl
|
||||
|
||||
receivers:
|
||||
- name: gerrit-admin
|
||||
slack_configs:
|
||||
- channel: #@ data.values.prometheus.alertmanager.slack.channel
|
||||
- channel: #@ data.values.monitoring.prometheus.alertmanager.slack.channel
|
||||
send_resolved: true
|
||||
title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
|
||||
text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
|
||||
|
|
1
charts/promtail/VERSION
Normal file
1
charts/promtail/VERSION
Normal file
|
@ -0,0 +1 @@
|
|||
0.22.1
|
300
charts/promtail/promtail.yaml
Normal file
300
charts/promtail/promtail.yaml
Normal file
|
@ -0,0 +1,300 @@
|
|||
#@ load("@ytt:data", "data")
|
||||
|
||||
## Affinity for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
affinity: {}
|
||||
|
||||
annotations: {}
|
||||
|
||||
# The update strategy to apply to the DaemonSet
|
||||
##
|
||||
deploymentStrategy: {}
|
||||
# rollingUpdate:
|
||||
# maxUnavailable: 1
|
||||
# type: RollingUpdate
|
||||
|
||||
initContainer:
|
||||
enabled: false
|
||||
fsInotifyMaxUserInstances: 128
|
||||
|
||||
image:
|
||||
repository: grafana/promtail
|
||||
tag: v1.3.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
livenessProbe: {}
|
||||
|
||||
loki:
|
||||
serviceName: #@ "loki-{}".format(data.values.namespace)
|
||||
servicePort: 3100
|
||||
serviceScheme: http
|
||||
user: #@ data.values.logging.loki.username
|
||||
password: #@ data.values.logging.loki.password
|
||||
|
||||
nameOverride: #@ "promtail-{}".format(data.values.namespace, data.values.namespace)
|
||||
|
||||
## Node labels for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||
nodeSelector: {}
|
||||
|
||||
pipelineStages:
|
||||
- docker: {}
|
||||
|
||||
## Pod Labels
|
||||
podLabels: {}
|
||||
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "http-metrics"
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName:
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
pspEnabled: true
|
||||
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: http-metrics
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 128Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
# Custom scrape_configs to override the default ones in the configmap
|
||||
scrapeConfigs:
|
||||
- job_name: kubernetes-pods-monitoring
|
||||
pipeline_stages:
|
||||
- docker: {}
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- action: labeldrop
|
||||
regex: '__meta_kubernetes_pod_label_app_kubernetes_io_.*'
|
||||
- action: labeldrop
|
||||
regex: '__meta_kubernetes_pod_label_statefulset_kubernetes_io_.*'
|
||||
- action: labeldrop
|
||||
regex: '__meta_kubernetes_pod_label_controller_revision_hash'
|
||||
- action: labeldrop
|
||||
regex: '__meta_kubernetes_pod_label_pod_template_.*'
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_label_name
|
||||
target_label: __service__
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: __host__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
replacement: $1
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
- __meta_kubernetes_pod_label_app
|
||||
- __service__
|
||||
target_label: job
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: keep
|
||||
regex: #@ data.values.namespace
|
||||
source_labels:
|
||||
- namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- release
|
||||
target_label: chart_release
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: instance
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: container_name
|
||||
- replacement: /var/log/pods/*$1/*.log
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_uid
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: __path__
|
||||
#@ for gerrit in data.values.gerritServers.kubernetes:
|
||||
- job_name: #@ "kubernetes-pods-gerrit-{}".format(gerrit.namespace)
|
||||
pipeline_stages:
|
||||
- docker: {}
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- action: labeldrop
|
||||
regex: '__meta_kubernetes_pod_label_pod_template_.*'
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_label_name
|
||||
target_label: __service__
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: __host__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
replacement: $1
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
- __meta_kubernetes_pod_label_app
|
||||
- __service__
|
||||
target_label: job
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: keep
|
||||
regex: #@ gerrit.namespace
|
||||
source_labels:
|
||||
- namespace
|
||||
- source_labels:
|
||||
- #@ "__meta_kubernetes_pod_label_{}".format(gerrit.label.name)
|
||||
regex: #@ gerrit.label.value
|
||||
action: keep
|
||||
- action: replace
|
||||
source_labels:
|
||||
- release
|
||||
target_label: chart_release
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: instance
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: container_name
|
||||
- replacement: /var/log/pods/*$1/*.log
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_uid
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: __path__
|
||||
#@ end
|
||||
|
||||
# Custom scrape_configs together with the default ones in the configmap
|
||||
extraScrapeConfigs: []
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 0
|
||||
runAsUser: 0
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: promtail
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
|
||||
# Extra volumes to scrape logs from
|
||||
volumes:
|
||||
- name: docker
|
||||
hostPath:
|
||||
path: /var/lib/docker/containers
|
||||
- name: pods
|
||||
hostPath:
|
||||
path: /var/log/pods
|
||||
|
||||
# Custom volumes together with the default ones
|
||||
extraVolumes: []
|
||||
|
||||
volumeMounts:
|
||||
- name: docker
|
||||
mountPath: /var/lib/docker/containers
|
||||
readOnly: true
|
||||
- name: pods
|
||||
mountPath: /var/log/pods
|
||||
readOnly: true
|
||||
|
||||
# Custom volumeMounts together with the default ones
|
||||
extraVolumeMounts: []
|
||||
|
||||
# Add extra Commandline args while starting up promtail.
|
||||
# more info : https://github.com/grafana/loki/pull/1530
|
||||
|
||||
extraCommandlineArgs: []
|
||||
# example:
|
||||
# extraCommandlineArgs:
|
||||
# - -client.external-labels=hostname=$(HOSTNAME)
|
||||
|
||||
config:
|
||||
client:
|
||||
# Maximum wait period before sending batch
|
||||
batchwait: 1s
|
||||
# Maximum batch size to accrue before sending, unit is byte
|
||||
batchsize: 102400
|
||||
|
||||
# Maximum time to wait for server to respond to a request
|
||||
timeout: 10s
|
||||
|
||||
backoff_config:
|
||||
# Initial backoff time between retries
|
||||
minbackoff: 100ms
|
||||
# Maximum backoff time between retries
|
||||
maxbackoff: 5s
|
||||
# Maximum number of retries when sending batches, 0 means infinite retries
|
||||
maxretries: 20
|
||||
|
||||
# The labels to add to any time series or alerts when communicating with loki
|
||||
external_labels: {}
|
||||
|
||||
server:
|
||||
http_listen_port: 3101
|
||||
|
||||
positions:
|
||||
filename: /run/promtail/positions.yaml
|
||||
target_config:
|
||||
# Period to resync directories being watched and files being tailed
|
||||
sync_period: 10s
|
||||
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
interval: ""
|
||||
additionalLabels: {}
|
||||
# scrapeTimeout: 10s
|
||||
|
||||
# Extra env variables to pass to the promtail container
|
||||
env: []
|
||||
|
||||
# enable and configure if using the syslog scrape config
|
||||
syslogService:
|
||||
enabled: false
|
||||
type: ClusterIP
|
||||
port: 1514
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
82
config.yaml
82
config.yaml
|
@ -19,47 +19,49 @@ namespace: namespace
|
|||
tls:
|
||||
skipVerify: true
|
||||
caCert:
|
||||
prometheus:
|
||||
server:
|
||||
host: prometheus.example.com
|
||||
username:
|
||||
password:
|
||||
monitoring:
|
||||
prometheus:
|
||||
server:
|
||||
host: prometheus.example.com
|
||||
username:
|
||||
password:
|
||||
tls:
|
||||
cert:
|
||||
key:
|
||||
alertmanager:
|
||||
slack:
|
||||
apiUrl: https://hooks.slack.com/services/xxx/xxx
|
||||
channel: '#alerts'
|
||||
grafana:
|
||||
host: grafana.example.com
|
||||
tls:
|
||||
cert:
|
||||
key:
|
||||
alertmanager:
|
||||
slack:
|
||||
apiUrl: https://hooks.slack.com/services/xxx/xxx
|
||||
channel: '#alerts'
|
||||
loki:
|
||||
host: loki.example.com
|
||||
username:
|
||||
password:
|
||||
s3:
|
||||
protocol: https
|
||||
host: s3.eu-de-1.example.com
|
||||
accessToken: abcd
|
||||
secret: "1234"
|
||||
bucket: bucket
|
||||
region: eu-de-1
|
||||
tls:
|
||||
cert:
|
||||
key:
|
||||
grafana:
|
||||
host: grafana.example.com
|
||||
tls:
|
||||
cert:
|
||||
key:
|
||||
admin:
|
||||
username: admin
|
||||
password: secret
|
||||
ldap:
|
||||
enabled: false
|
||||
host:
|
||||
port: ""
|
||||
admin:
|
||||
username: admin
|
||||
password: secret
|
||||
ldap:
|
||||
enabled: false
|
||||
host:
|
||||
port: ""
|
||||
password:
|
||||
bind_dn:
|
||||
accountBases: "[]"
|
||||
groupBases: "[]"
|
||||
dashboards:
|
||||
editable: false
|
||||
logging:
|
||||
loki:
|
||||
host: loki.example.com
|
||||
username:
|
||||
password:
|
||||
bind_dn:
|
||||
accountBases: "[]"
|
||||
groupBases: "[]"
|
||||
dashboards:
|
||||
editable: false
|
||||
s3:
|
||||
protocol: https
|
||||
host: s3.eu-de-1.example.com
|
||||
accessToken: abcd
|
||||
secret: "1234"
|
||||
bucket: bucket
|
||||
region: eu-de-1
|
||||
tls:
|
||||
cert:
|
||||
key:
|
||||
|
|
|
@ -10,15 +10,15 @@ positions:
|
|||
filename: #@ "{}/positions.yaml".format(data.values.gerritServers.other[i].promtail.storagePath)
|
||||
|
||||
clients:
|
||||
- url: #@ "https://{}/loki/api/v1/push".format(data.values.loki.host)
|
||||
- url: #@ "https://{}/loki/api/v1/push".format(data.values.logging.loki.host)
|
||||
tls_config:
|
||||
insecure_skip_verify: #@ data.values.tls.skipVerify
|
||||
#@ if not data.values.tls.skipVerify:
|
||||
ca_file: #@ "{}/promtail.ca.crt".format(data.values.gerritServers.other[i].promtail.storagePath)
|
||||
#@ end
|
||||
basic_auth:
|
||||
username: #@ data.values.loki.username
|
||||
password: #@ data.values.loki.password
|
||||
username: #@ data.values.logging.loki.username
|
||||
password: #@ data.values.logging.loki.password
|
||||
scrape_configs:
|
||||
- job_name: gerrit_error
|
||||
static_configs:
|
|
@ -16,4 +16,5 @@ HELM_CHARTS = {
|
|||
"grafana": "stable/grafana",
|
||||
"loki": "loki/loki",
|
||||
"prometheus": "stable/prometheus",
|
||||
"promtail": "loki/promtail",
|
||||
}
|
||||
|
|
|
@ -14,7 +14,9 @@
|
|||
|
||||
import os.path
|
||||
import stat
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
import zipfile
|
||||
|
||||
import requests
|
||||
|
@ -26,6 +28,7 @@ from ._globals import HELM_CHARTS
|
|||
TEMPLATES = [
|
||||
"charts/namespace.yaml",
|
||||
"charts/prometheus",
|
||||
"charts/promtail",
|
||||
"charts/loki",
|
||||
"charts/grafana",
|
||||
"promtail",
|
||||
|
@ -79,7 +82,7 @@ def _create_promtail_configs(config, output_dir):
|
|||
if not os.path.exists(os.path.join(output_dir, "promtail")):
|
||||
os.mkdir(os.path.join(output_dir, "promtail"))
|
||||
|
||||
with open(os.path.join(output_dir, "promtail.yaml")) as f:
|
||||
with open(os.path.join(output_dir, "promtailLocalConfig.yaml")) as f:
|
||||
for promtail_config in yaml.load_all(f, Loader=yaml.SafeLoader):
|
||||
with open(
|
||||
os.path.join(
|
||||
|
@ -94,7 +97,7 @@ def _create_promtail_configs(config, output_dir):
|
|||
) as f:
|
||||
yaml.dump(promtail_config, f)
|
||||
|
||||
os.remove(os.path.join(output_dir, "promtail.yaml"))
|
||||
os.remove(os.path.join(output_dir, "promtailLocalConfig.yaml"))
|
||||
|
||||
if not config["tls"]["skipVerify"]:
|
||||
try:
|
||||
|
@ -145,7 +148,7 @@ def _run_ytt(config, output_dir):
|
|||
command += ["-f", template]
|
||||
|
||||
command += [
|
||||
"--output-directory",
|
||||
"--output-files",
|
||||
output_dir,
|
||||
"--ignore-unknown-comments",
|
||||
"-f",
|
||||
|
@ -229,13 +232,30 @@ def install(config_manager, output_dir, dryrun, update_repo):
|
|||
|
||||
if not os.path.exists(output_dir):
|
||||
os.mkdir(output_dir)
|
||||
elif os.listdir(output_dir):
|
||||
while True:
|
||||
response = input(
|
||||
(
|
||||
"Output directory already exists. This may lead to file conflicts "
|
||||
"and unwanted configuration applied to the cluster. Do you want "
|
||||
"to empty the directory? [y/n] "
|
||||
)
|
||||
)
|
||||
if response == "y":
|
||||
shutil.rmtree(output_dir)
|
||||
os.mkdir(output_dir)
|
||||
break
|
||||
if response == "n":
|
||||
print("Aborting installation. Please provide empty directory.")
|
||||
sys.exit(1)
|
||||
print("Unknown input.")
|
||||
|
||||
_run_ytt(config, output_dir)
|
||||
|
||||
namespace = config_manager.get_config()["namespace"]
|
||||
_create_dashboard_configmaps(output_dir, namespace)
|
||||
|
||||
if os.path.exists(os.path.join(output_dir, "promtail.yaml")):
|
||||
if os.path.exists(os.path.join(output_dir, "promtailLocalConfig.yaml")):
|
||||
_create_promtail_configs(config, output_dir)
|
||||
if not dryrun:
|
||||
_download_promtail(output_dir)
|
||||
|
|
Loading…
Reference in a new issue